Smart Contracts Vulnerability Auditing With Multi-Semantics

Research output: Chapters, Conference Papers, Creative and Literary Works (RGC: 12, 32, 41, 45)32_Refereed conference paper (with ISBN/ISSN)

View graph of relations

Related Research Unit(s)

Detail(s)

Original languageEnglish
Title of host publicationProceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020
EditorsW. K. Chan, Bill Claycomb, Hiroki Takakura
Place of PublicationLos Alamitos, Calif.
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages892-901
ISBN (Print)978-1-7281-7303-0
Publication statusPublished - Jul 2020

Publication series

Name
ISSN (Print)0730-3157

Conference

Title44th IEEE Computer Society International Conference on Computers, Software, and Applications (COMPSAC 2020)
LocationVirtual
PlaceSpain
CityMadrid
Period13 - 17 July 2020

Abstract

Smart contracts vulnerability auditing is vitally critical to ensure transaction execution in normal on blockchain. The current data-driven approaches normally tokenize smart contracts into a series of sequences according to only one tokenization standard for vulnerability detection purpose, resulting some of the semantic contexts could not be reflected within restricted sequence length. To address this limitation, we generate sequences from smart contracts in three tokenization standards for which we utilize n-gram language model to capture semantic contexts respectively, and finally exploiting our effective combination strategy of Intersection or Union to integrate the audited results from multiple semantic contexts. In order to evaluate the proposed approach, we applied it on over 7200 Ethereum smart contract samples. Experimental result shows our proposed method is capable of detecting vulnerabilities and competitive with the baseline in test sets, with improved precision of over 44% when Intersection is applied in their results, as well as improved Recall measure up by over 300% and F-measure up by 220% when Union is applied. Our proposed method for smart contract vulnerability detection, an important tool for developing quality decentralized software applications, is able to analyze multiple semantic contexts and successfully detects more true vulnerabilities with high precision, outperforming that of the baseline approaches.

Research Area(s)

  • Software Engineering, Smart Contract, Ethereum, N-gram Language Model, Vulnerability Auditing

Bibliographic Note

Information for this record is supplemented by the author(s) concerned.

Citation Format(s)

Smart Contracts Vulnerability Auditing With Multi-Semantics. / Yang, Zhen; Keung, Jacky; Zhang, Miao; Xiao, Yan; Huang, Yangyang; Hui, Tik.

Proceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020. ed. / W. K. Chan; Bill Claycomb; Hiroki Takakura. Los Alamitos, Calif. : Institute of Electrical and Electronics Engineers Inc., 2020. p. 892-901.

Research output: Chapters, Conference Papers, Creative and Literary Works (RGC: 12, 32, 41, 45)32_Refereed conference paper (with ISBN/ISSN)