操作码
智能合约
计算机科学
安全性令牌
源代码
数据库事务
编码(集合论)
脆弱性(计算)
异常检测
计算机安全
块链
数据挖掘
人工智能
数据库
计算机硬件
操作系统
程序设计语言
集合(抽象数据类型)
作者
Li Duan,Liu Yang,Chunhong Liu,Wei Ni,Wei Wang
出处
期刊:IEEE Transactions on Network and Service Management
[Institute of Electrical and Electronics Engineers]
日期:2023-12-01
卷期号:20 (4): 4354-4368
标识
DOI:10.1109/tnsm.2023.3278311
摘要
Digital assets involved in smart contracts are on the rise. Security vulnerabilities in smart contracts have resulted in significant losses for the blockchain community. Existing smart contract vulnerability detection techniques have been typically single-purposed and focused only on the source code or opcode of contracts. This paper presents a new smart contract vulnerability detection method, which extracts features from different levels of smart contracts to train machine learning models for effective detection of vulnerabilities. Specifically, we propose to extract 2-gram features from the opcodes of smart contracts and token features from the source code using a pre-trained CodeBERT model, thereby capturing the semantic information of smart contracts at different levels. The 2-gram and token features are separately aggregated and then fused and input into machine-learning models to mine the vulnerability features of contracts. Over 10,266 smart contracts are used to verify the proposed method. Widespread reentrancy, timestamp dependence, and transaction-ordering dependence vulnerabilities are considered. Experiments show the fused features can help significantly improve smart contract vulnerability detection compared to the single-level features. The detection accuracy is as high as 98%, 98% and 94% for the three vulnerabilities, respectively. The average detection time is 0.99 second per contract, indicating the proposed method is suitable for automatic batch detection of vulnerabilities in smart contracts.
科研通智能强力驱动
Strongly Powered by AbleSci AI