Block-gram: Mining knowledgeable features for efficiently smart contract vulnerability detection

Xie Xueshuo; Wang Haolong; Jian Zhaolong; Fang Yaozheng; Wang Zichun; Li Tao

doi:10.1016/j.dcan.2023.07.009

›› 2025, Vol. 11 ›› Issue (1) : 1 -12. DOI: 10.1016/j.dcan.2023.07.009

Original article

Block-gram: Mining knowledgeable features for efficiently smart contract vulnerability detection

Xie Xueshuo ^b^,^c^,^d
, Wang Haolong ^b
, Jian Zhaolong ^b
, Fang Yaozheng ^b
, Wang Zichun ^b
, Li Tao ^a^,^b^,^c^,^d^,^*

Author information +

History +

PDF

Abstract

Smart contracts are widely used on the blockchain to implement complex transactions, such as decentralized applications on Ethereum. Effective vulnerability detection of large-scale smart contracts is critical, as attacks on smart contracts often cause huge economic losses. Since it is difficult to repair and update smart contracts, it is necessary to find the vulnerabilities before they are deployed. However, code analysis, which requires traversal paths, and learning methods, which require many features to be trained, are too time-consuming to detect large-scale on-chain contracts. Learning-based methods will obtain detection models from a feature space compared to code analysis methods such as symbol execution. But the existing features lack the interpretability of the detection results and training model, even worse, the large-scale feature space also affects the efficiency of detection. This paper focuses on improving the detection efficiency by reducing the dimension of the features, combined with expert knowledge. In this paper, a feature extraction model Block-gram is proposed to form low-dimensional knowledge-based features from bytecode. First, the metadata is separated and the runtime code is converted into a sequence of opcodes, which are divided into segments based on some instructions (jumps, etc.). Then, scalable Block-gram features, including 4-dimensional block features and 8-dimensional attribute features, are mined for the learning-based model training. Finally, feature contributions are calculated from SHAP values to measure the relationship between our features and the results of the detection model. In addition, six types of vulnerability labels are made on a dataset containing 33,885 contracts, and these knowledge-based features are evaluated using seven state-of-the-art learning algorithms, which show that the average detection latency speeds up 25× to 650×, compared with the features extracted by N-gram, and also can enhance the interpretability of the detection model.

Keywords

Smart contract / Bytecode & opcode / Knowledgeable features / Vulnerability detection / Feature contribution

Cite this article

Download citation ▾

Xie Xueshuo, Wang Haolong, Jian Zhaolong, Fang Yaozheng, Wang Zichun, Li Tao. Block-gram: Mining knowledgeable features for efficiently smart contract vulnerability detection. , 2025, 11(1): 1-12 DOI:10.1016/j.dcan.2023.07.009

登录浏览全文

4963

注册一个新账户忘记密码

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Acknowledgements

This work is partially supported by the National Natural Science Foundation (62272248), the Open Project Fund of State Key Laboratory of Computer Architecture, Institute of Computing Technology, Chinese Academy of Sciences (CARCHA202108, CARCH201905), the Natural Science Foundation of Tianjin (20JCZDJC00610) and Sponsored by Zhejiang Lab (2021KF0AB04).

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	S. Wang, L. Ouyang, Y. Yuan, X. Ni, X. Han, F.-Y. Wang, Blockchain-enabled smart contracts: architecture, applications, and future trends, IEEE Trans. Syst. Man Cy-bern. Syst. 49 (11) (2019) 2266-2277.

[2]	F. Ma, Y. Fu, M. Ren, M. Wang, Y. Jiang, K. Zhang, H. Li, X. Shi, Evm*: from of-fline detection to online reinforcement for Ethereum virtual machine, in: 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER), IEEE, 2019, pp. 554-558.

[3]	A.R. Sai, C. Holmes, J. Buckley, A.L. Gear, Inheritance software metrics on smart contracts, in: Proceedings of the 28th International Conference on Program Com-prehension, ACM, 2020, pp. 381-385.

[4]	T. Durieux, J.F. Ferreira, R. Abreu, P. Cruz, Empirical review of automated analysis tools on 47,587 Ethereum smart contracts,in:Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, ACM/IEEE, 2020, pp. 530-541.

[5]	M. Ren, Z. Yin, F. Ma, Z. Xu, Y. Jiang, C. Sun, H. Li, Y. Cai, Empirical evaluation of smart contract testing: what is the best choice?, in: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, ACM, 2021, pp. 566-579.

