Show simple item record

ContractWard: Automated Vulnerability Detection Models for Ethereum Smart Contracts

dc.contributor.authorWang, Wei
dc.contributor.authorSong, Jingjing
dc.contributor.authorXu, Guangquan
dc.contributor.authorLi, Yidong
dc.contributor.authorWang, Hao
dc.contributor.authorSu, Chunhua
dc.date.accessioned2021-08-04T08:37:08Z
dc.date.available2021-08-04T08:37:08Z
dc.date.issued2021-04-01
dc.date.submitted2019-09-10
dc.identifier.citationWang, W., Song, J., Xu, G., Li, Y., Wang, H., & Su, C. (2021). ContractWard: Automated Vulnerability Detection Models for Ethereum Smart Contracts. IEEE Transactions on Network Science and Engineering, 8(2), 1133–1144. doi:10.1109/tnse.2020.2968505
dc.identifier.issn2327-4697
dc.identifier.issn2334-329X
dc.identifier.doi10.1109/tnse.2020.2968505
dc.identifier.urihttp://hdl.handle.net/10754/670403
dc.description.abstractSmart contracts are decentralized applications running on Blockchain. A very large number of smart contracts has been deployed on Ethereum. Meanwhile, security flaws of contracts have led to huge pecuniary losses and destroyed the ecological stability of contract layer on Blockchain. It is thus an emerging yet crucial issue to effectively and efficiently detect vulnerabilities in contracts. Existing detection methods like Oyente and Securify are mainly based on symbolic execution or analysis. These methods are very time-consuming, as the symbolic execution requires the exploration of all executable paths or the analysis of dependency graphs in a contract. In this work, we propose ContractWard to detect vulnerabilities in smart contracts with machine learning techniques. First, we extract bigram features from simplified operation codes of smart contracts. Second, we employ five machine learning algorithms and two sampling algorithms to build the models. ContractWard is evaluated with 49502 real-world smart contracts running on Ethereum. The experimental results demonstrate the effectiveness and efficiency of ContractWard. The predictive Micro-F1 and Macro-F1 of ContractWard are over 96% and the average detection time is 4 seconds on each smart contract when we use XGBoost for training the models and SMOTETomek for balancing the training sets.
dc.description.sponsorshipThe work reported in this paper was supported in part by the Natural Science Foundation of China under Grant U1736114 and in part by the National Key R&D Program of China under Grant 2017YFB0802805. Chunhua Su was supported in part by JSPS Kiban(B) 18H03240 and in part by JSPS Kiban(C) 18K11298.
dc.publisherInstitute of Electrical and Electronics Engineers (IEEE)
dc.relation.urlhttps://ieeexplore.ieee.org/document/8967006/
dc.rights(c) 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.
dc.titleContractWard: Automated Vulnerability Detection Models for Ethereum Smart Contracts
dc.typeArticle
dc.contributor.departmentComputer, Electrical and Mathematical Science and Engineering (CEMSE) Division
dc.identifier.journalIEEE Transactions on Network Science and Engineering
dc.eprint.versionPost-print
dc.contributor.institutionBeijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University, Beijing 100044, China.
dc.identifier.volume8
dc.identifier.issue2
dc.identifier.pages1133-1144
kaust.personWang, Wei
dc.date.accepted2020-01-15
refterms.dateFOA2022-10-19T12:28:47Z


Files in this item

Thumbnail
Name:
ContractWard.pdf
Size:
2.785Mb
Format:
PDF
Description:
Preprint
Download

This item appears in the following Collection(s)

Show simple item record