ContractWard: Automated Vulnerability Detection Models for Ethereum Smart Contracts

Wei Wang, Jingjing Song, Guangquan Xu, Yidong Li, Hao Wang, Chunhua Su

Research output: Contribution to journalArticlepeer-review

136 Scopus citations

Abstract

Smart contracts are decentralized applications running on Blockchain. A very large number of smart contracts has been deployed on Ethereum. Meanwhile, security flaws of contracts have led to huge pecuniary losses and destroyed the ecological stability of contract layer on Blockchain. It is thus an emerging yet crucial issue to effectively and efficiently detect vulnerabilities in contracts. Existing detection methods like Oyente and Securify are mainly based on symbolic execution or analysis. These methods are very time-consuming, as the symbolic execution requires the exploration of all executable paths or the analysis of dependency graphs in a contract. In this work, we propose ContractWard to detect vulnerabilities in smart contracts with machine learning techniques. First, we extract bigram features from simplified operation codes of smart contracts. Second, we employ five machine learning algorithms and two sampling algorithms to build the models. ContractWard is evaluated with 49502 real-world smart contracts running on Ethereum. The experimental results demonstrate the effectiveness and efficiency of ContractWard. The predictive Micro-F1 and Macro-F1 of ContractWard are over 96% and the average detection time is 4 seconds on each smart contract when we use XGBoost for training the models and SMOTETomek for balancing the training sets.
Original languageEnglish (US)
Pages (from-to)1133-1144
Number of pages12
JournalIEEE Transactions on Network Science and Engineering
Volume8
Issue number2
DOIs
StatePublished - Apr 1 2021
Externally publishedYes

Bibliographical note

KAUST Repository Item: Exported on 2021-12-15
Acknowledgements: The work reported in this paper was supported in part by the Natural Science Foundation of China under Grant U1736114 and in part by
the National Key R&D Program of China under Grant 2017YFB0802805. Chunhua Su was supported in part by JSPS Kiban(B) 18H03240 and in part by JSPS Kiban(C) 18K11298.

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Computer Science Applications
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'ContractWard: Automated Vulnerability Detection Models for Ethereum Smart Contracts'. Together they form a unique fingerprint.

Cite this