Towards Safer Smart Contracts: A Sequence Learning Approach to Detecting Security Threats

TL;DR

This paper introduces a machine learning approach using LSTM to detect security threats in smart contracts, enabling scalable, fast, and accurate analysis to improve contract safety.

Contribution

It presents a novel sequential learning method with LSTM for detecting smart contract vulnerabilities, addressing scalability and speed issues of symbolic analysis tools.

Findings

Achieves 99% test accuracy in vulnerability detection.

Maintains near constant analysis time as contract complexity grows.

Corrects false positives from symbolic analysis tools.

Abstract

Symbolic analysis of security exploits in smart contracts has demonstrated to be valuable for analyzing predefined vulnerability properties. While some symbolic tools perform complex analysis steps, they require a predetermined invocation depth to search vulnerable execution paths, and the search time increases with depth. The number of contracts on blockchains like Ethereum has increased 176 fold since December 2015. If these symbolic tools fail to analyze the increasingly large number of contracts in time, entire classes of exploits could cause irrevocable damage. In this paper, we aim to have safer smart contracts against emerging threats. We propose the approach of sequential learning of smart contract weaknesses using machine learning---long-short term memory (LSTM)---that allows us to be able to detect new attack trends relatively quickly, leading to safer smart contracts. Our experimental studies on 620,000 smart contracts prove that our model can easily scale to analyze a massive amount of contracts; that is, the LSTM maintains near constant analysis time as contracts increase in complexity. In addition, our approach achieves $99\%$ test accuracy and correctly analyzes contracts that were false positive (FP) errors made by a symbolic tool.