research-article

Improving Smart Contract Security with Contrastive Learning-based Vulnerability Detection

Authors:

Dan HaoAuthors Info & Claims

ICSE '24: Proceedings of the IEEE/ACM 46th International Conference on Software Engineering

Article No.: 156, Pages 1 - 11

https://doi.org/10.1145/3597503.3639173

Published: 12 April 2024 Publication History

Abstract

Currently, smart contract vulnerabilities (SCVs) have emerged as a major factor threatening the transaction security of blockchain. Existing state-of-the-art methods rely on deep learning to mitigate this threat. They treat each input contract as an independent entity and feed it into a deep learning model to learn vulnerability patterns by fitting vulnerability labels. It is a pity that they disregard the correlation between contracts, failing to consider the commonalities between contracts of the same type and the differences among contracts of different types. As a result, the performance of these methods falls short of the desired level.

To tackle this problem, we propose a novel Contrastive Learning Enhanced Automated Recognition Approach for Smart Contract Vulnerabilities, named Clear. In particular, Clear employs a contrastive learning (CL) model to capture the fine-grained correlation information among contracts and generates correlation labels based on the relationships between contracts to guide the training process of the CL model. Finally, it combines the correlation and the semantic information of the contract to detect SCVs. Through an empirical evaluation of a large-scale real-world dataset of over 40K smart contracts and compare 13 state-of-the-art baseline methods. We show that Clear achieves (1) optimal performance over all baseline methods; (2) 9.73%-39.99% higher F1-score than existing deep learning methods.

References

[1]

Sijie Chen, Hanning Mi, Jian Ping, Zheng Yan, Zeyu Shen, Xuezhi Liu, Ning Zhang, Qing Xia, and Chongqing Kang. 2022. A blockchain consensus mechanism that uses Proof of Solution to optimize energy dispatch and trading. Nature Energy 7, 6 (2022), 495--502.

[2]

Ting Chen, Simon Kornblith, Mohammad Norouzi, and Geoffrey Hinton. 2020. A simple framework for contrastive learning of visual representations. In International conference on machine learning. PMLR, 1597--1607.

[3]

Xinlei Chen and Kaiming He. 2021. Exploring simple siamese representation learning. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition. 15750--15758.

[4]

Jaeseung Choi, Doyeon Kim, Soomin Kim, Gustavo Grieco, Alex Groce, and Sang Kil Cha. 2021. Smartian: Enhancing smart contract fuzzing with static and dynamic data-flow analyses. In 36th IEEE/ACM International Conference on Automated Software Engineering. IEEE, 227--239.

Digital Library

[5]

Ching-Yao Chuang, Joshua Robinson, Yen-Chen Lin, Antonio Torralba, and Stefanie Jegelka. 2020. Debiased contrastive learning. Advances in neural information processing systems 33 (2020), 8765--8775.

[6]

Josselin Feist, Gustavo Grieco, and Alex Groce. 2019. Slither: a static analysis framework for smart contracts. In IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain. IEEE, 8--15.

Digital Library

[7]

Zhangyin Feng, Daya Guo, Duyu Tang, Nan Duan, Xiaocheng Feng, Ming Gong, Linjun Shou, Bing Qin, Ting Liu, Daxin Jiang, et al. 2020. Codebert: A pre-trained model for programming and natural languages. arXiv preprint arXiv:2002.08155 (2020).

[8]

Michael Fu and Chakkrit Tantithamthavorn. 2022. Linevul: A transformer-based line-level vulnerability prediction. In Proceedings of the 19th International Conference on Mining Software Repositories. 608--620.

Digital Library

[9]

Tianyu Gao, Xingcheng Yao, and Danqi Chen. 2021. Simcse: Simple contrastive learning of sentence embeddings. arXiv preprint arXiv:2104.08821 (2021).

[10]

Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2018. Madmax: Surviving out-of-gas conditions in ethereum smart contracts. Proceedings of the ACM on Programming Languages 2 (2018), 1--27.

Digital Library

[11]

Kaiming He, Haoqi Fan, Yuxin Wu, Saining Xie, and Ross Girshick. 2020. Momentum contrast for unsupervised visual representation learning. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition. 9729--9738.

[12]

Andreas Ibing and Alexandra Mai. 2015. A fixed-point algorithm for automated static detection of infinite loops. IEEE 16th International Symposium on High Assurance Systems Engineering (2015), 44--51.

Digital Library

[13]

Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma. 2018. Zeus: analyzing safety of smart contracts. In Ndss. 1--12.

[14]

Prannay Khosla, Piotr Teterwak, Chen Wang, Aaron Sarna, Yonglong Tian, Phillip Isola, Aaron Maschinot, Ce Liu, and Dilip Krishnan. 2020. Supervised contrastive learning. Advances in neural information processing systems 33 (2020), 18661--18673.

[15]

Thomas N Kipf and Max Welling. 2016. Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907 (2016).

