CN117992742A - Method, device and storage medium for detecting smart contract vulnerabilities - Google Patents

Abstract

The application relates to the technical field of intelligent contracts, and discloses a method for detecting intelligent contract vulnerabilities, which comprises the following steps: constructing hypergraphs corresponding to intelligent contract source codes; converting the hypergraph into a matrix form to form a multi-mode hypergraph; executing a message passing algorithm based on the multi-mode hypergraph to obtain sample data; training the graph neural network model by using the sample data to obtain an intelligent contract vulnerability detection model; and classifying the multi-mode hypergraph by using an intelligent contract vulnerability detection model. The method can reduce the situation that the high-dimensional feature extraction of the intelligent contract source code is difficult. And the extraction of complex relations between local features and global features is realized. Therefore, the detection accuracy of the intelligent contract vulnerability detection model obtained after the graph neural network model is trained is improved. Furthermore, the accuracy of intelligent contract vulnerability detection can be improved. The application also discloses a device and a storage medium for detecting the intelligent contract vulnerability.

Description

Method, device and storage medium for detecting smart contract vulnerabilities

Technical Field

The present application relates to the field of smart contract technology, and for example, to a method and device, and a storage medium for detecting smart contract vulnerabilities.

Background technique

Ethereum is an open source public blockchain platform that has the characteristics of decentralization, consensus, and distributed ledger. It provides all developers with a smart contract solution platform based on the Solidity language, which provides various modules for users to create smart contracts for their own projects.

A smart contract is a computer protocol designed to communicate, verify or execute contracts in an information-based manner. Smart contracts allow for trusted transactions without a third party, which are traceable and irreversible. The purpose of smart contracts is to provide a security method superior to traditional contracts and reduce other transaction costs associated with contracts. However, smart contracts inevitably have security vulnerabilities.

In order to detect smart contract vulnerabilities. The related art discloses a smart contract vulnerability detection method based on a vulnerability detection model of a smart contract based on deep learning, including: obtaining a smart contract data set according to the smart contract vulnerability type; converting the smart contract in the smart contract data set into an operation code sequence, and using the operation code sequence as a training sample; using the training sample to train the smart contract vulnerability detection model to obtain a trained smart contract vulnerability detection model; wherein the smart contract vulnerability detection model is a smart contract vulnerability detection model based on an average random gradient descent weighted long short-term memory network; converting the smart contract to be detected into an operation code sequence, and the operation code sequence is the operation code sequence to be tested; inputting the operation code sequence to be tested into the trained smart contract vulnerability detection model to obtain a corresponding detection result. In this way, the related art simplifies the operation code sequence to reduce the influence of redundant operation codes on the detection results. According to the key operation code extracted from the corresponding vulnerability type, the context information is extracted, so that the finally integrated operation code sequence reflects the vulnerability information more specifically, and compared with the direct use of the operation code sequence, the length of the sequence is greatly reduced, which not only shortens the model training time, but also solves the problem of model gradient disappearance and model instability caused by too long a sequence.

In the process of implementing the embodiments of the present disclosure, it is found that there are at least the following problems in the related art:

The smart contract vulnerability detection model constructed in the related art can detect smart contract vulnerabilities, shorten the training time of the smart contract vulnerability detection model, and improve the stability of the smart contract vulnerability detection model. However, the related art does not consider the accuracy of the smart contract vulnerability detection model in the smart contract vulnerability detection process.

It should be noted that the information disclosed in the above background technology section is only used to enhance the understanding of the background of the present application, and therefore may include information that does not constitute the prior art known to ordinary technicians in the field.

Summary of the invention

In order to provide a basic understanding of some aspects of the disclosed embodiments, a brief summary is given below. The summary is not an extensive review, nor is it intended to identify key/critical components or delineate the scope of protection of these embodiments, but rather serves as a prelude to the detailed description that follows.

The embodiments of the present disclosure provide a method, device, and storage medium for detecting smart contract vulnerabilities, which can improve the accuracy of smart contract vulnerability detection.

In some embodiments, the method comprises:

Build a hypergraph corresponding to the smart contract source code;

Converting the hypergraph into a matrix form to form a multimodal hypergraph;

Execute the message passing algorithm based on the multimodal hypergraph to obtain sample data;

Using the sample data to train the graph neural network model to obtain a smart contract vulnerability detection model;

Classifying multimodal hypergraphs using smart contract vulnerability detection models.

