Unlock instant, AI-driven research and patent intelligence for your innovation.

Intelligent contract vulnerability detection method

A technology for smart contracts and vulnerability detection, applied in the fields of instruments, computing, electrical and digital data processing, etc., can solve problems such as poor training effect and inability to identify smart contract vulnerabilities well, and achieve the effect of shortening the training process.

Active Publication Date: 2022-05-10
STATE GRID ZHEJIANG ELECTRIC POWER +1
View PDF3 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At this stage, smart contract vulnerability detection mainly relies on the trained CNN, and uses a tokenizer to split the smart contract opcode with the opcode unit as the basic unit. However, CNN is essentially an n-gram model, which leads to When calculating the correlation score for a specific opcode unit in a smart contract, only the opcode unit before the specific opcode unit is considered, which leads to poor training effect of CNN and cannot identify smart contract vulnerabilities well
[0004] Therefore, in most cases, CNN is only suitable for visual image and natural language processing, and there are great limitations in the application of smart contract vulnerability detection.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intelligent contract vulnerability detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0028] see figure 1 , the present embodiment provides a smart contract vulnerability detection method, including the following steps:

[0029] Step S1: Call an existing smart contract with vulnerability detection from the database as a training sample, which is called a smart contract training sample. In order to generate a training opcode corresponding to the smart contract training sample, first crawl the smart contract training sample The Solidity source code, using the Solc compiler to compile the Solidity source code into bytecode, the bytecode generates the original opcode according to the corresponding relationship in the Ethereum Yellow Paper, it can be found that the operands in the original opcode and the smart contract training samples There is no correlation between vulnerabilities, so this embodiment removes operands from the original opcode to obtain the training opcode, which corresponds to the smart contract training sample, and the training opcode is relative ...

Embodiment 2

[0053] There are various types of smart contract vulnerabilities, and different types of vulnerability repair solutions are also very different. In order to further determine the types of smart contract vulnerabilities and determine the vulnerability repair solutions, the difference between this embodiment and embodiment 1 is that Step S2' is also included. Step S2' is a classifier training process, located between step S2 and step S3.

[0054] Specifically, step S2' is carried out as follows:

[0055] For a set of negative training opcode fragments that have been constructed, input it to the Transformer model after training, and then the Transformer model outputs the classifier training data. In addition, a corresponding vulnerability information matrix is ​​constructed for the negative training opcode fragment set, and the vulnerability information matrix contains various types of vulnerability information. For example, there are five common types of smart contract vulnerab...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a smart contract vulnerability detection method, which comprises the following steps: constructing a training operation code corresponding to a smart contract training sample, sliding a window to traverse and intercept the training operation code to obtain a plurality of training operation code fragments, and generating a training operation code fragment set corresponding to the training operation code; the Transform model is used as an intelligent contract vulnerability detection model, and the training operation code fragment set is adopted to train the Transform model; preprocessing a to-be-detected smart contract to generate a to-be-detected operation code, sliding a window to intercept the to-be-detected operation code to generate a to-be-detected operation code fragment set, and inputting the to-be-detected operation code fragment set into the Transform model; and outputting an intelligent contract vulnerability detection result by the classifier. The Transform model can calculate the correlation between the specific training operation code fragment and all other training operation code fragments, so that the finally trained Transform model can output a result which fully shows the vulnerability clues of the smart contract in actual use.

Description

technical field [0001] The invention relates to a smart contract loophole detection method, which belongs to the field of data loophole detection. Background technique [0002] Smart contract is an important emerging branch of blockchain technology. Its language is immature and the level of developers is limited. Therefore, most of the existing smart contracts have more or less loopholes, and the data of smart contracts The quantity is also relatively insufficient. [0003] At this stage, smart contract vulnerability detection mainly relies on the trained CNN, and uses a tokenizer to split the smart contract opcode with the opcode unit as the basic unit. However, CNN is essentially an n-gram model, which leads to When calculating the association score for a specific opcode unit in a smart contract, only the opcode unit before the specific opcode unit is considered, which leads to poor training effect of CNN and cannot identify smart contract vulnerabilities well. [0004] ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G06K9/62
CPCG06F21/577G06F18/24G06F18/214
Inventor 张莹顾晔徐天天陈甜妹岑雷扬
Owner STATE GRID ZHEJIANG ELECTRIC POWER