In recent years, blockchain-based smart contracts have been widely applied in finance, management, healthcare and other fields. Smart contract vulnerability detection also draws extensive attention due to the significant losses caused by attacks. Existing static security analyses of smart contracts depend on predefined expert rules, which can be inflexible and susceptible to inaccuracies. Current research focus on dynamic detection methods using deep learning. While these methods can identity typical vulnerabilities, they still suffer from the issue of requiring a large amount of labeled data, yet to achieve a comprehensive, accurate, and scalable detection method. In this paper, we explore using graph neural networks and zero-shot learning for smart contract vulnerability detection. Specifically, we convert the smart contract code into CFGs (Control Flow Graphs). To enhance feature extraction by highlighting key nodes in the graph, we propose a graph neural network combined with attention mechanism to extract features from CFGs. Furthermore, to extend the detection model to identify unseen types of vulnerabilities, we propose the Correspondence Function Model, which can generate graph neural network for detecting unseen types of vulnerabilities through high-dimensional semantic descriptions. Extensive experiments are conducted on three datasets of real-world smart contracts. Empirical results show significant accuracy in detecting both seen and unseen types of vulnerabilities. Specifically, it achieves detection accuracies of 90.2%, 88.81%, 83.39%, and 84.12% for arithmetic, reentrancy, timestamp dependence, and unhandled exceptions vulnerabilities, respectively. For the unseen types of vulnerabilities, the method performs exceptionally well with accuracies of 96.66% for unchecked send vulnerabilities and 74.44% for use of tx.origin vulnerabilities.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A Smart Contract Vulnerability Detection Method Based on Graph Neural Networks and Zero-Shot Learning

  • Kunhang Bao,
  • Shanshan Chen

摘要

In recent years, blockchain-based smart contracts have been widely applied in finance, management, healthcare and other fields. Smart contract vulnerability detection also draws extensive attention due to the significant losses caused by attacks. Existing static security analyses of smart contracts depend on predefined expert rules, which can be inflexible and susceptible to inaccuracies. Current research focus on dynamic detection methods using deep learning. While these methods can identity typical vulnerabilities, they still suffer from the issue of requiring a large amount of labeled data, yet to achieve a comprehensive, accurate, and scalable detection method. In this paper, we explore using graph neural networks and zero-shot learning for smart contract vulnerability detection. Specifically, we convert the smart contract code into CFGs (Control Flow Graphs). To enhance feature extraction by highlighting key nodes in the graph, we propose a graph neural network combined with attention mechanism to extract features from CFGs. Furthermore, to extend the detection model to identify unseen types of vulnerabilities, we propose the Correspondence Function Model, which can generate graph neural network for detecting unseen types of vulnerabilities through high-dimensional semantic descriptions. Extensive experiments are conducted on three datasets of real-world smart contracts. Empirical results show significant accuracy in detecting both seen and unseen types of vulnerabilities. Specifically, it achieves detection accuracies of 90.2%, 88.81%, 83.39%, and 84.12% for arithmetic, reentrancy, timestamp dependence, and unhandled exceptions vulnerabilities, respectively. For the unseen types of vulnerabilities, the method performs exceptionally well with accuracies of 96.66% for unchecked send vulnerabilities and 74.44% for use of tx.origin vulnerabilities.