Optionally, constructing a hypergraph corresponding to the smart contract source code includes: constructing nodes, timing edges, scope hyperedges, and data flow hyperedges of the hypergraph respectively according to the smart contract source code.

Optionally, constructing nodes of a hypergraph according to the smart contract source code includes: obtaining the type of vulnerability to be detected; and constructing nodes corresponding to functions and variables in the smart contract source code according to the type of vulnerability to be detected.

Optionally, constructing the timing edges of the hypergraph according to the smart contract source code includes: constructing the timing edges according to the execution order of the smart contract source code.

Optionally, constructing a scope hyperedge of a hypergraph according to the smart contract source code includes: constructing a scope hyperedge according to the scope of the smart contract source code.

Optionally, constructing a data flow hyperedge of a hypergraph according to the smart contract source code includes: constructing a data flow hyperedge according to a calling relationship of functions in the smart contract source code.

Optionally, a message passing algorithm is executed based on a multimodal hypergraph, including: calculating node degrees according to hyperedges of the multimodal hypergraph; and calculating edge degrees according to nodes of the multimodal hypergraph.

Optionally, the multimodal hypergraph is classified using a smart contract vulnerability detection model, including: data modeling of the multimodal hypergraph; message passing according to hyperedges in the multimodal hypergraph; and classifying features of the multimodal hypergraph after message passing.

In some embodiments, the device includes: a processor and a memory storing program instructions, wherein the processor is configured to execute the aforementioned method for detecting smart contract vulnerabilities when running the program instructions.

In some embodiments, the storage medium stores program instructions, wherein the program instructions, when run, execute the aforementioned method for detecting smart contract vulnerabilities.

The method, device, and storage medium for detecting smart contract vulnerabilities provided by the embodiments of the present disclosure can achieve the following technical effects:

By constructing a hypergraph corresponding to the smart contract source code, the hypergraph can be used to extract multi-dimensional and multi-scale features from the smart contract source code, reducing the difficulty of extracting high-dimensional features from the smart contract source code. In addition, by using the sample data obtained after executing the message passing algorithm using the multimodal hypergraph, during the training of the graph neural network model, the topological structure of the graph is retained for message passing, which enables the extraction of the complex relationship between local features and global features. As a result, the detection accuracy of the smart contract vulnerability detection model obtained after training the graph neural network model is improved. In this way, when using the trained smart contract vulnerability detection model to detect vulnerabilities in smart contracts, the accuracy of smart contract vulnerability detection can be improved.

The above general description and the following description are exemplary and explanatory only and are not intended to limit the present application.

BRIEF DESCRIPTION OF THE DRAWINGS

One or more embodiments are exemplarily described by corresponding drawings, which do not limit the embodiments. Elements with the same reference numerals in the drawings are shown as similar elements, and the drawings do not constitute a scale limitation, and wherein:

FIG1 is a flow chart of a method for detecting smart contract vulnerabilities provided by an embodiment of the present disclosure;

FIG2 is a schematic diagram of a hypergraph timing edge provided by an embodiment of the present disclosure;

FIG3 is a schematic diagram of a device for detecting smart contract vulnerabilities provided by an embodiment of the present disclosure.

Detailed ways

In order to be able to understand the features and technical contents of the embodiments of the present disclosure in more detail, the implementation of the embodiments of the present disclosure is described in detail below in conjunction with the accompanying drawings. The attached drawings are for reference only and are not used to limit the embodiments of the present disclosure. In the following technical description, for the convenience of explanation, a full understanding of the disclosed embodiments is provided through multiple details. However, one or more embodiments can still be implemented without these details. In other cases, to simplify the drawings, well-known structures and devices can be simplified for display.

The terms "first", "second", etc. in the specification and claims of the embodiments of the present disclosure and the above-mentioned drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence. It should be understood that the terms used in this way can be interchanged where appropriate, so that the embodiments of the embodiments of the present disclosure described herein. In addition, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusions.

Unless otherwise stated, the term "plurality" means two or more.

In the embodiment of the present disclosure, the character "/" indicates that the preceding and following objects are in an "or" relationship. For example, A/B indicates: A or B.

The term "and/or" is a description of the association relationship between objects, indicating that three relationships can exist. For example, A and/or B means: A or B, or, A and B.

The term "correspondence" may refer to an association relationship or a binding relationship. The correspondence between A and B means that there is an association relationship or a binding relationship between A and B.

