Smartguardia: smart contract vulnerability detection based on pruning abstract syntax tree and transfer learning
摘要
Smart contracts are immutable, distributed, and automated applications on the blockchain, allowing developers to implement custom logical control over crypto assets. However, it is possible for attackers to exploit vulnerabilities in smart contracts to wreak havoc, especially those with large financial assets, resulting in huge losses. Therefore, it is crucial to detect vulnerabilities in smart contracts effectively and efficiently. Existing vulnerability detection methods either treat it as ordinary natural language processing or use complex methods to sample the contract. The former tends to lose information about the code structure, and the latter can result in one-sided vulnerability information. In this research, we proposed SmartGuardia, a novel smart contracts vulnerability detection method based on pruning the Abstract Syntax Tree (AST) and transfer learning to overcome these limitations. The pruning AST method focuses on mining semantic information, crucial attributes, and syntactic structure features of the vulnerability features more accurately and comprehensively, while the tree-based pre-training technique is introduced due to the excellent performance. We evaluate SmartGuardia on two widely used datasets: Dataset-Wild, which contains 203,713 real-world smart contracts, and Dataset-Vul, which includes 1668 contracts containing critical information related to potential reentrancy vulnerabilities. Experimental results show that SmartGuardia achieves an F1-score of 94.84% on the binary classification task of detecting the notorious reentrancy vulnerability. Compared with a range of recent methods, SmartGuardia demonstrates superior detection performance.