Advanced search
Publication Cover
Connection Science Volume 36, 2024 - Issue 1
Submit an article Journal homepage
638
Views
0
CrossRef citations to date
0
Altmetric
Research Article

Detecting unknown vulnerabilities in smart contracts using opcode sequences

Peiqiang LiSchool of Computer Science and Cyber Engineering, Guangzhou University, Guangzhou, People's Republic of ChinaView further author information
,
Guojun WangSchool of Computer Science and Cyber Engineering, Guangzhou University, Guangzhou, People's Republic of ChinaCorrespondence[email protected]
View further author information
,
Xiaofei XingSchool of Computer Science and Cyber Engineering, Guangzhou University, Guangzhou, People's Republic of ChinaView further author information
,
Xiangbin LiSchool of Computer Science and Cyber Engineering, Guangzhou University, Guangzhou, People's Republic of ChinaView further author information
&
Jinyao ZhuSchool of Computer Science and Cyber Engineering, Guangzhou University, Guangzhou, People's Republic of ChinaView further author information
Article: 2313853 | Received 07 Nov 2023, Accepted 30 Jan 2024, Published online: 14 Feb 2024

References

  • Al Omar, A., Bhuiyan, M. Z. A., Basu, A., Kiyomoto, S., & Rahman, M. S. (2019). Privacy-friendly platform for healthcare data in cloud based on blockchain environment. Future Generation Computer Systems, 95, 511–521. https://doi.org/10.1016/j.future.2018.12.044
  • Al-Zewairi, M., Almajali, S., & Ayyash, M. (2020). Unknown security attack detection using shallow and deep ANN classifiers. Electronics, 9(12), 2006. https://doi.org/10.3390/electronics9122006
  • Brandon Arvanaghi. (2018). Reversing ethereum smart contracts. https://arvanaghi.com/blog/reversing-ethereum-smart-contracts/
  • Chen, T., Cao, R., Li, T., Luo, X., Gu, G., Zhang, Y., Liao, Z., Zhu, H., Chen, G., He, Z., & Tang, Y. (2020). Soda: A generic online detection framework for smart contracts. In NDSS.
  • Choi, C., Choi, J., & Kim, P. (2017). Abnormal behavior pattern mining for unknown threat detection. Computer Systems Science & Engineering, 32(2), 171–177.
  • Chris Coverdale. (2019). Solidity: Tx origin attacks. https://medium.com/coinmonks/solidity-tx-origin-attacks-58211ad95514/
  • Christidis, K., & Devetsikiotis, M. (2016). Blockchains and smart contracts for the internet of things. IEEE Access, 4, 2292–2303. https://doi.org/10.1109/ACCESS.2016.2566339
  • Christodoulou, E., Ma, J., Collins, G. S., Steyerberg, E. W., Verbakel, J. Y., & Van Calster, B. (2019). A systematic review shows no performance benefit of machine learning over logistic regression for clinical prediction models. Journal of Clinical Epidemiology, 110, 12–22. https://doi.org/10.1016/j.jclinepi.2019.02.004
  • Davari, M., Zulkernine, M., & Jaafar, F. (2017). An automatic software vulnerability classification framework. In 2017 international conference on software security and assurance (ICSSA) (pp. 44–49). IEEE.
  • Ekblaw, A., Azaria, A., Halamka, J. D., & Lippman, A. (2016). A case study for blockchain in healthcare: “MedRec” prototype for electronic health records and medical research data. In Proceedings of IEEE open & big data conference (Vol. 13, p. 13).
  • Eshghie, M., Artho, C., & Gurov, D. (2021). Dynamic vulnerability detection on smart contracts using machine learning. In Evaluation and assessment in software engineering (pp. 305–312). Association for Computing Machinery.
  • Ethereum (2015). Erc-20 token standard. https://github.com/ethereum/ercs/blob/master/ERCS/erc-20.md
  • Ethereum (2019). Ethereum homestead documentation. http://www.ethdocs.org/en/latest/
  • Etherscan (2018). Beautychain integer overflow. https://etherscan.io/token/0xc5d105e63711398af9bbff092d4b6769c82f793d
  • Feist, J., Grieco, G., & Groce, A. (2019). Slither: A static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd international workshop on emerging trends in software engineering for blockchain (WETSEB) (pp. 8–15). IEEE.
  • Grieco, G., Song, W., Cygan, A., Feist, J., & Groce, A. (2020). Echidna: Effective, usable, and fast fuzzing for smart contracts. In Proceedings of the 29th ACM SIGSOFT international symposium on software testing and analysis (pp. 557–560).
  • Hart, P. (1968). The condensed nearest neighbor rule (corresp.). IEEE Transactions on Information Theory, 14(3), 515–516. https://doi.org/10.1109/TIT.1968.1054155
  • Hassan, N., Gomaa, W., Khoriba, G., & Haggag, M. (2020). Credibility detection in twitter using word n-gram analysis and supervised machine learning techniques. International Journal of Intelligent Engineering and Systems, 13(1), 291–300. https://doi.org/10.22266/ijies
  • He, S., Xing, X., Wang, G., & Sun, Z. (2023). A data integrity verification scheme for centralized database using smart contract and game theory. IEEE Access, 11, 59675–59687.
