SCG-Detector: A Smart Contract Vulnerability Detection Method Based on Graph Attention Networks

With the widespread of smart contracts, the business logic has become more complex, causing a large number of security vulnerabilities. In order to avoid huge losses caused by potential vulnerabilities, a series of smart contract vulnerability detection methods were proposed. However, existing methods cannot comprehensively represent semantic and structural features of the contract, making it difficult to accurately detect potential vulnerabilities and security risks in smart contracts. To address this issue, this paper proposes a smart contract vulnerability detection method based on graph attention networks, named SCG-Detector (Smart Contract Graph Detector). Firstly, an abstract syntax tree (AST) is constructed by parsing the contract source code to represent the contract’s syntactic structure information. Data dependency relationships and control dependency relationships, which represent semantic information, are added to the AST to construct a smart contract graph (SCG) that characterizes the contract’s syntactic structure and semantic information. Secondly, using the SCG as input, the graph attention network model is trained with an attention mechanism to learn the features of vulnerabilities in the contract. Finally, the trained graph attention network model is used to detect whether there are vulnerabilities in the contract and the types of vulnerabilities present. Experiments are conducted on 12 616 smart contracts to compare with 8 widely used methods, including sFuzz, Conkas, ConFuzzius, Mythril, Osiris, Slither, Oyente, and MANDO-GURU. The experimental results shows that the Precision of SCG-Detector is improved by up to 26.46%,recall is improved by up to 69.64%, and F1 is improved by up to 59.57%. © 2024 Chinese Institute of Electronics. All rights reserved.