IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v14y2022i11p326-d969523.html
   My bibliography  Save this article

Toward Vulnerability Detection for Ethereum Smart Contracts Using Graph-Matching Network

Author

Listed:
  • Yujian Zhang

    (School of Cyber Science and Engineering, Southeast University, Nanjing 211189, China
    Jiangsu Province Engineering Research Center of Security for Ubiquitous Network, Nanjing 211189, China)

  • Daifu Liu

    (School of Cyber Science and Engineering, Southeast University, Nanjing 211189, China)

Abstract

With the blooming of blockchain-based smart contracts in decentralized applications, the security problem of smart contracts has become a critical issue, as vulnerable contracts have resulted in severe financial losses. Existing research works have explored vulnerability detection methods based on fuzzing, symbolic execution, formal verification, and static analysis. In this paper, we propose two static analysis approaches called ASGVulDetector and BASGVulDetector for detecting vulnerabilities in Ethereum smart contacts from source-code and bytecode perspectives, respectively. First, we design a novel intermediate representation called abstract semantic graph (ASG) to capture both syntactic and semantic features from the program. ASG is based on syntax information but enriched by code structures, such as control flow and data flow. Then, we apply two different training models, i.e., graph neural network (GNN) and graph matching network (GMN), to learn the embedding of ASG and measure the similarity of the contract pairs. In this way, vulnerable smart contracts can be identified by calculating the similarity to labeled ones. We conduct extensive experiments to evaluate the superiority of our approaches to state-of-the-art competitors. Specifically, ASGVulDetector improves the best of three source-code-only static analysis tools (i.e., SmartCheck , Slither , and DR-GCN ) regarding the F1 score by 12.6% on average, while BASGVulDetector improves that of the three detection tools supporting bytecode (i.e., ContractFuzzer , Oyente , and Securify ) regarding the F1 score by 25.6% on average. We also investigate the effectiveness and advantages of the GMN model for detecting vulnerabilities in smart contracts.

Suggested Citation

  • Yujian Zhang & Daifu Liu, 2022. "Toward Vulnerability Detection for Ethereum Smart Contracts Using Graph-Matching Network," Future Internet, MDPI, vol. 14(11), pages 1-21, November.
  • Handle: RePEc:gam:jftint:v:14:y:2022:i:11:p:326-:d:969523
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/14/11/326/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/1999-5903/14/11/326/
    Download Restriction: no
    ---><---

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Jinggang Li & Gehao Lu & Yulian Gao & Feng Gao, 2023. "A Smart Contract Vulnerability Detection Method Based on Multimodal Feature Fusion and Deep Learning," Mathematics, MDPI, vol. 11(23), pages 1-23, November.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:14:y:2022:i:11:p:326-:d:969523. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.