Smart Contract Timestamp Vulnerability Detection Based on Code Homogeneity

• Published in: IEICE Transactions on Information and Systems Vol. E107.D; no. 10; pp. 1362 - 1366
• Main Authors: WANG, Weizhi, ZHANG, Zhuo, XIA, Lei, MENG, Xiankai
• Format: Journal Article
• Language: English
• Published: Tokyo The Institute of Electronics, Information and Communication Engineers 01.10.2024; Japan Science and Technology Agency
• Subjects: code homogeneity; Contracts; Digital computers; Homogeneity; smart contract; Software; vulnerability detection
• ISSN: 0916-8532; 1745-1361
• DOI: 10.1587/transinf.2024EDL8004

Smart contracts, as a form of digital protocol, are computer programs designed for the automatic execution, control, and recording of contractual terms. They permit transactions to be conducted without the need for an intermediary. However, the economic property of smart contracts makes their vulnerabilities susceptible to hacking attacks, leading to significant losses. In this paper, we introduce a smart contract timestamp vulnerability detection technique HomoDec based on code homogeneity. The core idea of this technique involves comparing the homogeneity between the code of the test smart contract and the existing smart contract vulnerability codes in the database to determine whether the tested code has a timestamp vulnerability. Specifically, HomoDec first explores how to vectorize smart contracts reasonably and efficiently, representing smart contract code as a high-dimensional vector containing features of code vulnerabilities. Subsequently, it investigates methods to determine the homogeneity between the test codes and the ones in vulnerability code base, enabling the detection of potential timestamp vulnerabilities in smart contract code.