国家重点研发计划 (2021YFB1714200); 中国博士后科学基金 (2023M732594)
智能合约是一种被大量部署在区块链上的去中心化的应用. 由于其具有经济属性, 智能合约漏洞会造成潜在的巨大经济和财产损失, 并破坏以太坊的稳定生态. 因此, 智能合约的漏洞检测具有十分重要的意义. 当前主流的智能合约漏洞检测方法(诸如Oyente和Securify)采用基于人工设计的启发式算法, 在不同应用场景下的复用性较弱且耗时高, 准确率也不高. 为了提升漏洞检测效果, 针对智能合约的时间戳漏洞, 提出基于数据流传播路径学习的智能合约漏洞检测方法Scruple. 所提方法首先获取时间戳漏洞的潜在的数据传播路径, 然后对其进行裁剪并利用融入图结构的预训练模型对传播路径进行学习, 最后对智能合约是否具有时间戳漏洞进行检测. 相比而言, Scruple具有更强的漏洞捕捉能力和泛化能力, 传播路径学习的针对性强, 避免了对程序整体依赖图学习时造成的层次太深而无法聚焦漏洞的问题. 为了验证Scruple的有效性, 在真实智能合约的数据集上, 开展Scruple方法与13种主流智能合约漏洞检测方法的对比实验. 实验结果表明, Scruple在检测时间戳漏洞上的准确率, 召回率和F1值分别可以达到0.96, 0.90和0.93, 与13种当前主流方法相比, 平均相对提升59%, 46%和57%, 从而大幅提升时间戳漏洞的检测能力.
The smart contract is a decentralized application widely deployed on the blockchain platform, e.g., Ethereum. Due to the economic attributes, the vulnerabilities in smart contracts can potentially cause huge financial losses and destroy the stable ecology of Ethereum. Thus, it is crucial to detect the vulnerabilities in smart contracts before they are deployed to Ethereum. The existing smart contract vulnerability detection methods (e.g., Oyente and Secure) are mostly based on heuristic algorithms. The reusability of these methods is weak in different application scenarios. In addition, they are time-consuming and with low accuracy. In order to improve the effectiveness of vulnerability detection, this study proposes Scruple: a smart contract timestamp vulnerability detection approach based on learning data-flow path. It first obtains all possible propagation chains of timestamp vulnerabilities, then refines the propagation chains, uses a graph pre-training model to learn the relationship in the propagation chains, and finally detects whether a smart contract has timestamp vulnerabilities using the learned model. Compared with the existing detection methods, Scruple has a stronger vulnerability capture ability and generalization ability. Meanwhile, learning the propagation chain is not only well-directed but also can avoid an unnecessarily deep hierarchy of programs for the convergence of vulnerabilities. To verify the effectiveness of Scruple, this study uses real-world distinct smart contracts to compare Scruple with 13 state-of-the-art smart contract vulnerability detection methods. The experimental results show that Scruple can achieve 96% accuracy, 90% recall, and 93% F1-score in detecting timestamp vulnerabilities. In other words, the average improvement of Scruple over 13 methods using the three metrics is 59%, 46%, and 57% respectively. It means that Scruple has substantially improved in detecting timestamp vulnerabilities.