Smart Contract Vulnerability Detection Based On Graph Attention Network

In recent years,the application scenarios of blockchain technology have become wider and wider.For example,the digital renminbi,logistics information traceability,and Non-Fungible Tokens(NFTs)promoted by the central bank have burst into strong vitality.As the representative of the second generation blockchain,Ethereum enjoys a huge audience and decentralized applications.However,while blockchain technology changes people's way of life and benefits the society,security attacks against Ethereum smart contracts occur from time to time,and huge economic losses and trust crises bring harm to the blockchain and users.At the same time,research on smart contract security issues is also developing.At present,some well-performing smart contract vulnerability detection methods have emerged,such as traditional detection tools based on static analysis or dynamic analysis,and detection methods based on deep learning.However,they all have some obvious defects,such as traditional detection tools rely on expert mode,which is not conducive to expansion,and the rate of false negatives and false positives is high.The current deep learning detection methods ignore the graph structure characteristics of smart contracts or the sequence of program execution.To solve the above problems,this thesis proposes a smart contract vulnerability detection method based on graph attention network.This method uses the important functions and variables of the Ethereum smart contract Solidity source code as nodes,and the execution flow as edges to construct contract graph data,and generates a feature matrix composed of node features through the process of contract graph shrinkage and graph embedding,which is used as input data of the vulnerability detection model.The specific work is as follows.First,the smart contract ABI is used to classify the contract.The classification result will be used to generate the global feature of the contract.Then the global feature,point-level feature and edge-level feature are spliced to form the model input feature of the contract graph.Two multi-head attention coefficients are set for the input feature and the edge-level feature respectively,and the result of the two-level attention coefficient calculation is used as the weight coefficient of the final update node feature.The edge-level features are generated by vectorization of the starting point,end point and sequence of the execution path.Setting the edge-level attention coefficient is beneficial to mining the timing features of the execution flow.This method performs vulnerability detection in a dataset composed of 38575 smart contracts,and conducts comparative experiments and test experiments.The comparative experimental results show that the vulnerability detection method based on graph attention network in this paper has higher accuracy and efficiency than traditional vulnerability detection tools and other deep learning methods.The average accuracy of different contract categories reaches 88.26%.The average detection time is 1.67s;the test experiment verified that compared with not introducing the smart contract category attribute feature,the introduction of the category attribute improved the vulnerability detection accuracy by2.08% on average.Compared with the original single-level graph attention mechanism,the two-level attention mechanism The force network F1-score increased by 4.33%.