MANDO-GURU: vulnerability detection for smart contract source code by heterogeneous graph embeddings
Smart contracts are increasingly used with blockchain systems for high-value applications. It is highly desired to ensure the quality of smart contract source code before they are deployed. This paper proposes a new deep learning-based tool, MANDO-GURU, that aims to accurately detect vulnerabilities...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2022
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/7644 https://ink.library.smu.edu.sg/context/sis_research/article/8647/viewcontent/fse22mandoDemo.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-8647 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-86472023-01-10T03:51:30Z MANDO-GURU: vulnerability detection for smart contract source code by heterogeneous graph embeddings NGUYEN, Huu Hoang NGUYEN, Nhat Minh DOAN, Hong-Phuc AHMADI, Zahrai DOAN, Thanh Nam JIANG, Lingxiao Smart contracts are increasingly used with blockchain systems for high-value applications. It is highly desired to ensure the quality of smart contract source code before they are deployed. This paper proposes a new deep learning-based tool, MANDO-GURU, that aims to accurately detect vulnerabilities in smart contracts at both coarse-grained contract-level and fine-grained line-level. Using a combination of control-flow graphs and call graphs of Solidity code, we design new heterogeneous graph attention neural networks to encode more structural and potentially semantic relations among different types of nodes and edges of such graphs and use the encoded embeddings of the graphs and nodes to detect vulnerabilities. Our validation of real-world smart contract datasets shows that MANDO-GURU can significantly improve many other vulnerability detection techniques by up to 24% in terms of the F1-score at the contract level, depending on vulnerability types. It is the first learningbased tool for Ethereum smart contracts that identify vulnerabilities at the line level and significantly improves the traditional code analysis-based techniques by up to 63.4%. Our tool is publicly available at https://github.com/MANDO-Project/ge-sc-machine. A test version is currently deployed at http://mandoguru.com, and a demo video of our tool is available at http://mandoguru.com/demo-video. 2022-11-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7644 info:doi/10.1145/3540250.3558927 https://ink.library.smu.edu.sg/context/sis_research/article/8647/viewcontent/fse22mandoDemo.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Heterogeneous graphs Graph neural networks Vulnerability detection Smart contracts Ethereum blockchain Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Heterogeneous graphs Graph neural networks Vulnerability detection Smart contracts Ethereum blockchain Software Engineering |
| spellingShingle |
Heterogeneous graphs Graph neural networks Vulnerability detection Smart contracts Ethereum blockchain Software Engineering NGUYEN, Huu Hoang NGUYEN, Nhat Minh DOAN, Hong-Phuc AHMADI, Zahrai DOAN, Thanh Nam JIANG, Lingxiao MANDO-GURU: vulnerability detection for smart contract source code by heterogeneous graph embeddings |
| description |
Smart contracts are increasingly used with blockchain systems for high-value applications. It is highly desired to ensure the quality of smart contract source code before they are deployed. This paper proposes a new deep learning-based tool, MANDO-GURU, that aims to accurately detect vulnerabilities in smart contracts at both coarse-grained contract-level and fine-grained line-level. Using a combination of control-flow graphs and call graphs of Solidity code, we design new heterogeneous graph attention neural networks to encode more structural and potentially semantic relations among different types of nodes and edges of such graphs and use the encoded embeddings of the graphs and nodes to detect vulnerabilities. Our validation of real-world smart contract datasets shows that MANDO-GURU can significantly improve many other vulnerability detection techniques by up to 24% in terms of the F1-score at the contract level, depending on vulnerability types. It is the first learningbased tool for Ethereum smart contracts that identify vulnerabilities at the line level and significantly improves the traditional code analysis-based techniques by up to 63.4%. Our tool is publicly available at https://github.com/MANDO-Project/ge-sc-machine. A test version is currently deployed at http://mandoguru.com, and a demo video of our tool is available at http://mandoguru.com/demo-video. |
| format |
text |
| author |
NGUYEN, Huu Hoang NGUYEN, Nhat Minh DOAN, Hong-Phuc AHMADI, Zahrai DOAN, Thanh Nam JIANG, Lingxiao |
| author_facet |
NGUYEN, Huu Hoang NGUYEN, Nhat Minh DOAN, Hong-Phuc AHMADI, Zahrai DOAN, Thanh Nam JIANG, Lingxiao |
| author_sort |
NGUYEN, Huu Hoang |
| title |
MANDO-GURU: vulnerability detection for smart contract source code by heterogeneous graph embeddings |
| title_short |
MANDO-GURU: vulnerability detection for smart contract source code by heterogeneous graph embeddings |
| title_full |
MANDO-GURU: vulnerability detection for smart contract source code by heterogeneous graph embeddings |
| title_fullStr |
MANDO-GURU: vulnerability detection for smart contract source code by heterogeneous graph embeddings |
| title_full_unstemmed |
MANDO-GURU: vulnerability detection for smart contract source code by heterogeneous graph embeddings |
| title_sort |
mando-guru: vulnerability detection for smart contract source code by heterogeneous graph embeddings |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2022 |
| url |
https://ink.library.smu.edu.sg/sis_research/7644 https://ink.library.smu.edu.sg/context/sis_research/article/8647/viewcontent/fse22mandoDemo.pdf |
| _version_ |
1770576408373886976 |