short-paper

When deep learning meets smart contracts

Author:

Zhipeng GaoAuthors Info & Claims

ASE '20: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering

Pages 1400 - 1402

https://doi.org/10.1145/3324884.3418918

Published: 27 January 2021 Publication History

Abstract

Ethereum has become a widely used platform to enable secure, Blockchain-based financial and business transactions. However, many identified bugs and vulnerabilities in smart contracts have led to serious financial losses, which raises serious concerns about smart contract security. Thus, there is a significant need to better maintain smart contract code and ensure its high reliability.

In this research: (1) Firstly, we propose an automated deep learning based approach to learn structural code embeddings of smart contracts in Solidity, which is useful for clone detection, bug detection and contract validation on smart contracts. We apply our approach to more than 22K solidity contracts collected from the Ethereum blockchain, results show that the clone ratio of solidity code is at around 90%, much higher than traditional software. We collect a list of 52 known buggy smart contracts belonging to 10 kinds of common vulnerabilities as our bug database. Our approach can identify more than 1000 clone related bugs based on our bug databases efficiently and accurately. (2) Secondly, according to developers' feedback, we have implemented the approach in a web-based tool, named SmartEmbed, to facilitate Solidity developers for using our approach. Our tool can assist Solidity developers to efficiently identify repetitive smart contracts in the existing Ethereum blockchain, as well as checking their contract against a known set of bugs. which can help to improve the users' confidence in the reliability of the contract. We optimize the implementations of SmartEmbed which is sufficient in supporting developers in real-time for practical uses. The Ethereum ecosystem as well as the individual Solidity developer can both benefit from our research.

SmartEmbed website: http://www.smartembed.tools

Demo video: https://youtu.be/o9ylyOpYFq8

Replication package: https://github.com/beyondacm/SmartEmbed

References

[1]

Nicola Atzei, Massimo Bartoletti, and Tiziana Cimoli. 2017. A survey of attacks on ethereum smart contracts (sok). In Principles of Security and Trust. Springer, 164--186.

[2]

Massimo Bartoletti and Livio Pompianu. 2017. An empirical analysis of smart contracts: platforms, applications, and design patterns. In International Conference on Financial Cryptography and Data Security. Springer, 494--509.

[3]

Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Anitha Gollamudi, Georges Gonthier, Nadim Kobeissi, Natalia Kulatova, Aseem Rastogi, Thomas Sibut-Pinote, Nikhil Swamy, and Santiago Zanella-Béguelin. 2016. Formal Verification of Smart Contracts: Short Paper. In Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security (PLAS '16). ACM, New York, NY, USA, 91--96.

Digital Library

[4]

Piotr Bojanowski, Edouard Grave, Armand Joulin, and Tomas Mikolov. 2016. Enriching word vectors with subword information. arXiv preprint arXiv:1607.04606 (2016).

[5]

Chad E Brown, Ondrej Kuncar, and Josef Urban. 2017. Formal Verification of Smart Contracts (Poster). In 8th International Conference on Interactive Theorem Proving.

[6]

Ting Chen, Xiaoqi Li, Xiapu Luo, and Xiaosong Zhang. 2017. Under-optimized smart contracts devour your money. In IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER). IEEE, 442--446.

[7]

DAO. 2018. The DAO (organization). https://en.wikipedia.org/wiki/The_DAO_ (organization)

[8]

Kevin Delmolino, Mitchell Arnett, Ahmed Kosba, Andrew Miller, and Elaine Shi. 2016. Step by step towards creating a safe smart contract: Lessons and insights from a cryptocurrency lab. In International Conference on Financial Cryptography and Data Security. Springer, 79--94.

[9]

Zhipeng Gao, Vinoj Jayasundara, Lingxiao Jiang, Xin Xia, David Lo, and John Grundy. 2019. SmartEmbed: A Tool for Clone and Bug Detection in Smart Contracts through Structural Code Embedding. In 2019 IEEE International Conference on Software Maintenance and Evolution (ICSME). IEEE, 394--397.

[10]

Zhipeng Gao, Lingxiao Jiang, Xin Xia, David Lo, and John Grundy. 2020. Checking Smart Contracts with Structural Code Embedding. IEEE Transactions on Software Engineering (2020).

[11]

Ningyu He, Lei Wu, Haoyu Wang, Yao Guo, and Xuxian Jiang. 2019. Characterizing Code Clones in the Ethereum Smart Contract Ecosystem. arXiv:1905.00272 (2019).

