智能合约
计算机科学
图形
程序切片
脆弱性(计算)
依赖关系图
理论计算机科学
计算机安全
软件
程序设计语言
块链
作者
Jie Cai,Bin Li,Jiale Zhang,Xiaobing Sun,Bing Chen
标识
DOI:10.1016/j.jss.2022.111550
摘要
Smart contract security has drawn extensive attention in recent years because of the enormous economic losses caused by vulnerabilities. Even worse, fixing bugs in a deployed smart contract is difficult, so developers must detect security vulnerabilities in a smart contract before deployment. Existing smart contract vulnerability detection efforts heavily rely on fixed rules defined by experts, which are inefficient and inflexible. To overcome the limitations of existing vulnerability detection approaches, we propose a GNN based approach for smart contract vulnerability detection. First, we construct a graph representation for a smart contract function with syntactic and semantic features by combining abstract syntax tree (AST), control flow graph (CFG), and program dependency graph (PDG). To further strengthen the presentation ability of our approach, we perform program slicing to normalize the graph and eliminate the redundant information unrelated to vulnerabilities. Then, we use a Bidirectional Gated Graph Neural-Network model with hybrid attention pooling to identify potential vulnerabilities in smart contract functions. Empirical results show that our approach can achieve 89.2% precision and 92.9% recall in smart contract vulnerability detection on our dataset and reveal the effectiveness and efficiency of our approach.
科研通智能强力驱动
Strongly Powered by AbleSci AI