Computer Science ›› 2023, Vol. 50 ›› Issue (4): 317-322.doi: 10.11896/jsjkx.220300063

• Information Security • Previous Articles     Next Articles

Smart Contract Vulnerability Detection Based on Abstract Syntax Tree Pruning

LIU Zerun, ZHENG Hong, QIU Junjie   

  1. School of Information Science and Engineering,East China University of Science and Technology,Shanghai 200237,China
  • Received:2022-03-07 Revised:2022-08-23 Online:2023-04-15 Published:2023-04-06
  • About author:LIU Zerun,born in 1998,postgraduate,is a member of China Computer Federation.His main research interests include blockchain and deep learning.
    ZHENG Hong,born in 1973,Ph.D,associate professor,postgraduate supervisor,is a member of China Computer Federation.Her main research interests include blockchain and deep learning.
  • Supported by:
    National Natural Science Foundation of China(61472139) and Industry University Research Project: Research on Key Technologies of Blockchain(H300-41819).

Abstract: With the development of blockchain technology,smart contracts have been widely used in various fields,and Ethereum has become the largest smart contract platform.At the same time,the frequent smart contract vulnerabilities have caused huge economic losses.The vulnerability detection of smart contract has become the focus of research,while the previous smart contract vulnerability detection tools can not make good use of the syntax information of the contract source code.Aiming at the re-entrancy vulnerability of smart contract,firstly,this paper proposes SCDefender,a vulnerability detection tool based on deep learning.Taking the abstract syntax tree form of the Solidity source code of smart contract as the research object,the tree-based convolutional neural networks is used for vulnerability detection.Secondly,an abstract syntax tree pruning algorithm is proposed to remove the nodes irrelevant to the vulnerability detection task and retain the key information in the abstract syntax tree.The accuracy,recall rate and F1 value of SCDefender vulnerability detection is 81.43%,92.12% and 86.45% respectively,which has a good vulnerability detection effect.Ablation experiments show that the abstract syntax tree pruning algorithm has an important contribution to the vulnerability detection task of SCDefender.

Key words: Blockchain, Smart contract, Vulnerability detection, Abstract syntax tree, Deep learning

CLC Number: 

