Towards Secure Smart Contracts: A Deep Learning Approach for Detecting Security Threats
COM3 Level 2
MR21, COM3 02-61
Abstract:
The Ethereum blockchain has experienced a substantial surge in popularity in recent years, which has manifested in its increased adoption and widespread usage, leading to the development of decentralized applications (dApps) built on smart contracts. However, smart contracts are susceptible to various security vulnerabilities that can lead to devastating consequences. In this thesis, we propose a deep learning-based approach to detect and exploit vulnerabilities in Ethereum smart contracts.
The first part of the thesis focuses on automated detection of vulnerabilities in smart contracts, without requiring prior source code access. We use supervised deep learning to identify vulnerabilities directly from publicly available blockchain bytecode. This has resulted in the creation of a Deep Learning Vulnerability Analyzer (DLVA), which is a fast and efficient solution for smart contract vulnerability detection. DLVA has a generic design and can be trained to recognize future vulnerabilities easily without using any painstakingly-crafted expert rules or predefined patterns. DLVA checks contracts for 29 distinct vulnerability types in 0.2 seconds, a speedup of 10-1,000x+ compared to traditional tools. Impressively, it achieves this while maintaining an optimal balance between high true positive rates and minimal false positive rates.
In the second part of this thesis, we demonstrate that the lack of large, labeled data sets for training deep learning models poses a significant challenge for the effective detection of vulnerabilities. To address this challenge, we use semi-supervised learning to produce more accurate models than unsupervised learning, while not requiring the large oracle-labeled training set that supervised learning requires. We propose a second solution called Smart Contract Learning (Semi-supervised) (SCooLS), which represents a pioneering application of semi-supervised learning techniques in the realm of smart contracts vulnerability analysis. It uniquely enables the precise detection and exploitation of specific vulnerable functions. Significantly, it’s the first tool to not only identify these vulnerable functions but also to generate authentic attack demonstrations for end-users and developers. This approach diverges from the traditional method of simply labeling the entire contract as vulnerable, providing developers with a tangible method to test the exploitability of their contracts. SCooLS exhibits superior performance when compared to existing tools, showcasing exceptional accuracy, a notable F1 score, and an impressively low false positive rate. Additionally, SCooLS demonstrates remarkable speed in analyzing contract’s functions. Leveraging its capability to pinpoint specific vulnerable functions, we successfully developed an exploit generator. This generator effectively extracted Ether from a significant portion of the identified vulnerable functions considered true positives.
Our deep learning approach is capable of detecting a higher number of vulnerabilities with a lower false positive rate, while being computationally efficient, making it a promising solution for enhancing the security of smart contracts.