Loading…
An Integrated Smart Contract Vulnerability Detection Tool Using Multi-layer Perceptron on Real-time Solidity Smart Contracts
Smart contract vulnerabilities have led to substantial disruptions, ranging from the DAO attack to the recent Poolz Finance. While initially, the smart contract vulnerability definition lacked standardization, even with the advancements in Solidity, the potential for deploying malicious contracts to...
Saved in:
Published in: | IEEE access 2024-01, Vol.12, p.1-1 |
---|---|
Main Authors: | , , , |
Format: | Article |
Language: | English |
Subjects: | |
Citations: | Items that this one cites Items that cite this one |
Online Access: | Get full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | Smart contract vulnerabilities have led to substantial disruptions, ranging from the DAO attack to the recent Poolz Finance. While initially, the smart contract vulnerability definition lacked standardization, even with the advancements in Solidity, the potential for deploying malicious contracts to exploit legitimate ones persists. The Abstract syntax tree (AST), opcodes, and control flow graph (CFG) are the intermediate representations for Solidity contracts. In this paper, we propose an integrated and efficient smart contract vulnerability detection algorithm based on Multi-layer perceptron (MLP). We use feature vectors from the Opcodes and CFG for the machine learning (ML) model training. The existing ML-based approaches for analyzing the smart contract code are constrained by the vulnerability detection space, significantly varying Solidity versions, and no unified approach to verify against the ground truth. The primary contributions in this paper are (i) a standardized pre-processing method for smart contract training data, (ii) introducing bugs to create a balanced dataset of flawed files across Solidity versions using AST, and (iii) standardizing vulnerability identification using the Smart Contract Weakness Classification (SWC) registry. The ML models employed for benchmarking the proposed MLP, and a multi-input model combining MLP and Long short-term memory (LSTM) in our study are Random forest (RF), XGBoost (XGB), Support vector machine (SVM). The performance evaluation on real-time smart contracts deployed on the Ethereum Blockchain show an accuracy of up to 91% using MLP with the lowest average False Positive Rate (FPR) among all tools and models, measuring at 0.0125. |
---|---|
ISSN: | 2169-3536 2169-3536 |
DOI: | 10.1109/ACCESS.2024.3364351 |