SCcheck: A Novel Graph-Driven and Attention- Enabled Smart Contract Vulnerability Detection Framework for Web 3.0 Ecosystem

• Published in: IEEE Transactions on Network Science and Engineering Vol. 11; no. 5; pp. 4007 - 4019
• Main Authors: Cao, Yuanlong, Jiang, Fan, Xiao, Jianmao, Chen, Shaolong, Shao, Xun, Wu, Celimuge
• Format: Journal Article
• Language: English; Japanese
• Published: Piscataway IEEE 01.09.2024; Institute of Electrical and Electronics Engineers (IEEE); The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Attention; Blockchain; Blockchains; Codes; Contracts; Graph; Multilayers; Nodes; Security; Semantic Web; Semantics; Smart Contract; Smart contracts; Source code; Source coding; Transformer; Vulnerability; Vulnerability Detection; Webs
• ISSN: 2327-4697; 2334-329X
• DOI: 10.1109/TNSE.2023.3324942

With the rapid progress of technology, Web 3.0 has emerged as a transformative force in the digital realm. It is characterized by decentralization, user-centric data ownership, and the implementation of cryptographic techniques. Smart contracts, as a core component of Web 3.0, play a pivotal role in driving its evolution by enabling novel functionalities and various application. However, given the substantial financial significance of smart contracts and their inherent transparency, the accessibility of their source code to all opens potential avenues for attackers to identify and exploit vulnerabilities. Therefore, the detection of security vulnerabilities in smart contracts has become significantly important. Existing smart contract vulnerability detection tools mostly rely on expert-defined rules, leading to high false positive rates. To address this problem, this article proposes an efficient and automated framework that combines Graph and Attention for detecting smart contract vulnerabilities. This framework takes into account the code structure of smart contracts, extracts nodes, and constructs a contract graph, utilizing dataflow to represent the different semantics of variable nodes at different locations. Additionally, a bidirectional multilayer Transformer framework is constructed and trained with our dataset, utilizing the information from the nodes. The framework achieves state-of-the-art levels of <inline-formula><tex-math notation="LaTeX">Accuracy</tex-math></inline-formula> 92.72%, <inline-formula><tex-math notation="LaTeX">Recall</tex-math></inline-formula> 82.81%, and <inline-formula><tex-math notation="LaTeX">F1_{score}</tex-math></inline-formula> 87.54%, respectively. These results show that our framework can effectively detect security vulnerabilities in smart contracts and has the potential to improve their security.