  • Hearst, M. A., Dumais, S. T., Osuna, E., Platt, J., & Scholkopf, B. (1998). Support vector machines. IEEE Intelligent Systems and Their Applications, 13(4), 18–28. https://doi.org/10.1109/5254.708428
  • Hwang, C., Kim, D., & Lee, T. (2020). Semi-supervised based unknown attack detection in EDR environment. KSII Transactions on Internet & Information Systems, 14(12), 4909–4926.
  • Jiang, B., Liu, Y., & Chan, W. K. (2018). Contractfuzzer: Fuzzing smart contracts for vulnerability detection. In Proceedings of the 33rd ACM/IEEE international conference on automated software engineering (pp. 259–269).
  • Kamiński, B., Jakubczyk, M., & Szufel, P. (2018). A framework for sensitivity analysis of decision trees. Central European Journal of Operations Research, 26(1), 135–159. https://doi.org/10.1007/s10100-017-0479-6
  • Kushwaha, S. S., Joshi, S., Singh, D., Kaur, M., & Lee, H.-N. (2022). Systematic review of security vulnerabilities in ethereum blockchain smart contract. IEEE Access, 10, 6605–6621. https://doi.org/10.1109/ACCESS.2021.3140091
  • Li, Z., Zou, D., Xu, S., Jin, H., Zhu, Y., & Chen, Z. (2021). Sysevr: A framework for using deep learning to detect software vulnerabilities. IEEE Transactions on Dependable and Secure Computing, 19(4), 2244–2258. https://doi.org/10.1109/TDSC.2021.3051525
  • Liu, C., Liu, H., Cao, Z., Chen, Z., Chen, B., & Roscoe, B. (2018). Reguard: Finding reentrancy bugs in smart contracts. In Proceedings of the 40th international conference on software engineering: Companion proceeedings (pp. 65–68).
  • Liu, L., Chen, J., Fieguth, P., Zhao, G., Chellappa, R., & Pietikäinen, M. (2019). From bow to CNN: Two decades of texture representation for texture classification. International Journal of Computer Vision, 127(1), 74–109. https://doi.org/10.1007/s11263-018-1125-z
  • Li X., Xing X., Wang G., Li P., & Liu X. (2022). Detecting unknown vulnerabilities in smart contracts with binary classification model using machine learning. International Conference on Ubiquitous Security, vol. 1768, pp. 179–192.
  • Luu, L., Chu, D.-H., Olickel, H., Saxena, P., & Hobor, A. (2016). Making smart contracts smarter. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security (pp. 254–269).
  • Mossberg, M., Manzano, F., Hennenfent, E., Groce, A., Grieco, G., Feist, J., Brunson, T., & Dinaburg, A. (2019). Manticore: A user-friendly symbolic execution framework for binaries and smart contracts. In 2019 34th IEEE/ACM international conference on automated software engineering (ASE) (pp. 1186–1189). IEEE.
  • Nakamoto, S., & Bitcoin, A. (2008). A peer-to-peer electronic cash system. Bitcoin, 4(2), 1–15. https://bitcoin.org/bitcoin.pdf.
  • Periyasamy, K., & Arirangan, S. (2019). Prediction of future vulnerability discovery in software applications using vulnerability syntax tree (PFVD-VST). The International Arab Journal of Information Technology, 16(2), 288-–294.
  • Qureshi, H. (2017). A hacker stole $31 m of ether—How it happened, and what it means for ethereum. Freecodecamp.org. (Vol. 20).
  • Rahman, M. S., Al Omar, A., Bhuiyan, M. Z. A., Basu, A., Kiyomoto, S., & Wang, G. (2020). Accountable cross-border data sharing using blockchain under relaxed trust assumption. IEEE Transactions on Engineering Management, 67(4), 1476–1486. https://doi.org/10.1109/TEM.17
  • Shakya, S., Mukherjee, A., Halder, R., Maiti, A., & Chaturvedi, A. (2022). Smartmixmodel: Machine learning-based vulnerability detection of solidity smart contracts. In 2022 IEEE international conference on blockchain (Blockchain) (pp. 37–44). IEEE.
  • Siegel, D. (2018). Understanding the DAO attack (2016). http://www.coindesk.com/understanding-dao-hack-journalists
  • Singh, U. K., Joshi, C., & Kanellopoulos, D. (2019). A framework for zero-day vulnerabilities detection and prioritization. Journal of Information Security and Applications, 46, 164–172. https://doi.org/10.1016/j.jisa.2019.03.011
  • Solidity. (2019). Solidity documentation v0.5.10. https://docs.soliditylang.org/en/v0.5.10/.
  • Sürücü, O., Yeprem, U., Wilkinson, C., Hilal, W., Gadsden, S. A., Yawney, J., Alsadi, N., & Giuliano, A. (2022). A survey on ethereum smart contract vulnerability detection using machine learning. Disruptive Technologies in Information Sciences VI, 12117, 110–121.
