230 research outputs found
Recommended from our members
Automated labeling of unknown contracts in Ethereum
yesSmart contracts have recently attracted interest from diverse fields including law and finance. Ethereum in particular has grown rapidly to accommodate an entire ecosystem of contracts which run using its own crypto-currency. Smart contract developers can opt to verify their contracts so that any user can inspect and audit the code before executing the contract. However, the huge numbers of deployed smart contracts and the lack of supporting tools for the analysis of smart contracts makes it very challenging to get insights into this eco-environment, where code gets executed through transactions performing value transfer of a crypto-currency. We address this problem and report on the use of unsupervised clustering techniques and a seed set of verified contracts, in this work we propose a framework to group together similar contracts within the Ethereum network using only the contracts publicly available compiled code. We report qualitative and quantitative results on a dataset and provide the dataset and project code to the research community.Link to conference webpage: http://icccn.org/icccn17/workshop
Automated labeling of unknown contracts in Ethereum
Smart contracts have recently attracted interest from diverse fields including law and finance. Ethereum in particular has grown rapidly to accommodate an entire ecosystem of contracts which run using its own crypto-currency. Smart contract developers can opt to verify their contracts so that any user can inspect and audit the code before executing the contract. However, the huge numbers of deployed smart contracts and the lack of supporting tools for the analysis of smart contracts makes it very challenging to get insights into this eco-environment, where code gets executed through transactions performing value transfer of a crypto-currency. We address this problem and report on the use of unsupervised clustering techniques and a seed set of verified contracts, in this work we propose a framework to group together similar contracts within the Ethereum network using only the contracts publicly available compiled code. We report qualitative and quantitative results on a dataset and provide the dataset and project code to the research community
PrAIoritize: Learning to Prioritize Smart Contract Bugs and Vulnerabilities
Smart contract vulnerabilities and bugs have become a key concern for
software engineers, as they can lead to significant financial losses,
reputational damage, and legal issues. Therefore, prioritizing bug fixing for
smart contracts is critical to maintaining trust. Due to the lack of tracking
tools, prioritizing smart contract-reported bugs is done manually, which is a
tedious task, limits bug triaging, and needs specialized knowledge. Towards
this end, we propose PrAIoritize; an automated approach for predicting smart
contract bug priorities that assist software engineers in prioritizing highly
urgent bug reports. PrAIoritize consists of two main phases: 1) automatic
labeling, which involves the automatic construction of a smart contract keyword
lexicon and the automatic assignment of priority levels to unlabeled bug
reports; 2) model construction, which involves feature engineering and designs
layers of feed-forward neural networks (FFNNs) and bidirectional long
short-term memory (BiLSTM) with multi-class classification to better capture
the features of the textual descriptions of bugs and predict their priority
levels. The model then is trained using smart contract bug reports collected
from two data sources: open-source software (OSS) projects available on GitHub
and NVD vulnerability database. Our evaluation demonstrates significant
improvement over state-of-the-art baselines and commonly used pre-trained
models (e.g. BERT) for similar classification tasks, with 5.75%-35.29% increase
in F-measure, precision, and recall
Smart Learning to Find Dumb Contracts
We introduce Deep Learning Vulnerability Analyzer (DLVA), a vulnerability
detection tool for Ethereum smart contracts based on powerful deep learning
techniques for sequential data adapted for bytecode. We train DLVA to judge
bytecode even though the supervising oracle, Slither, can only judge source
code. DLVA's training algorithm is general: we "extend" a source code analysis
to bytecode without any manual feature engineering, predefined patterns, or
expert rules. DLVA's training algorithm is also robust: it overcame a 1.25%
error rate mislabeled contracts, and the student surpassing the teacher; found
vulnerable contracts that Slither mislabeled. In addition to extending a source
code analyzer to bytecode, DLVA is much faster than conventional tools for
smart contract vulnerability detection based on formal methods: DLVA checks
contracts for 29 vulnerabilities in 0.2 seconds, a speedup of 10-500x+ compared
to traditional tools.
DLVA has three key components. Smart Contract to Vector (SC2V) uses neural
networks to map arbitrary smart contract bytecode to an high-dimensional
floating-point vector. Sibling Detector (SD) classifies contracts when a target
contract's vector is Euclidian-close to a labeled contract's vector in a
training set; although only able to judge 55.7% of the contracts in our test
set, it has an average accuracy of 97.4% with a false positive rate of only
0.1%. Lastly, Core Classifier (CC) uses neural networks to infer vulnerable
contracts regardless of vector distance. DLVA has an overall accuracy of 96.6%
with an associated false positive rate of only 3.7%
An Automated Vulnerability Detection Framework for Smart Contracts
With the increase of the adoption of blockchain technology in providing
decentralized solutions to various problems, smart contracts have become more
popular to the point that billions of US Dollars are currently exchanged every
day through such technology. Meanwhile, various vulnerabilities in smart
contracts have been exploited by attackers to steal cryptocurrencies worth
millions of dollars. The automatic detection of smart contract vulnerabilities
therefore is an essential research problem. Existing solutions to this problem
particularly rely on human experts to define features or different rules to
detect vulnerabilities. However, this often causes many vulnerabilities to be
ignored, and they are inefficient in detecting new vulnerabilities. In this
study, to overcome such challenges, we propose a framework to automatically
detect vulnerabilities in smart contracts on the blockchain. More specifically,
first, we utilize novel feature vector generation techniques from bytecode of
smart contract since the source code of smart contracts are rarely available in
public. Next, the collected vectors are fed into our novel metric
learning-based deep neural network(DNN) to get the detection result. We conduct
comprehensive experiments on large-scale benchmarks, and the quantitative
results demonstrate the effectiveness and efficiency of our approach
- …