Automated Audits
Last updated
Last updated
The document presents a comprehensive solution leveraging AI techniquesβsuch as machine learning, deep learning, and natural language processingβto enhance the detection of vulnerabilities, improve the accuracy of audits, and ensure the compliance of smart contracts across various blockchain platforms.
Smart contracts (SCs) are digital agreements that execute themselves and are stored on a blockchain. Despite the fact that they offer numerous advantages, such as automation and transparency, they are susceptible to a variety of assaults due to their complexity and lack of standardization. In this thesis, we present the use of artificial intelligence (AI) to improve SC security. We provide an overview of SCs and blockchain technology, as well as a mark-down of possible SC-based attacks. Then, we introduce various AI categories and their applications in cybersecurity, followed by a thorough analysis of how AI can be used to enhance SC security. Our research demonstrates that AI can provide an effective defense against assaults on SCs and contribute to their security and dependability. This thesis lays the groundwork for our development of AI for SC security.
According to the most recent report the global smart contracts market size is poised for significant growth, reaching $5.2 trillion in 2030, from $775 billion in 2023 [1]. The sales are expected to witness a robust CAGR of 32% and generate over $450 billion in fees annually by 2030.
The market is expected to grow rapidly over the coming years as blockchain technology sees increasing real-world adoption. Key drivers of the smart contract market include the need for automation of manual processes, cost reduction, improved transactional security, and transparency.
By democratizing access to security audits, market intelligence company Messari expects that AI-native security networks will expand current total addressable market (TAM) by a factor of 5-10x [2]. Table 1 is comparing centralized auditors vs decentralized security networks across crypto market cycles.
Table 1. TAM potential for AI audit tools.
Certik in 20-22 | AI Audits in 24-26 | |
---|---|---|
By automating complex financial transactions, blockchain-based SCs do away with the need for intermediaries like banks or attorneys. They represent a huge advancement in blockchain technology that has the potential to fundamentally change how business is conducted.
Ethereum is the largest digital contract network, with 68.5% of the market value of the top six networks in 2023 [1]. In addition to Ethereum, these were BNB Chain, Solana, Avalanche, Tron, and Polygon. There are also other networks such as Hyperledger Fabric, Corda, EOS, and smilar. For creating SCs, many of these platforms have a unique language. One such example is the contract-oriented programming language Solidity, which is used by Ethereum. Similar to JavaScript, Solidity is designed to be simple to learn and use [3,4]. Hyperledger Fabric is based on chaincode, which can be written in Go, Java, or JavaScript [5,6,7]. The language used to develop Corda is called Kotlin, which is linked to Java [8,9]. EOS and Tron both use C++ and Solidity for SC development, respectively. Different blockchain platforms employ various SC development programming languages, but they all aim to make it simple to develop secure and effective SCs that can function on the blockchain.
The security of SCs, however, is a crucial concern because it can be jeopardized by a variety of risks, including incorrect code, malicious inputs, and attacks on the blockchain network. Due to security flaws, blockchain platforms run the risk of losing money and losing their trust. Therefore, safeguarding SCs is crucial for the development of blockchain applications [10,11].
Numerous high-profile SC hacking incidents have resulted in significant financial losses or data breaches. According to a recent report by Chainalysis [12], illicit addresses received a staggering $24.2 billion in 2023. This substantial amount includes funds stolen by hackers and from other crypto-related attacks and scams. Over the last few years, cryptocurrency hacking has become a pervasive and formidable threat, leading to billions of dollars stolen from crypto platforms and exposing vulnerabilities across the ecosystem. 2022 was the biggest year ever for crypto theft with $3.7 billion stolen. In 2023, however, funds stolen decreased by 54.3% to $1.7 billion, though the number of individual hacking incidents actually grew, from 219 in 2022 to 231 in 2023 (Figure 1).
Despite that drop, there still were several large hacks notable to DeFi protocols throughout 2023. In March, for instance, Euler Finance, a borrowing and lending protocol on Ethereum ,experienced a flash loan attack, leading to roughly $197 million in losses. July 2023 saw 33 hacksβthe most of any monthβwhich included $73.5 million stolen from Curve Finance. We can see the spikes driven by those hacks below (Figure 2).
Similarly, several large exploits occurred in September and November 2023 on both DeFi and CeFi platforms: Mixin Network ($200 million), CoinEx ($43 million), Poloniex Exchange ($130 million), HTX ($113.3 million), and Kyber Network ($54.7 million).
Attack vectors affecting DeFi are diverse and constantly evolving; it is therefore important to classify them to understand how hacks occur and how protocols might be able to reduce their likelihood in the future. According to Halborn [13], DeFi attack vectors can be placed into one of two categories: vectors originating on-chain and vectors originating off-chain (Table 2):
Table 2. DeFi attack vectors.
Overall, on-chain vulnerabilities drove the majority of DeFi hacking activity in 2023. We canβt say for sure whether the drop in DeFi hacking was driven primarily by better security practices or the drop in DeFi activity overall β most likely, it was a mix of the two. But, if the decrease in hacking was primarily driven by the drop in overall activity, then it would be important to watch whether DeFi hacking rises again in tandem with another DeFi bull market. Such a bull market would lead to higher TVL and therefore a larger pool of DeFi funds for hackers to target.
