Computer Science

Computer Science ›› 2022, Vol. 49 ›› Issue (11A): 211200182-8.doi: 10.11896/jsjkx.211200182

• Information Security • Previous Articles     Next Articles

Reentrancy Vulnerability Detection Based on Pre-training Technology and Expert Knowledge

CHEN Qiao-song1, HE Xiao-yang1, XU Wen-jie1, DENG Xin1, WANG Jin1, PIAO Chang-hao2   

  1. 1 Key Laboratory of Data Engineering and Visual Computing,School of Computer Science and Technology,Chongqing University of Posts and Telecommunications,Chongqing 400065,China
    2 Smart Energy Technology Research Center,School of Automation,Chongqing University of Posts and Telecommunications,Chongqing 400065,China
  • Online:2022-11-10 Published:2022-11-21
  • About author:CHEN Qiao-song,born in 1978,Ph.D,associate professor,is a member of China Computer Federation.His main research interests include blockchain,data mining and deep learning.
  • Supported by:
    National Natural Science Foundation of China(61806033) and Western Project of National Social Science Foundation of China(18XGL013).

PDF (PC)

430

Abstract: As the security issues of smart contracts in blockchain become increasingly prominent,the vulnerability detection tasks of smart contracts have gradually become a research hotspot.However,the current smart contract reentrancy vulnerability detection technologies are mainly traditional detection methods such as symbolic execution,static analysis,formal verification and fuzzing.These detection methods not only have high false positive rate and false negative rate,but also have low detection accuracy.At the same time,methods based on deep learning also have their unique limitations.In response to these problems,this paper proposes a detection method that combines pre-training technology and traditional expert knowledge,and at the same time slices smart contracts to reduce the impact of irrelevant data on the model.This paper focuses on the detection of reentrancy vulnerability and conducts experiments on 203716 contract data sets.Experimental results show that the smart contract reentrancy vulnerability detection method based on pre-training technology and expert knowledge has an accuracy rate of 96.2%,a recall rate of 97.7% and a F1 score of 96.9%,which are better than existing detection methods.

Key words: Blockchain, Smart contract, Vulnerability detection, Pre-training technology, Expert knowledge

CLC Number: 