  • TP309
[1]SZABO N.Smart contracts:building blocks for digital markets[J].EXTROPY:The Journal of Transhumanist Thought,1996,16(18):2-20.
[2]NAKAMOTO S.Bitcoin:a peer-to-peer electronic cash system[EB/OL].https://bitcoin.org/bitcoin.pdf.
[3]WOOD G.Ethereum:A secure decentralised generalised transac-tion ledger[J].Ethereum Project Yellow Paper,2014,151(2014):1-32.
[4]SIEGEL D.Understanding the dao attack[EB/OL].https://www.coindesk.com/understanding-dao-hack-journalists.
[5]MEHAR M I,SHIER C L,GIAMBATTISTA A,et al.Understanding a revolutionary and flawed grand experiment in blockchain:the DAO attack[J].Journal of Cases on Information Technology(JCIT),2019,21(1):19-32.
[6]ATZEI N,BARTOLETTI M,CIMOLI T.A survey of attacks on ethereum smart contracts(sok)[C]//International Conference on Principles of Security and Trust.Berlin:Springer,2017:164-186.
[7]DESTEFANIS G,MARCHESI M,ORTU M,et al.Smart contracts vulnerabilities:a call for blockchain software engineering?[C]//2018 International Workshop on Blockchain Oriented Software Engineering(IWBOSE).IEEE,2018:19-25.
[8]SUN J,HUANG S,ZHENG C,et al.Mutation testing for integer overflow in ethereum smart contracts[J].Tsinghua Science and Technology,2021,27(1):27-40.
[9]TIAN F.A supply chain traceability system for food safetybased on HACCP,blockchain & Internet of things[C]//2017 International Conference on Service Systems and Service Management.IEEE,2017:1-6.
[10]NIKOLIĆ I,KOLLURI A,SERGEY I,et al.Finding the gree-dy,prodigal,and suicidal contracts at scale[C]//Proceedings of the 34th Annual Computer Security Applications Conference.2018:653-663.
[11]JIANG B,LIU Y,CHAN W K.Contractfuzzer:Fuzzing smart contracts for vulnerability detection[C]//2018 33rd IEEE/ACM International Conference on Automated Software Engineering(ASE).IEEE,2018:259-269.
[12]TORRES C F,IANNILLO A K,GERVAIS A,et al.ConFuz-zius:A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts[C]//2021 IEEE European Symposium on Security and Privacy(EuroS&P).IEEE,2021:103-119.
[13]MOU L,LI G,ZHANG L,et al.Convolutional neural networks over tree structures for programming language processing[C]//Thirtieth AAAI Conference on Artificial Intelligence.2016:1287-1293.
[14]WANG W,SONG J,XU G,et al.Contractward:Automated vulnerability detection models for ethereum smart contracts[J].IEEE Transactions on Network Science and Engineering,2020,8(2):1133-1144.
[15]ASHIZAWA N,YANAI N,CRUZ J P,et al.Eth2Vec:learning contract-wide code representations for vulnerability detection on ethereum smart contracts[C]//Proceedings of the 3rd ACM International Symposium on Blockchain and Secure Critical Infrastructure.2021:47-59.
[16]ZHUANG Y,LIU Z,QIAN P,et al.Smart Contract Vulnerabi-lity Detection using Graph Neural Network[C]//IJCAI.2020:3283-3290.
[17]GAO Z,JAYASUNDARA V,JIANG L,et al.Smartembed:A tool for clone and bug detection in smart contracts through structural code embedding[C]//2019 IEEE International Conference on Software Maintenance and Evolution(ICSME).IEEE,2019:394-397.
[18]WU H,ZHANG Z,WANG S,et al.Peculiar:Smart Contract Vulnerability Detection Based on Crucial Data Flow Graph and Pre-training Techniques[C]//2021 IEEE 32nd International Symposium on Software Reliability Engineering(ISSRE).IEEE.2021:378-389.
[19]DANNEN C.Introducing Ethereum and solidity[M].Berkeley:Apress,2017.
[20]MIKOLOV T,CHEN K,CORRADO G,et al.Efficient estimation of word representations in vector space[J].arXiv:1301.3781,2013.
[21]FERREIRA J F,CRUZ P,DURIEUX T,et al.SmartBugs:aframework to analyze solidity smart contracts[C]//Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering.2020:1349-1352.
[22]VAN DER MAATEN L,HINTON G.Visualizing data using t-SNE[J].Journal of Machine Learning Research,2008,9(11):2579-2605.
[23]TIKHOMIROV S,VOSKRESENSKAYA E,IVANITSKIY I,et al.Smartcheck:Static analysis of ethereum smart contracts[C]//Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain.2018:9-16.
[1] XUE Fenghao, JIANG Haibo, TANG Dan. Review of Deep Learning Applications in Healthcare [J]. Computer Science, 2023, 50(4): 1-15.
[2] HAN Xueming, JIA Caiyan, LI Xuanya, ZHANG Pengfei. Dual-attention Network Model on Propagation Tree Structures for Rumor Detection [J]. Computer Science, 2023, 50(4): 22-31.
[3] WANG Yali, ZHANG Fan, YU Zeng, LI Tianrui. Aspect-level Sentiment Classification Based on Interactive Attention and Graph Convolutional Network [J]. Computer Science, 2023, 50(4): 196-203.
[4] PEI Cui, FAN Guisheng, YU Huiqun, YUE Yiming. Auction-based Edge Cloud Deadline-aware Task Offloading Strategy [J]. Computer Science, 2023, 50(4): 241-248.
[5] HE Jie, CAI Ruijie, YIN Xiaokang, LU Xuanting, LIU Shengli. Detection of Web Command Injection Vulnerability for Cisco IOS-XE [J]. Computer Science, 2023, 50(4): 343-350.
[6] DONG Yongfeng, HUANG Gang, XUE Wanruo, LI Linhao. Graph Attention Deep Knowledge Tracing Model Integrated with IRT [J]. Computer Science, 2023, 50(3): 173-180.
[7] HUA Xiaofeng, FENG Na, YU Junqing, HE Yunfeng. Shooting Event Detection of Free Kick in Soccer Video Based on Rule Reasoning [J]. Computer Science, 2023, 50(3): 181-190.
[8] MEI Pengcheng, YANG Jibin, ZHANG Qiang, HUANG Xiang. Sound Event Joint Estimation Method Based on Three-dimension Convolution [J]. Computer Science, 2023, 50(3): 191-198.
[9] BAI Xuefei, MA Yanan, WANG Wenjian. Segmentation Method of Edge-guided Breast Ultrasound Images Based on Feature Fusion [J]. Computer Science, 2023, 50(3): 199-207.
[10] LIU Hang, PU Yuanyuan, LYU Dahua, ZHAO Zhengpeng, XU Dan, QIAN Wenhua. Polarized Self-attention Constrains Color Overflow in Automatic Coloring of Image [J]. Computer Science, 2023, 50(3): 208-215.
[11] CHEN Liang, WANG Lu, LI Shengchun, LIU Changhong. Study on Visual Dashboard Generation Technology Based on Deep Learning [J]. Computer Science, 2023, 50(3): 238-245.
[12] ZHANG Yi, WU Qin. Crowd Counting Network Based on Feature Enhancement Loss and Foreground Attention [J]. Computer Science, 2023, 50(3): 246-253.
[13] YING Zonghao, WU Bin. Backdoor Attack on Deep Learning Models:A Survey [J]. Computer Science, 2023, 50(3): 333-350.
[14] ZOU Yunzhu, DU Shengdong, TENG Fei, LI Tianrui. Visual Question Answering Model Based on Multi-modal Deep Feature Fusion [J]. Computer Science, 2023, 50(2): 123-129.
[15] WANG Pengyu, TAI Wenxin, LIU Fang, ZHONG Ting, LUO Xucheng, ZHOU Fan. Self-supervised Flight Trajectory Prediction Based on Data Augmentation [J]. Computer Science, 2023, 50(2): 130-137.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!