Research On Efficient Detection Algorithm For Ethereum Smart Contract Vulnerability

In recent years,blockchain technology has become an important part of the development of digital economy.As one of the most popular open-source public chain platforms,Ethereum is also growing in transaction volume and smart contract deployment.At the same time,there have been many smart contract vulnerabilities and security issues.Attackers often exploit the vulnerabilities in smart contracts to attack the deployed smart contracts,causing serious economic losses.Therefore,the vulnerability detection of smart contracts is very necessary and has great practical significance.Most of the current smart contract vulnerability detection models and tools use smart contract source code and opcodes as research objects.They use traditional research methods such as symbolic execution,formal verification,and fuzzing to detect vulnerabilities.These models and tools have problems such as high false positive rate and long detection time.This paper proposes methods of smart contract vulnerability detection based on deep learning.The methods of this paper can detect six common vulnerabilities in Ethereum,including reentrancy,integer overflow,integer underflow,timestamp dependence,unchecked return value and transaction-ordering dependence.Through a large number of experiments,it is proved that the proposed methods can improve the performance of vulnerability detection.The main work of this paper is as follows:(1)A smart contract vulnerability detection method based on Solidity code and CNN-Bi LSTM-Attention model is proposed.By analyzing the Solidity code of smart contract,the abstract simplification rules of the Solidity code are designed and applied,the Solidity code is abstracted.Then the method uses Word2 Vec model to train word vector matrix.In order to consider context information fully,CNN and Bi LSTM are used for feature extraction,besides,attention mechanism is added to improve vulnerability detection capabilities.CNN,Bi LSTM,Bi LSTM-Attention,CNN-Attention,and CNN-Bi LSTM,a total of six deep learning vulnerability detection methods are used for ablation experiments,and a variety of existing detection tools are selected for comparative experiments to verify the effectiveness of the CNN-Bi LSTM-Attention deep learning model.(2)A smart contract vulnerability detection method based on opcodes and BERT-Bi LSTM model is proposed.By analyzing the opcodes of smart contract,referring to the abstraction and simplification rules of opcodes,the opcodes are unified abstractly and simplified in the data preprocessing stage.The cascade idea is introduced into the BERT model to adapt it to long text sequences.Then the output word vectors of the BERT model are input into the Bi LSTM model for further learning,Finally the vulnerability detection results are obtained.At the same time,A data set of Ethereum smart contract vulnerabilities is constructed.After a large number of experiments,as can be seen,the detection method based on Solidity code and CNN-Bi LSTM-Attention model and detection method based on opcode ande BERT-Bi LSTM model are effective.The marco-F1 values can reach85.87% and 89.23%.The average detection time are about 1 seconds and 5 seconds,which are better than existing vulnerability detection tools.