TY - JOUR
T1 - ContractWard: Automated Vulnerability Detection Models for Ethereum Smart Contracts
AU - Wang, Wei
AU - Song, Jingjing
AU - Xu, Guangquan
AU - Li, Yidong
AU - Wang, Hao
AU - Su, Chunhua
N1 - KAUST Repository Item: Exported on 2021-12-15
Acknowledgements: The work reported in this paper was supported in part by the Natural Science Foundation of China under Grant U1736114 and in part by
the National Key R&D Program of China under Grant 2017YFB0802805. Chunhua Su was supported in part by JSPS Kiban(B) 18H03240 and in part by JSPS Kiban(C) 18K11298.
PY - 2021/4/1
Y1 - 2021/4/1
N2 - Smart contracts are decentralized applications running on Blockchain. A very large number of smart contracts has been deployed on Ethereum. Meanwhile, security flaws of contracts have led to huge pecuniary losses and destroyed the ecological stability of contract layer on Blockchain. It is thus an emerging yet crucial issue to effectively and efficiently detect vulnerabilities in contracts. Existing detection methods like Oyente and Securify are mainly based on symbolic execution or analysis. These methods are very time-consuming, as the symbolic execution requires the exploration of all executable paths or the analysis of dependency graphs in a contract. In this work, we propose ContractWard to detect vulnerabilities in smart contracts with machine learning techniques. First, we extract bigram features from simplified operation codes of smart contracts. Second, we employ five machine learning algorithms and two sampling algorithms to build the models. ContractWard is evaluated with 49502 real-world smart contracts running on Ethereum. The experimental results demonstrate the effectiveness and efficiency of ContractWard. The predictive Micro-F1 and Macro-F1 of ContractWard are over 96% and the average detection time is 4 seconds on each smart contract when we use XGBoost for training the models and SMOTETomek for balancing the training sets.
AB - Smart contracts are decentralized applications running on Blockchain. A very large number of smart contracts has been deployed on Ethereum. Meanwhile, security flaws of contracts have led to huge pecuniary losses and destroyed the ecological stability of contract layer on Blockchain. It is thus an emerging yet crucial issue to effectively and efficiently detect vulnerabilities in contracts. Existing detection methods like Oyente and Securify are mainly based on symbolic execution or analysis. These methods are very time-consuming, as the symbolic execution requires the exploration of all executable paths or the analysis of dependency graphs in a contract. In this work, we propose ContractWard to detect vulnerabilities in smart contracts with machine learning techniques. First, we extract bigram features from simplified operation codes of smart contracts. Second, we employ five machine learning algorithms and two sampling algorithms to build the models. ContractWard is evaluated with 49502 real-world smart contracts running on Ethereum. The experimental results demonstrate the effectiveness and efficiency of ContractWard. The predictive Micro-F1 and Macro-F1 of ContractWard are over 96% and the average detection time is 4 seconds on each smart contract when we use XGBoost for training the models and SMOTETomek for balancing the training sets.
UR - http://hdl.handle.net/10754/670403
UR - https://ieeexplore.ieee.org/document/8967006/
UR - http://www.scopus.com/inward/record.url?scp=85112167730&partnerID=8YFLogxK
U2 - 10.1109/tnse.2020.2968505
DO - 10.1109/tnse.2020.2968505
M3 - Article
SN - 2327-4697
VL - 8
SP - 1133
EP - 1144
JO - IEEE Transactions on Network Science and Engineering
JF - IEEE Transactions on Network Science and Engineering
IS - 2
ER -