A smart contract is a computer protocol designed to communicate, verify or execute contracts in an information-based manner. Smart contracts allow for trusted transactions without a third party, which are traceable and irreversible. The purpose of smart contracts is to provide a security method superior to traditional contracts and reduce other transaction costs associated with contracts. However, smart contracts inevitably have security vulnerabilities.

In order to realize the detection of smart contract vulnerabilities, traditional smart contract vulnerability detection methods are mainly inspired by program code vulnerability detection methods, relying on static analysis or dynamic execution to perform vulnerability detection. The detection process has problems such as low accuracy and high false alarm rate, and the types of vulnerabilities detected are limited.

In addition, in traditional smart contract vulnerability detection methods, the detection tools used rely on artificially set detection rules, which cannot be applied to a variety of smart contracts. Moreover, when detecting smart contracts based on artificially set detection rules, false positives and false negatives are prone to occur.

In the process of detecting smart contract vulnerabilities based on deep neural networks in the prior art, the accuracy of smart contract vulnerability detection has been improved compared to the above-mentioned traditional smart contract detection methods. For example, the detection method based on graph convolutional networks has certain advantages over the detection method of transmission smart contracts in terms of automation and detection accuracy.

The detection method based on graph convolutional network (GCN) can convert the control and data flow semantics in the source code of smart contracts into graphs. Although it can improve the accuracy of smart contract vulnerability detection to a certain extent. However, the deep learning method for structured data processing cannot fit the non-Euclidean structural features in the smart contract graph, that is, it cannot extract the complex relationship between the local features and the global features of the contract. In this way, the extracted data features cannot represent the multi-dimensional and multi-scale spatiotemporal relationships of the smart contract source code. Moreover, the extraction algorithm based on graph convolutional network cannot retain the topological structure of the original feature graph, resulting in a reduction in the information of the feature graph. Furthermore, it is difficult to explore the implicit connections between different scales of vulnerability features in the spatiotemporal dimension, which makes the accuracy of smart contract vulnerability detection still low in the process of detecting smart contract vulnerabilities using the detection method based on graph convolutional network.

The disclosed embodiments provide a method, device, and storage medium for detecting smart contract vulnerabilities, which can characterize the calling relationship, timing control, and data dependency of functions in the smart contract source code in a hypergraph, and there are not only simple timing calling relationships between functions and variables in the smart contract source code, but also scope relationships and data flow calling relationships. Therefore, during the implementation of the disclosed embodiments, it is necessary to reflect the scope relationship and data flow relationship in the smart contract source code in the hypergraph structure, specifically to construct the data flow calling relationship in the smart contract source code as a data flow hyperedge in the hypergraph. And when using the graph neural network model to perform classification tasks, the timing edges in the hypergraph are used to reconstruct the timing information of the graph. Thereby, the detection accuracy of the smart contract vulnerability detection model obtained after training the graph neural network model is improved. In this way, when the trained smart contract vulnerability detection model is used to detect the vulnerabilities of the smart contract, the accuracy of the smart contract vulnerability detection can be improved.

As shown in FIG1 , the present disclosure provides a method for detecting smart contract vulnerabilities, including:

S11, build the hypergraph corresponding to the smart contract source code.

S12, converting the hypergraph into a matrix form to form a multimodal hypergraph.

S13, executing a message passing algorithm based on the multimodal hypergraph to obtain sample data.

S14, using the sample data to train the graph neural network model to obtain a smart contract vulnerability detection model.

S15, classify multimodal hypergraphs using smart contract vulnerability detection models.

The method for detecting smart contract vulnerabilities provided by the embodiment of the present disclosure is adopted. By constructing a hypergraph corresponding to the smart contract source code, the hypergraph can be used to extract multi-dimensional and multi-scale features of the smart contract source code, thereby reducing the difficulty of extracting high-dimensional features of the smart contract source code. In addition, by using the sample data obtained after executing the message passing algorithm using the multimodal hypergraph, during the training of the graph neural network model, the complex relationship between local features and global features is extracted because the topological structure of the graph is retained for message passing. Thereby, the detection accuracy of the smart contract vulnerability detection model obtained after training the graph neural network model is improved. In this way, when the trained smart contract vulnerability detection model is used to detect vulnerabilities in smart contracts, the accuracy of smart contract vulnerability detection can be improved.

Optionally, constructing a hypergraph corresponding to the smart contract source code includes: constructing nodes, timing edges, scope hyperedges, and data flow hyperedges of the hypergraph respectively according to the smart contract source code.

