Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

A smart contract vulnerability detection method based on deep learning with opcode sequences

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

Ethereum is a blockchain network that allows developers to create smart contracts and programs that run on the blockchain. Smart contracts contain logic to transfer assets based on pre-defined conditions. With over 100,000 new smart contracts being deployed every day, the potential for coding errors is high, making the contracts vulnerable to exploits. A key limitation is that once deployed, smart contracts are immutable and cannot be updated, even if flaws are found. This inflexibility puts funds at risk of theft and loss. The rapid pace of deployment outpaces security audits, increasing vulnerabilities that put users’ cryptocurrency at risk. To reduce the risk caused by smart contract vulnerabilities, we applied deep learning techniques. To develop a deep learning model capable of detecting vulnerabilities, we first created a dataset by replaying real transactions on the Ethereum Mainnet, collecting opcode sequences from real Ethereum contracts, and labeling them using the SODA plugin. We pre-processed this opcode data by removing duplicates, normalizing sequence lengths, simplifying opcodes into representative groups, and converting sequences into numerical vectors to ultimately obtain an optimal representation of the data. We then trained and evaluated three different neural network architectures on this dataset. Our best-performing model achieved an average accuracy of 88% in detecting seven types of vulnerabilities. Further analysis showed that the model was effective at identifying potential problems in smart contracts, which was an important capability for securing funds and executing logic in live contracts.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Algorithm 1
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Data availibility

The datasets generated or analyzed during this study are available from the corresponding author on reasonable request.

References

  1. Zhang S, Wang G, Bhuiyan MZA, Liu Q (2018) A dual privacy preserving scheme in continuous location-based services. IEEE Internet Things J 5(5):4191–4200

    Article  Google Scholar 

  2. Peng T, Zhong W, Wang G, Zhang S, Luo E, Wang T (2023) Spatiotemporal-aware privacy-preserving task matching in mobile crowdsensing. IEEE Internet Things J

  3. Zhang S, Choo K-KR, Liu Q, Wang G (2018) Enhancing privacy through uniform grid and caching in location-based services. Futur Gener Comput Syst 86:881–892

    Article  Google Scholar 

  4. Nakamoto S, Bitcoin A (2008) A peer-to-peer electronic cash system 4(2):15. Bitcoin. https://bitcoin.org/bitcoin.pdf

  5. Szabo N (1996) Smart contracts: building blocks for digital markets. EXTROPY: The Journal of Transhumanist Thought(16) 18(2):28

  6. Suvitha M, Subha R (2021) A survey on smart contract platforms and features. In 2021 7th International Conference on Advanced Computing and Communication Systems (ICACCS), vol.1. IEEE, pp 1536–1539

  7. Buterin V etal (2014) A next-generation smart contract and decentralized application platform, white paper 3(37):1–2

  8. Zhang S, Mao X, Choo K-KR, Peng T, Wang G (2020) A trajectory privacy-preserving scheme based on a dual-k mechanism for continuous location-based services. Inform Sci 527:406–419

    Article  Google Scholar 

  9. Liu Q, Hou P, Wang G, Peng T, Zhang S (2019) Intelligent route planning on large road networks with efficiency and privacy. J Parallel Distrib Comput 133:93–106

    Article  Google Scholar 

  10. Zhang S, Wang Y, Luo E, Liu Q, Gu K, Wang G (2023) A traceable and revocable decentralized multi-authority privacy protection scheme for social metaverse. J Syst Archit 140:102899

    Article  Google Scholar 

  11. Yaga D, Mell P, Roby N, Scarfone K (2019) Blockchain technology overview, arXiv preprint arXiv:1906.11078

  12. Sapna, Prashar D (2021) Analysis on blockchain vulnerabilities & attacks on wallet. In 2021 3rd International Conference on Advances in Computing, Communication Control and Networking, pp 1515–1521

  13. Lu N, Wang B, Zhang Y, Shi W, Esposito C (2021) Neucheck: A more practical ethereum smart contract security analysis tool. Softw Prac Exp 51(10):2065–2084