[6]	I. Grishchenko, M. Maffei, C. Schneidewind, A semantic framework for the security analysis of Ethereum smart contracts, in: International Conference on Principles of Security and Trust, Springer, 2018, pp. 243-269.

[7]	S. Amani, M. Bégel, M. Bortin, M. Staples, Towards verifying Ethereum smart con-tract bytecode in Isabelle/hol, in: Proceedings of the 7th ACM SIGPLAN Interna-tional Conference on Certified Programs and Proofs, ACM, 2018, pp. 66-77.

[8]	S. Kalra, S. Goel, M. Dhawan, S. Sharma, Zeus: analyzing safety of smart contracts, in: Ndss, 2018, pp. 1-12.

[9]	E. Hildenbrandt, M. Saxena, N. Rodrigues, X. Zhu, P. Daian, D. Guth, B. Moore, D. Park, Y. Zhang, A. Stefanescu, et al., Kevm: a complete formal semantics of the Ethereum virtual machine, in: 2018 IEEE 31st Computer Security Foundations Sym-posium (CSF), IEEE, 2018, pp. 204-217.

[10]	L. Luu, D.-H. Chu, H. Olickel, P. Saxena, A. Hobor, Making smart contracts smarter, in: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communi-cations Security, ACM, 2016, pp. 254-269.

[11]	I. Nikoli´c, A. Kolluri, I. Sergey, P. Saxena, A. Hobor, Finding the greedy, prodigal, and suicidal contracts at scale, in: Proceedings of the 34th Annual Computer Security Applications Conference, ACM, 2018, pp. 653-663.

[12]	P. Tsankov, A. Dan, D. Drachsler-Cohen, A. Gervais, F. Buenzli, M. Vechev, Se-curify: practical security analysis of smart contracts,in:Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2018, pp. 67-82.

[13]	J. Krupp, C. Rossow, {teEther}: gnawing at Ethereum to automatically exploit smart contracts,in:27th USENIX Security Symposium (USENIX Security 18), USENIX, 2018, pp. 1317-1333.

[14]	M. Rodler, W. Li, G.O. Karame, L. Davi,Sereum: protecting existing smart contracts against re-entrancy attacks, arXiv preprint, arXiv : 1812.05934.

[15]	B. Jiang, Y. Liu, W.K. Chan, Contractfuzzer: fuzzing smart contracts for vulnera-bility detection, in: 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE), IEEE, 2018, pp. 259-269.

[16]	C. Liu, H. Liu, Z. Cao, Z. Chen, B. Chen, B. Roscoe, Reguard: finding reentrancy bugs in smart contracts, in: 2018 IEEE/ACM 40th International Conference on Software Engineering: Companion (ICSE-Companion), IEEE, 2018, pp. 65-68.

[17]	J. He, M. Balunovi´c, N. Ambroladze, P. Tsankov, M. Vechev, Learning to fuzz from symbolic execution with application to smart contracts, in: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2019, pp. 531-548.

[18]	J. Feist, G. Grieco, A. Groce, Slither: a static analysis framework for smart contracts, in: 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), IEEE, 2019, pp. 8-15.

[19]	L. Brent, A. Jurisevic, M. Kong, E. Liu, F. Gauthier, V. Gramoli, R. Holz, B. Scholz,Vandal: a scalable security analysis framework for smart contracts, arXiv preprint, arXiv : 1809.03981.

[20]	N. Grech, M. Kong, A. Jurisevic, L. Brent, B. Scholz, Y. Smaragdakis, Madmax: sur-viving out-of-gas conditions in Ethereum smart contracts, Proc. ACM Program. Lang. 2 (OOPSLA) ( 2018) 1-27.

[21]	E. Albert, P. Gordillo, B. Livshits, A. Rubio, I. Sergey, Ethir: a framework for high-level analysis of Ethereum bytecode,in: International Symposium on Automated Technology for Verification and Analysis, Springer, 2018, pp. 513-520.

[22]	S. Tikhomirov, E. Voskresenskaya, I. Ivanitskiy, R. Takhaviev, E. Marchenko, Y. Alexandrov, Smartcheck: static analysis of Ethereum smart contracts, in: Proceed-ings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain, ACM, 2018, pp. 9-16.

[23]	X. Wang, J. He, Z. Xie, G. Zhao, S.-C. Cheung, Contractguard: defend Ethereum smart contracts with embedded intrusion detection, IEEE Trans. Serv. Comput. 13 (2) (2019) 314-328.