These occurrences stress the significance of keeping SCs safe and of being on the lookout for vulnerabilities and attacks at all times. The current methods of SC security include drawbacks and difficulties that must be overcome. The complexity and difficulty in analysis and verification of SCs is a significant obstacle. There may still be undetected vulnerabilities despite the use of code review and rigorous verification. It might be challenging to ensure the ongoing security of SCs because they are frequently updated and often created by distributed teams. Another difficulty is that SCs often operate on public blockchains that are susceptible to attacks from bad actors. Theft of private keys, 51% attacks, and the use of SC coding flaws are all examples of possible attacks [14,15,16,17]. In addition, code review and formal verification, two common traditional techniques in SC security, are both costly and time-consuming, making them impracticable for many engineers [18]. Last but not least, the lack of uniformity in SC creation makes it tough to guarantee the safety of SCs on various platforms [15,19].
In light of these difficulties, there is a growing curiosity about how machine learning and AI may be used to bolster SC security [20,21]. By allowing for the detection of anomalies and unusual activity that may indicate a security breach, these methods may give a more thorough and proactive approach to security [22,23]. By fixing these problems, we can make blockchain technology more reliable and inspire more faith in SCs.
2.1. Blockchain and Smart Contracts
Blockchain technology is a distributed ledger that allows secure and transparent transactions to take place without the use of intermediaries such as financial institutions or governments [24,25,26]. It is made up of a network of nodes that work together to maintain a shared database of transactions [27]. Each node has a copy of the database, and the network uses a consensus process to verify all transactions. This ensures that the database cannot be tampered with and that all transactions are transparent and unchangeable. The concept of SCs is a significant breakthrough of blockchain technology. SCs are self-executing programs that operate on a blockchain to automate complex financial transactions without the use of intermediaries. They are saved on the blockchain and are automatically executed when certain conditions are met. Supply chain management, voting systems, and financial derivatives are just a few of the applications for SCs. The general architecture of blockchain is shown in Figure 4.
SCs are a crucial blockchain technological innovation that has the potential to change the way we conduct business. They make it possible to automate complex financial transactions without intermediaries such as banks or attorneys. SCs are self-executing programs recorded on a blockchain that run automatically when certain criteria are satisfied. They are secure and trustworthy since they are tamper-proof and transparent.
2.2. Application Domains
The widespread adoption of blockchain and smart contract technologies might significantly alter several markets. In the financial sector, for instance, blockchain technology can be utilized to build a safer and more reliable payment system. By eliminating the need for middlemen and drastically cutting down on transaction fees, SCs are revolutionizing the way business is conducted. To further expand peopleβs and enterprisesβ access to financial services, blockchain technology can be utilized to build decentralized lending and investing platforms.
The real estate market is another sector that could profit from blockchain [28,29]. By eliminating middlemen and increasing accountability, blockchain technology has the capacity to revolutionize the property registration and transfer industry. If a sale is finalized or money is transferred, for instance, an SC can automatically transfer ownership to the buyer. For both parties involved, this can be a time- and cost-saving measure.
The healthcare sector is another that might greatly profit from blockchain implementation [30,31]. A patientβs medical history can be kept on the distributed ledger technology known as blockchain. In order to better coordinate care and lower the likelihood of medical errors, SCs can be used to automate the sharing of medical records between healthcare providers. In addition, blockchain technology can help monitor drug authenticity and tampering as they travel through the supply chain.
Blockchain technology also has potential in the supply chain sector [32,33]. Blockchain technology allows companies to keep tabs on product deliveries from start to finish, improving visibility while decreasing opportunities for fraud. Using SCs, the supply chainβs financial transactions can be automated, eliminating the need for middlemen while increasing speed and accuracy.
Voting is another area where blockchain technology can be put to use [34,35]. With a blockchain-based voting system, we can eliminate the possibility of voter fraud and guarantee a fair and accurate tally of all votes cast. Vote tallying can be automated with the help of SCs, making the process quicker and more accurate.
A new revolution in the transportation sector called the Internet of Vehicles (IoV) has the ability to fix the problems with the established structure. The IoVβs data security and privacy, however, present significant difficulties. Blockchain technology can solve the authentication problems of cars traveling from one trusted authority to another when combined with physical unclonable functions [36].
The widespread adoption of blockchain and smart contract technology might radically alter many sectors. Blockchain technology has the potential to enhance company operations, which in turn will benefit individuals and society at large, by making systems more secure, transparent, and efficient.
However, the security of SCs is a major concern because they are vulnerable to a variety of attacks, such as coding errors, malicious inputs, and blockchain network attacks. Securing SCs is critical to the viability of blockchain technology. Traditional techniques in SC security, such as code review and formal verification, are limited and may not always discover all sorts of vulnerabilities. As a result, there is increased interest in investigating the application of AI technology to improve SC security. By detecting anomalies and unusual behavior that may suggest a security breach, these techniques have the ability to provide a more thorough and proactive approach to security. We can improve trust and confidence in blockchain technology by increasing SC security and releasing its full potential for building a more decentralized and secure financial system. An SC developed in Solidity is presented in Figure 5.
Blockchain and SC solutions provide numerous advantages to consumers, businesses, and governments. Some are (Figure 6):
Transparency: Decentralized blockchains are completely transparent. Transactions on the blockchain are transparent and verifiable. Nobody can also update network information. As a result, a user or company owner can create or use an SC without fear of a hacker altering it to steal money or data.
Efficiency in the Economy: SCs automate numerous agreement-processing commercial activities. SCs do not require the services of attorneys, banks, or brokers. Both provide for significant cost reductions.
Time-Saving Autonomy: Writing and monitoring a standard contract takes time. SCs are simpler and faster to implement: the programmer writes the contract code once and then utilizes it any time it is required (such as when trying to construct an NFT or for automatically filling out a bill and making trades).
Building Trust: There are no humans among the SCs. This builds long-term trust amongst counteragents. If something goes wrong, the parties will look into it together.
Safe Backup: Since businesses and governments risk losing important data, everyone copies it and backs it up. Even the most secure backup mechanisms cannot ensure data preservation. Hackers can either succeed or fail. Blockchain and SCs differ in that data are stored on several devices until the blockchain functions.
Fraud Prevention: SCs prevent fraudulent access if the blockchain code is correct. Phishing can be prevented with time.
Safety and Dependability: SCs are well known for their data security and market-leading encryption in IT. Blockchain and SC agreements are the most secure contracts available today.
2.3. Possible Attacks
There is a wide variety of threats that can target SCs and cause financial loss and reputational harm to blockchain networks. These attacks include (Table 3):
Table 3. Possible Types of Attacks.
Reentrancy attacks: An attacker can use this vulnerability to drain the contractβs cash by repeatedly calling an SC function before the previous call has completed. An attacker can steal money from a contract by making a malicious contract that repeatedly calls the function of the target contract before the target contract has finished processing the previous call.
Integer overflow and underflow attacks: These exploits make use of flaws in the way SCs handle integer values to subvert the contractβs logic and steal money. By sending a huge negative number to a contract function that expects a positive number, the attacker can trigger an underflow and gain access to a significant amount of tokens.
Denial-of-Service (DoS) attacks: The goal of these assaults is to prevent an SC from handling valid transactions by overwhelming its resources. This can be achieved by flooding the contract with a large number of little transactions or by sending transactions with input data that are too large and so exceed the contractβs gas limit.
Malicious input attacks: For these kinds of attacks, the attacker sends malicious data inputs to an SC in order to manipulate its behavior and, in the worst-case scenario, steal money. Input data sent by an attacker, for instance, could trigger a contract to transmit funds to an unauthorized address.
Front-running attacks: To perform a front-running assault, one must take advantage of the brief window of opportunity between a transactionβs submission and confirmation on the blockchain. An adversary can profit from this vulnerability by watching the blockchain for pending transactions and then submitting their own transaction with a greater gas price.
Logic bombs: A logic bomb is malicious code that waits in an SC until a certain trigger condition is met, at which point the code is activated. For instance, an adversary can craft a contract that, at first glance, appears to work as intended, but actually contains malicious code that, after a certain date or time is reached, transfers funds to the adversaryβs account.
Cross-chain attacks: These assaults take advantage of flaws in the way several blockchains communicate with one another. By taking advantage of differences in how several networks handle cross-chain transactions, an attacker can take cash from one network and move it to another.
Time manipulation attacks: Time manipulation attacks take advantage of how SCs process information about the passage of time. An attacker may be able to cause a contract to execute too soon or wait forever if it depends on a timestamp or block number to trigger a certain action.
Authorization flaws: A breach in authorization occurs when an SC does not adequately verify the identities of those who access the contract. An adversary could potentially use this flaw to conduct fraudulent transactions or gain access to the contractβs cash.
Gas limit attacks: In order to execute a contract, SCs must perform a certain amount of computational labor, which is measured in gas. An attacker can cause a transaction to fail by setting a low gas limit, resulting in the contract running out of gas before its execution is complete. The attacker may then be able to undo the transaction and steal money from the contract.
2.4. Bug categories
We classify Ethereum smart contract bugs into the following 9 categories:
Data. Bugs in data definition, initialization, mapping, access, or use, as found in a model, specification, or implementation.
Interface. Bugs in specification or implementation of an interface.
Logic. Bugs in decision logic, branching, sequencing, or computation algorithm, as found in natural language specifications or in implementation language.
Description. Bugs in description of software or its use, installation, or operation.
Standard. Nonconformity with a defined standard.
Security. Bugs that threaten contract security, such as authentication, privacy/confidentiality, property.
Performance. Bugs that cause increased gas consumption.
Interaction. Bugs caused by contract interaction with other accounts.
Environment. Bugs due to mistakes in the software that supports Ethereum smart contracts.
In order to express the classification results concisely, we provide the following classification diagrams:
3.1. Artificial Intelligence
Artificial intelligence (AI) is a vast area that includes the creation of intelligent computers capable of performing activities that normally require human intelligence [37,38]. Machine learning (ML) is a branch of AI that focuses on developing systems that can learn from data and make decisions without being explicitly programmed [39,40].
Developers use traditional programming techniques to manually write code to tackle a specific problem. The code is composed of a set of rules and instructions that the computer uses to generate output. This method necessitates a significant amount of human labor and is limited by the programmerβs ability to predict all conceivable circumstances and edge cases. In contrast, with machine learning and artificial intelligence (AI), the computer is trained on a big dataset and learns to recognize patterns and make predictions or judgments based on that data. This method is more adaptable to new data and situations that were not explicitly programmed. The difference between Classical Programming and AI is illustrated in Figure 7.
The different phases of ML and AI include (Figure 8):
Data collection: Collecting and preparing a large dataset that represents the problem domain.
Data preprocessing: Cleaning and transforming the data to make it usable for ML models.
Model selection and training: Choosing an appropriate ML model and training it on the dataset.
Model evaluation: Evaluating the performance of the model on a separate dataset to measure its accuracy and effectiveness.
Deployment: Implementing the model in a production system and integrating it with other systems as needed.
Monitoring and maintenance: Continuously monitoring the modelβs performance and making updates and improvements as necessary.
In sum, AI and ML are potent resources that can automate a wide range of jobs and generate highly accurate predictions and choices. They excel in areas where conventional programming methods would be too time-consuming or inefficient, such as those involving complexity.