  14. Sun J, Huang S, Zheng C, Wang T, Zong C, Hui Z (2022) Mutation testing for integer overflow in ethereum smart contracts. Tsinghua Sci Technol 27(1):27–40

    Article  Google Scholar 

  15. Lu J, Wu S, Cheng H, Song B, Xiang Z (2021) Smart contract for electricity transactions and charge settlements using blockchain. Appl Stoch Model Bus Ind 37(3):442–453

    Article  Google Scholar 

  16. Permenev A, Dimitrov D, Tsankov P, Drachsler-Cohen D, Vechev M (2020) Verx: Safety verification of smart contracts. In 2020 IEEE symposium on security and privacy (SP). IEEE, pp 1661–1677

  17. Brent L, Jurisevic A, Kong M, Liu E, Gauthier F, Gramoli V, Holz R, Scholz B (2018) Vandal: A scalable security analysis framework for smart contracts. arXiv preprint arXiv:1809.03981

  18. Nikolic I, Kolluri A, Sergey I, Saxena P, Hobor A (2018) Finding the greedy, prodigal, and suicidal contracts at scale. In Proceedings of the 34th Annual Computer Security Applications Conference, pp 653–663

  19. Lai E, Luo W (2020) Static analysis of integer overflow of smart contracts in ethereum. In Proceedings of the 2020 4th International Conference on Cryptography, Security and Privacy, p 110–115

  20. Chen X, Hao Z, Li L, Cui L, Zhu Y, Ding Z, Liu Y (2022) Cruparamer: Learning on parameter-augmented api sequences for malware detection. IEEE Trans Inf Forensics Secur 17:788–803

    Article  Google Scholar 

  21. Ivanov N, Li C, Yan Q, Sun Z, Cao Z, Luo X (2023) Security threat mitigation for smart contracts: A comprehensive survey. ACM Comput Surv

  22. Xu Z, Li C, Han H, Dong X, Zheng Z, Wang H, Zhang J, Chen X, Kochan O (2023) W2V-SA: A deep neural network-based approach to smart contract vulnerability detection. In Proceedings of the 7th International Conference on Computational Linguistics and Intelligent Systems, pp 249–262

  23. Qian P, Liu Z, He Q, Zimmermann R, Wang X (2020) Towards automated reentrancy detection for smart contracts based on sequential models. IEEE Access 8:19685–19695

    Article  Google Scholar 

  24. Kalra S, Goel S, Dhawan M, Sharma S (2018) ZEUS: analyzing safety of smart contracts. In 25th Annual Network and Distributed System Security Symposium, pp 18–21

  25. Brent L, Grech N, Lagouvardos S, Scholz B, Smaragdakis Y (2020) Ethainter: A smart contract security analyzer for composite vulnerabilities. In Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation, p 454–469

  26. Tikhomirov S, Voskresenskaya E, Ivanitskiy I, Takhaviev R, Marchenko E, Alexandrov Y (2018) Smartcheck: Static analysis of ethereum smart contracts. In 1st IEEE/ACM International Workshop on Emerging Trends in Software Engineering for Blockchain, pp 9–16

  27. Momeni P, Wang Y, Samavi R (2019) Machine learning model for smart contracts security analysis. In 2019 17th International Conference on Privacy, Security and Trust (PST), pp 1–6

  28. Xu Y, Hu G, You L, Cao C (2021) A novel machine learning-based analysis model for smart contract vulnerability. Secur Commun Netw 2021:1–12

    Google Scholar 

  29. Liao J, Tsai T, He C, Tien C (2019) Soliaudit: Smart contract vulnerability assessment based on machine learning and fuzz testing, in 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS). IEEE, pp 458–465

  30. Su L, Shen X, Du X, Liao X, Wang X, Xing L, Liu B (2021) Evil under the sun: Understanding and discovering attacks on ethereum decentralized applications, in 30th USENIX Security Symposium, pp 1307–1324

  31. Chen T, Li Z, Zhu Y, Chen J, Luo X, Lui JC, Lin X, Zhang X (2020) Understanding ethereum via graph analysis. ACM Trans Internet Technol 20(2):181–1832

