MANDO-GURU: vulnerability detection for smart contract source code by heterogeneous graph embeddings

Nguyen, Hoang Huy; Nguyen, Nhat-Minh; Doan, Hong-Phuc; Ahmadi, Zahra; Doan, Thanh-Nam; Jiang, Lingxiao

doi:10.1145/3540250.3558927

Cited by 7 publications

(3 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This tool primarily focuses on detecting two types of vulnerabilities: reentrancy vulnerabilities and timestamp dependencies. MANDO-GURU [126]: MANDO-GURU, introduced in 2022, is an intelligent smart contract vulnerability detection tool based on a heterogeneous graph attention neural network. It is designed to detect vulnerabilities in both coarse-grained contract-level and fine-grained line-level smart contracts.…”

Section: Open Source 411 Solidity Source Codementioning

confidence: 99%

A Review of Deep Learning-Based Vulnerability Detection Tools for Ethernet Smart Contracts

Wu,

Peng,

et al. 2024

CMES

View full text Add to dashboard Cite

In recent years, the number of smart contracts deployed on blockchain has exploded. However, the issue of vulnerability has caused incalculable losses. Due to the irreversible and immutability of smart contracts, vulnerability detection has become particularly important. With the popular use of neural network model, there has been a growing utilization of deep learning-based methods and tools for the identification of vulnerabilities within smart contracts. This paper commences by providing a succinct overview of prevalent categories of vulnerabilities found in smart contracts. Subsequently, it categorizes and presents an overview of contemporary deep learning-based tools developed for smart contract detection. These tools are categorized based on their open-source status, the data format and the type of feature extraction they employ. Then we conduct a comprehensive comparative analysis of these tools, selecting representative tools for experimental validation and comparing them with traditional tools in terms of detection coverage and accuracy. Finally, Based on the insights gained from the experimental results and the current state of research in the field of smart contract vulnerability detection tools, we suppose to provide a reference standard for developers of contract vulnerability detection tools. Meanwhile, forward-looking research directions are also proposed for deep learning-based smart contract vulnerability detection.

show abstract

Section: Open Source 411 Solidity Source Codementioning

confidence: 99%

A Review of Deep Learning-Based Vulnerability Detection Tools for Ethernet Smart Contracts

Wu,

Peng,

et al. 2024

CMES

View full text Add to dashboard Cite

show abstract

“…MANDO‐GURU, proposed by Nguyen et al. [34], represents the source code as a heterogeneous graph where nodes represent program elements and edges represent their relationships. Then, it uses embedding technology to transform the graph into vector representations and uses these vectors to train a classifier to detect vulnerabilities.…”

Section: Related Workmentioning

confidence: 99%

SCGformer: Smart contract vulnerability detection based on control flow graph and transformer

Gong,

Song,

Wang

et al. 2023

IET Blockchain

View full text Add to dashboard Cite

The security of smart contract has always been one of the significant problems in blockchain. As shown in previous studies, vulnerabilities in smart contracts can lead to unpredictable losses. With the rapid growth of the number of smart contracts, more and more data driven detection technologies based on machine learning have been proposed. However, some state‐of‐the‐art approaches mainly rely on the source code of smart contract. These methods are limited by the openness of the source code and the version of the programming language. To address this problem, we propose a novel vulnerability detection method based on transformer by constructing the control flow graph (CFG) of smart contracts operation codes (opcodes), which shields the difference of various versions of program language. Extensive experiments are conducted to evaluate the effectiveness of the proposed method on the authors' own collected dataset. The experimental results show that the proposed method achieves 94.36% accuracy in vulnerability detection, which performs better than other state‐of‐the‐art methods.

show abstract

“…They learn by updating node representations using adjacent nodes, and variations like Recurrent Graph Neural Networks (RGNNs, or GRNNs) and Gated Graph Neural Networks (GGNN) add residual connections. Works using Graph Neural Networks (GNNs) and their variants include [5], [6], [19], [27]- [29], [32], [33], [41], [56], [59], [61], [61]. Graph Attention Networks (GATs) [35] are used by [16], [18], which include an attention mechanism to evaluate the importance of neighbouring nodes to one another.…”

Section: Related Work a Deep Learning For Vulnerability Discoverymentioning

confidence: 99%

Software Vulnerability Detection Using Informed Code Graph Pruning

Gear,

Xu,

Foo

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Security vulnerabilities in source code are a growing problem which can lead to financial, reputation, physical, and even human damage when exploited by malicious actors. The use of deep learning to locate these vulnerabilities before they are deployed is currently a major area of security research. Code graphs such as Abstract Syntax Trees and Code Property Graphs are commonly used as input data to deep learning models as they are highly expressive of the code's function. However, as the length of source code increases, so too does the computational cost of vulnerability detection models. Typically this cost is managed by using only a sample of the input graph, however this is often done randomly and with little consideration for the lost information. Little work has been done to explore informed heuristic-based pruning methods that can be used to reduce graph size to manageable levels by removing information irrelevant to vulnerabilities, while preserving relevant information. We present ''Semantic-enhanced Code Embedding for Vulnerability Detection'' (SCEVD), a deep learning model for vulnerability detection that seeks to fill these gaps by using more detailed information about code semantics to select vulnerability-relevant features from code graphs. We propose several heuristic-based pruning methods, implement them as part of SCEVD, and conduct experiments to verify their effectiveness. Our heuristic-based pruning improves on vulnerability detection results by up to 12% over the baseline pruning method.

show abstract

MANDO-GURU: vulnerability detection for smart contract source code by heterogeneous graph embeddings

Cited by 7 publications

References 17 publications

A Review of Deep Learning-Based Vulnerability Detection Tools for Ethernet Smart Contracts

A Review of Deep Learning-Based Vulnerability Detection Tools for Ethernet Smart Contracts

SCGformer: Smart contract vulnerability detection based on control flow graph and transformer

Software Vulnerability Detection Using Informed Code Graph Pruning

Contact Info

Product

Resources

About