[16]

Johannes Krupp and Christian Rossow. 2018. {teEther}: Gnawing at ethereum to automatically exploit smart contracts. In 27th USENIX Security Symposium. 1317--1333.

[17]

Yi Li, Shaohua Wang, and Tien N Nguyen. 2021. Vulnerability detection with fine-grained interpretations. In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 292--303.

Digital Library

[18]

Zhenguang Liu, Peng Qian, Xiang Wang, Lei Zhu, Qinming He, and Shouling Ji. 2021. Smart contract vulnerability detection: from pure neural network to interpretable graph feature and expert pattern fusion. arXiv preprint arXiv:2106.09282 (2021).

[19]

Zhenguang Liu, Peng Qian, Xiaoyang Wang, Yuan Zhuang, Lin Qiu, and Xun Wang. 2021. Combining graph neural networks with expert knowledge for smart contract vulnerability detection. IEEE Transactions on Knowledge and Data Engineering (2021).

[20]

Ilya Loshchilov and Frank Hutter. 2018. Fixing weight decay regularization in adam. (2018).

[21]

Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making smart contracts smarter. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. 254--269.

Digital Library

[22]

Benjamin Mariano, Yanju Chen, Yu Feng, Shuvendu K Lahiri, and Isil Dillig. 2020. Demystifying loops in smart contracts. In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering. 262--274.

Digital Library

[23]

Bernhard Mueller. 2017. A framework for bug hunting on the ethereum blockchain. ConsenSys/mythril (2017).

[24]

Tai D Nguyen, Long H Pham, Jun Sun, Yun Lin, and Quang Tran Minh. 2020. sfuzz: An efficient adaptive fuzzer for solidity smart contracts. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering. 778--788.

Digital Library

[25]

Purathani Praitheeshan, Lei Pan, Jiangshan Yu, Joseph Liu, and Robin Doss. 2019. Security analysis methods on ethereum smart contract vulnerabilities: a survey. arXiv preprint arXiv:1908.08605 (2019).

[26]

Peng Qian, Zhenguang Liu, Yifang Yin, and Qinming He. 2023. Cross-Modality Mutual Learning for Enhancing Smart Contract Vulnerability Detection on Byte-code. In Proceedings of the ACM Web Conference. 2220--2229.

[27]

Hefei Qiu, Wei Ding, and Ping Chen. 2021. Contrastive Learning of Sentence Representations. In Proceedings of the 18th International Conference on Natural Language Processing.

[28]

Meng Ren, Fuchen Ma, Zijing Yin, Ying Fu, Huizhong Li, Wanli Chang, and Yu Jiang. 2021. Making smart contract development more secure and easier. In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 1360--1370.

Digital Library

[29]

Sam Roweis. 1997. EM algorithms for PCA and SPCA. Advances in neural information processing systems 10 (1997).

[30]

Amritraj Singh, Reza M Parizi, Qi Zhang, Kim-Kwang Raymond Choo, and Ali Dehghantanha. 2020. Blockchain smart contracts formalization: Approaches and challenges to address vulnerabilities. Computers & Security 88 (2020), 101654.

Digital Library

[31]

Wesley Joon-Wie Tann, Xing Jie Han, Sourav Sen Gupta, and Yew-Soon Ong. 2018. Towards safer smart contracts: A sequence learning approach to detecting security threats. arXiv preprint arXiv:1811.06632 (2018).

[32]

Sergei Tikhomirov, Ekaterina Voskresenskaya, Ivan Ivanitskiy, Ramil Takhaviev, Evgeny Marchenko, and Yaroslav Alexandrov. 2018. Smartcheck: Static analysis of ethereum smart contracts. In Proceedings of the 1st international workshop on emerging trends in software engineering for blockchain. 9--16.

Digital Library

[33]

Christof Ferreira Torres, Julian Schütte, and Radu State. 2018. Osiris: Hunting for integer bugs in ethereum smart contracts. In Proceedings of the 34th annual computer security applications conference. 664--676.

Digital Library

[34]

Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Buenzli, and Martin Vechev. 2018. Securify: Practical security analysis of smart contracts. In Proceedings of the ACM SIGSAC conference on computer and communications security. 67--82.

Digital Library

[35]

Zhiyuan Wan, Xin Xia, David Lo, Jiachi Chen, Xiapu Luo, and Xiaohu Yang. 2021. Smart contract security: A practitioners' perspective. In IEEE/ACM 43rd International Conference on Software Engineering. IEEE, 1410--1422.

Digital Library

[36]

Xing Wu, Chaochen Gao, Liangjun Zang, Jizhong Han, Zhongyuan Wang, and Songlin Hu. 2021. Esimcse: Enhanced sample building method for contrastive learning of unsupervised sentence embedding. arXiv preprint arXiv:2109.04380 (2021).

[37]

Zhirong Wu, Yuanjun Xiong, Stella X Yu, and Dahua Lin. 2018. Unsupervised feature learning via non-parametric instance discrimination. In Proceedings of the IEEE conference on computer vision and pattern recognition. 3733--3742.

