Detect Defects of Solidity Smart Contract Based on the Knowledge Graph

Smart contract security is one of the core issues in any application based on blockchain. There are many techniques focusing on smart contract security, however, due to the diversity of Solidity versions and limitations of detection time, it is difficult for them to comprehensively localize defects in different versions of smart contracts. In this article, we propose a static defect detection method based on the knowledge graph of the Solidity language and present a defect detection tool called SoliDetector . First, we define the ontology layer of the knowledge graph and construct the instance layer in which syntactic and logical relationships are captured. Second, we introduce the defect pattern to describe each defect and design inference rules to infer complex relationships and judge whether a defect exists. Finally, we localize defects by executing SPARQL queries. SoliDetector can support the detection of 20 kinds of defects and the automatic SPARQL query generation. We conducted several experiments on multiple datasets. SoliDetector obtains a high F-score (i.e., 92.97% on Dataset1 and 91.54% on the SmartBug dataset). To compare SoliDetector with SmartCheck , Slither , and Mythril , we conducted experiments on a labeled benchmark Dataset3 and real-world contracts. SoliDetector has a high F-score of 94.04% and is faster than other tools with an average time of 0.37 s for each contract.