  • Tang, Y., Zhang, D., Liang, W., Li, K.-C., & Sukhija, N. (2021). Active malicious accounts detection with multimodal fusion machine learning algorithm. In Inernational conference on ubiquitous security (pp. 38–52). Springer.
  • Tikhomirov, S., Voskresenskaya, E., Ivanitskiy, I., Takhaviev, R., Marchenko, E., & Alexandrov, Y. (2018). Smartcheck: Static analysis of ethereum smart contracts. In Proceedings of the 1st international workshop on emerging trends in software engineering for blockchain (pp. 9–16).
  • Torres, C. F., Schütte, J., & State, R. (2018). Osiris: Hunting for integer bugs in ethereum smart contracts. In Proceedings of the 34th annual computer security applications conference (pp. 664–676).
  • Wan, Z., Guan, Z., & Cheng, X. (2018). Pride: A private and decentralized usage-based insurance using blockchain. In 2018 IEEE international conference on internet of things (iThings) and IEEE green computing and communications (GreenCom) and IEEE cyber, physical and social computing (CPSCom) and IEEE smart data (SmartData). (pp. 1349–1354). IEEE.
  • Wang, G., Li, P., Li, X., Xing, X., Peng, T., Chen, S., & Liu, X. (2022). Generating opcode sequences by replaying ethereum transaction data. China Patent Application, Application Number: 202211531992.1.
  • Wang, T., Liang, Y., Shen, X., Zheng, X., Mahmood, A., & Sheng, Q. Z. (2023). Edge computing and sensor-cloud: Overview, solutions, and directions. ACM Computing Surveys, 55(13s), 1–37.
  • Wang, T., Yang, Q., Shen, X., Gadekallu, T. R., Wang, W., & Dev, K. (2021). A privacy-enhanced retrieval technology for the cloud-assisted internet of things. IEEE Transactions on Industrial Informatics, 18(7), 4981–4989. https://doi.org/10.1109/TII.2021.3103547
  • Wang, W., Song, J., Xu, G., Li, Y., Wang, H., & Su, C. (2020). Contractward: Automated vulnerability detection models for ethereum smart contracts. IEEE Transactions on Network Science and Engineering, 8(2), 1133–1144. https://doi.org/10.1109/TNSE.2020.2968505
  • Wood, G. (2014). Ethereum: A secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper, 151(2014), 1–32.
  • Xu, Y., Hu, G., You, L., & Cao, C. (2021). A novel machine learning-based analysis model for smart contract vulnerability. Security and Communication Networks, 2021, 1–12. https://doi.org/10.1155/2021/5798033
  • Xue, Y., Ye, J., Zhang, W., Sun, J., Ma, L., Wang, H., & Zhao, J. (2022). xfuzz: Machine learning guided cross-contract fuzzing. IEEE Transactions on Dependable and Secure Computing.
  • Zhang, L., Chen, W., Wang, W., Jin, Z., Zhao, C., Cai, Z., & Chen, H. (2022). CBGRU: A detection method of smart contract vulnerability based on a hybrid model. Sensors, 22(9), 3577. https://doi.org/10.3390/s22093577
  • Zhang, L., Li, Y., Jin, T., Wang, W., Jin, Z., Zhao, C., Cai, Z., & Chen, H. (2022). SPCBIG-EC: A robust serial hybrid model for smart contract vulnerability detection. Sensors, 22(12), 4621. https://doi.org/10.3390/s22124621
  • Zhang, L., Liang, Y., Tang, Y., Wang, S., Tang, C., & Liu, C. (2021). Research on unknown threat detection method of information system based on deep learning. In: Journal of physics: Conference series (1883(1), p. 012107).
  • Zhang, M., Zhang, X., Zhang, Y., & Lin, Z. (2020). Txspector: Uncovering attacks in ethereum from transactions. In USENIX security symposium.
  • Zhang, Y., Zhang, J., Gao, W., Zheng, X., Yang, L., Hao, J., & Dai, X. (2017). Blockchain based intelligent distributed electrical energy systems: Needs, concepts, approaches and vision. Zidonghua Xuebao/Acta Automatica Sinica, 43(9), 1544–1554.
  • Zhou, L., Zhang, F., Xiao, J., Leach, K., Weimer, W., Ding, X., & Wang, G. (2021). A coprocessor-based introspection framework via intel management engine. IEEE Transactions on Dependable and Secure Computing, 18(4), 1920–1932.
  • Zhou, Q., Zheng, K., Zhang, K., Hou, L., & Wang, X. (2022). Vulnerability analysis of smart contract for blockchain-based IoT applications: A machine learning approach. IEEE Internet of Things Journal, 9(24), 24695–24707. https://doi.org/10.1109/JIOT.2022.3196269
  • Zou, Y., Peng, T., Zhong, W., Guan, K., & Wang, G. (2021). Reliable and controllable data sharing based on blockchain. In International conference on ubiquitous security (pp. 229–240). Springer.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.