3.2. Different Types of AI
There are four main types of AI [41] (Table 4):
Table 4. Different Types of AI.
Supervised learning (SL) [42,43]: Supervised learning involves training an algorithm on a labeled dataset in which each input is accompanied by its corresponding label. The goal is to train the algorithm to correctly anticipate an output for inputs it has never seen before. Image categorization, voice recognition, and language translation are all applications of supervised learning.
Unsupervised learning (USL) [44,45]: Unsupervised learning involves training an algorithm on a dataset without an associated label or output. The purpose of the algorithm is to autonomously identify such links or patterns in the data. Clustering, anomaly detection, and dimensionality reduction are all types of unsupervised learning.
Semi-supervised learning (SSL) [46,47]: In semi-supervised learning, the algorithm is trained on a dataset with just some of the input data coupled with the right output or label. The goal is to train the algorithm to correctly predict an output for input data that it has never seen before, using both the labeled and unlabeled data to help it.
Reinforcement learning (RL) [48,49]: In reinforcement learning, the algorithm learns to make decisions through trial and error. The algorithm receives feedback in the form of rewards or punishments for its actions and adjusts its behavior to maximize the reward. Examples of reinforcement learning include game playing, robotics, and autonomous vehicles.
Each type of AI has its own strengths and weaknesses, and the choice of which type to use depends on the problem being solved and the available data. SL is useful when there is a well-defined output or label, USL is useful when there are no labeled data available, and RL is useful when the algorithm needs to learn through trial and error.
3.3. AI for Cybersecurity in General
The use of AI is increasingly vital in the field of cybersecurity [50]. By analyzing massive volumes of data and discovering patterns that suggest possible hazards, AI can be used to detect and prevent cyber-attacks [51,52]. Artificial intelligence algorithms can be taught to recognize common forms of assault and to spot novel ones that have certain traits. Patching security holes, keeping tabs on network traffic, and handling incidents are just some of the mundane responsibilities that may be automated with the help of AI [53,54]. Cybersecurity experts can then devote their time and energy to solving problems that call for their unique set of skills. Artificial intelligence (AI) has great potential in this area, but it cannot yet entirely replace humans in this field. False positives and negatives can be avoided if artificial intelligence systems are trained, validated, and monitored effectively. Protecting AI systems from outside threats and ensuring their own safety is equally important. In general, AI has the ability to vastly improve cybersecurity by spotting and avoiding threats more quickly and correctly than before [55].
Significant monetary losses have resulted from several high-profile events involving hacked SCs in recent years. The application of AI technology, however, can improve smart contract security and reduce the likelihood of such instances occurring [56,57].
Using AI algorithms to examine the code and find flaws is one method of using AI to increase the safety of SCs. Patterns and abnormalities in the code that could suggest a security weakness can be trained into AI algorithms. AI algorithms can analyze enormous quantities of code to find common flaws, which can then be fixed in subsequent iterations of SCs [58].
A temporal message propagation network for extracting graph features was proposed by [59], who also investigated the application of graph neural networks and expert knowledge to discover vulnerabilities. Using a multi-layer bidirectional Transformer structure and using CodeBERT, VDDL was introduced by [60]. The multi-modal AI framework developed by [61] incorporated NLP, IR, and coding analysis methods. Using active SSL to combat the problem of insufficient labeled data and relying on bidirectional encoder representations from Transformers (BERT), Ref. [62] proposed an SC vulnerability detection system called ASSBert. By combining vulnerability identification and location into a single debugging process, Ref. [63] suggested a two-stage SC debugger dubbed ReVulDL, which employs a deep learning-based technique to detect and locate reentry vulnerabilities [64,65].
The use of natural language processing (NLP) techniques is yet another AI-based method for making SCs more secure. To prevent hackers from taking advantage of loopholes in SCs, natural language processing algorithms can examine the contractsβ language for potential ambiguities and inconsistencies. Developers can improve the contractβs safety by fixing these problems early on.
The authors of [66] developed a vulnerability detection model that included a hierarchical attention mechanism and made use of neural networks in AI, notably, BiLSTM (BiLSTM = bidirectional long short-term memory networks). To detect Ponzi schemes at the time of SC formation, Ref. [67] created a larger dataset and extracted various independent features from multiple views using a multi-view cascading ensemble model (MulCas). A heterogeneous graph transformation network for SC anomaly detection (SHGTNs) was proposed by [68] to identify instances of financial fraud on the Ethereum network. Using the bytecode of SCs as a new feature and GRU networks and attention mechanisms to obtain hidden information, Ref. [69] introduced SCSGuard, a framework that applied AI to identify fraudulent conduct in SCs.
Artificial intelligence can also be used to review SCs in real time, looking for signs of fraud or other irregularities. In an SC, for instance, AI algorithms can be taught to track the flow of money and flag any unusual activity. If developers are able to identify and report these transactions, they can take preventative measures.
The problem of local information loss in conventional CNN models was solved by [70] when they unveiled their new CNN architecture, CodeNet, for detecting flaws in SCs. To better uncover vulnerabilities in SCs, Ref. [71] used deep reinforcement learning in combination with multi-agent fuzz testing [72]. To determine whether SCs are vulnerable, Ref. [73] developed three distinct deep learning (DL) models: GRU, ANN, and LSTM. In order to discover flaws in SCs, Ref. [74] introduced a novel model called Link-DC, which uses deep and cross networks to build high-order nonlinear characteristics. By extracting features from both the high-level syntactic features and the low-level bytecode features of the SCs, the SmartMixModel vulnerability detection model presented by [75] improves the accuracy with which vulnerabilities in SCs can be identified.
