SCcheck: A Novel Graph-driven and Attention-enabled Smart Contract Vulnerability Detection Framework for Web 3.0 Ecosystem

With the rapid progress of technology, Web 3.0 has emerged as a transformative force in the digital realm. It is characterized by decentralization, user-centric data ownership, and the implementation of cryptographic techniques. Smart contracts, as a core component of Web 3.0, play a pivotal role in driving its evolution by enabling novel functionalities and various application. However, given the substantial financial significance of smart contracts and their inherent transparency, the accessibility of their source code to all opens potential avenues for attackers to identify and exploit vulnerabilities. Therefore, the detection of security vulnerabilities in smart contracts has become significantly important. Existing smart contract vulnerability detection tools mostly rely on expert-defined rules, leading to high false positive rates. To address this problem, this paper proposes an efficient and automated framework that combines Graph and Attention for detecting smart contract vulnerabilities. This framework takes into account the code structure of smart contracts, extracts nodes, and constructs a contract graph, utilizing dataflow to represent the different semantics of variable nodes at different locations. Additionally, a bidirectional multilayer Transformer framework is constructed and trained with our dataset, utilizing the information from the nodes. The framework achieves state-of-the-art levels of $Accuracy$ 92.72%, $Recall$ 82.81%, and $F1_{score}$ 87.54%, respectively. These results show that our framework can effectively detect security vulnerabilities in smart contracts and has the potential to improve their security.