Peculiar: Smart Contract Vulnerability Detection Based on Crucial Data Flow Graph and Pre-training Techniques
Smart contracts with natural economic attributes have been widely and rapidly developed in various fields. However, the bugs and vulnerabilities in smart contracts have brought huge economic losses, which has strengthened people's attention to the security issues of smart contracts. The immutab...
Uloženo v:
| Vydáno v: | Proceedings - International Symposium on Software Reliability Engineering s. 378 - 389 |
|---|---|
| Hlavní autoři: | , , , , , , , |
| Médium: | Konferenční příspěvek |
| Jazyk: | angličtina |
| Vydáno: |
IEEE
01.10.2021
|
| Témata: | |
| ISSN: | 2332-6549 |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstract | Smart contracts with natural economic attributes have been widely and rapidly developed in various fields. However, the bugs and vulnerabilities in smart contracts have brought huge economic losses, which has strengthened people's attention to the security issues of smart contracts. The immutability of smart contracts makes people more willing to conduct security checks before deploying smart contracts. Nonetheless, existing smart contract vulnerability detection techniques are far away from enough: static analysis approaches rely heavily on manually crafted heuristics which is difficult to reuse across different types of vulnerabilities while deep learning based approaches also have unique limitations. In this study, we propose a novel approach, Peculiar, which uses Pre-training technique for detection of smart contract vulnerabilities based on crucial data flow graph. Compared against the traditional data flow graph which is already utilized in existing approach, crucial data flow graph is less complex and does not bring an unnecessarily deep hierarchy, which makes the model easy to focus on the critical features. Moreover, we also involve pre-training technique in our model due to the dramatic improvements it has achieved on a variety of NLP tasks. Our empirical results show that Peculiar can achieve 91.80 % precision and 92.40 % recall in detecting reentrancy vulnerability, one of the most severe and common smart contract vulnerabilities, on 40,932 smart contract files, which is significantly better than the state-of-the-art methods (e.g., Smartcheck achieves 79.37% precision and 70.50% recall). Meanwhile, another experiment shows that Peculiar is more discerning to reentrancy vulnerability than existing approaches. The ablation experiment reveals that both crucial data flow graph and pre-trained model contribute significantly to the performances of Peculiar. |
|---|---|
| AbstractList | Smart contracts with natural economic attributes have been widely and rapidly developed in various fields. However, the bugs and vulnerabilities in smart contracts have brought huge economic losses, which has strengthened people's attention to the security issues of smart contracts. The immutability of smart contracts makes people more willing to conduct security checks before deploying smart contracts. Nonetheless, existing smart contract vulnerability detection techniques are far away from enough: static analysis approaches rely heavily on manually crafted heuristics which is difficult to reuse across different types of vulnerabilities while deep learning based approaches also have unique limitations. In this study, we propose a novel approach, Peculiar, which uses Pre-training technique for detection of smart contract vulnerabilities based on crucial data flow graph. Compared against the traditional data flow graph which is already utilized in existing approach, crucial data flow graph is less complex and does not bring an unnecessarily deep hierarchy, which makes the model easy to focus on the critical features. Moreover, we also involve pre-training technique in our model due to the dramatic improvements it has achieved on a variety of NLP tasks. Our empirical results show that Peculiar can achieve 91.80 % precision and 92.40 % recall in detecting reentrancy vulnerability, one of the most severe and common smart contract vulnerabilities, on 40,932 smart contract files, which is significantly better than the state-of-the-art methods (e.g., Smartcheck achieves 79.37% precision and 70.50% recall). Meanwhile, another experiment shows that Peculiar is more discerning to reentrancy vulnerability than existing approaches. The ablation experiment reveals that both crucial data flow graph and pre-trained model contribute significantly to the performances of Peculiar. |
| Author | Zhang, Haoyu Lei, Yan Mao, Xiaoguang Zhang, Zhuo Qin, Yihao Wu, Hongjun Wang, Shangwen Lin, Bo |
| Author_xml | – sequence: 1 givenname: Hongjun surname: Wu fullname: Wu, Hongjun email: wuhongjun15@nudt.edu.cn organization: National University of Defense Technology,Changsha,China – sequence: 2 givenname: Zhuo surname: Zhang fullname: Zhang, Zhuo email: zz8477@126.com organization: Guangxi Key Laboratory of Trusted Software, Guilin University of Electronic Technology,Guilin,China – sequence: 3 givenname: Shangwen surname: Wang fullname: Wang, Shangwen email: wangshangwen13@nudt.edu.cn organization: National University of Defense Technology,Changsha,China – sequence: 4 givenname: Yan surname: Lei fullname: Lei, Yan email: yanlei@cqu.edu.cn organization: School of Big Data & Software Engineering, Chongqing University,Chongqing,China – sequence: 5 givenname: Bo surname: Lin fullname: Lin, Bo email: linbo19@nudt.edu.cn organization: National University of Defense Technology,Changsha,China – sequence: 6 givenname: Yihao surname: Qin fullname: Qin, Yihao email: yihaoqin@nudt.edu.cn organization: National University of Defense Technology,Changsha,China – sequence: 7 givenname: Haoyu surname: Zhang fullname: Zhang, Haoyu email: zhanghaoyu10@nudt.edu.cn organization: Defense Innovation Institute, Academy of Military Sciences,Beijing,China – sequence: 8 givenname: Xiaoguang surname: Mao fullname: Mao, Xiaoguang email: xgmao@nudt.edu.cn organization: National University of Defense Technology,Changsha,China |
| BookMark | eNotj11LwzAYRqMouE1_gQj5A535atp4p92Hg4HDTW_H2_Sdi3TpTFPG_r0FvXrOc3PgDMmVbzwS8sDZmHNmHhfr9fs0FSYXY8EEHzPGVHZBhlzrVIk0z-QlGQgpRdJ_c0OGbfvNmGCKiwE5rNB2tYPwRNcHCJEWjY8BbKSfXe0xQOlqF890ghFtdI2nL9BiRXsoQmcd1HQCEeisbk50HuC4p-ArugqY9Brnnf-iG7R77346bG_J9Q7qFu_-d0Q-ZtNN8Zos3-aL4nmZOMFkTBQYTJmRu4ppMJk0OVjMpBa51ZUArLhSptKoKsmQCZvvVGmhtH1UCUJpOSL3f16HiNtjcH3aeWuyPtto-Qu12VvQ |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/ISSRE52982.2021.00047 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE/IET Electronic Library IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Economics Computer Science |
| EISBN | 1665425873 9781665425872 |
| EISSN | 2332-6549 |
| EndPage | 389 |
| ExternalDocumentID | 9700296 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: National Natural Science Foundation of China grantid: 61872445,61672529 funderid: 10.13039/501100001809 |
| GroupedDBID | 23M 29G 29N 29O 6IE 6IF 6IH 6IK 6IL 6IN AAJGR AAWTH ABLEC ACGFS ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IPLJI M43 OCL RIE RIL RNS |
| ID | FETCH-LOGICAL-i203t-4a9e5093fd06a97398ace73628c6d2aed1449d6e4d30e02c8f4bcabc020ba2463 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 89 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000783962100034&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| IngestDate | Wed Aug 27 02:23:58 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i203t-4a9e5093fd06a97398ace73628c6d2aed1449d6e4d30e02c8f4bcabc020ba2463 |
| PageCount | 12 |
| ParticipantIDs | ieee_primary_9700296 |
| PublicationCentury | 2000 |
| PublicationDate | 2021-Oct. |
| PublicationDateYYYYMMDD | 2021-10-01 |
| PublicationDate_xml | – month: 10 year: 2021 text: 2021-Oct. |
| PublicationDecade | 2020 |
| PublicationTitle | Proceedings - International Symposium on Software Reliability Engineering |
| PublicationTitleAbbrev | ISSRE |
| PublicationYear | 2021 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0020412 |
| Score | 2.5228035 |
| Snippet | Smart contracts with natural economic attributes have been widely and rapidly developed in various fields. However, the bugs and vulnerabilities in smart... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 378 |
| SubjectTerms | Blockchain Data Flow Graph Data models Deep learning Economics Neural networks Pre-training Techniques Smart Contract Smart contracts Software reliability Static analysis Vulnerability Detection |
| Title | Peculiar: Smart Contract Vulnerability Detection Based on Crucial Data Flow Graph and Pre-training Techniques |
| URI | https://ieeexplore.ieee.org/document/9700296 |
| WOSCitedRecordID | wos000783962100034&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LTwIxEG6QmOgJBYzv9ODRldKW7tajPNQLIYKGG-ljSEhgMbBo_Pe2ZRdj4sVbs5duZtrMTGe-70PohieSAgOIlE5IxAXx_V3BIzl11YgFQ4m0QWwi7veT8VgOSuh2h4UBgDB8Bnd-GXr5dmk2_qmsIWPfRBJ7aC-O4y1Wa1dced6oHKHTJLLxPBy-dFtUJh5sRZuBlPO3gkoIIL3K_7Y-QvUfJB4e7GLMMSpBWkWVQooB5zezig4KgPG6hhYDL3g7U6t7PFy4k4E9A5UHQ-G3zdyTTId52C_cgSzMYaX4wYUyi92i7TztDiTuqEzh3nz5iR89oTVWqXW_AVEhKIFHBfXruo5ee91R-ynKVRWiGSUsi7iS4LIENrVEKBkzmSgDsYtjiRGWKrCuxJJWALeMAKEmmXJtlDbOxFpRLtgJKqfLFE4RnmotLBPMguYu8VNaNZUVPocRLc20PEM1b8nJ-5Y4Y5Ib8fzvzxfo0LtqOyl3icrZagNXaN98ZLP16jp4-xvRv6yX |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LTwIxEJ4gmugJBYxve_DoytKWsvUoDyEiIYKGG2m3swkJLAYWjf_ednkYEy_emr10M9NmZjrzfR_ADQ8kRYboKR34Hhe-6-8K7snIViMGQ-pLk4pNVLvdYDiUvQzcbrEwiJgOn-GdW6a9fDMLl-6prCSrrokkdmC3wjktr9Ba2_LKMUetMTplX5ba_f5Lo0Jl4OBWtJzScv7WUElDSDP3v80PofiDxSO9bZQ5ggzGechtxBjI-m7mYX8DMV4UYNpzkrdjNb8n_ak9G8RxUDk4FHlbThzNdDoR-0XqmKSTWDF5sMHMELuoWV_bI0nqKlGkOZl9kkdHaU1UbOxvoLeRlCCDDfnrogivzcag1vLWugremPos8biSaPMEFhlfKFllMlAhVm0kC0JhqEJjiyxpBHLDfPRpGERch0qH1sRaUS7YMWTjWYwnQCKthWGCGdTcpn5Kq7IywmUxoqKZlqdQcJYcva-oM0ZrI579_fka9luD586o0-4-ncOBc9tqbu4Cssl8iZewF34k48X8KvX8N_asr94 |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=proceeding&rft.title=Proceedings+-+International+Symposium+on+Software+Reliability+Engineering&rft.atitle=Peculiar%3A+Smart+Contract+Vulnerability+Detection+Based+on+Crucial+Data+Flow+Graph+and+Pre-training+Techniques&rft.au=Wu%2C+Hongjun&rft.au=Zhang%2C+Zhuo&rft.au=Wang%2C+Shangwen&rft.au=Lei%2C+Yan&rft.date=2021-10-01&rft.pub=IEEE&rft.eissn=2332-6549&rft.spage=378&rft.epage=389&rft_id=info:doi/10.1109%2FISSRE52982.2021.00047&rft.externalDocID=9700296 |