In addition, AI can be utilized to build trustworthy and distributed SC administration infrastructure. Using AI to validate transactions and stop fraudulent conduct is one way to improve the safety of blockchain technology, the foundation of SCs. SCs can be made more hacker- and exploitation-resistant if decentralized systems are built utilizing AI.
An AI approach named GVD-net was suggested by [76] to identify flaws in Ethereum SCs. Ref. [77] introduced a static analysis tool for SCs using AI called Eth2Vec, which compared the target contractβs code to a database of known vulnerable contract features learned automatically by neural networks. Ref. [78] developed a systematic and modular vulnerability detection framework based on DL, named DeeSCVHunter, for reentrancy and time-dependence vulnerabilities, while [79] used DL techniques to detect vulnerabilities in SCs by combining different representations of the code. To help find vulnerabilities in SCs, Hao et al. proposed SCscan, a scanning technique built on Support Vector Machines.
As a result, AI has the ability to greatly improve the security of SCs. Developers can limit the danger of hacking and exploitation by utilizing AI algorithms to examine code, natural language processing algorithms to detect linguistic ambiguities, and real-time monitoring of SCs. Furthermore, blockchain technology can be made more secure and transparent by developing decentralized systems for managing SCs. As SCs become more common, AI will play a growing role in guaranteeing their security and preventing fraudulent activities. A summary of the studies presented in this section is given in Table 5.
Table 5. Summary of Main Findings.
Here are some concrete examples about the use of artificial intelligence to improve smart contract security:
Vulnerability detection: AI-based techniques can find flaws in SCs. These programs can examine code and detect potential security flaws. This can assist developers in finding and fixing vulnerabilities faster more effectively than manual testing.
Anomalies discovery: AI can monitor SCs and detect unusual behavior. A smart contract, for example, may suggest a security compromise if it suddenly begins performing a large number of transactions or accessing unexpected data. AI-based anomaly detection can aid in the rapid identification and response to these situations.
Predictive analytics: AI can examine data from SCs and detect future security issues. For example, if a smart contract is utilized in a novel way, AI may analyze the data to predict whether this novel usage pattern is likely to result in security issues.
Suspicious behavior detection: AI can be utilized for behavior-based security by monitoring the behavior of SCs and detecting suspicious behavior. For example, if a smart contract begins to behave abnormally, AI can flag it for further examination.
Table 6 summarizes the advantages of AI-based security over classical techniques, which include:
Table 6. Comparison of Classical and AI-based Security Techniques for SCs.
Efficiency: Since AI-based technologies can analyze code and data far more quickly than humans can, software engineers are able to locate and resolve issues much more quickly.
Accuracy: AI has the ability to analyze massive amounts of data and recognize patterns that people would miss. This has the potential to result in improved vulnerability identification and more accurate predictive analytics.
Scalability: AI-based tools can scan vast volumes of SCs at once, enabling developers to detect problems in a large number of contracts quickly. This is made possible through scalability.
Adaptability: AI-powered technologies may learn from fresh data and adapt to new threats over time, making them more effective.
In general, the use of AI-based techniques has a number of major advantages over the use of traditional techniques when it comes to improving the safety of SCs. To make their SCs more secure, developers should seriously consider employing AI-based technologies for vulnerability discovery, anomaly detection, predictive analytics, and behavior-based security.
This section illustrates the complete process of developing our base for vulnerability detection model for smart contracts, which consists of three stages. The first stage involves building and preprocessing the labeled dataset of vulnerable Solidity code. In the second stage, training three models (Optimized-CodeBERT, Optimized-LSTM, and Optimized-CNN) and comparing their performance to determine the best one. Finally, in the third stage, the selected model is evaluated using the Sodifi-benchmark dataset to assess its effectiveness in detecting vulnerabilities.
6.1. Data collection
Our primary training dataset comprises three main sources: 10,000 contracts from the Slither Audited Smart Contracts Dataset, 20,000 contracts from smartbugs-wild, and 1,000 typical smart contracts with vulner- abilities identified through expert audits, overall 31,000 contracts. To effectively compare results with other auditing tools, we choose to use the SolidiFI benchmark dataset as our test set, a dataset containing contracts containing 9,369 bugs.
6.2. Dataset processing
Within our test set SolidiFI-benchmark, there are three static detection tools which are Slither, Mythril, and Smatcheck as well as all identified four common vulnerability types which are Re-entrancy, Timestamp-Depend- ency, Unhandled-Exception, and tx.origin. To ensure the completeness and fairness of the results, our model primarily focused on these four types of vulnerabilities for comparison.
Considering that a complete contract might consist of multiple Solidity files and a single Solidity file might contain several vulnerable code snippets, we utilized the Slither tool to extract 30,000 functions containing these four types of vulnerabilities from the data sources. Additionally, we manually annotate the problematic code snippets within the contracts audited by experts, overall 1,909 snippets. The training set comprises 31,909 code snippets. For the test set, we extract 5,434 code snippets related to these four vulnerabilities from the SolidiFI- benchmark dataset.
6.3. Data cleaning
The length of a smart contract typically depends on its functionality and complexity. Some complex contracts can exceed several thousand tokens. However, handling long text has been a long-standing challenge in deep learning. Transformer-based models can only handle a maximum of 512 tokens. Therefore, we attempted two methods to address the issue of text length exceeding 510 tokens.
