Learning Contract-Wide Code Representations for Vulnerability Detection on Ethereum Smart Contracts

摘要

Ethereum smart contracts are programs that run on the Ethereum blockchain, and many smart contract vulnerabilities have been discovered in the past decade. Many security analysis tools have been created to detect such vulnerabilities, but their performance decreases drastically when target codes are rewritten. We have proposed Eth2Vec, a machine-learning-based static analysis tool for vulnerability detection in smart contracts, so far. In this paper, we confirm that Eth2Vec can precisely extract features and detect vulnerabilities in deployed contracts through learning vulnerable contracts. We conduct experiments with existing open databases, such as Etherscan, and our results show that Eth2Vec outperforms a recent model based on support vector machine in terms of well-known metrics, i.e., precision, recall, and F1-score. We also show the robustness of Eth2Vec against code rewrites, i.e., it can detect vulnerabilities even in rewritten codes.