In the hypergraph corresponding to the smart contract source code, the time sequence of the smart contract source code execution is represented by the timing edge, the scope relationship in the smart contract source code is represented by the scope hyperedge, and the data flow call relationship in the smart contract source code is represented by the data flow hyperedge. In this way, the hypergraph can represent the complex relationship between the global features and local features corresponding to the smart contract source code, and represent the high-dimensional features in the source code.

Optionally, constructing the nodes of the hypergraph according to the smart contract source code includes: obtaining the type of vulnerability to be detected. According to the type of vulnerability to be detected, constructing nodes corresponding to functions and variables in the smart contract source code.

In the disclosed embodiment, the types of vulnerabilities include at least the following four types:

Reentry vulnerability, usually in the process of source code execution, when a non-recursive function is called, no new execution command will be entered before the execution of the program command in the source code ends. However, the execution procedures of the smart contract source code are different from the above. Since the smart contract source code based on the Solidity language has a unique callback mechanism, the attacker may re-enter the called function before the execution of the program command ends. For example, the attacker designs malicious attack code in the Fallback function of the smart contract source code and recursively calls the transfer function in the smart contract source code to steal Ethereum.

Timestamp vulnerability, smart contracts usually use the block timestamps confirmed by nodes or users in the blockchain network to implement time constraints. Smart contracts can retrieve block timestamps, and all transactions in a block share the same timestamp, which ensures the consistency of the state after the smart contract is executed. However, users who create smart contracts can profit by deliberately choosing favorable timestamps.

Infinite loop vulnerability,Infinite loop is a common vulnerability in smart contract source code. A loop in the source code that may not have an exit condition or cannot reach an exit condition (for example, a for loop, while loop, or a self-calling loop) is an infinite loop.

Integer overflow vulnerability: the value in the smart contract source code may exceed the range of integers.

In the disclosed embodiment, according to the types of the above-mentioned vulnerabilities to be detected, the nodes of the hypergraph are constructed in a manner that enables the constructed hypergraph to represent different types of vulnerabilities to be detected. Thus, the generalization ability of the subsequent smart contract vulnerability detection model obtained by hypergraph training can be improved, so that different types of vulnerabilities can be detected using the smart contract vulnerability detection model.

Optionally, constructing nodes corresponding to functions and variables in the smart contract source code according to the type of vulnerability to be detected includes: determining the type of node according to the type of vulnerability to be detected. Constructing nodes corresponding to functions and variables in the smart contract source code according to the type of node.

In the disclosed embodiment, since the causes of different types of vulnerabilities in the smart contract source code are different, the causes of the vulnerabilities are related to the key functions and variables in the source code. For example, the reentry vulnerability is caused by the recursive call relationship between the Fallback function and the external smart contract function, which leads to an attack on the data storage of the smart contract. The integer overflow vulnerability is caused by the attack caused by the key variable due to the value exceeding the range of the integer type. In this way, based on the degree of influence of the key functions and variables of the code program on the vulnerability type, four types of nodes are generated, namely built-in function nodes, custom function nodes, key variable nodes and Fallback function nodes.

Among them, the built-in function is a function pre-defined in the Solidity language. The detection processes of reentrancy program vulnerabilities, timestamp vulnerabilities and integer overflow vulnerabilities are all associated with built-in functions. In the embodiment of the present disclosure, M∈{M ₁ , M ₂ , M ₃ ······M _n |n∈N} represents a built-in function node, n represents the number of built-in function nodes, and N represents a natural number. The custom function is a packaged function defined in the smart contract source code. In the embodiment of the present disclosure, F∈{F ₁ , F ₂ , F ₃ ······F _n |n∈N} represents a custom function node, n represents the number of custom function nodes, and N represents a natural number. The key variable is a variable in the source code that has a certain influence on the result of the smart contract. In the embodiment of the present disclosure, S∈{S ₁ , S ₂ , S ₃ ······S _n |n∈N} represents a key variable node, n represents the number of key variable nodes, and N represents a natural number. Fallback function is the code in the source code that can call external smart contracts. In the embodiment of the present disclosure, C∈{C ₁ , C ₂ , C ₃ ······C _n |n∈N} represents the fallback function node, n represents the number of fallback function nodes, and N represents a natural number. In addition, in the process of detecting smart contract vulnerabilities using the graph convolutional network detection method, only a single sol file is generated into a graph structure, and the mutual dependence relationship between multiple files is not considered. In view of this, in the embodiment of the present disclosure, corresponding nodes are generated for multiple files, and the dependent calling relationship between multiple files is characterized.

