Hunting Vulnerable Smart Contracts via Graph Embedding Based Bytecode Matching

Huang, Jianjun; Han, Songming; You, Wei; Shi, Wenchang; Liang, Bin; Wu, Jiamin; Wu, Yicheng

doi:10.1109/tifs.2021.3050051

Cited by 54 publications

(20 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The potential financial losses incurred by smart contract vulnerabilities have raised a lot of concern [130]. It has been confirmed that matching-based finding methods extrapolating recognized vulnerabilities to unknowns can be effective on other platforms.…”

Section: Vulnerability Huntingmentioning

confidence: 96%

“…A direct adoption of the technology to smart contracts is, however, hampered by two issues, namely, variety in byte-code generation causing from fast development of compilers and interference of noise code simply produced by the uniform business logic. As a solution, the author of [130] propose byte-code-oriented standardization and part techniques to enhance byte code matching [130].…”

Section: Vulnerability Huntingmentioning

confidence: 99%

See 1 more Smart Citation

Turning the Hunted into the Hunter via Threat Hunting: Life Cycle, Ecosystem, Challenges and the Great Promise of AI

Hillier¹,

Karroubi²

2022

Preprint

View full text Add to dashboard Cite

The threat hunting lifecycle is a complex atmosphere that requires special attention from professionals to maintain security. This paper is a collection of recent work that gives a holistic view of the threat hunting ecosystem, identifies challenges, and discusses the future with the integration of artificial intelligence (AI). We specifically establish a life cycle and ecosystem for privacy-threat hunting in addition to identifying the related challenges. We also discovered how critical the use of AI is in threat hunting. This work paves the way for future work in this area as it provides the foundational knowledge to make meaningful advancements for threat hunting.

show abstract

Section: Vulnerability Huntingmentioning

confidence: 96%

Section: Vulnerability Huntingmentioning

confidence: 99%

Turning the Hunted into the Hunter via Threat Hunting: Life Cycle, Ecosystem, Challenges and the Great Promise of AI

Hillier¹,

Karroubi²

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Liu et al [23] used the method of birthmarks on the decompiled bytecode for similarity detection. Huang [45] decompiles the bytecode, slices the instruction and embeds the similarity of the matching bytecode in the graph network.…”

Section: Related Workmentioning

confidence: 99%

Bytecode Similarity Detection of Smart Contract across Optimization Options and Compiler Versions Based on Triplet Network

Zhu¹,

Feng²,

Pang³

et al. 2022

Electronics

View full text Add to dashboard Cite

In recent years, the number of smart contracts running in the blockchain has increased rapidly, accompanied by many security problems, such as vulnerability propagation caused by code reuse or vicious transaction caused by malicious contract deployment, for example. Most smart contracts do not publish the source code, but only the bytecode. Based on the research of bytecode similarity of smart contract, smart contract upgrade, vulnerability search and malicious contract analysis can be carried out. The difficulty of bytecode similarity research is that different compilation versions and optimization options lead to the diversification of bytecode of the same source code. This paper presents a solution, including a series of methods to measure the similarity of smart contract bytecode. Starting from the opcode of smart contract, a method of pre-training the basic block sequence of smart contract is proposed, which can embed the basic block vector. Positive samples were obtained by basic block marking, and the negative sampling method is improved. After these works, we put the obtained positive samples, negative samples and basic blocks themselves into the triplet network composed of transformers. Our solution can obtain evaluation results with an accuracy of 97.8%, so that the basic block sequence of optimized and unoptimized options can be transformed into each other. At the same time, the instructions are normalized, and the order of compiled version instructions is normalized. Experiments show that our solution can effectively reduce the bytecode difference caused by optimization options and compiler version, and improve the accuracy by 1.4% compared with the existing work. We provide a data set covering 64 currently used Solidity compilers, including one million basic block pairs extracted from them.

show abstract

“…As a result, the compiled bytecodes with the same logic are diverse and noisy. To solve this problem, Huang et al [121] labeled the data and reorder the opcodes. This process ignores all irrelevant instructions, then it analyzes the bytecode execution process and slices the data by the label to reduce the noise impact of meaningless code.…”

Section: Figure 3 Schematic Diagram Of Ilf Process Frameworkmentioning

confidence: 99%

A Survey of DeFi Security: Challenges and Opportunities

Li¹,

Bu²,

Li³

et al. 2022

Preprint

View full text Add to dashboard Cite

Decentralized finance (DeFi), which is a promising domain since the era of blockchain 2.0, locked $200 billion in April 2022. However, it quickly dropped to $100 billion in May 2022, which makes us realize that security issues in this area are still a challenging job. DeFi is more complex than traditional finance because it is decentralized through blockchain and without a trustworthy third-party institution to act as a guarantee. So it owns not only financial properties but also technical aspects. Existing synthesis work for DeFi tends to ignore the relevance of various layers of security for the whole system. In addition, distinct layers have different means of protection against specific vulnerabilities, which is not considered by existing analytical work. In this paper, we perform a vulnerability analysis for the entire technology layer of the DeFi application, and then we collect the most impactive attacks in recent years. Finally, we summarize the existing optimization approaches for different layers and provide some challenges and future directions.

show abstract

Hunting Vulnerable Smart Contracts via Graph Embedding Based Bytecode Matching

Cited by 54 publications

References 22 publications

Turning the Hunted into the Hunter via Threat Hunting: Life Cycle, Ecosystem, Challenges and the Great Promise of AI

Turning the Hunted into the Hunter via Threat Hunting: Life Cycle, Ecosystem, Challenges and the Great Promise of AI

Bytecode Similarity Detection of Smart Contract across Optimization Options and Compiler Versions Based on Triplet Network

A Survey of DeFi Security: Challenges and Opportunities

Contact Info

Product

Resources

About