Intelligent contract multi-vulnerability detection method and system based on source code graph representation learning

Abstract

The invention discloses an intelligent contract multi-vulnerability detection method and system based on source code graph representation learning, and the method comprises the steps: carrying out representation of an intelligent contract source code through a function granularity code attribute graph in combination with an abstract syntax tree and semantic information of an intelligent contract; and according to grammatical features of different types of vulnerabilities of the intelligent contract, defining a slicing criterion, using a program slicing technology to carry out noise reduction on the intelligent contract graph representation, carrying out feature extraction in combination with a gated graph neural network, and carrying out vulnerability prediction based on the extracted features. The method has the advantages that the intelligent contract source code is represented by combining multiple graph structures, and grammar and semantic information and a context structure of the code are fully reserved; noise codes irrelevant to vulnerability detection are removed by using a program slicing technology, so that the detection accuracy is improved; the features of various vulnerabilities are automatically learned based on the gated graph neural network, the application range and the detection efficiency of vulnerability detection are improved, and the detection cost is reduced.

Description

technical field [0001] The invention belongs to the field of software security, and relates to a method and system for detecting multiple loopholes in smart contracts based on source code graph representation learning. Background technique [0002] A smart contract is a consensus rule that digitizes traditional contracts and runs on the blockchain platform. Compared with traditional contracts, smart contracts relying on the blockchain platform have multiple advantages: first, the execution of smart contracts does not rely on third parties, but is automatic and decentralized; second, smart contracts themselves cannot be tampered with; third , the smart contract is stored on the blockchain platform, and each blockchain node saves a copy of the contract, which is visible to everyone, ensuring the transparency of contract execution. With the development of blockchain technology, more and more developers have noticed these advantages of smart contracts and applied smart contract...

AI Technical Summary

Problems solved by technology

[0003] However, compared with traditional software, since smart contracts manage a large number of virtual assets, once they have vulnerabilities and are attacked, they will cause huge economic losses

The Dao security breach in 2016 resulted in a loss of $60 million; the Parity wallet breach in July 2017 resulted in $150 million in funds being permanently frozen; the DODO contract in March 2021 resulted in $3.8 million in assets due to a loopho

Images