Towards Auto Contract Generation and Ensemble-based Smart Contract Vulnerability Detection

Smart contracts (SC) are computer programs that are major components of Blockchain. The "intelligent contract" is made up of the rules accepted by the parties concerned. When the transactions started by the parties obey these established rules, then only their transactions will be completed without the involvement of a third party. Because of the simplicity and succinct nature of the solidity language, most smart contracts are written in this language. Smart contracts have two limitations, which are vulnerabilities in SC and that smart contracts can\u27t be understood by all stakeholders, especially non-technical people who are involved in the business, since they are written in a programming language. Hence, the proposed paper used the XGBoost model and BPMN (Business Process Modeling Notation) tool to solve the first and second limitations of the SC respectively. Attackers are drawn to attention because of the popularity and fragility of the Solidity language. Once smart contracts have been launched, they can’t be changed. If that smart contract is vulnerable, attackers may then cash it. BPMN is used to represent business rules or contracts in graphical notation, so everyone involved in the business can understand the business rules. This BPMN diagram can be converted into a smart contract template through the BPMN-SOL tool. A few publications and existing tools exist on smart contract vulnerability detection, but they require more time to forecast and interpretation of vulnerability causes is also difficult. Thus, the proposed model experimented with several deep learning approaches and improved F1 score results by an average of 2% using the XGBoost model based on the ensemble technique to detect vulnerabilities of SCs, which are: Denial of Service (DOS), Unchecked external call, Re-entrancy, and Origin of Transaction. This paper also combined two important features to construct a data set, which are code snippets and n-grams

Machine learning approaches for enhancing smart contracts security: A systematic literature review

Smart contracts offer automation for various decentralized applications but suffer from vulnerabilities that cause financial losses. Detecting vulnerabilities is critical to safeguarding decentralized applications before deployment. Automatic detection is more efficient than manual auditing of large codebases. Machine learning (ML) has emerged as a suitable technique for vulnerability detection. However, a systematic literature review (SLR) of ML models is lacking, making it difficult to identify research gaps. No published systematic review exists for ML approaches to smart contract vulnerability detection. This research focuses on ML-driven detection mechanisms from various databases. 46 studies were selected and reviewed based on keywords. The contributions address three research questions: vulnerability identification, machine learning model approaches, and data sources. In addition to highlighting gaps that require further investigation, the drawbacks of machine learning are discussed. This study lays the groundwork for improving ML solutions by mapping technical challenges and future directions

Pre-deployment Analysis of Smart Contracts -- A Survey

Smart contracts are programs that execute transactions involving independent parties and cryptocurrencies. As programs, smart contracts are susceptible to a wide range of errors and vulnerabilities. Such vulnerabilities can result in significant losses. Furthermore, by design, smart contract transactions are irreversible. This creates a need for methods to ensure the correctness and security of contracts pre-deployment. Recently there has been substantial research into such methods. The sheer volume of this research makes articulating state-of-the-art a substantial undertaking. To address this challenge, we present a systematic review of the literature. A key feature of our presentation is to factor out the relationship between vulnerabilities and methods through properties. Specifically, we enumerate and classify smart contract vulnerabilities and methods by the properties they address. The methods considered include static analysis as well as dynamic analysis methods and machine learning algorithms that analyze smart contracts before deployment. Several patterns about the strengths of different methods emerge through this classification process

Towards Automated Reentrancy Detection for Smart Contracts Based on Sequential Models

10.1109/ACCESS.2020.2969429IEEE Access819685-1969