Skip to content

Smart Contract Vulnerability Detection From Pure Neural Network to Interpretable Graph Feature and Expert Pattern Fusion (IJCAI-21 Accepted)

Notifications You must be signed in to change notification settings

Messi-Q/AMEVulDetector

Repository files navigation

AMEVulDetector

This repo is a python implementation of our AMEVulDetector for smart contract vulnerability detection, which combines the global graph feature and local expert patterns.

Overview

The overall architecture of our proposed method is illustrated in the Figure, which consists of three components: (a) a local expert pattern extraction tool, which extracts vulnerability-specific expert patterns from the code; (b) a graph construction and normalization module, which transforms the source code into a global semantic graph; and (c) an attentive multi-encoder network that combines expert patterns and the graph feature for vulnerability detection and outputs explainable weights.

Citation

Please use this citation if you want to cite our paper or codebase in your paper:

@misc{liu2021smart,
      title={Smart Contract Vulnerability Detection: From Pure Neural Network to Interpretable Graph Feature and Expert Pattern Fusion}, 
      author={Zhenguang Liu and Peng Qian and Xiang Wang and Lei Zhu and Qinming He and Shouling Ji},
      year={2021},
      eprint={2106.09282},
      archivePrefix={arXiv},
      primaryClass={cs.LG}
}

Required Packages

  • python 3 or above
  • TensorFlow 2.0 or above
  • sklearn for model evaluation
  • numpy 1.18 or above

Run the following script to install the required packages.

pip install --upgrade pip
pip install tensorflow==2.0
pip install scikit-learn
pip install numpy==1.18

Dataset

We empirically evaluate our proposed method on two benchmark datasets, namely Ethereum smart contract (ESC) and VNT Chain smart contract (VSC). Following Zhuang et al., 2020, we conduct experiments for reentrancy and timestamp dependence vulnerability on ESC, and evaluate infinite loop vulnerability on VSC.

The specific description of the two datasets can be found in Zhuang et al., 2020, while the datasets and source code are released on Github.

More details for the dataset instruction can be found on our dataset page at Smart-Contract-Dataset, which is continuously improving.

Getting started

  • To run program, use this command: python AMEVulDetector.py.
  • Also, you can use specific hyper-parameters to train the model. All the hyper-parameters can be found in parser.py.

Examples:

python AMEVulDetector.py
python AMEVulDetector.py --model EncoderWeight --lr 0.002 --dropout 0.2 --epochs 100 --batch_size 32

Case Study

We further present a case study in the following Figure, where the withdraw function is a real-world smart contract function that is vulnerable to reentrancy vulnerability. Particularly, we characterize the function code as both the global graph and three local patterns for reentrancy (respectively corresponding to the enoughBalance, callValueInvoc, balanceDeduction), which are shown in the left of the following figure. Intuitively, The weights of the global graph feature and each local pattern feature are illustrated in the right of the following figure, where our system is able to clearly explain the reasons behind our prediction.

Reference

  1. Zhuang, Yuan and Liu, Zhenguang and Qian, Peng, et al. Smart Contract Vulnerability Detection using Graph Neural Network. IJCAI, 2020. GNNSCVulDetector
  2. Qian P, Liu Z, He Q, et al. Towards automated reentrancy detection for smart contracts based on sequential models. 2020. ReChecker

About

Smart Contract Vulnerability Detection From Pure Neural Network to Interpretable Graph Feature and Expert Pattern Fusion (IJCAI-21 Accepted)

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published