[24]	N. Ashizawa, N. Yanai, J.P. Cruz, S. Okamura, Eth2vec: learning contract-wide code representations for vulnerability detection on Ethereum smart contracts, in: Pro-ceedings of the 3rd ACM International Symposium on Blockchain and Secure Critical Infrastructure, ACM, 2021, pp. 47-59.

[25]	X. Yu, H. Zhao, B. Hou, Z. Ying, B. Wu, Deescvhunter: a deep learning-based framework for smart contract vulnerability detection, in: 2021 International Joint Conference on Neural Networks (IJCNN), IEEE, 2021, pp. 1-8.

[26]	W.J.-W. Tann, X.J. Han, S.S. Gupta, Y.-S. Ong,Towards safer smart contracts: a sequence learning approach to detecting security threats, arXiv preprint, arXiv : 1811. 06632.

[27]	W. Wang, J. Song, G. Xu, Y. Li, H. Wang, C. Su, Contractward: automated vulner-ability detection models for Ethereum smart contracts, IEEE Trans. Netw. Sci. Eng. 8 (2) (2020) 1133-1144.

[28]	O. Lutz, H. Chen, H. Fereidooni, C. Sendner, A. Dmitrienko, A.R. Sadeghi, F. Koushanfar,Escort: Ethereum smart contracts vulnerability detection using deep neural network and transfer learning, arXiv preprint, arXiv : 2103.12607.

[29]	P. Qian, Z. Liu, Q. He, R. Zimmermann, X. Wang, Towards automated reentrancy detection for smart contracts based on sequential models, IEEE Access 8 (2020) 19685-19695.

[30]	Y. Zhuang, Z. Liu, P. Qian, Q. Liu, X. Wang, Q. He, Smart contract vulnerability detection using graph neural network, in: IJCAI, 2020, pp. 3283-3290.

[31]	Q. Zeng, J. He, G. Zhao, S. Li, J. Yang, H. Tang, H. Luo, Ethergis: a vulnerability detection framework for Ethereum smart contracts based on graph learning fea-tures, in: 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC), IEEE, 2022, pp. 1742-1749.

[32]

Z. Wan, Z. Guan, X. Cheng, Pride: a private and decentralized usage-based insur-ance using blockchain, in: 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), 2018, pp. 1349-1354.

[33]	K. Christidis, M. Devetsikiotis, Blockchains and smart contracts for the Internet of things, IEEE Access 4 (2016) 2292-2303.

[34]	S. Warnat-Herresthal, H. Schultze, K.L. Shastry, S. Manamohan, S. Mukherjee, V. Garg, R. Sarveswara, K. Händler, P. Pickkers, N.A. Aziz, et al., Swarm learning for decentralized and confidential clinical machine learning, Nature 594 (7862) (2021) 265-270.

[35]	T. Li, Y. Fang, Y. Lu, J. Yang, Z. Jian, Z. Wan, Y. Li, Smartvm: a smart contract virtual machine for fast on-chain dnn computations, IEEE Trans. Parallel Distrib. Syst. 33 (12) (2022) 4100-4116.

[36]	H. Qiu, M. Qiu, G. Memmi, Z. Ming, M. Liu, A dynamic scalable blockchain based communication architecture for iot, in: International Conference on Smart Blockchain, Springer, 2018, pp. 159-166.

[37]	K. Gai, Y. Wu, L. Zhu, Z. Zhang, M. Qiu, Differential privacy-based blockchain for industrial Internet-of-things, IEEE Trans. Ind. Inform. 16 (6) (2019) 4156-4165.

[38]	Z. Tian, M. Li, M. Qiu, Y. Sun, S. Su, Block-def: a secure digital evidence framework using blockchain, Inf. Sci. 491 (2019) 151-165.

[39]	F. Mi, Z. Wang, C. Zhao, J. Guo, F. Ahmed, L. Khan, Vscl: automating vulnerability detection in smart contracts with deep learning, in: 2021 IEEE International Confer-ence on Blockchain and Cryptocurrency (ICBC), IEEE, 2021, pp. 1-9.

[40]	A. Zeyer, R. Schlüter, H. Ney, Towards online-recognition with deep bidirectional lstm acoustic models, in: Interspeech, 2016, pp. 3424-3428.

[41]	F. Contro, M. Crosara, M. Ceccato, M. Dalla Preda, Ethersolve: computing an accu-rate control-flow graph from Ethereum bytecode, in: 2021 IEEE/ACM 29th Interna-tional Conference on Program Comprehension (ICPC), IEEE, 2021, pp. 127-137.