Direct splitting. The data is split into chunks of 510 tokens each, and all the chunks are assigned the same label. For example, if we have a group of Re-entrancy vulnerability code with a length of 2000 tokens, it would be split into four chunks, each containing 510 tokens. If there are chunks with fewer than 510 tokens, we pad them with zeros. However, the training results show that the modelβs loss does not converge. We speculate that this is due to the introduction of noise from unrelated chunks, which negatively affects the modelβs generalization capability.
Vulnerability function code extraction. Audit experts extracted the function code of vulnerabilities from smart contracts and assigned corresponding vulnerability labels. If the extracted code exceeds 510 tokens, it is truncated, and if the code falls short of 510 tokens, it is padded with zeros. This approach ensures consistent input data length, addresses the length limitation of Transformer models, and preserves the characteristics of the vulnerabilities.
After comparing the two methods, we observed that training on vulnerability-based function code helped the modelβs loss function converge better. Therefore, we chose to use this data processing method in subsequent experiments. Additionally, we removed unrelated characters such as comments and newline characters from the functions to enhance the modelβs performance. We only extracted the function parts containing the vulnerability code, reducing the length of the training dataset while maintaining the vulnerability characteristics. This approach not only improves the modelβs accuracy, but also enhances its generalization ability.
6.4. Data encoding
CodeBERT is a pretraining model based on the Transformer architecture, specifically designed for learning and processing source code. By undergoing pretraining on extensive code corpora, CodeBERT acquires knowledge of the syntax and semantic relationships inherent in source code, as well as the interactive dynamics between different code segments.
During the data preprocessing stage, CodeBERT is employed due to its strong representation ability. The source code undergoes tokenization, where it is segmented into tokens that represent semantic units. Subsequently, the tokenized sequence is encoded into numerical representations, with each token mapped to a unique integer ID, forming the input token ID sequence. To meet the modelβs input requirements, padding and trunca- tion operations are applied, ensuring a fixed sequence length. Additionally, an attention mask is generated to distinguish relevant positions from padded positions containing invalid information. Thus, the processed data includes input IDs and attention masks, transforming the source code text into a numericalized format compatible with the model while indicating the relevant information through the attention mask.
For Optimized-LSTM and Optimized-CNN models, direct processing of input IDs and masks is not feasible. Therefore, CodeBERT is utilized to further process the data and convert it into tensor representations of embedding vectors. The input IDs and attention masks obtained from the preprocessing steps are passed to the CodeBERT model to obtain meaningful representations of the source code data. These embedding vectors can be used as inputs for Optimized-LSTM and Optimized-CNN models, facilitating their integration for subsequent vulnerability detection.
6.5. Results
For the purpose of comparison with static analysis tools, we particularly focus on detecting four specific types of smart contract vulnerabilities: Re-entrancy, Timestamp-Dependency, Unhandled-Exceptions, and tx.origin. Through our comparative analysis, we observe instances where the static analysis tools fail to detect certain vulnerabilities. Our results indicate that our model outperforms the static detection tools, both in terms of recall and overall TP.
From related work, it has been observed that some tools based on static analysis techniques suffer from false positives and false negatives, mainly due to their reliance on predefined rules. These tools lack the ability to perform syntax and semantic analysis, and the predefined rules can become outdated quickly and cannot adapt or generalize to new data. In contrast, deep learning methods do not require predefined detection rules and can learn vulnerability features during the training process.
AI approaches such as SL, SSL, and RL provide numerous advantages in SC vulnerability detection. SL is the most commonly used technique for effective pattern identification and feature extraction because of its ability to train on massive amounts of labeled data. This technique, however, has drawbacks, such as the requirement for a significant amount of labeled training data. SSL, albeit less widely utilized, offers the ability to alleviate this constraint by not requiring labeled training data in the pre-training phase. The potential of this technique to capture specific vulnerability features is its limitation. Due to the difficulty in collecting specific vulnerability features, USL approaches are rarely used in SC vulnerability identification. RL can be used to learn from the systemβs rewards or penalties, although more research is needed to determine its usefulness in SC security detection.
The use of AI in conjunction with fuzz testing, dynamic analysis, and static analysis approaches can also increase SC security detection. Static analysis uses information extracted from an SCβs source code or bytecode for training AI models to find possible vulnerabilities. Dynamic analysis, on the other hand, records runtime data during contract execution in order to identify possible vulnerabilities and anomalous behaviors. Fuzz testing techniques generate random input data, and contract execution outcomes are evaluated to identify new vulnerabilities or abnormal behavior. However, there are still open issues, that we need further research and develop solutions for.
Automatic vulnerability detection technology holds immense potential in enhancing the security of smart contracts. However, it is a double-edged sword. On the one hand, it can assist developers in swiftly identifying and rectifying vulnerabilities in software, thereby elevating its security. On the other hand, if such technology falls into the hands of malicious actors, they might exploit it to uncover undisclosed vulnerabilities and launch attacks. To address this, proactive measures are essential.
Developers should regularly conduct code audits and undergo secure coding training as well as adopt responsible vulnerability disclosure policies. Itβs encouraged that researchers and developers, upon discovering security vulnerabilities, initially notify the relevant organizations or individuals privately. This provides them ample time for rectification before the information is made public. Concurrently, regular updates and maintenance of software and dependency libraries are crucial to ensure known security vulnerabilities which are addressed collaboratively.
Data privacy: AI-based SC vulnerability detection technologies necessitate access to massive volumes of data, raising privacy issues among users. SCs frequently contain sensitive information, such as financial transactions or personal data, which may be exposed if data are not anonymized or protected adequately. We are starting to concentrate on building privacy-preserving AI algorithms for detecting vulnerabilities in SCs while protecting user privacy.
