MANDO-GURU: vulnerability detection for smart contract source code by heterogeneous graph embeddings
Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
11-2022
Abstract
Smart contracts are increasingly used with blockchain systems for high-value applications. It is highly desired to ensure the quality of smart contract source code before they are deployed. This paper proposes a new deep learning-based tool, MANDO-GURU, that aims to accurately detect vulnerabilities in smart contracts at both coarse-grained contract-level and fine-grained line-level. Using a combination of control-flow graphs and call graphs of Solidity code, we design new heterogeneous graph attention neural networks to encode more structural and potentially semantic relations among different types of nodes and edges of such graphs and use the encoded embeddings of the graphs and nodes to detect vulnerabilities. Our validation of real-world smart contract datasets shows that MANDO-GURU can significantly improve many other vulnerability detection techniques by up to 24% in terms of the F1-score at the contract level, depending on vulnerability types. It is the first learningbased tool for Ethereum smart contracts that identify vulnerabilities at the line level and significantly improves the traditional code analysis-based techniques by up to 63.4%. Our tool is publicly available at https://github.com/MANDO-Project/ge-sc-machine. A test version is currently deployed at http://mandoguru.com, and a demo video of our tool is available at http://mandoguru.com/demo-video.
Keywords
Heterogeneous graphs, Graph neural networks, Vulnerability detection, Smart contracts, Ethereum blockchain
Discipline
Software Engineering
Research Areas
Software and Cyber-Physical Systems
Publication
Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Singapore, 2022 November 14-18
First Page
1736
Last Page
1740
ISBN
9781450394130
Identifier
10.1145/3540250.3558927
Publisher
Association for Computing Machinery
City or Country
New York
Citation
NGUYEN, Huu Hoang; NGUYEN, Nhat Minh; DOAN, Hong-Phuc; AHMADI, Zahrai; DOAN, Thanh Nam; and JIANG, Lingxiao.
MANDO-GURU: vulnerability detection for smart contract source code by heterogeneous graph embeddings. (2022). Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Singapore, 2022 November 14-18. 1736-1740.
Available at: https://ink.library.smu.edu.sg/sis_research/7644
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1145/3540250.3558927