  • TP311
[1]MEHAR M I,SHIER C L,GIAMBATTISTA A,et al.Under-standing a revolutionary and flawed grand experiment in blockchain:the DAO attack[J].Journal of Cases on Information Technology(JCIT),2019,21(1):19-32.
[2]SLOWMIST HACKED[OL].https://hacked.slowmi-st.io/en/
[3]LUU L,CHU D H,OLICKEL H,et al.Making smart contracts smarter[C]//Proceedings of the 2016 ACM SIGSAC conference on computer and communications security.New York:Association for Computing Machinery,2016:254-269.
[4]TORRES C F,SCHÜTTE J,STATE R.Osiris:Hunting for integer bugs in ethereum smart contracts[C]//Proceedings of the 34th Annual Computer Security Applications Conference.New York:Association for Computing Machinery,2018:664-676.
[5]MUELLER B,HONIG J,PARASARAM N,et al.ConsenSys/mythril [OL].https://github.com/ConsenSys/mythril.
[6]NIKOLIĆ I,KOLLURI A,SERGEY I,et al.Finding the greedy,prodigal,and suicidal contracts at scale[C]//Proceedings of the 34th Annual Computer Security Applications Conference.New York:Association for Computing Machinery,2018:653-663.
[7]MOSSBERG M,MANZANO F,HENNENFENT E,et al.Manticore:A user-friendly symbolic execution framework for binaries and smart contracts[C]//2019 34th IEEE/ACM International Conference on Automated Software Engineering(ASE).New York:IEEE Press,2019:1186-1189.
[8]TSANKOV P,DAN A,DRACHSLER-COHEN D,et al.Securify:Practical security analysis of smart contracts[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.New York:Association for Computing Machinery,2018:67-82.
[9]KALRA S,GOEL S,DHAWAN M,et al.Zeus:Analyzing safety of smart contracts[C]//Ndss.2018:1-12.
[10]FEIST J,GRIECO G,GROCE A.Slither:a static analysisframework for smart contracts[C]//2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain(WETSEB).New York:IEEE Press,2019:8-15.
[11]TIKHOMIROV S,VOSKRESENSKAYA E,IVANITSKIY I,et al.Smartcheck:Staticanalysis of ethereum smart contracts[C]//Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain.New York:Association for Computing Machinery,2018:9-16.
[12]JIANG B,LIU Y,CHAN W K.Contractfuzzer:Fuzzing smart contracts for vulnerability detection[C]//2018 33rd IEEE/ACM International Conference on Automated Software Engineering(ASE).New York:IEEE Press,2018:259-269.
[13]FERREIRA J F,CRUZ P,DURIEUX T,et al.SmartBugs:aframework to analyze solidity smart contracts[C]//Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering.New York:Association for Computing Machinery,2020:1349-1352.
[14]DANNEN C.Solidity programming[M]//Introducing Ethereum and Solidity.Apress,Berkeley,CA,2017:69-88.
[15]DEVLIN J,CHANG M W,LEE K,et al.Bert:Pre-training of deep bidirectional transformers for language understanding[J].arXiv:1810.04805,2018.
[16]RADFORD A,NARASIMHAN K,SALIMANS T,et al.Improving language understanding by generative pre-training [OL].https://s3-us-west-2.amazonaws.com/openai-assets/research-covers/language-unsuper-vised/language_understanding_paper.pdf.
[17]VASWANI A,SHAZEER N,PARMAR N,et al.Attention isall you need[J].Advances in Neural Information Processing Systems,2017,30.
[18]FENG Z,GUO D,TANG D,et al.Codebert:A pre-trained mo-del for programming and natural languages[J].arXiv:2002.08155,2020.
[19]GUO D,REN S,LU S,et al.Graphcodebert:Pre-training code representations with data flow[J].arXiv:2009.08366,2020.
[20]LI Z,ZOU D,XU S,et al.SySeVR:A framework for using deep learning to detect software vulnerabilities[J].arXiv:1807.06756,2021.
[21]WU H,ZHANG Z,WANG S,et al.Peculiar:Smart Contract Vulnerability Detection Based on Crucial Data Flow Graph and Pre-training Techniques[C]//2021 IEEE 32nd International Symposium on Software Reliability Engineering(ISSRE).New York:IEEE Press,378-389.
[22]NGUYEN T D,PHAM L H,SUN J.sGUARD:Towards Fixing Vulnerable Smart Contracts Automatically[J].arXiv:2101.01917,2021.
