A new scheme of vulnerability analysis in smart contract with machine learning

Abstract

The smart contracts deployed in Ethereum carry huge amounts of virtual coins. However, there are vulnerabilities in some of these smart contracts, which makes them vulnerable to malicious attacks. Due to the characteristics of blockchain, such vulnerable contracts are difficult to be revoked. In order to prevent vulnerable contracts, it is very important to detect the loopholes in these contracts before their deployment. In this paper, we focus on three vulnerabilities of smart contract: has_short_address, has_flows and is_greedy. For the three kinds of vulnerabilities, we propose slicing matrix, a new method to extract vulnerability feature, and construct three vulnerability detection models for comparison. The experimental results show that the detection accuracy based on neural network and slice matrix is better than that based on neural network and opcode features. In other words, slice matrix can improve the accuracy of vulnerable contract detection. Among our three detection models, the model based on random forest and opcode features performs best.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

References

  1. 1.

    Nakamoto, S. (2019). Bitcoin: A peer-to-peer electronic cash system. Manubot.

  2. 2.

    Zheng, Z., et al. (2017). An overview of blockchain technology: Architecture, consensus, and future trends. In 2017 IEEE international congress on big data (BigData congress) (pp. 557–564).

  3. 3.

    Buterin, V. (2014). A next-generation smart contract and decentralized application platform. White Paper, 3, 37.

    Google Scholar 

  4. 4.

    Chen, W., et al. (2018). Detecting ponzi schemes on ethereum: Towards healthier blockchain technology. In Proceedings of the 2018 world wide web conference. International world wide web conferences steering committee (pp. 1409–1418).

  5. 5.

    Chen, T., et al. (2017). Under-optimized smart contracts devour your money. In 2017 IEEE 24th international conference on software analysis, evolution and reengineering (SANER) (pp. 442–446).

  6. 6.

    LeCun, Y., Yoshua, B., & Geoffrey, H. (2015). Deep learning. Nature, 521, 436.

    Article  Google Scholar 

  7. 7.

    Gu, J., et al. (2018). Recent advances in convolutional neural networks. Pattern Recognition, 77, 354–377.

    Article  Google Scholar 

  8. 8.

    Liaw, Andy, & Wiener, Matthew. (2002). Classification and regression by random forest. R News, 2(3), 18–22.

    Google Scholar 

  9. 9.

    Alam, M. S., & Son T. V. (2013). Random forest classification for detecting android malware. In 2013 IEEE international conference on green computing and communications and IEEE Internet of Things and IEEE cyber, physical and social computing (pp. 663–669).

  10. 10.

    Zhou, Y., et al. (2018). Erays: Reverse engineering ethereum’s opaque smart contracts. In 27th USENIX security symposium (pp. 1371–1385).

  11. 11.

    Frantz, C. K., & Nowostawski, M. (2016). From institutions to code: Towards automated generation of smart contracts. In 2016 IEEE 1st international workshops on foundations and applications of self*systems (FAS*W) (pp. 210–215).

  12. 12.

    Kasampalis, T., et al. (2018). IELE: An intermediate-level blockchain language designed and implemented using formal semantics.

  13. 13.

    Lattner, C., & Adve, V. (2004). LLVM: A compilation framework for lifelong program analysis & transformation. In Proceedings of the international symposium on code generation and optimization: Feedback-directed and runtime optimization (p. 75).

  14. 14.

    Coblenz, M. (2017). Obsidian: A safer blockchain programming language. In Proceedings of the 39th international conference on software engineering companion (pp. 97–99).

  15. 15.

    Mavridou, A., & Laszka, A. (2018). Tool demonstration: FSolidM for designing secure Ethereum smart contracts. In International conference on principles of security and trust (pp. 270–277).

  16. 16.

    Liu, C., et al. (2018). Reguard: Finding reentrancy bugs in smart contracts. In Proceedings of the 40th international conference on software engineering: companion proceedings (pp. 65–68).

  17. 17.

    Bonneau, J., Clark, J., & Goldfeder, S. (2015). On Bitcoin as a public randomness source. In IACR cryptology ePrint archive (p. 1015).

  18. 18.

    Lenstra, A. K., & Wesolowski, B. (2015). A random zoo: Sloth, unicorn, and trx. In IACR cryptology ePrint archive (p. 366).

  19. 19.

    Bnz, B., Steven G., & Bonneau, J. (2017). Proofs-of-delay and randomness beacons in ethereum. In IEEE security and privacy on the blockchain (IEEE S&B).

  20. 20.

    Chen, T., et al. (2018). Towards saving money in using smart contracts. In 2018 IEEE/ACM 40th international conference on software engineering: New ideas and emerging technologies results (ICSE-NIER) (pp. 81–84).

  21. 21.

    Krupp, J., & Rossow, C. (2018). teether: Gnawing at ethereum to automatically exploit smart contracts. In 27th USENIX security symposium (pp. 1317–1333).

  22. 22.

    Luu, L., et al. (2016). Making smart contracts smarter. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security (pp. 254–269).

  23. 23.

    Albert, E., et al. (2018). Ethir: A framework for high-level analysis of ethereum bytecode. In International symposium on automated technology for verification and analysis (pp. 513–520).

  24. 24.

    Knecht, M., & Stiller, B. (2017). Smartdemap: A smart contract deployment and management platform. In IFIP international conference on autonomous infrastructure, management and security (pp. 159–164).

  25. 25.

    Delmolino, K., et al. (2016) Step by step towards creating a safe smart contract: Lessons and insights from a cryptocurrency lab. In International conference on financial cryptography and data security (pp. 79–94).

  26. 26.

    Nikoli, I., et al. (2018). Finding the greedy, prodigal, and suicidal contracts at scale. In Proceedings of the 34th annual computer security applications conference (pp. 653–663).

  27. 27.

    Kalra, S., et al. (2018). ZEUS: Analyzing safety of smart contracts. NDSS.

  28. 28.

    Bhargavan, K., et al. (2016) Formal verification of smart contracts: Short paper. In Proceedings of the 2016 ACM workshop on programming languages and analysis for security (pp. 91–96).

  29. 29.

    Huang, T.H.-D. (2018). Hunting the ethereum smart contract: Color-inspired inspection of potential attacks. arXiv preprint arXiv:1807.01868 (2018).

  30. 30.

    Tann, W.J.-W., et al. (2018). Towards safer smart contracts: A sequence learning approach to detecting security threats. arXiv preprint arXiv:1811.06632 (2018).

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Jin Li.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Xing, C., Chen, Z., Chen, L. et al. A new scheme of vulnerability analysis in smart contract with machine learning. Wireless Netw (2020). https://doi.org/10.1007/s11276-020-02379-z

Download citation

Keywords

  • Smart contract
  • Slice matrix
  • Vulnerability
  • Multi-label classification
  • Ethereum