Smart Contract Vulnerability Detection: From Pure Neural Network to Interpretable Graph Feature and Expert Pattern Fusion

  title={Smart Contract Vulnerability Detection: From Pure Neural Network to Interpretable Graph Feature and Expert Pattern Fusion},
  author={Zhenguang Liu and Peng Qian and Xiang Wang and Lei Zhu and Qinming He and Shouling Ji},
Smart contracts hold digital coins worth billions of dollars, their security issues have drawn extensive attention in the past years. Towards smart contract vulnerability detection, conventional methods heavily rely on fixed expert rules, leading to low accuracy and poor scalability. Recent deep learning approaches alleviate this issue but fail to encode useful expert knowledge. In this paper, we explore combining deep learning with expert patterns in an explainable fashion. Specifically, we… Expand

Figures and Tables from this paper


Combining Graph Neural Networks with Expert Knowledge for Smart Contract Vulnerability Detection
  • Zhenguang Liu, Peng Qian, Xiaoyang Wang, Yuan Zhuang, Lin Qiu, Xun Wang
  • Computer Science
  • ArXiv
  • 2021
This paper casts the rich controland dataflow semantics of the source code into a contract graph and proposes a novel temporal message propagation network to extract the graph feature from the normalized graph, and combines expert-defined security patterns with designed expert patterns to yield a final detection system. Expand
Smart Contract Vulnerability Detection using Graph Neural Network
This paper constructs a contract graph to represent both syntactic and semantic structures of a smart contract function, and proposes a degree-free graph convolutional neural network (DR-GCN) and a novel temporal message propagation network (TMP) to learn from the normalized graphs for vulnerability detection. Expand
Towards Automated Reentrancy Detection for Smart Contracts Based on Sequential Models
This work attempts to utilize the deep learning-based approach, namely bidirectional long-short term memory with attention mechanism (BLSTM-ATT), aiming to precisely detect reentrancy bugs, and proposes contract snippet representations for smart contracts, which contributes to capturing essential semantic information and control flow dependencies. Expand
Towards Safer Smart Contracts: A Sequence Learning Approach to Detecting Vulnerabilities
This paper proposes a novel approach of sequential learning of smart contract vulnerabilities using machine learning --- long-short term memory (LSTM) --- that perpetually learns from an increasing number of contracts handled over time, leading to safer smart contracts. Expand
ContractWard: Automated Vulnerability Detection Models for Ethereum Smart Contracts
This work proposes ContractWard to detect vulnerabilities in smart contracts with machine learning techniques and extracts bigram features from simplified operation codes of smart contracts to demonstrate the effectiveness and efficiency of ContractWard. Expand
SmartCheck: Static Analysis of Ethereum Smart Contracts
The paper provides a comprehensive classification of code issues in Solidity and implements SmartCheck -- an extensible static analysis tool that detects them and reflects the current state of knowledge on Solidity vulnerabilities and shows significant improvements over alternatives. Expand
ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection
  • Bo Jiang, Ye Liu, W. Chan
  • Computer Science
  • 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE)
  • 2018
ContractFuzzer is presented, a novel fuzzer to test Ethereum smart contracts for security vulnerabilities that successfully detects the vulnerability of the DAO contract that leads to $60 million loss and the vulnerabilities of Parity Wallet that have led to the loss of $30 million and the freezing of $150 million worth of Ether. Expand
Slither: A Static Analysis Framework for Smart Contracts
It is shown that Slither's bug detection is fast, accurate, and outperforms other static analysis tools at finding issues in Ethereum smart contracts in terms of speed, robustness, and balance of detection and false positives. Expand
A Semantic Framework for the Security Analysis of Ethereum smart contracts
The first complete small-step semantics of EVM bytecode is presented, which is formalized in the F* proof assistant, obtaining executable code that is successfully validate against the official Ethereum test suite. Expand
Making Smart Contracts Smarter
This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable. Expand