It should be noted that the (.sol) file in the smart contract is a flash cookie storage file, which has a similar function to cookies. On online video websites, videos are played in flash format. The saved sol file is mainly used to configure the relevant properties when playing the video. Different websites may have only one sol file, while others may have 5 or 6.

Optionally, constructing the timing edges of the hypergraph according to the smart contract source code includes: constructing the timing edges according to the execution order of the smart contract source code.

Since smart contracts involve transfer-related operations, the calls of internal and external functions in the smart contract source code are executed in strict time order. In addition, infinite loop vulnerabilities are related to both the time and order of the program. In view of this, in the embodiment of the present disclosure, timing edges are constructed to capture the high-order semantic relationship of the timing of the program in the source code, thereby realizing vulnerability detection associated with infinite loops and time. Specifically, the hypergraph timing edge constructed in the embodiment of the present disclosure is shown in Figure 2, where Timing edge represents timing edge, Hyperedge represents hypergraph, Data Representation represents data representation, built-in function Node represents built-in node, Custom function Node represents custom node, Key Variable Node represents key node, Fallback Node represents fallback node, Data flow edge represents data flow hyperedge, Fallback Edge represents fallback edge, and Call edge represents call edge.

Optionally, constructing a scope hyperedge of a hypergraph according to the smart contract source code includes: constructing a scope hyperedge according to the scope of the smart contract source code.

When a smart contract conducts currency transactions, it usually calls an external smart contract or performs an operation of sending currency to an external address, which results in a large number of function call relationships in the source code. There are not only sequential call relationships between source code programs, but also high-order scope relationships. In the source code of the solidity language, there may be the same variable name and function name, whose scopes belong to different classes or different contracts. Although the function name and variable name are the same, they do not belong to the same function or variable. However, for reentrant program vulnerabilities, if the smart contract calls a malicious contract controlled by an attacker, the attacker can use the call.value transfer function to repeatedly call the rewritten Fallback function. In view of this, in the embodiment of the present disclosure, the nodes of the function name and variable name in the same scope in the smart contract source code are represented by SH, and SH is represented as a hyperedge. And the different coarse and fine granularities of the scope hyperedge can also be controlled. For example, when the same function is in different file scopes, or in the scope of the same contract, or in the scope of the same smart contract file, the granularity that can be selected in the embodiment of the present disclosure is the scope within the same contract. In this way, it is conducive to improving the accuracy of detecting smart contract vulnerabilities.

Optionally, constructing a data flow hyperedge of a hypergraph according to the smart contract source code includes: constructing a data flow hyperedge according to a calling relationship of functions in the smart contract source code.

The data stream is used to represent the topological structure of function calls in the smart contract source code. In the same smart contract source code, if different functions operate the same variable in an irregular manner, it is easy to cause smart contract overload vulnerabilities. In view of this, ed is used in the embodiment of the present disclosure to associate the calling, writing and reading processes of the data stream to obtain high-dimensional feature information, which is conducive to training the graph neural network model and obtaining a smart contract vulnerability detection model.

Optionally, in the process of converting the hypergraph into a matrix form, G = (v, ε, w) can be used to represent the hypergraph. Wherein G is a hypergraph, v is a set of nodes in the hypergraph, ε is a hyperedge in the hypergraph, and w is the weight of the hyperedge in the hypergraph. In addition, a matrix is used to represent the construction of hyperedges in the hypergraph. When a node is linked by a hyperedge, it is represented by the number 1, otherwise it is represented by the number 0. In the embodiment of the present disclosure, all hyperedges are constructed in the same hyperedge matrix, which represents the multimodal information of the solidity language source code. The matrix is represented as follows:

Among them, h represents the hypergraph set, v is the vertex in the hypergraph, and e is the edge of the hypergraph. If the node is on the edge, 1 is used to indicate the relationship between the node and the hyperedge, otherwise it is 0.

Optionally, executing a message passing algorithm based on a multimodal hypergraph includes: calculating node degrees according to hyperedges of the multimodal hypergraph and calculating edge degrees according to nodes of the multimodal hypergraph.

The node degree is the sum of the number of edges connected to the node. The node degree is calculated according to the following formula:

d(v)＝∑ _e∈ε w(e)h(v，e)

Among them, d(v) is the node degree, v is the vertex in the hypergraph, h(v, e) is the multimodal hypergraph in matrix form, w(e) represents the weight of the hyperedge, and ε is the set of hyperedges.

