A smart contract, as an important part of blockchain technology, has attracted considerable interest from both industry and academia. It provides the basis for the realization of a variety of practical blockchain applications and plays a crucial role in the blockchain ecosystem. While it also holds a large number of digital assets, the frequent occurrence of smart contract vulnerabilities have caused huge economic losses and destroyed the blockchain-based credit system. Currently, the security and reliability of smart contracts have become a new focus of research, and there are a number of smart contract vulnerability detection methods, such as traditional detection tools based on static or dynamic analysis. However, most of them often rely on expert rules, and therefore have poor scalability and high false negative and false positive rates. Recent deep learning methods alleviate this issue, but without considering the semantic information and context of source code. To this end, we propose a hybrid attention mechanism (HAM) model to detect security vulnerabilities in smart contracts. We extract code fragments from the source code, which focus on key points of vulnerability. We conduct extensive experiments on two public smart contract datasets (a total of 24,957 contracts). Empirical results show remarkable accuracy improvement over the state-of-the art methods on five kinds of vulnerabilities, where the detection accuracy could achieve 93.36%, 80.85%, 82.56%, 85.62%, and 82.19% for reentrancy, arithmetic vulnerability, unchecked return value, timestamp dependency, and tx.origin, respectively.
Blockchain is considered as a revolutionary technology that has recently fueled extensive attention across many industries. Except for Bitcoin, it has been applied into diverse areas ranging from finance, logistics to food traceability and medical care. It will not take long for blockchain to change the whole society. Although there have been a large number of papers concentrating on blockchain application in a variety of areas, there is lack of a comprehensive survey about blockchain from the perspective of technology and application. To this end, we present a comprehensive overview on the core technologies in blockchain, including cryptography, smart contract and consensus mechanism. In addition, this paper reviews blockchain application and discusses existing problems and bottlenecks in the development of blockchain technology.
A smart contract is a special form of computer program running on a blockchain, which provides a new way to implement financial and business transactions in a free-of-conflicts and transparent environment. In blockchain systems, such as Ethereum, smart contracts can handle and autonomously transfer assets of considerable value to other parties. Hence, it is particularly important to ensure that smart contracts function as intended since bugs or vulnerabilities may lead and indeed have led, to substantial economic losses and erosion of trust for blockchain. While a number of approaches and tools have been developed to find vulnerabilities, formal method presents the highest level of confidence about the security of smart contracts. In this paper, we propose a formal solution to model smart contract based on Colored Petri Net (CPN). Herein we focus on the most common type of security bugs in smart contract, i.e., reentrancy bug, which led to a serious financial loss of around $60 million in 2016. We present a hierarchical CPN modelling method to analyze potential security vulnerabilities at the contract’s source code level. Then modeling analysis methods such as correlation matrix, state space report and state space graph generated by CPN Tools simulation were exploited for formal analysis of smart contracts. The example shows the full state space and wrong path in accordance with our expected results. Finally, the conclusion was verified in the Ethereum network based on Remix platform.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.