[12]

Lingxiao Jiang, Ghassan Misherghi, Zhendong Su, and Stephane Glondu. 2007. Deckard: Scalable and accurate tree-based detection of code clones. In Proceedings of the 29th International Conference on Software Engineering (ICSE). 96--105. https://github.com/skyhover/Deckard

Digital Library

[13]

J. Li, P. He, J. Zhu, and M. R. Lyu. 2017. Software Defect Prediction via Convolutional Neural Network. In 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS). 318--328.

[14]

L. Li, H. Feng, W. Zhuang, N. Meng, and B. Ryder. 2017. CCLearner: A Deep Learning-Based Clone Detection Approach. In 2017 IEEE International Conference on Software Maintenance and Evolution (ICSME). 249--260.

[15]

Xiaoqi Li, Peng Jiang, Ting Chen, Xiapu Luo, and Qiaoyan Wen. 2017. A survey on the security of blockchain systems. Future Generation Computer Systems (2017).

[16]

Han Liu, Zhiqiang Yang, Chao Liu, Yu Jiang, Wenqi Zhao, and Jiaguang Sun. 2018. EClone: Detect Semantic Clones in Ethereum via Symbolic Transaction Sketch. In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2018). ACM, New York, NY, USA, 900--903.

Digital Library

[17]

Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making smart contracts smarter. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 254--269.

Digital Library

[18]

Tomas Mikolov, Kai Chen, Greg Corrado, and Jeffrey Dean. 2013. Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781 (2013).

[19]

Tomas Mikolov, Ilya Sutskever, Kai Chen, Greg S Corrado, and Jeff Dean. 2013. Distributed representations of words and phrases and their compositionality. In Advances in neural information processing systems. 3111--3119.

[20]

Bernhard Mueller. 2018. Smashing Smart Contracts for Fun and Real Profit. In 9th annual HITB Security Conference (HITBSecConf). Consensys, Amsterdam. https://github.com/ConsenSys/mythril

[21]

Parity. 2017. Parity Security Alert. https://paritytech.io/security-alert-2/

[22]

Nick Szabo. 1994. Smart Contracts. http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/smart.contracts.html

[23]

Sergei Tikhomirov, Ekaterina Voskresenskaya, Ivan Ivanitskiy, Ramil Takhaviev, Evgeny Marchenko, and Yaroslav Alexandrov. 2018. SmartCheck: Static Analysis of Ethereum Smart Contracts. In Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB) (WETSEB '18). ACM, New York, NY, USA, 9--16.

Digital Library

[24]

Petar Tsankov, Andrei Dan, Dana Drachsler Cohen, Arthur Gervais, Florian Buenzli, and Martin Vechev. 2018. Securify: Practical Security Analysis of Smart Contracts, In 25th ACM Conference on Computer and Communications Security (CCS). arXiv preprint arXiv:1806.01143.

Digital Library

[25]

Joseph Turian, Lev Ratinov, and Yoshua Bengio. 2010. Word representations: a simple and general method for semi-supervised learning. In Proceedings of the 48th annual meeting of the association for computational linguistics. Association for Computational Linguistics, 384--394.

Digital Library

[26]

Zhiyuan Wan, David Lo, Xin Xia, and Liang Cai. 2017. Bug Characteristics in Blockchain Systems: A Large-scale Empirical Study. In Proceedings of the 14th International Conference on Mining Software Repositories (MSR) (MSR '17). IEEE Press, Piscataway, NJ, USA, 413--424.

Digital Library

[27]

Martin White, Michele Tufano, Christopher Vendome, and Denys Poshyvanyk. 2016. Deep learning code fragments for code clone detection. In 31st IEEE/ACM International Conference on Automated Software Engineering (ASE). 87--98.

Digital Library

[28]

Xinli Yang, David Lo, Xin Xia, Yun Zhang, and Jianling Sun. 2015. Deep Learning for Just-in-Time Defect Prediction. In IEEE International Conference on Software Quality, Reliability and Security (QRS). 17--26.

[29]

Xin Ye, Hui Shen, Xiao Ma, Razvan Bunescu, and Chang Liu. 2016. From word embeddings to document similarities for improved information retrieval in software engineering. In Proceedings of the 38th international conference on software engineering. ACM, 404--415.

Digital Library

[30]

Jian Zhang, Xu Wang, Hongyu Zhang, Hailong Sun, Kaixuan Wang, and Xudong Liu. 2019. A Novel Neural Source Code Representation based on Abstract Syntax Tree. In ICSE.

