An Automated Vulnerability Detection Framework for Smart Contracts

TL;DR

This paper introduces an automated framework that uses deep learning and feature vector techniques to detect vulnerabilities in smart contracts, addressing limitations of manual rule-based methods and improving detection of new vulnerabilities.

Contribution

It presents a novel feature vector generation method from smart contract bytecode and a metric learning-based deep neural network for vulnerability detection.

Findings

Effective detection of vulnerabilities demonstrated on large-scale benchmarks

Improved efficiency over traditional rule-based approaches

High accuracy in identifying new and existing vulnerabilities

Abstract

With the increase of the adoption of blockchain technology in providing decentralized solutions to various problems, smart contracts have become more popular to the point that billions of US Dollars are currently exchanged every day through such technology. Meanwhile, various vulnerabilities in smart contracts have been exploited by attackers to steal cryptocurrencies worth millions of dollars. The automatic detection of smart contract vulnerabilities therefore is an essential research problem. Existing solutions to this problem particularly rely on human experts to define features or different rules to detect vulnerabilities. However, this often causes many vulnerabilities to be ignored, and they are inefficient in detecting new vulnerabilities. In this study, to overcome such challenges, we propose a framework to automatically detect vulnerabilities in smart contracts on the blockchain. More specifically, first, we utilize novel feature vector generation techniques from bytecode of smart contract since the source code of smart contracts are rarely available in public. Next, the collected vectors are fed into our novel metric learning-based deep neural network(DNN) to get the detection result. We conduct comprehensive experiments on large-scale benchmarks, and the quantitative results demonstrate the effectiveness and efficiency of our approach.