Smart Contract Vulnerability Detection of Educational Blockchain (GNN)

Smart Contract Vulnerability Detection of Educational Blockchain (GNN)

Team:

Adam Marinela

Roman Iulian

Berindeie Alexandru

 

With the development of blockchain technology, more and more attention has been paid to the intersection of blockchain and education. Among all blockchain technologies, Ethereum's smart contract has become a favorite of developers due to its event-triggered mechanism. It is used in the development of educational smart trading systems and intelligent learning platforms.

The Problem: due to the immutability of the blockchain, published smart contracts cannot be modified, so problematic contracts cannot be repaired by modifying the code on the educational blockchain network. In recent years, security incidents caused by the vulnerabilities of the smart contracts have resulted in significant property losses, making the detection of these in smart contracts a high priority.

One possible solution: Most of these contract's code is not provided so people can only get their bytecode from the blockchain, so making tools that can detect vulnerabilities using bytecodes of the smart contracts is the most practical approach. A solution proposes designing a graph neural network (GNN) for detection of the vulnerabilities in smart contracts on educational blockchain networks. The first step is to decompile smart contracts bytecode to reach their opcode. The second step is to divide the base blocks and add the edges between them based on the logic of the opcode execution. After that, control flow graphs are constructed and, finally, a GNN-based model is designed for vulnerability detection.

The dataset used for this model contains 1420 bytecodes, each one is labeled (0 it has no vulnerabilities, 1 it has vulnerabilities), that dataset is split in 8:2 ratio for train-test.

Results: This approach has a accuracy score of 53.44 being a very good solution that uses a deep learning model.

In the following table we can observe the model accuracy metrics for different attacks and different ML approaches according to the analyze study:

Conclusion:

GNN is a suitable approach for smart contracts vulnerabilities detection, results concluding that detection using their bytecodes from blockchain is a feasible method.

There is no best overall method for detection, every approach is useful in some cases and it’s performance is affected by the dataset and conditions used. An example can be NLP based technique, which is very effective at  detecting high-level vulnerabilities such as logical flaws, and  GNN approach, which have been shown to be effective at detecting control flow-based vulnerabilities.

To conclude, even though there are a bunch of  frameworks that provide really great performance, smart contracts are not fully immune to attacks mainly because of limitations in these frameworks. To begin with, most of the frameworks lack generalizability. As a result, whenever a new vulnerability appears, these approaches usually fail to capture it which can result into a huge exploitation.

Sources:

https://arxiv.org/abs/2303.04477

https://arxiv.org/abs/2212.07387

https://arxiv.org/abs/2301.08824