Adversarial attacks: SCs are prone to adversarial attacks, in which attackers purposefully introduce malicious code or inputs to exploit contract weaknesses. Adversarial attacks provide a substantial barrier for AI-based SC security detection approaches because attackers can manipulate training data or circumvent detection by providing inputs targeted to elude detection. In future research we will concentrate on creating more robust AI models capable of detecting adversarial attacks.
Scalability: AI-based SC security detection solutions will require scalability as the number of SCs on blockchain networks continues to expand. Due to the extensive time and computing power needed to train on huge datasets, scalability is a major issue for AI systems. The increasing volume of SC data necessitates the development of more effective and scalable AI solutions in the future.
Interpretability: It can be difficult for users to comprehend the reasoning behind AI-based SC security detection models due to a lack of interpretability. Trust in the system is vital for the success of AI, and interpretability is the key to assuring the transparency and accountability of AI models. As our next step in SC security, we are going to focus on creating AI models that are easier to interpret for end users.
Integration challenges: Integrating AI with formal methodologies presents substantial obstacles, but the benefits of doing so for SC security is promising. Verifying the accuracy of an SC can be accomplished using either formal approaches, which use mathematical proofs and logical reasoning, or AI methods, which utilize statistical models and AI algorithms to spot trends and outliers in the data. Developing formal models that can handle large-scale data and introducing AI techniques into the formal verification process are only two of the many technical hurdles that must be cleared in order to successfully merge these two approaches. More thorough and powerful SC security analysis tools cannot be created until these integration issues are resolved in future studies.
While the potential of combining AI and formal approaches has been recognized, further R&D is required to address open issues and explore full potential. AI isn't a silver bullet, it represents a significant advancement for smart contract auditing. The combination of AI techniques with human expertise creates a robust approach for minimizing risks and ensuring the security of these transformative agreements.
The near future of smart contract security audits is likely to become a collaboration between AI and human experts. AI will identify common vulnerabilities, while human auditors will leverage their expertise to handle the latest advancements and updates. In other words, AI won't replace human auditors just yet, but rather empower them to be more effective. The combined efforts of AI and blockchain will add significant value to the smart contract security experience.
Our focus remains on the creation of AI-powered detection tools for Web3-related security breaches that can handle ever-increasing amounts of data and help us fight scams, hacks and other cryptocurrency related breaches.
Attack Vector Sub-category | Definition | On-chain or Off-chain |
---|---|---|
Attack Type | Description | Example |
---|---|---|
Type of AI | Description | Examples |
---|---|---|
Ref. | Adopted Technique | Contribution |
---|---|---|
Classical Techniques | AI-Based Techniques | |
---|---|---|
Metriccs | F1 (%) | Accuracy (%) | Precision (%) | Recall (%) |
---|---|---|---|---|
Peak-to-trough crypto market cap
$200B β$2T
$1T β???
% projects getting security audits
10%
50-75%
% leader market share
60%
60-75%
Projects audited
10k+
100k+
Capital raised
$230m
fair launch
Valuation
$2B
$10B+
Protocol exploitation
When an attacker exploits vulnerabilities in a blockchain component of a protocol, such as ones pertaining to validator nodes, the protocolβs virtual machine, or in the mining layer.
On-chain
Insider attack
When an attacker working inside a protocol, such as a rogue developer, uses privileged keys or other private information to directly steal funds.
Off-chain
Phishing
When an attacker tricks users into signing permissions, often done by supplanting a legitimate protocol, allowing the attacker to spend tokens on usersβ behalf. Phishing may also happen when an attacker tricks users into directly sending funds to malicious smart contracts.
Off-chain
Contagion
When an attacker exploits a protocol due to vulnerabilities created by a hack in another protocol. Contagion also includes hacks that are closely related to hacks in other protocols.
On-chain
Compromised server
When an attacker compromises a server that is owned by a protocol, thereby disrupting the protocolβs normal workflow or gaining knowledge to further exploit the protocol in the future.
Off-chain
Wallet hack
When an attacker exploits a protocol that provides custodial/wallet services and subsequently acquires information about the walletsβ operation.
Off-chain
Price manipulation hack
When an attacker exploits a smart contract vulnerability or utilizes a flawed oracle that does not reflect accurate asset prices, facilitating the manipulation of a digital tokenβs price.
On-chain
Smart contract exploitation
When an attacker exploits a vulnerability in a smart contract code, which typically grants direct access to various control mechanisms of a protocol and token transfers.
On-chain
Compromised private key
When an attacker acquires access to a userβs private key, which can occur through a leak or a failure in off-chain software, for example.
Off-chain
Governance attacks
When an attacker manipulates a blockchain project with a decentralized governance structure by gaining enough influence or voting rights to enact a malicious proposal.
On-chain
Third-party compromised
When an attacker gains access to an off-chain third-party program that a protocol uses, which provides information that can later be used for an exploit.
Off-chain
Other
Either the attack does not fit in any of the previous categories or there is not enough information to properly classify it.
