An Expert Knowledge Generation Model in Smart Contract Vulnerability Fuzzing

With the development of smart contracts, the complexity of smart contracts continues to increase. Vulnerabilities may he hidden in complex contracts, which brings great hidden dangers to the development of contracts. Many fuzzing methods are used to detect contract vulnerabilities. Fuzzing requires expert knowledge as a rule for vulnerability detection. Expert knowledge depends on the induction of professionals, which lags behind the development of vulnerabilities. Although there are some methods using neural network classification models to solve the problem of expert knowledge generation, they do not consider the challenges brought by global variables. Global variables may carry dangerous data, which indirectly leads to vulnerabilities. The existing expert knowledge model does not analyze the semantics of global variables. To address this issue, we propose a model based on transaction bytecode and global variable semantics. We build a dynamic taint analysis model to capture the semantics of global variables. By capturing the global semantics, we solve the problem that global variables poses for expert knowledge generation models. We experimentally compare models with and without global variable semantics. Experiments show that our method is able to detect more vulnerabilities.