Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (12): 367-373.doi: 10.11896/jsjkx.241100076

• Information Security • Previous Articles     Next Articles

Smart Contract Bytecode Vulnerability Detection Method Based on Heterogeneous Graphs and Instruction Sequences

SONG Jianhua1,3,4 , CAO Kai2, ZHANG Yan2,3   

  1. 1 School of Cyber Science and Technology, Hubei University, Wuhan 430062, China
    2 School of Computer Science and Information Engineering, Hubei University, Wuhan 430062, China
    3 Key Laboratory of Intelligent Sensing System and Security, Ministry of Education, Wuhan 430062, China
    4 Hubei Engineering Research Center of Cyber Security for Intelligent Connected Vehicles, Wuhan 430062, China
  • Received:2024-11-13 Revised:2025-02-22 Online:2025-12-15 Published:2025-12-09
  • About author:SONG Jianhua,born in 1973,Ph.D,professor,postgraduate supervisor,is a member of CCF(No.27785M).Her main research interest is network and information security.
    ZHANG Yan,born in 1974,Ph.D,professor,postgraduate supervisor.His main research interest is code security.
  • Supported by:
    This work was supported by the National Natural Science Foundation of China(62377009),Major Project of Hubei Province(JD)(2023BAA018),Key Project of Hubei Provincial Key R & D Program(2021BAA184,2021BAA188),Research Center for Performance Evaluation and Information Management of Key Research Bases for Humanities and Social Sciences in Hubei Provincial Colleges and Universities(2020JX01) and Major Science and Technology Special Project of Hubei Science and Technology Plan(2024BAA008).

PDF (PC)

7

Abstract: In recent years,the security issues of smart contracts have become increasingly prominent,and vulnerability detection has become a key challenge.In scenarios where source code is not publicly available,bytecode-based detection methods have attracted significant attention.However,existing deep learning methods typically rely solely on sequences or graph structures,which makes it difficult to fully capture vulnerability features.To address this,this paper proposes a smart contract bytecode vulnerability detection method based on heterogeneous graphs and instruction sequences,called RGCN-ResNet1D(Relational Graph Convolutional Network and ResNet-based 1D Convolutional Network).This method models bytecode as a heterogeneous graph and instruction sequence,using a Relational Graph Convolutional Network(RGCN) to extract structural features and a ResNet-based 1D Convolutional Network(ResNet1D) to extract sequential features,and then fuses the two types of features for vulnerability detection.A cross-entropy loss function is also designed,which dynamically adjusts the weight based on the number of misclassified samples,effectively alleviating the class imbalance problem in the training set.Experimental results show that RGCN-ResNet1D achieves F1 scores of 95.43%,90.67%,and 92.31% for detecting integer overflow,timestamp dependency,and self-destruct vulnerabilities,respectively,significantly outperforming the comparison methods.

Key words: Smart contracts bytecode, Vulnerability detection, Heterogeneous graph, Bytecode instruction sequence, Deep learning

CLC Number: 

  • TP309
[1]SIEGEL D.Understanding the DAO attack[EB/OL].https://www.coindesk.com/understanding-dao-hack-journalists.
[2]BlockCAT.On the Parity multi-sig wallet attack[EB/OL].https://medium.com/blockcat/on-the-parity-multi-sig-wallet-attack-83fb5e7f4b8c.
[3]PRETROV S.Another Parity wallet hack explained[EB/OL].https://medium.com/@Pr0Ger/another-parity-wallet-hack-expl-ained-847ca46a2e1c.
[4]Wikipedia.Poly network exploit[EB/OL].https://en.wikipedia.org/wiki/Poly_Network_exploit.
[5]QIAN P,LIU Z G,HE Q M,et al.A Survey of Security Vulnerability Detection Techniques for Smart Contracts [J].Journal of Software,2022,33(8):3059-3085.
[6]HILDENBRANDT E,SAXENA M,RODRIGUES N,et al.Kevm:A complete formal semantics of the ethereum virtual machine[C]//2018 IEEE 31st Computer Security Foundations Symposium(CSF).IEEE,2018.
[7]AMANI S,BÉGEL M,BORTIN M,et al.Towards verifyingethereum smart contract bytecode in Isabelle/HOL[C]//Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs.2018:66-77.
[8]LUU L,CHU D H,OLICKEL H,et al.Making smart contracts smarter[C]//Proceedings of the 2016 ACM SIGSAC Confe-rence on Computer and Communications Security.2016:254-269.
[9]MUELLER B.A framework for bug hunting on the ethereum blockchain[J].ConsenSys/mythril,2017.
[10]JIANG B,LIU Y,CHAN W K.Contractfuzzer:Fuzzing smart contracts for vulnerability detection[C]//Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering.2018:259-269.
[11]ALBERT E,GORDILLO P,LIVSHITS B,et al.Ethir:A framework for high-level analysis of Ethereum bytecode[C]//Proceedings of International Symposium on Automated Technology for Verification and Analysis.Cham:Springer-Verlag,2018.
[12]TANN W J W,HAN X J,GUPTA S S,et al.Towards safersmart contracts:A sequence learning approach to detecting security threats[J].arXiv:1811.06632,2018.
[13]HU H W,XU Y D.SCSGuard:Deep SCAM detection forEthereum smart contracts[J].arXiv:2105.10426,2021.
[14]GU W Y,WANG G J,LI P Q,et al.Detecting unknown vulnerabilities in smart contracts with the CNN-BiLSTM model[J].International Journal of Information Security,2025,24(1):33.
[15]WANG Z F,WU W X,ZENG C Y,et al.Graph Neural Networks Enhanced Smart Contract Vulnerability Detection of Educational Blockchain[J].arXiv:2303.04477,2023.
[16]ZHANG J,LU G H,YU J.A Smart Contract Vulnerability Detection Method Based on Heterogeneous Contract Semantic Graphs and Pre-Training Techniques[J].Electronics,2024,13(18):3786.
[17]DUY P T,KHOA N H,QUYUE N H,et al.Vulnsense:efficient vulnerability detection in ethereum smart contracts by multimodal learning with graph neural network and language model[J].International Journal of Information Security,2025,24(1):48.
[18]ROSSINI M,ZICHICHI M,FERRETTI S.Smart contracts vulnerability classification through deep learning[C]//Proceedings of the 20th ACM Conference on Embedded Networked Sensor Systems.2022:1229-1230.
[19]ZHEN Z,ZHAO X,ZHANG J,et al.DA-GNN:A smart contract vulnerability detection method based on Dual Attention Graph Neural Network[J].Computer Networks,2024,242:110238.
[1] LIU Wei, XU Yong, FANG Juan, LI Cheng, ZHU Yujun, FANG Qun, HE Xin. Multimodal Air-writing Gesture Recognition Based on Radar-Vision Fusion [J]. Computer Science, 2025, 52(9): 259-268.
[2] ZHOU Tao, DU Yongping, XIE Runfeng, HAN Honggui. Vulnerability Detection Method Based on Deep Fusion of Multi-dimensional Features from Heterogeneous Contract Graphs [J]. Computer Science, 2025, 52(9): 368-375.
[3] YIN Shi, SHI Zhenyang, WU Menglin, CAI Jinyan, YU De. Deep Learning-based Kidney Segmentation in Ultrasound Imaging:Current Trends and Challenges [J]. Computer Science, 2025, 52(9): 16-24.
[4] ZENG Lili, XIA Jianan, LI Shaowen, JING Maike, ZHAO Huihui, ZHOU Xuezhong. M2T-Net:Cross-task Transfer Learning Tongue Diagnosis Method Based on Multi-source Data [J]. Computer Science, 2025, 52(9): 47-53.
[5] LI Yaru, WANG Qianqian, CHE Chao, ZHU Deheng. Graph-based Compound-Protein Interaction Prediction with Drug Substructures and Protein 3D Information [J]. Computer Science, 2025, 52(9): 71-79.
[6] LUO Chi, LU Lingyun, LIU Fei. Partial Differential Equation Solving Method Based on Locally Enhanced Fourier NeuralOperators [J]. Computer Science, 2025, 52(9): 144-151.
[7] LIU Leyuan, CHEN Gege, WU Wei, WANG Yong, ZHOU Fan. Survey of Data Classification and Grading Studies [J]. Computer Science, 2025, 52(9): 195-211.
[8] TANG Boyuan, LI Qi. Review on Application of Spatial-Temporal Graph Neural Network in PM2.5 ConcentrationForecasting [J]. Computer Science, 2025, 52(8): 71-85.
[9] LIU Zhengyu, ZHANG Fan, QI Xiaofeng, GAO Yanzhao, SONG Yijing, FAN Wang. Review of Research on Deep Learning Compiler [J]. Computer Science, 2025, 52(8): 29-44.
[10] ZHENG Cheng, YANG Nan. Aspect-based Sentiment Analysis Based on Syntax,Semantics and Affective Knowledge [J]. Computer Science, 2025, 52(7): 218-225.
[11] FAN Xing, ZHOU Xiaohang, ZHANG Ning. Review on Methods and Applications of Short Text Similarity Measurement in Social Media Platforms [J]. Computer Science, 2025, 52(6A): 240400206-8.
[12] YANG Jixiang, JIANG Huiping, WANG Sen, MA Xuan. Research Progress and Challenges in Forest Fire Risk Prediction [J]. Computer Science, 2025, 52(6A): 240400177-8.
[13] WANG Jiamin, WU Wenhong, NIU Hengmao, SHI Bao, WU Nier, HAO Xu, ZHANG Chao, FU Rongsheng. Review of Concrete Defect Detection Methods Based on Deep Learning [J]. Computer Science, 2025, 52(6A): 240900137-12.
[14] HAO Xu, WU Wenhong, NIU Hengmao, SHI Bao, WU Nier, WANG Jiamin, CHU Hongkun. Survey of Man-Machine Distance Detection Method in Construction Site [J]. Computer Science, 2025, 52(6A): 240700098-10.
[15] ZHOU Lei, SHI Huaifeng, YANG Kai, WANG Rui, LIU Chaofan. Intelligent Prediction of Network Traffic Based on Large Language Model [J]. Computer Science, 2025, 52(6A): 241100058-7.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.