Checking smart contracts with structural code embedding

Author

Zhipeng GAO, Singapore Management UniversityFollow
Lingxiao JIANG, Singapore Management UniversityFollow
Xin XIA, Monash University
David LO, Singapore Management UniversityFollow
John GRUNDY, Monash University

Publication Type

Journal Article

Version

acceptedVersion

Publication Date

12-2021

Abstract

Smart contracts have been increasingly used together with blockchains to automate financial and business transactions. However, many bugs and vulnerabilities have been identified in many contracts which raises serious concerns about smart contract security, not to mention that the blockchain systems on which the smart contracts are built can be buggy. Thus, there is a significant need to better maintain smart contract code and ensure its high reliability. In this paper, we propose an automated approach to learn characteristics of smart contracts in Solidity, useful for repetitive contract code, bug detection and contract validation. Our new approach is based on word embeddings and vector space comparison. We parse smart contract code into word streams with code structural information, convert code elements (e.g., statements, functions) into numerical vectors that are supposed to encode the code syntax and semantics, and compare the similarities among the vectors encoding code and known bugs, to identify potential issues. We have implemented the approach in a prototype, named SmartEmbed, and evaluated it with more than 22,000 smart contracts collected from the Ethereum blockchain. Results show that our tool can effectively identify many repetitive instances of Solidity code, where the clone ratio is around 90%. Code clones such as type-III or even type-IV semantic clones can also be detected. Our tool can identify more than 500 clone related bugs based on our bug databases efficiently and accurately. Our tool can also help to efficiently validate any given smart contract against the known set of bugs, which can help to improve the users' confidence in the reliability of the contract.

Keywords

smart contract, code embedding, clone detection, bug detection, ethereum, blockchain

Discipline

Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

IEEE Transactions on Software Engineering

Volume

47

Issue

12

First Page

2874

Last Page

2891

ISSN

0098-5589

Identifier

10.1109/TSE.2020.2971482

Publisher

Institute of Electrical and Electronics Engineers (IEEE)

Citation

GAO, Zhipeng; JIANG, Lingxiao; XIA, Xin; LO, David; and GRUNDY, John. Checking smart contracts with structural code embedding. (2021). IEEE Transactions on Software Engineering. 47, (12), 2874-2891.
Available at: https://ink.library.smu.edu.sg/sis_research/5606

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/TSE.2020.2971482