On-chain/Off-chain
Reentrancy Attacks
Allows an attacker to repeatedly call an SC function before the previous call completes
Drain a contractβs funds by creating a malicious contract that calls the target contractβs function multiple times
Integer Overflow and Underflow
Exploits vulnerabilities in the way SCs handle integer values
Underflow a contractβs balance by sending a large negative number as input to a function expecting a positive number
Denial-of-Service (DoS)
Aims to overload an SCβs resources, making it unable to process legitimate transactions
Send a large number of transactions to the contract in a short period of time
Malicious Input
Involves sending malicious data inputs to an SC, causing it to behave in unintended ways
Transfer funds to an unintended recipient by sending malicious input data to a contract
Front-Running
Involves exploiting the time delay between a transaction being submitted and confirmed on the blockchain
Profit from a transaction by submitting a higher gas price transaction ahead of the original transaction
Logic Bombs
A piece of malicious code that lies dormant in an SC until a specific trigger condition is met
Transfer funds to the attackerβs account when a specific date or time is reached
Cross-Chain Attacks
Exploit vulnerabilities in the interaction between different blockchain networks
Steal funds from one network and transfer them to another by exploiting weaknesses in cross-chain transactions
Time Manipulation
Exploits the way SCs handle time-based events
Trigger an action prematurely or delay it indefinitely by manipulating the timestamp or block number
Authorization Flaws
Occurs when an SC fails to properly authenticate and authorize users who interact with it
Gain unauthorized access to a contractβs funds or execute unauthorized transactions
Gas Limit Attacks
Exploit the way SCs handle gas, the unit of measurement for computational work
Revert a transaction and potentially steal funds by setting a low gas limit on a transaction
Supervised Learning
Trained on labeled data to predict correct output for new, unseen input data.
Image classification, speech recognition, language translation
Unsupervised Learning
Trained on unlabeled data to discover patterns or relationships in the data.
Clustering, anomaly detection, dimensionality reduction
Semi-Supervised Learning
Trained on partially labeled data to predict correct output for new, unseen input data while discovering patterns or relationships in the data.
Object recognition, speech recognition, sentiment analysis
Reinforcement Learning
Learns to make decisions through trial and error and adjusts behavior to maximize reward.
Game playing, robotics, autonomous vehicles
[59]
GNN, Expert Knowledge, Temporal Message Propagation Network
Proposed a technique for vulnerability detection in SCs using graph neural networks and expert knowledge, and introduced a temporal message propagation network to extract graph features
[60]
Multi-layer bidirectional Transformer structure, CodeBERT
Introduced VDDL, a vulnerability detection model that used a multi-layer bidirectional Transformer structure and incorporated CodeBERT
[61]
NLP, Image Processing, Code Analysis Techniques
Used a multi-modal AI framework for vulnerability detection in SCs
[62]
Active and SSL, BERT
Introduced ASSBert, an SC vulnerability detection framework that combines active SSL and employs BERT
[63]
DL-based Approach
Proposed ReVulDL, a two-stage SC debugger that uses a DL-based approach to detect and locate re-entry vulnerabilities
[66]
NN, BiLSTM, Hierarchical Attention Mechanism
Proposed a vulnerability detection tool that utilized neural networks and introduced a hierarchical attention mechanism
[67]
Multi-view Cascading Ensemble Model (MulCas)
Constructed a larger dataset and extracted numerous independent features from multiple perspectives for identifying Ponzi schemes when SC are created
[68]
Heterogeneous Graph Transformation Network
Proposed SHGTNs, a heterogeneous graph transformation network for detecting financial frauds on Ethereum platforms
[69]
ML, Bytecode, GRU Networks, Attention Mechanisms
Developed SCSGuard, a tool that used ML technology for detecting fraudulent behaviors in SCs by leveraging the bytecode of SCs as a novel feature
[70]
Convolutional Neural Network (CNN) Architecture
Introduced CodeNet, a new CNN architecture for detecting SC vulnerabilities that solved the problem of loss of local information in existing CNN models
[71]
Deep Reinforcement Learning, Multi-Agent Fuzz Testing
Developed improved techniques for detecting vulnerabilities in SCs using deep reinforcement learning and multi-agent fuzz testing
[73]
DL Models, LSTM, ANN, GRU
Trained three different DL models, GRU, ANN, LSTM and, and used them for predicting the existence of vulnerabilities in SCs
[74]
Deep and Cross Networks
Presented Link-DC, a new SC vulnerability detection model that used deep and cross networks for constructing high-order nonlinear features
[75]
High-level Syntactic Features, Low-level Bytecode Features
Introduced SmartMixModel, a vulnerability detection model that extracts features on two levels: low-level bytecode features and high-level syntactic features
[76]
AI Model
Proposed GVD-net, an AI model to detect security vulnerabilities in Ethereum SCs
[77]
AI-based Static Analysis Tool, Eth2Vec
Introduced Eth2Vec, an AI-based static analysis tool that utilized neural networks for automatically learning features of vulnerable contracts and detecting vulnerabilities in SCs
[79]
DL, Various Code Representations
Utilized DL techniques for detecting vulnerabilities in SCs by combining various code representations
[78]
DL, Modular and Systematic Vulnerability Detection Framework
Proposed DeeSCVHunter, a modular and systematic vulnerability detection framework based on DL, for reentrancy and time dependence vulnerabilities
[80]
SVM
Proposed SCscan, a scanning tool based on SVM for identifying potential security risks in SCs
Vulnerability Detection
Manual code review and testing
Automated code analysis and vulnerability detection
Anomaly Detection
Manual monitoring and analysis
Automated behavior-based anomaly detection
Predictive Analytics
Limited predictive capabilities
Advanced predictive analytics using machine learning
Behavior-based Security
Limited behavior-based monitoring
Advanced behavior-based monitoring using machine learning
Advantages
Established techniques, but slower and less accurate than AI-based techniques
Faster, more accurate, scalable, adaptable, and able to learn from new data and threats
Optimized-CodeBERT
93.53
96.77
96.77
93.55
Optimized-LSTM
63.05
81.96
73.61
64.06
Optimized-CNN
70.62
85.54
71.61
71.36