[38]

Tete Xiao, Xiaolong Wang, Alexei A Efros, and Trevor Darrell. 2020. What should not be contrastive in contrastive learning. arXiv preprint arXiv:2008.05659 (2020).

[39]

Mang Ye, Xu Zhang, Pong C Yuen, and Shih-Fu Chang. 2019. Unsupervised embedding learning via invariant and spreading instance feature. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition. 6210--6219.

[40]

Yaqin Zhou, Shangqing Liu, Jingkai Siow, Xiaoning Du, and Yang Liu. 2019. Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks. Advances in neural information processing systems 32 (2019).

[41]

Zhenglin Zhu, Yawang Wang, Xichuan Zhou, Liuqing Yang, Geng Meng, and Ze Zhang. 2020. SWAV: a web-based visualization browser for sliding window analysis. Scientific Reports 10, 1 (2020), 149.

[42]

Yuan Zhuang, Zhenguang Liu, Peng Qian, Qi Liu, Xiang Wang, and Qinming He. 2021. Smart contract vulnerability detection using graph neural networks. In Proceedings of the Twenty-Ninth International Conference on International Joint Conferences on Artificial Intelligence. 3283--3290.

Cited By

Kiani RSheng V(2024)Ethereum Smart Contract Vulnerability Detection and Machine Learning-Driven Solutions: A Systematic Literature ReviewElectronics10.3390/electronics1312229513:12(2295)Online publication date: 12-Jun-2024
https://doi.org/10.3390/electronics13122295
Wang YChen YZhao YGong ZChen JHao DFilkov VRay BZhou M(2024)Mutual Learning-Based Framework for Enhancing Robustness of Code Models via Adversarial TrainingProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695519(1484-1496)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695519
Zhao YChen YSun ZLiang QWang GHao DFilkov VRay BZhou M(2024)Spotting Code Mutation for Predictive Mutation TestingProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695491(1133-1145)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695491
Show More Cited By

Index Terms

Improving Smart Contract Security with Contrastive Learning-based Vulnerability Detection
1. Computing methodologies
  1. Artificial intelligence
    1. Knowledge representation and reasoning
2. Security and privacy
  1. Software and application security
    1. Software security engineering

Recommendations

DL4SC: a novel deep learning-based vulnerability detection framework for smart contracts
Abstract
Smart contract is a new paradigm for the decentralized software system, which plays an important and key role in Blockchain-based application. The vulnerabilities in smart contracts are unacceptable, and some of which have caused significant ...
Smart contract: a survey towards extortionate vulnerability detection and security enhancement
Abstract
Smart contracts become significant as blockchain technology is blooming around the technological globe. In this juncture, smart contract is an automatic programming framework executed based upon pre-conditions in blockchain even among untrusted ...
EOSFuzzer: Fuzzing EOSIO Smart Contracts for Vulnerability Detection
Internetware '20: Proceedings of the 12th Asia-Pacific Symposium on Internetware

EOSIO is one typical public blockchain platform. It is scalable in terms of transaction speeds and has a growing ecosystem supporting smart contracts and decentralized applications. However, the vulnerabilities within the EOSIO smart contracts have led ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ICSE '24: Proceedings of the IEEE/ACM 46th International Conference on Software Engineering

May 2024

2942 pages

ISBN:9798400702174

DOI:10.1145/3597503

Co-chairs:
Ana Paiva,
Rui Abreu,
Program Co-chairs:
Abhik Roychoudhury,
Margaret Storey

Copyright © 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

In-Cooperation

Faculty of Engineering of University of Porto

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 April 2024

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICSE '24

Sponsor:

SIGSOFT

ICSE '24: IEEE/ACM 46th International Conference on Software Engineering

April 14 - 20, 2024

Lisbon, Portugal

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
427
Total Downloads

Downloads (Last 12 months)427
Downloads (Last 6 weeks)94

Reflects downloads up to 07 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kiani RSheng V(2024)Ethereum Smart Contract Vulnerability Detection and Machine Learning-Driven Solutions: A Systematic Literature ReviewElectronics10.3390/electronics1312229513:12(2295)Online publication date: 12-Jun-2024
https://doi.org/10.3390/electronics13122295
Wang YChen YZhao YGong ZChen JHao DFilkov VRay BZhou M(2024)Mutual Learning-Based Framework for Enhancing Robustness of Code Models via Adversarial TrainingProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695519(1484-1496)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695519
Zhao YChen YSun ZLiang QWang GHao DFilkov VRay BZhou M(2024)Spotting Code Mutation for Predictive Mutation TestingProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695491(1133-1145)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695491
Su PHu J(2024)Smart contract vulnerabilities detection with bidirectional encoder representations from transformers and control flow graphMultimedia Systems10.1007/s00530-024-01406-930:4Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1007/s00530-024-01406-9

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents