Search for vulnerabilities in smart contracts based on machine learning
- Authors: Belous V.S.1, Tarkhanov I.A.2,3
-
Affiliations:
- National University of Science and Technology “MISiS”
- State Academic University for Humanities
- Federal Research Center “Computer Science and Control” of Russian Academy of Sciences
- Issue: Vol 74, No 3 (2024)
- Pages: 89-102
- Section: Risk-Management and Security
- URL: https://journals.rcsi.science/2079-0279/article/view/293624
- DOI: https://doi.org/10.14357/20790279240310
- EDN: https://elibrary.ru/URZLYI
- ID: 293624
Cite item
Full Text
Abstract
With the rising popularity of blockchain projects, the number of decentralized applications based on them is also growing. The central element of these applications are smart contracts. This technology is still relatively new and has a number of security issues. Statistics of smart contract hacking indicate the relevance of finding vulnerabilities in smart contract code problem. The article describes 3 machine learning models for searching for vulnerabilities in smart contracts written in the Solidity language. Particular attention is paid to preparing the dataset for training and comparing it with well-known code analyzers. The metrics obtained from the results of training and testing the models suggest that the model consisting of three bidirectional recurrent BiGRU layers and three convolutional CNN layers is effective in the task of searching for smart contract vulnerabilities.
Keywords
About the authors
V. S. Belous
National University of Science and Technology “MISiS”
Email: belous.vadim@inbox.ru
Student
Russian Federation, MoscowI. A. Tarkhanov
State Academic University for Humanities; Federal Research Center “Computer Science and Control” of Russian Academy of Sciences
Author for correspondence.
Email: tarkhanov@isa.ru
PhD
Russian Federation, Moscow; MoscowReferences
- Ray P.P. Web3: A comprehensive review on background, technologies, applications, zero-trust architectures, challenges and future directions // Internet of Things and Cyber-Physical Systems. 2023.
- Crypto Hacks 2023: Full List of Scams and Exploits as Millions Go Missing. // ccn.com. 2024. URL: https://www.ccn.com/education/crypto-hacks-2023-full-list-of-scams-and-exploits-as-millions-go-missing
- Huang Y. et al. Smart contract security: A software lifecycle perspective //IEEE Access. 2019. V. 7. P. 150184-150202.
- Kiani R., Sheng V.S. Ethereum Smart Contract Vulnerability Detection and Machine Learning-Driven Solutions: A Systematic Literature Review //Electronics. 2024. V. 13. No. 12. P. 2295.
- Mukhopadhyay M. Ethereum Smart Contract Development: Build blockchain-based decentralized applications using solidity. Packt Publishing Ltd, 2018.
- What Are Smart Contracts and How Do They Work? // chain.link. 2023. URL: https://chain. link/education/smart-contracts (дата обращения: 17.11.2023)
- Wei Z., Sun J., Zhang Z., Zhang X., Yand X., Zhu L. Survey on Quality Assurance of Smart Contracts. // ACM Comput. Surv. 2023. URL: https://arxiv.org/ pdf/2311.00270.pdf (дата обращения: 17.11.2023)
- Harz D., Knottenbelt W. Towards Safer Smart Contracts: A Survey of Languages and Verification Methods. // arXiv:1809.09805. 2018. URL: https:// arxiv.org/pdf/1809.09805.pdf (дата обращения: 17.11.2023)
- Brousmiche K., Abdellatif T. Formal Verification of Smart Contracts Based on Users and Blockchain Behaviors Models. // 9th IFIP International Conference on New Technologies, Mobility and Security. 2018. URL: https://www.researchgate.net/publication/324175498_Formal_Verification_of_Smart_ Contracts_Based_on_Users_and_Blockchain_Behaviors_Models (дата обращения: 17.11.2023)
- He J., Balunovic M., Ambroladze N., Tsankov P., Martin T. Learning to Fuzz from Symbolic Execution with Application to Smart Contracts. // In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 2019. URL: https://dl.acm.org/ doi/10.1145/3319535.3363230 (дата обращения: 17.11.2023)
- Click C., Paleczny M. A simple graph-based intermediate representation //ACM Sigplan Notices. 1995. V. 30. No. 3. P. 35-49.
- Chakraborty S., Krishna R., Ding Y., Ray B. Deep Learning Based Vulnerability Detection: Are We There Yet? // IEEE Transactions on Software Engineering. 2022. URL: https://www. researchgate.net/publication/352279734_Deep_ Learning_based_Vulnerability_Detection_Are_ We_There_Yet (дата обращения: 17.11.2023)
- Multilabel Classification: An Introduction with Python’s Scikit-Learn. // KDnuggets. 2023. URL: https://www.kdnuggets.com/2023/08/multilabel-classification-introduction-python-scikitlearn. html (дата обращения: 17.11.2023)
- Gated Recurrent Unit Networks. // geeksforgeeks. 2023. URL: https://www.geeksforgeeks.org/gated-recurrent-unit-networks/ (дата обращения: 12.01.2024)
- Crash Course in Convolutional Neural Networks for Machine Learning // machinelearningmastery. 2023. URL: https://machinelearningmastery.com/ crash-course-convolutional-neural-networks/ (дата обращения: 12.01.2024)
- Zhuang Y. et al. Smart contract vulnerability detection using graph neural networks // Proceedings of the Twenty-Ninth International Conference on International Joint Conferences on Artificial Intelligence. 2021. P. 3283-3290.
- From cloud data warehouse to an AI-ready data platform. // Google BigQuery. 2024. URL: https:// cloud.google.com/bigquery?hl=ru (дата обращения: 12.01.2024)
- Sendner C., Chen H., Fereidooni H., Petzi L., König J., Stang J., Dmitrienko A. Smarter Contracts: Detecting Vulnerabilities in Smart Contracts with Deep Transfer Learning // ISBN 1-891562-83-5. 2023. URL: https://www.ndss-symposium.org/wp-content/uploads/2023/02/ ndss2023_s263_paper.pdf (дата обращения: 17.11.2023)
- Zouhar V., Meister C., Gastaldi J., Du L., Sachan M., Cotterell R. Tokenization and the Noiseless Channel. // 2023.acl-long.284. 2023. URL: https://aclanthology.org/2023.acl-long.284 (дата обращения: 17.11.2023)
- Text Vectorization layer. // TensorFlow. 2023. URL: https://www.tensorflow.org/api_docs/ python/tf/keras/layers/TextVectorization (дата обращения: 17.11.2023)
- Embedding layer // TensorFlow. 2023. URL: https://www.tensorflow.org/api_docs/python/ tf/keras/layers/Embedding (дата обращения: 17.11.2023)
- Sholle F. Glubokoe obuchenie na Python. SPb.: Piter. 2018. 400 р.
- Zheron O. Prikladnoe mashinnoe obuchenie s pomoshh’ju Scikit-Learn, Keras i TensorFlow: koncepcii, instrumenty i tehniki dlja sozdanija intellektual’nyh sistem. SPb.: OOO «Dialektika», 2020.
- Optimizers Adam. // TensorFlow. 2024. URL: https://www.tensorflow.org/api_docs/python/ tf/keras/optimizers/Adam (дата обращения: 30.03.2024).
- Mythril. Security analysis tool for EVM bytecode // GitHub. 2024. URL: https://github.com/ Consensys/mythril (дата обращения: 30.03.2024)
- sFuzz. // GitHub. 2024. URL: https://github.com/ duytai/sFuzz (дата обращения: 30.03.2024)
- Wei Z., Sun J., Zhang Z., Zhang X., Li M., Zhu L. A Comparative Evaluation of Automated Analysis Tools for Solidity Smart Contracts. // arXiv:2310.20212v. 2023. URL: https://arxiv.org/ pdf/2310.20212 (дата обращения: 17.11.2023)
Supplementary files
