{"title":"Mining Characteristics of Vulnerable Smart Contracts across Lifecycle Stages","authors":"Hongli Peng, Wenkai Li, Xiaoqi Li","doi":"10.1049/blc2.70016","DOIUrl":null,"url":null,"abstract":"<p>Smart contracts are the cornerstone of decentralized applications and financial protocols, extending digital currency transactions but also introducing serious security challenges that cause substantial economic losses. Existing solutions primarily target code-level vulnerabilities, which constitute only a portion of all security incidents. Though prior research conducts static analysis across contract lifecycles, they lack the characteristic analysis of vulnerabilities in each stage and the distinction between the vulnerabilities. This paper presents the first empirical study on the security of smart contracts throughout their lifecycle, including deployment and execution, upgrade, and destruction stages. We propose two feature categories: transaction features (contract lifespan and four dynamic features: transaction numbers, transaction amounts, neighbour numbers, and the number of old and new neighbours) and ego network properties (temporal network density and local clustering coefficient). These seven features capture behavioural patterns across dimensions, including activity duration, transaction frequency, financial liquidity, interaction breadth, dynamic interaction changes, and structural properties of the transaction network. Finally, five machine learning models—logistic regression, random forest, support vector machine, decision tree, and K-nearest neighbours—are used to identify vulnerabilities at different stages. Results show that vulnerable contracts exhibit distinct transaction features and ego network properties at different lifecycle stages.</p>","PeriodicalId":100650,"journal":{"name":"IET Blockchain","volume":"5 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2025-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/blc2.70016","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Blockchain","FirstCategoryId":"1085","ListUrlMain":"https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/blc2.70016","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Smart contracts are the cornerstone of decentralized applications and financial protocols, extending digital currency transactions but also introducing serious security challenges that cause substantial economic losses. Existing solutions primarily target code-level vulnerabilities, which constitute only a portion of all security incidents. Though prior research conducts static analysis across contract lifecycles, they lack the characteristic analysis of vulnerabilities in each stage and the distinction between the vulnerabilities. This paper presents the first empirical study on the security of smart contracts throughout their lifecycle, including deployment and execution, upgrade, and destruction stages. We propose two feature categories: transaction features (contract lifespan and four dynamic features: transaction numbers, transaction amounts, neighbour numbers, and the number of old and new neighbours) and ego network properties (temporal network density and local clustering coefficient). These seven features capture behavioural patterns across dimensions, including activity duration, transaction frequency, financial liquidity, interaction breadth, dynamic interaction changes, and structural properties of the transaction network. Finally, five machine learning models—logistic regression, random forest, support vector machine, decision tree, and K-nearest neighbours—are used to identify vulnerabilities at different stages. Results show that vulnerable contracts exhibit distinct transaction features and ego network properties at different lifecycle stages.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
