Automated Vulnerability Detection in Smart Contracts using Control Flow Graphs and Machine Learning

Lohest, Charles;Bettaieb, Samy;et.al.
(2024) Workshop Encouraging Building Better Blockchain Security (WEB3SEC 2024) — Location: Honolulu, HI, USA (9.December.2024)

Files

Automated_Vulnerability_Detection_in_Smart_Contracts_using_Control_Flow_Graphs_and_Machine_Learning.pdf
  • Open Access
  • Adobe PDF
  • 340.33 KB

Details

Authors
Abstract
The security of smart contracts, a fundamental component of decentralized applications (dApps) on blockchain platforms, remains a critical concern due to the risk of severe financial losses from vulnerabilities. Traditional detection methods, such as fuzzing and symbolic execution, are effective at finding vulnerabilities but tend to be computationally expensive and time-consuming. This paper introduces a novel approach to vulnerability detection in smart contracts by combining machine learning with control flow graph (CFG) analysis. The proposed method trains machine learning models on optimized control flow graphs (CFGs) generated from pre-labeled smart contracts, enhancing both the speed and accuracy of vulnerability detection. Unlike existing tools, it operates solely on the contract’s bytecode, eliminating the need for Solidity source or ABI files and thereby enhancing accessibility and applicability. The proposed system, SmartCFG, demonstrates superior computational efficiency and classification accuracy compared to traditional methods. While primarily designed to assist auditors, our approach provides a robust preliminary step in identifying potentially vulnerable contracts, complementing manual audits and enhancing overall smart contract security assessments.
Affiliations

Citations

Lohest, C., Bettaieb, S., & et al. (2024). Automated Vulnerability Detection in Smart Contracts using Control Flow Graphs and Machine Learning. 2024 Annual Computer Security Applications Conference Workshops (ACSAC Workshops). Published. Workshop Encouraging Building Better Blockchain Security (WEB3SEC 2024), Honolulu, HI, USA. https://doi.org/10.1109/ACSACW65225.2024.00037