SmartSecure: An Integrated Semantic Vulnerability Mining Framework for Ethereum Smart Contract

Abstract

Smart Contracts ensure trust through blockchain technology, streamline processes, and have disruptive potential across various industries. However, the issue of smart contract security cannot be underestimated. The vulnerability of smart contracts to exploitation has led to substantial losses, prompting increased attention toward vulnerability mining. Existing efforts for analyzing contract security heavily depend on inflexible rules set by experts, making them non-adaptable or scalable. Although various machine-learning methods have emerged for vulnerability mining in smart contracts, a research gap remains in effectively integrating diverse features of complex smart contracts with deep neural networks for enhanced detection. This paper presents SmartSecure, a vulnerability mining framework incorporating high-level semantic features extracted from contract source code. It provides in-depth local insights into vulnerabilities through contract property graphs that integrate abstract syntax trees, control flow graphs, and data dependency graphs, encompassing all syntactic and semantic aspects of the contract function. To fortify these features, we integrate them with low-level features derived from opcode sequences, encompassing global aspects. These diverse features are seamlessly fused and processed through a novel neural network design, resulting in a robust and effective solution. We evaluate our framework over 25,129 real-world smart contracts. Extensive experiments demonstrate the superiority of our method over existing tools and neural network-based approaches. It achieves an exceptional performance level of up to 97.6%, marking a significant step forward in smart contract security.