[23]LIU Z,QIAN P,WANG X,et al.Combining graph neural networks with expert knowledge for smart contract vulnerability detection[J].arXiv:2107.11598,2021.
[24]TORRES C F,STEICHEN M.The art of the scam:Demystifying honeypots in ethereum smart contracts[C]//28th {USENIX} security symposium({USENIX} security 19).Santa Clara:USENIX Association,2019:1591-1607.
[25]ZHUANG Y,LIU Z,QIAN P,et al.Smart Contract Vulnerabi-lity Detection using Graph Neural Network[C]//IJCAI.2020:3283-3290.
[26]XING C,CHEN Z,CHEN L,et al.A new scheme of vulnerability analysis in smart contract with machine learning[J].Wireless Networks,2020:1-10.
[27]TANN W J W,HAN X J,GUPTA S S,et al.Towards safersmart contracts:A sequence learning approach to detecting security threats[J].arXiv:1811.06632,2018.
[28]NARAYANA K L,SATHIYAMURTHY K.Automation andsmart materials in detecting smart contracts vulnerabilities in Blockchain using deep learning[OL].https://www.sciencedirect.com/science/article/pii/S2214785321030273.
[29]JEON S,LEE G,KIM H,et al.SmartConDetect:Highly Accurate Smart Contract Code Vulnerability Detection Mechanism using BERT[OL].https://seclab.skku.edu/wp-content/uploads/2021/08/PLP_7_SmartConDetect_-Highly-Accurate-Smart-Contract-Code-Vulnerability-Detection-Mechanism-using-BERT-Sowon-Jeon.pdf.
[1] WANG Zi-kai, ZHU Jian, ZHANG Bo-jun, HU Kai. Research and Implementation of Parallel Method in Blockchain and Smart Contract [J]. Computer Science, 2022, 49(9): 312-317.
[2] HUANG Song, DU Jin-hu, WANG Xing-ya, SUN Jin-lei. Survey of Ethereum Smart Contract Fuzzing Technology Research [J]. Computer Science, 2022, 49(8): 294-305.
[3] FU Li-yu, LU Ge-hao, WU Yi-ming, LUO Ya-ling. Overview of Research and Development of Blockchain Technology [J]. Computer Science, 2022, 49(6A): 447-461.
[4] GAO Jian-bo, ZHANG Jia-shuo, LI Qing-shan, CHEN Zhong. RegLang:A Smart Contract Programming Language for Regulation [J]. Computer Science, 2022, 49(6A): 462-468.
[5] WEI Hong-ru, LI Si-yue, GUO Yong-hao. Secret Reconstruction Protocol Based on Smart Contract [J]. Computer Science, 2022, 49(6A): 469-473.
[6] LI Bo, XIANG Hai-yun, ZHANG Yu-xiang, LIAO Hao-de. Application Research of PBFT Optimization Algorithm for Food Traceability Scenarios [J]. Computer Science, 2022, 49(6A): 723-728.
[7] ZHOU Hang, JIANG He, ZHAO Yan, XIE Xiang-peng. Study on Optimal Scheduling of Power Blockchain System for Consensus Transaction ofEach Unit [J]. Computer Science, 2022, 49(6A): 771-776.
[8] MAO Dian-hui, HUANG Hui-yu, ZHAO Shuang. Study on Automatic Synthetic News Detection Method Complying with Regulatory Compliance [J]. Computer Science, 2022, 49(6A): 523-530.
[9] WANG Si-ming, TAN Bei-hai, YU Rong. Blockchain Sharding and Incentive Mechanism for 6G Dependable Intelligence [J]. Computer Science, 2022, 49(6): 32-38.
[10] YANG Zhen, HUANG Song, ZHENG Chang-you. Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE [J]. Computer Science, 2022, 49(5): 325-332.
[11] REN Chang, ZHAO Hong, JIANG Hua. Quantum Secured-Byzantine Fault Tolerance Blockchain Consensus Mechanism [J]. Computer Science, 2022, 49(5): 333-340.
[12] SUN Hao, MAO Han-yu, ZHANG Yan-feng, YU Ge, XU Shi-cheng, HE Guang-yu. Development and Application of Blockchain Cross-chain Technology [J]. Computer Science, 2022, 49(5): 287-295.
[13] FENG Liao-liao, DING Yan, LIU Kun-lin, MA Ke-lin, CHANG Jun-sheng. Research Advance on BFT Consensus Algorithms [J]. Computer Science, 2022, 49(4): 329-339.
[14] WANG Xin, ZHOU Ze-bao, YU Yun, CHEN Yu-xu, REN Hao-wen, JIANG Yi-bo, SUN Ling-yun. Reliable Incentive Mechanism for Federated Learning of Electric Metering Data [J]. Computer Science, 2022, 49(3): 31-38.
[15] ZHANG Ying-li, MA Jia-li, LIU Zi-ang, LIU Xin, ZHOU Rui. Overview of Vulnerability Detection Methods for Ethereum Solidity Smart Contracts [J]. Computer Science, 2022, 49(3): 52-61.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.