Vulnerability Detection of Blockchain Smart Contracts Based on GNN with Multi-Head Attention Mechanism

Xin Du

doi:10.63313/JCSFT.9028

Authors

Xin Du Xi`an Shiyou University, Xi`an, 710065, China Author

DOI:

https://doi.org/10.63313/JCSFT.9028

Keywords:

Blockchain, Smart Contract, Vulnerability, Detection, GNN, Insert

Abstract

Smart contracts have been widely applied in various fields. Due to the immutability of data on the blockchain, it is of great significance to conduct smart contract vulnerability detection before data is uploaded to the chain. To address the problems of low accuracy and single vulnerability type in traditional detection methods, a blockchain smart contract vulnerability detection method based on Graph Neural Network (GNN) is proposed. This method abstracts the functions and key code segments in smart contracts into nodes in a graph, and constructs edges by leveraging data and control dependencies during code execution, thereby accurately depicting the specific graph structures of reentrancy attacks and timestamp-dependent vulnerabilities. To further enhance the model’s sensitivity to key vulnerability patterns, the multi-head attention mechanism is innovatively introduced, which can effectively screen out the nodes and edges that contribute the most to vulnerability detection, suppress irrelevant or noisy information, and significantly improve the accuracy and robustness of vulnerability detection. Experimental results show that the proposed method achieves an accuracy of 85.19% in reentrancy vulnerability detection and 82.37% in timestamp-dependent vulnerability detection, demonstrating excellent vulnerability identification capability.

References

[1] SZABO N.Formalizing and securing relationships on public networks[J]. First Monday, 1997, 2(9): 1-21.

[2] MEHAR M I,SHIER C L,GIAMBATTISTA A,et al.Understanding a revolutionary and flawed grand experiment in blockchain:the DAO attack[J].Journal of Cases on Information Tech-nology, 2019, 21(1): 19-32.

[3] LUU L,CHU DH, OLICKEL H, et al.Making smart contracts smarter[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. Vienna: ACM, 2016: 254-269.

[4] CHEN T, LI XQ, LUO XP, et al. Under-optimized smart contracts devour your money[C]// Proceedings of the 24th IEEE International Conference on Software Analysis, Evolution and Reengineering. Klagenfurt: IEEE,2017:442-446.

[5] JIANG B, LIU Y, CHAN WK. ContractFuzzer: Fuzzing smart contracts for vulnerability de-tection[C]// Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. Montpellier: IEEE, 2018: 259-269.

[6] HUANG YH, JIANG B, CHAN WK. EOSFuzzer: Fuzzing EOSIO smart contracts for vulnera-bility detection[EB/OL]. arXiv:2007.14903, 2020. (2020-07-29)[2024-07-20].

[7] ASHRAF I, MA XX, JIANG B, et al. GasFuzzer: Fuzzing Ethereum smart contract binaries to expose gas-oriented exception security vulnerabilities[J]. IEEE Access, 2020, 8: 99552-99564.

[8] BHARGAVAN K, DELIGNAT-LAVAUD A, FOURNET C, et al. Formal verification of smart contracts: Short paper[C]// Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security. Vienna: ACM, 2016: 91-96.

[9] GRISHCHENKO I, MAFFEI M, SCHNEIDEWIND C. A semantic framework for the security analysis of Ethereum smart contracts[C]// Proceedings of the 7th International Confer-ence on Principles of Security and Trust. Thessaloniki: Springer, 2018: 243-269.

[10] RODLER M, LI WT, KARAME GO, et al. Sereum: Protecting existing smart contracts against re-entrancy attacks[EB/OL]. arXiv:1812.05934, 2018. (2018-12-14)[2024-07-20].

[11] TANN WJW, HAN XJ, GUPTA SS, et al. Towards safer smart contracts: A sequence learning approach to detecting security threats[EB/OL]. arXiv:1811.06632, 2019. (2019-11-16)[2024-07-20].

[12] Zhuang Y , Liu Z , Qian P ,et al. Smart Contract Vulnerability Detection using Graph Neural Network[J].2020.