VULPEDIA: Detecting vulnerable ethereum smart contracts via abstracted vulnerability signatures

Jiaming Ye, Mingliang Ma, Yun Lin, Lei Ma, Yinxing Xue, Jianjun Zhao

研究成果: ジャーナルへの寄稿学術誌査読

7 被引用数 (Scopus)

抄録

Recent years have seen smart contracts are getting increasingly popular in building trustworthy decentralized applications. Previous research has proposed static and dynamic techniques to detect vulnerabilities in smart contracts. These tools check vulnerable contracts against several predefined rules. However, the emerging new vulnerable types and programming skills to prevent possible vulnerabilities emerging lead to a large number of false positive and false negative reports of tools. To address this, we propose VULPEDIA, which mines expressive vulnerability signatures from contracts. VULPEDIA is based on the relaxed assumption that the owner of contract is not malicious. Specifically, we extract structural program features from vulnerable and benign contracts as vulnerability signatures, and construct a systematic detection method based on detection rules composed of vulnerability signatures. Compared with the rules defined by state-of-the-arts, our approach can extract more expressive rules to achieve better completeness (i.e., detection recall) and soundness (i.e., precision). We further evaluate VULPEDIA with four baselines (i.e., Slither, Securify, SmartCheck and Oyente) on the testing dataset consisting of 17,770 contracts. The experiment results show that VULPEDIA achieves best performance of precision on 4 types of vulnerabilities and leading recall on 3 types of vulnerabilities meanwhile exhibiting the great efficiency performance.

本文言語英語
論文番号111410
ジャーナルJournal of Systems and Software
192
DOI
出版ステータス出版済み - 10月 2022

!!!All Science Journal Classification (ASJC) codes

  • ソフトウェア
  • 情報システム
  • ハードウェアとアーキテクチャ

フィンガープリント

「VULPEDIA: Detecting vulnerable ethereum smart contracts via abstracted vulnerability signatures」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル