Vulnerability and Transaction behavior based detection of Malicious Smart Contracts

TL;DR

This paper investigates how vulnerabilities in Ethereum smart contracts relate to malicious activities and proposes a scoring mechanism combined with machine learning to detect suspicious contracts effectively.

Contribution

It introduces a vulnerability severity scoring system and evaluates its effectiveness in detecting malicious smart contracts using unsupervised machine learning methods.

Findings

Identified correlation between certain vulnerabilities and malicious activities.

Developed a severity scoring mechanism for vulnerabilities.

Achieved detection of 1094 benign contracts with malicious-like behavior.

Abstract

Smart Contracts (SCs) in Ethereum can automate tasks and provide different functionalities to a user. Such automation is enabled by the `Turing-complete' nature of the programming language (Solidity) in which SCs are written. This also opens up different vulnerabilities and bugs in SCs that malicious actors exploit to carry out malicious or illegal activities on the cryptocurrency platform. In this work, we study the correlation between malicious activities and the vulnerabilities present in SCs and find that some malicious activities are correlated with certain types of vulnerabilities. We then develop and study the feasibility of a scoring mechanism that corresponds to the severity of the vulnerabilities present in SCs to determine if it is a relevant feature to identify suspicious SCs. We analyze the utility of severity score towards detection of suspicious SCs using unsupervised machine learning (ML) algorithms across different temporal granularities and identify behavioral changes. In our experiments with on-chain SCs, we were able to find a total of 1094 benign SCs across different granularities which behave similar to malicious SCs, with the inclusion of the smart contract vulnerability scores in the feature set.