Research On Smart Contract Vulnerability Detection Method Based On Multilateral Graph Network

Millions of smart contracts controlling tens of billions of dollars worth of digital currency are deployed on the Ethereum.Considering that the design defects of smart contracts are easy to introduce vulnerabilities,in addition to the anonymity and non-modification features provided by the platform,high-value vulnerability contracts are highly attractive to attackers and are easy to become the target of network attacks.In recent years,serious security incidents caused by smart contract vulnerabilities occur frequently in actual deployment,and it is often seen that user assets are frequently lost,depreciated and frozen.Therefore,it is of great significance to make a study of conducting accurate vulnerability detection in smart contracts at this stage.At present,smart contract vulnerability detection methods rely heavily on the rules defined by experts.Due to the lack of flexibility,high false positives and missed reports are often led to.Moreover,the information obtained only by static analysis(referred to as static information)cannot cover all contract states,and it is easy to leave out key information that only appears in the execution process,such as the order in which the opcodes are executed,the values of key variables.In order to solve the above difficulties in smart contract vulnerability detection,this thesis designs a smart contract vulnerability detection method based on multilateral graph network structure.Its main research contents are as follows:(1)In order to solve the problem that all the key information cannot be obtained through single static analysis,this thesis designs a dynamic and static vulnerability feature extraction method based on pattern matching.This method designs dynamic and static vulnerability feature matching rules for vulnerabilities by analyzing the causes of vulnerabilities to obtain key variables in the stack and vulnerability features at the source code level during contract execution,so as to cover more contract states and greatly improve the accuracy of vulnerability detection.This method guides the model to learn the characteristics of specific vulnerabilities more specifically,and improves detection efficiency.(2)In order to more accurately express the structural relationship of vulnerability contract code and enrich the semantic information of contract code in the learning model,this thesis collected and constructed a large number of open source data sets,and introduced the multilateral graph neural network to transform the contract into a contract representation graph with rich structural semantic information.The multilateral graph structure improves the expression ability of the dynamic and static characteristics of the contract,improves the detection effect of the model in real environment,and has good scalability.(3)A smart contracts vulnerability detection prototype system of SCGCN was designed and realized in this thesis.The experimental results show that the system detection accuracy rate reached 94%.This system was used to test the current smart contracts on the Ethernet in the real environment.With 5000 contracts tested,35 single vulnerability contracts and 3composite vulnerability contracts were successfully detected.Experimental results show that the smart contract vulnerability detection method based on polygram convolutional neural network is effective and reliable.