Cited By

Guan HBai GLiu YChristakis MPradel M(2024)Large Language Models Can Connect the Dots: Exploring Model Optimization Bugs with Domain Knowledge-Aware PromptsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680383(1579-1591)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680383
Li WLi XZhang YLi ZChua TNgo CKumar RLauw HKa-Wei Lee R(2024)DeFiTail: DeFi Protocol Inspection through Cross-Contract Execution AnalysisCompanion Proceedings of the ACM Web Conference 202410.1145/3589335.3651488(786-789)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589335.3651488
Zaazaa OEl Bakkali H(2023)A systematic literature review of undiscovered vulnerabilities and tools in smart contract technologyJournal of Intelligent Systems10.1515/jisys-2023-003832:1Online publication date: 4-Sep-2023
https://doi.org/10.1515/jisys-2023-0038
Show More Cited By

Recommendations

Making Smart Contracts Smarter
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Cryptocurrencies record transactions in a decentralized data structure called a blockchain. Two of the most popular cryptocurrencies, Bitcoin and Ethereum, support the feature to encode rules or scripts for processing transactions. This feature has ...
An overview on smart contracts: Challenges, advances and platforms
Abstract
Smart contract technology is reshaping conventional industry and business processes. Being embedded in blockchains, smart contracts enable the contractual terms of an agreement to be enforced automatically without the intervention of a trusted ...
Highlights
- Opportunities of smart contracts for industrial internet of things.
- Lifecycle and platforms of smart contracts.
- Applications of smart contracts.
- Challenges and advances of smart contracts.
Code cloning in smart contracts: a case study on verified contracts from the Ethereum blockchain platform
Abstract
Ethereum is a blockchain platform that hosts and executes smart contracts. Smart contracts have been used to implement cryptocurrencies and crowdfunding initiatives (ICOs). A major concern in Ethereum is the security of smart contracts. Different ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASE '20: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering

December 2020

1449 pages

ISBN:9781450367684

DOI:10.1145/3324884

General Chair:
John Grundy,
Program Chairs:
Claire Le Goues,
David Lo

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

In-Cooperation

IEEE CS

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 January 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Short-paper

Conference

ASE '20

Sponsor:

ASE '20: 35th IEEE/ACM International Conference on Automated Software Engineering

December 21 - 25, 2020

Virtual Event, Australia

Acceptance Rates

Overall Acceptance Rate 82 of 337 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
406
Total Downloads

Downloads (Last 12 months)77
Downloads (Last 6 weeks)7

Reflects downloads up to 20 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Guan HBai GLiu YChristakis MPradel M(2024)Large Language Models Can Connect the Dots: Exploring Model Optimization Bugs with Domain Knowledge-Aware PromptsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680383(1579-1591)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680383
Li WLi XZhang YLi ZChua TNgo CKumar RLauw HKa-Wei Lee R(2024)DeFiTail: DeFi Protocol Inspection through Cross-Contract Execution AnalysisCompanion Proceedings of the ACM Web Conference 202410.1145/3589335.3651488(786-789)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589335.3651488
Zaazaa OEl Bakkali H(2023)A systematic literature review of undiscovered vulnerabilities and tools in smart contract technologyJournal of Intelligent Systems10.1515/jisys-2023-003832:1Online publication date: 4-Sep-2023
https://doi.org/10.1515/jisys-2023-0038
Han DLi QZhang LXu T(2023)A Smart Contract Vulnerability Detection Model Based on Syntactic and Semantic Fusion LearningWireless Communications & Mobile Computing10.1155/2023/92122692023Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1155/2023/9212269
Tang XDu YLai AZhang ZShi L(2023)Deep learning-based solution for smart contract vulnerabilities detectionScientific Reports10.1038/s41598-023-47219-013:1Online publication date: 16-Nov-2023
https://doi.org/10.1038/s41598-023-47219-0
Wang YChen XHuang YZhu HBian JZheng Z(2023)An empirical study on real bug fixes from solidity smart contract projectsJournal of Systems and Software10.1016/j.jss.2023.111787204(111787)Online publication date: Oct-2023
https://doi.org/10.1016/j.jss.2023.111787
Zhang LWang JWang WJin ZSu YChen H(2022)Smart contract vulnerability detection combined with multi-objective detectionComputer Networks10.1016/j.comnet.2022.109289217(109289)Online publication date: Nov-2022
https://doi.org/10.1016/j.comnet.2022.109289

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents