当前位置:
X-MOL 学术
›
IEEE Trans. Softw. Eng.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
ContractCheck: Checking Ethereum Smart Contracts in Fine-Grained Level
IEEE Transactions on Software Engineering ( IF 6.5 ) Pub Date : 2024-05-15 , DOI: 10.1109/tse.2024.3400294 Xite Wang 1 , Senping Tian 1 , Wei Cui 1
IEEE Transactions on Software Engineering ( IF 6.5 ) Pub Date : 2024-05-15 , DOI: 10.1109/tse.2024.3400294 Xite Wang 1 , Senping Tian 1 , Wei Cui 1
Affiliation
The blockchain has been the main computing scenario for smart contracts, and the decentralized infrastructure of the blockchain is effectively implemented in a de-trusted and executable environment. However, vulnerabilities in smart contracts are particularly vulnerable to exploitation by malicious attackers and have always been a key issue in blockchain security. Existing traditional tools are inefficient in detecting vulnerabilities and have a high rate of false positives when detecting contracts. Some neural network methods have improved the detection efficiency, but they are not competent for fine-grained (code line level) vulnerability detection. We propose the ContractCheck model for detecting contract vulnerabilities based on neural network methods. ContractCheck extracts fine-grained segments from the abstract syntax tree (AST) and function call graph of smart contract source code. Furthermore, the segments are parsed into token flow retaining semantic information as uint, which are used to generate numerical vector sequences that can be trained using neural network methods. We conduct multiple rounds of experiments using a dataset constructed from 36,885 smart contracts and identified the optimal ContractCheck model structure by employing the Fasttext embedding vector algorithm and constructing a composite model using CNN and BiGRU for training the network. Evaluation on other datasets demonstrates that ContractCheck exhibits significant improvement in contract-level detection performance compared to other methods, with an increase of 23.60% in F1 score over the best existing method. Particularly, it achieves fine-grained detection based on neural network methods. The cases provide indicate that ContractCheck can effectively assist developers in accurately locating the presence of vulnerabilities, thereby enhancing the security of Ethereum smart contracts.
中文翻译:
ContractCheck:细粒度检查以太坊智能合约
区块链一直是智能合约的主要计算场景,区块链的去中心化基础设施在去信任、可执行的环境中有效实现。然而,智能合约中的漏洞特别容易被恶意攻击者利用,一直是区块链安全的关键问题。现有的传统工具在检测漏洞方面效率低下,并且在检测合约时误报率较高。一些神经网络方法提高了检测效率,但无法胜任细粒度(代码行级别)的漏洞检测。我们提出了基于神经网络方法的 ContractCheck 模型来检测合约漏洞。 ContractCheck从智能合约源代码的抽象语法树(AST)和函数调用图中提取细粒度的段。此外,这些片段被解析为将语义信息保留为 uint 的标记流,这些标记流用于生成可以使用神经网络方法进行训练的数值向量序列。我们使用由 36,885 个智能合约构建的数据集进行多轮实验,并通过采用 Fasttext 嵌入向量算法并使用 CNN 和 BiGRU 构建复合模型来训练网络,确定了最佳 ContractCheck 模型结构。对其他数据集的评估表明,与其他方法相比,ContractCheck 在合同级检测性能方面表现出显着提升,F1 分数比现有最佳方法提高了 23.60%。特别是,它实现了基于神经网络方法的细粒度检测。 提供的案例表明,ContractCheck可以有效帮助开发者准确定位是否存在漏洞,从而增强以太坊智能合约的安全性。
更新日期:2024-05-15
中文翻译:
ContractCheck:细粒度检查以太坊智能合约
区块链一直是智能合约的主要计算场景,区块链的去中心化基础设施在去信任、可执行的环境中有效实现。然而,智能合约中的漏洞特别容易被恶意攻击者利用,一直是区块链安全的关键问题。现有的传统工具在检测漏洞方面效率低下,并且在检测合约时误报率较高。一些神经网络方法提高了检测效率,但无法胜任细粒度(代码行级别)的漏洞检测。我们提出了基于神经网络方法的 ContractCheck 模型来检测合约漏洞。 ContractCheck从智能合约源代码的抽象语法树(AST)和函数调用图中提取细粒度的段。此外,这些片段被解析为将语义信息保留为 uint 的标记流,这些标记流用于生成可以使用神经网络方法进行训练的数值向量序列。我们使用由 36,885 个智能合约构建的数据集进行多轮实验,并通过采用 Fasttext 嵌入向量算法并使用 CNN 和 BiGRU 构建复合模型来训练网络,确定了最佳 ContractCheck 模型结构。对其他数据集的评估表明,与其他方法相比,ContractCheck 在合同级检测性能方面表现出显着提升,F1 分数比现有最佳方法提高了 23.60%。特别是,它实现了基于神经网络方法的细粒度检测。 提供的案例表明,ContractCheck可以有效帮助开发者准确定位是否存在漏洞,从而增强以太坊智能合约的安全性。
京公网安备 11010802027423号