基于抽象语法树裁剪的智能合约漏洞检测研究

Smart Contract Vulnerability Detection Based on Abstract Syntax Tree Pruning

随着区块链技术的发展,智能合约在不同领域都得到了广泛的应用,以太坊成为了最大的智能合约平台。同时,频发的智能合约漏洞造成了巨大的经济损失,智能合约漏洞检测成为了研究焦点,而以往的智能合约漏洞检测工具不能很好地利用合约源代码的语法信息。针对智能合约的可重入漏洞,首先,提出了一种基于深度学习的漏洞检测工具——SCDefender,以智能合约Solidity源代码的抽象语法树形式作为研究对象,使用基于树的卷积神经网络进行漏洞检测。其次,提出了抽象语法树裁剪算法以去除与漏洞检测任务无关的节点,保留抽象语法树中的关键信息。SCDefender漏洞检测的精确度、召回率和F1值分别为81.43%,92.12%和86.45%,具有较好的漏洞检测效果。消融实验表明,抽象语法树裁剪算法对SCDefender的漏洞检测任务具有重大贡献。

With the development of blockchain technology,smart contracts have been widely used in various fields,and Ethereum has become the largest smart contract platform.At the same time,the frequent smart contract vulnerabilities have caused huge economic losses.The vulnerability detection of smart contract has become the focus of research,while the previous smart contract vulnerability detection tools can not make good use of the syntax information of the contract source code.Aiming at the re-entrancy vulnerability of smart contract,firstly,this paper proposes SCDefender,a vulnerability detection tool based on deep learning.Taking the abstract syntax tree form of the Solidity source code of smart contract as the research object,the tree-based convolutional neural networks is used for vulnerability detection.Secondly,an abstract syntax tree pruning algorithm is proposed to remove the nodes irrelevant to the vulnerability detection task and retain the key information in the abstract syntax tree.The accuracy,recall rate and F1 value of SCDefender vulnerability detection is 81.43%,92.12%and 86.45%respectively,which has a good vulnerability detection effect.Ablation experiments show that the abstract syntax tree pruning algorithm has an important contribution to the vulnerability detection task of SCDefender.