Research On Vulnerability Detection Methods For Ethereum Smart Contracts

With the rapid development of Ethereum,more and more smart contracts are deployed based on Ethereum,and in recent years,the continuous exposure of smart contract vulnerabilities has caused huge financial losses to Ethereum investors.Once a smart contract is deployed on the chain,it cannot be modified,and this feature makes vulnerability detection before deployment be an important tool to ensure its security.Existing methods for detecting vulnerabilities in smart contracts have various problems: traditional methods rely on expert rules,which are less automated and difficult to apply to large-scale detection; machine learning-based methods do not make full use of the rich structural information of smart contracts,resulting in a high false negative report and false positive report in detection results.In order to solve the difficulty in using structural information in smart contracts,this paper constructs a graphic intermediate representation that can characterize smart contracts and combines it with graph neural network technology to propose a smart contract vulnerability detection method based on graph matching neural network.The main research work in this paper is as follows.(1)In order to detect vulnerabilities in the source code of smart contracts,this paper proposes a graph matching neural network vulnerability detection method for smart contract source code.To exploit the syntactic and semantic information in the source code of smart contracts,an abstract semantic graph structure that can fully characterize the syntactic and semantic information of the source code of smart contracts is constructed.Firstly,the abstract syntax tree is parsed from the source code,and the control flow graph and data flow graph are constructed on the basis of the abstract syntax tree; secondly,the abstract syntax tree,control flow graph and data flow graph are combined to generate the abstract semantic graph; finally,in order to make full use of the structural information in the abstract semantic graph and to automate vulnerability detection,the abstract semantic graph is transformed into a graph structure vector using a natural language model,and a graph matching neural network is used to smart contracts.The experimental results show that the source code oriented smart contract vulnerability detection method proposed in this paper improves the F1 score by 10% to 15% on average compared with the existing source code oriented vulnerability detection methods(Slither,Smart Check and DR-GCN).(2)Smart contracts in Ethernet are also released in bytecode form,and this paper further extends the above approach to bytecode-oriented vulnerability detection scenarios.In order to exploit the rich structural information in the bytecode of smart contracts,this paper proposes an abstract semantic graph structure to characterize the bytecode of smart contracts based on the characteristics of bytecode.Firstly,the bytecode is decompiled into opcodes,and the opcodes are divided into basic blocks according to the semantics of the opcode instructions; secondly,an Ethernet virtual machine is simulated to execute the opcodes to construct the control flow between the basic blocks,and the opcodes are semantically normalized to generate a bytecodeoriented abstract semantic graph; finally,a graph matching neural network is used to detect the vulnerabilities in the smart contract bytecodes.The experimental results show that the bytecodeoriented smart contract vulnerability detection method proposed in this paper improves the F1 score by 14% to 20% on average compared with the existing bytecode-oriented vulnerability detection methods(Oyente,Securify and Contract Fuzzer).(3)Based on the proposed bytecode-and source-code oriented graph matching neural network vulnerability detection method,this paper designs and implements a visual smart contract vulnerability detection system.The overall architecture of the system is described in this paper,and the division of each module of the system and related important algorithms are explained.In order to evaluate the vulnerability detection effect of the smart contract vulnerability detection system built in this paper in a real smart contract environment,the smart contracts deployed in Ethereum were tested and the results were analysed manually.