    Article  Google Scholar 

  32. Jiang B, Liu Y, Chan WK (2018) Contractfuzzer: fuzzing smart contracts for vulnerability detection. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, pp 259–269

  33. Ji S, Wu J, Qiu J, Dong J (2023) Effuzz: Efficient fuzzing by directed search for smart contracts. Inf Softw Technol 159:107213

    Article  Google Scholar 

  34. Tsankov P, Dan AM, Drachsler-Cohen D, Gervais A, Bünzli F, Vechev MT (2018) Securify: Practical security analysis of smart contracts. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp 67–82

  35. Li X, Xing X, Wang G, Li P, Liu X (2022) Detecting unknown vulnerabilities in smart contracts with binary classification model using machine learning. In Inernational Conference on Ubiquitous Security, pp 179–192

  36. Sun T, Yu W (2020) A formal verification framework for security issues of blockchain smart contracts. Electronics 9(2):255

    Article  Google Scholar 

  37. Garfatta I,Klai K,Gaaloul W, Graiet M (2021) A survey on formal verification for solidity smart contracts. In Proceedings of the 2021 Australasian Computer Science Week Multiconference, pp 1–10

  38. Han N, Li X, Wang G, Shi Z, Guan Y (2020) Formal verification of atomicity requirements for smart contracts. In Programming Languages and Systems - 18th Asian Symposium, pp 44–64

  39. Park D, Zhang Y, Rosu G (2020) End-to-end formal verification of ethereum 2.0 deposit smart contract. In Computer Aided Verification - 32nd International Conference, pp. 151–164

  40. Yang Z, Lei H, Qian W (2020) A hybrid formal verification system in coq for ensuring the reliability and security of ethereum-based service smart contracts. IEEE Access 8:21411–21436

  41. Bai X, Cheng Z, Duan Z, Hu K (2018) Formal modeling and verification of smart contracts. In Proceedings of the 2018 7th international conference on software and computer applications, pp 322–326

  42. Amani S, Bégel M, Bortin M, Staples M (2018) Towards verifying ethereum smart contract bytecode in isabelle/hol. In Proceedings of the 7th ACM SIGPLAN international conference on certified programs and proofs, pp 66–77

  43. Duan Y, Zhao X, Pan Y, Li S, Li M, Xu F, Zhang M (2022) Towards automated safety vetting of smart contracts in decentralized applications, in Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp 921–935

  44. Zhu J, Xing X, Wang G, Li P (2023) Opcode sequences-based smart contract vulnerabilities detection using deep learning. In accepted by the 22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2023)

  45. Torres CF, Iannillo AK, Gervais A, State R (2021) The eye of horus: Spotting and analyzing attacks on ethereum smart contracts. In Financial Cryptography and Data Security - 25th International Conference, pp 33–52

  46. Chen J, Xia X, Lo D, Grundy J, Luo X, Chen T (2022) Defectchecker: Automated smart contract defect detection by analyzing EVM bytecode. IEEE Trans Softw Eng 48(7):2189–2207

    Article  Google Scholar 

  47. Qian P, He J, Lu L, Wu S, Lu Z, Wu L, Zhou Y, He Q (2023) Demystifying random number in ethereum smart contract: Taxonomy, vulnerability identification, and attack detection. IEEE Trans Softw Eng 49(7):3793–3810

    Article  Google Scholar 

  48. Liao Z, Song S, Zhu H, Luo X, He Z, Jiang R, Chen T, Chen J, Zhang T, Zhang X (2023) Large-scale empirical study of inline assembly on 7.6 million ethereum smart contracts. IEEE Trans Softw Eng 49(2):777–801

  49. Kina-Kina KM, Cutipa-Arias HE, Shiguihara-Juárez P (2019) A comparison of performance between fully and partially decentralized applications. In 2019 IEEE XXVI International Conference on Electronics, Electrical Engineering and Computing (INTERCON), pp 1–4

  50. Zhang M, Zhang X, Zhang Y, Lin Z (2020) TXSPECTOR: uncovering attacks in ethereum from transactions, in 29th USENIX Security Symposium, pp 2775–2792

  51. Ivanov N, Yan Q, Kompalli A (2023) Txt: Real-time transaction encapsulation for ethereum smart contracts. IEEE Trans Inf Forensics Secur 18:1141–1155

    Article  Google Scholar 

  52. Wang G, Li P, Li X, Xing X, Peng T, Chen S, Liu X (2022) Generating opcode sequences by replaying ethereum transaction data. China Patent Application, Application Number: 202211531992.1

  53. Wood G (2024) Ethereum: A secure decentralised generalised transaction ledger paris version. https://ethereum.github.io/yellowpaper/paper.pdf. Accessed: March 2024

  54. Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735–1780

    Article  Google Scholar 

  55. Wang Z, Zhou C, Liu Y, Huang K, Yang C (2023) Cluster-based industrial kpis forecasting considering the periodicity and holiday effect using LSTM network and MSVR. Adv Eng Inform 56:101916

    Article  Google Scholar 

  56. Chen T, Cao R, Li T, Luo X, Gu G, Zhang Y, Liao Z, Zhu H, Chen G, He Z, Tang Y, Lin X, Zhang X (2020) SODA: A generic online detection framework for smart contracts. In 27th Annual Network and Distributed System Security Symposium, pp 1–17

  57. Graves A, Mohamed A-R, Hinton G (2013) Speech recognition with deep recurrent neural networks. In 2013 IEEE international conference on acoustics, speech and signal processing, pp 6645–6649

  58. Tatsunami Y, Taki M (2022) Sequencer: Deep lstm for image classification. Adv Neural Inform Process Syst 35:38204–38217

  59. Ren M, Yin Z, Ma F, Xu Z, Jiang Y, Sun C, Li H, Cai Y (2021) Empirical evaluation of smart contract testing: What is the best choice? In Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp 566–579

  60. Feist J, Grieco G, Groce A (2019) Slither: a static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). IEEE, pp 8–15

  61. Mueller B (2017) A framework for bug hunting on the ethereum blockchain. ConsenSys/mythril

  62. Luu L, Chu D-H, Olickel H, Saxena P, Hobor A (2016) Making smart contracts smarter. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pp 254–269

Download references

Funding

This work was supported in part by the National Natural Science Foundation of China under Grant 62372121, and in part by the National Key Research and Development Program of China (2020YFB1005804).

Author information

Authors and Affiliations

  1. School of Computer Science and Cyber Engineering, Guangzhou University, Guangzhou, 510006, China

    Peiqiang Li, Guojun Wang, Xiaofei Xing, Jinyao Zhu, Wanyi Gu & Guangxin Zhai

Authors
  1. Peiqiang Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Guojun Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiaofei Xing
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jinyao Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Wanyi Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Guangxin Zhai
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Peiqiang Li: Conceptualization, Methodology, Software, Investigation, Formal Analysis, Writing; Guojun Wang: Conceptualization, Funding Acquisition, Resources, Supervision, Review; Xiaofei Xing: Supervision, Review; Jinyao Zhu: Conceptualization, Methodology, Review & Editing; Wanyi Gu: Visualization, Investigation; Guangxin Zhai: Visualization, Investigation.

Corresponding author

Correspondence to Guojun Wang.

Ethics declarations

Ethics approval

Not applicable.

Consent to publish

All authors have read and understood the publishing policy, and agree to submit this manuscript in accordance with this policy.

Conflict of interest

We declare that we have no financial and personal relationships with other people or organizations that can inappropriately influence our work, and there is no professional or other personal interest of any nature or kind in any product, service, or company that could be construed as influencing the position presented in, or the review of, the manuscript entitled.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Li, P., Wang, G., Xing, X. et al. A smart contract vulnerability detection method based on deep learning with opcode sequences. Peer-to-Peer Netw. Appl. 17, 3222–3238 (2024). https://doi.org/10.1007/s12083-024-01750-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-024-01750-7

Keywords

Search

Navigation