Proposing of Imaging Graph Neural Network with Defined Security Pattern for Improving Smart Contract Vulnerability Detection
Abstract
A smart contract is a special set of protocols based on blockchain technology to implement the terms or
agreements between the parties in the contract. Lots of smart contracts are built and deployed everyday. However, to ensure the safety of smart contracts is still a big challenge. Smart contracts are built to carry out transactions directly related to cryptocurrencies, therefore, the loss of security of smart contracts leads to huge financial losses. Common methods being used to check and to verify smart contract security are heavily dependent on hard rules defined by experts, leading to low detection accuracy and non-scalable, which can be bypassed by experienced attackers. In this paper, we propose to use the combination of Imaging Graph Neural Network With Defined Pattern to detect vulnerabilities in smart contracts. We construct a contract graph that shows the relationship between the main components in a smart contract. Then we extract graph features from normalized graphs, and combine graph features with defined security patterns to create combined features. Finally, we implemented normalization to gray scale image and feed it to the Convolutional Neural Network (CNN) to learn for vulnerability detection. Results show significantly improved accuracy compared to previous methods or other models. Specifically, 96,42%, 90,12%, 79% for reentrancy, timestamp dependence and infinite loop
References
S. Wang, Y. Yuan, X. Wang, J. Li, R. Qin, and F.-Y. Wang, “An overview of smart contract: Architecture, applications, and future trends,” in 2018 IEEE Intelligent Vehicles Symposium (IV), 2018, pp. 108–113.
Y. Liu, J. Xu, and B. Cui, “Smart contract vulnerability detection based on symbolic execution technology,” in Cyber Security, W. Lu, Y. Zhang, W. Wen, H. Yan, and C. Li, Eds. Singapore: Springer Nature Singapore, 2022, pp. 193–207.
J. Feist, G. Grieco, and A. Groce, “Slither: A static analysis framework for smart contracts,” 08 2019.
L. Luu, D.-H. Chu, H. Olickel, P. Saxena, and A. Hobor, “Making smart contracts smarter,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’16. New York, NY, USA: Association for Computing Machinery, 2016, p. 254–269. [Online]. Available: https://doi.org/10.1145/2976749.2978309
P. Tsankov, A. Dan, D. Drachsler-Cohen, A. Gervais, F. Bunzli, and M. Vechev, “Securify: Practical security ¨ analysis of smart contracts,” in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’18. New York, NY, USA: Association for Computing Machinery, 2018, p. 67–82. [Online]. Available: https://doi.org/10.1145/3243734.3243780
Y. Zhuang, Z. Liu, P. Qian, Q. Liu, X. Wang, and Q. He, “Smart contract vulnerability detection using graph neural network.” in IJCAI, 2020, pp. 3283–3290.
M. Allamanis, M. Brockschmidt, and M. Khademi, “Learning to represent programs with graphs,” CoRR, vol. abs/1711.00740, 2017. [Online]. Available: http://arxiv.org/abs/1711.00740
“everything you need to know about min-max normalization,” https://towardsdatascience.com/everythingyou-need-to-know-about-min-max-normalization-in- pythonb79592732b79, 2020, website.
“Ethereum,” https://github.com/ethereum/go-ethereum, 2015, website.
“Vntchain,” https://github.com/vntchain/go-vnt, 2018, website.
“A framework for bug hunting on the ethereum blockchain,” https://github.com/ConsenSys/mythril, 2017, website.
S. Tikhomirov, E. Voskresenskaya, I. Ivanitskiy, R. Takhaviev, E. Marchenko, and Y. Alexandrov, “Smartcheck: Static analysis of ethereum smart contracts,” in Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain, 2018, pp. 9–16.
P. Tsankov, A. Dan, D. Drachsler-Cohen, A. Gervais, F. Buenzli, and M. Vechev, “Securify: Practical security analysis of smart contracts,” in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018, pp. 67–82.
J. Feist, G. Grieco, and A. Groce, “Slither: a static analysis framework for smart contracts,” in 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). IEEE, 2019, pp. 8–15.
M. Carbin, S. Misailovic, M. Kling, and M. C. Rinard, “Detecting and escaping infinite loops with jolt,” in European Conference on Object-Oriented Programming. Springer, 2011, pp. 609–633.
M. Kling, S. Misailovic, M. Carbin, and M. Rinard, “Bolt: on-demand infinite loop escape in unmodified binaries,” ACM SIGPLAN Notices, vol. 47, no. 10, pp. 431–450, 2012.
A. Ibing and A. Mai, “A fixed-point algorithm for automated static detection of infinite loops,” in 2015 IEEE 16th International Symposium on High Assurance Systems Engineering. IEEE, 2015, pp. 44–51.
J. Burnim, N. Jalbert, C. Stergiou, and K. Sen, “Looper: Lightweight detection of infinite loops at runtime,” in 2009 IEEE/ACM International Conference on Automated Software Engineering. IEEE, 2009, pp. 161–169.
C. Goller and A. Kuchler, “Learning task-dependent distributed representations by backpropagation through structure,” in Proceedings of International Conference on Neural Networks (ICNN’96), vol. 1. IEEE, 1996, pp. 347–352.
H. Sak, A. W. Senior, and F. Beaufays, “Long short-term memory recurrent neural network architectures for large scale acoustic modeling,” 2014.
J. Chung, C. Gulcehre, K. Cho, and Y. Bengio, “Empirical evaluation of gated recurrent neural networks on sequence modeling,” arXiv preprint arXiv:1412.3555, 2014.
T. N. Kipf and M. Welling, “Semi-supervised classification with graph convolutional networks. 2017,” ArXiv abs/1609.02907, 2017.
Z. Liu, P. Qian, X. Wang, Y. Zhuang, L. Qiu, and X. Wang, “Combining graph neural networks with expert knowledge for smart contract vulnerability detection,” IEEE Transactions on Knowledge and Data Engineering, 2021.