Eth2Vec: Learning Contract-Wide Code Representations for Vulnerability Detection on Ethereum Smart Contracts

TL;DR

Eth2Vec is a machine learning tool that automatically learns features from Ethereum smart contract bytecodes to detect vulnerabilities, maintaining effectiveness even when code is rewritten.

Contribution

It introduces Eth2Vec, a neural network-based static analysis method that learns code features automatically, improving vulnerability detection robustness against code rewrites.

Findings

Outperforms existing tools in precision, recall, and F1-score.

Successfully detects vulnerabilities in rewritten smart contract codes.

Demonstrates robustness against code modifications.

Abstract

Ethereum smart contracts are programs that run on the Ethereum blockchain, and many smart contract vulnerabilities have been discovered in the past decade. Many security analysis tools have been created to detect such vulnerabilities, but their performance decreases drastically when codes to be analyzed are being rewritten. In this paper, we propose Eth2Vec, a machine-learning-based static analysis tool for vulnerability detection, with robustness against code rewrites in smart contracts. Existing machine-learning-based static analysis tools for vulnerability detection need features, which analysts create manually, as inputs. In contrast, Eth2Vec automatically learns features of vulnerable Ethereum Virtual Machine (EVM) bytecodes with tacit knowledge through a neural network for language processing. Therefore, Eth2Vec can detect vulnerabilities in smart contracts by comparing the code similarity between target EVM bytecodes and the EVM bytecodes it already learned. We conducted experiments with existing open databases, such as Etherscan, and our results show that Eth2Vec outperforms the existing work in terms of well-known metrics, i.e., precision, recall, and F1-score. Moreover, Eth2Vec can detect vulnerabilities even in rewritten codes.