The edge degree is the sum of the number of nodes connected by hyperedges. The edge degree is calculated according to the following formula:

δ(e)＝∑ _v∈γ h(v，e)

Among them, δ(e) is the edge degree, h(v, e) is a multimodal hypergraph in matrix form, and γ represents the set of nodes.

In the process of calculating the edge degree, the nodes need to be classified according to the following formula:

arg＝min _f {R _emp (f)+Ω(f)}

Among them, R _emp (f) is the supervised empirical loss, Ω(f) is the regularization processing of the hypergraph, f is the function of the hypergraph neural network, and arg represents the edge degree calculation result.

The expansion of Ω(f) in the embodiment of the present disclosure is as follows:

Among them, Δ＝I-θ, the expansion of Ω(f) is transformed as follows:

Ω(f)＝f ^T Δ

Optionally, the formula of the hypergraph is updated as follows:

Where D _v is the node degree in the hypergraph, De _is the edge degree in the hypergraph, H is the adjacency matrix of the hypergraph, W is the weight matrix of each hyperedge in the hypergraph, X ^(l) is the feature of the L layer in the graph convolutional network, To perform feature transformation on X.

Optionally, the multimodal hypergraph is classified using the smart contract vulnerability detection model, including: performing data modeling on the multimodal hypergraph, performing message delivery according to hyperedges in the multimodal hypergraph, and classifying features of the multimodal hypergraph after message delivery.

In the disclosed embodiment, a script constructed according to the smart contract source code can be used to perform data modeling on the multimodal hypergraph. Specifically, script one is used to extract data flow hyperedges and scope hyperedges in the hypergraph. The construction of the hyperedges retains the high-dimensional information and feature information of the source code. Thus, high-order data structure features can be transmitted to the graph convolutional network to reduce information loss. Script two is used to extract the timing information features of the source code to ensure better superiority on the basis of the original high-order information transmission.

The constructed multimodal hypergraph is input into the graph neural network model, and the hypergraph features with the original graph structure are output. Then, all the nodes in the hypergraph features are serialized into node features according to the calling order of the hypergraph temporal edge representation.

In the disclosed embodiment, in order to improve the accuracy of detecting smart contract vulnerabilities, the time-series edges constructed according to the hypergraph, that is, the classification network reconstructed according to the time-series information flow, can be used. Adding time-series information to the graph convolutional neural network model to perform the hypergraph classification task can improve the accuracy of detecting smart contract vulnerabilities.

In addition, in order to facilitate the use of serialized information of each node in the graph, transformer can be used. Transformer is a machine learning model architecture used for natural language processing and other sequence modeling tasks. The self-attention mechanism in transformer is conducive to capturing the dependency characteristics and call relationship characteristics of functions and variables in smart contracts. Compared with the convolutional neural network model, it can better identify the type of vulnerability.

In the disclosed embodiment, the trained smart contract vulnerability detection model is used to process the serialized node features. After embedding (mapping high-dimensional data to low-dimensional space) the output result is passed to the fully connected layer of the smart contract vulnerability detection model to perform the classification task. The labels of the classification task are divided into two categories (i.e., 0 and 1), 0 means that the graph has no vulnerabilities, and 1 means that the graph has vulnerabilities. This enables the detection of smart contract vulnerabilities.

As shown in FIG3 , an embodiment of the present disclosure provides a device 300 for detecting smart contract vulnerabilities, including a processor 100 and a memory 101. Optionally, the device may also include a communication interface 102 and a bus 103. The processor 100, the communication interface 102, and the memory 101 may communicate with each other through the bus 103. The communication interface 102 may be used for information transmission. The processor 100 may call the logic instructions in the memory 101 to execute the method for detecting smart contract vulnerabilities of the above embodiment.

In addition, the logic instructions in the memory 101 described above may be implemented in the form of software functional units and when sold or used as independent products, may be stored in a computer-readable storage medium.

The memory 101 is a computer-readable storage medium that can be used to store software programs and computer executable programs, such as program instructions/modules corresponding to the method in the embodiment of the present disclosure. The processor 100 executes the functional application and data processing by running the program instructions/modules stored in the memory 101, that is, the method for detecting smart contract vulnerabilities in the above embodiment is implemented.

The memory 101 may include a program storage area and a data storage area, wherein the program storage area may store an operating system and an application required for at least one function; the data storage area may store data created according to the use of the terminal device, etc. In addition, the memory 101 may include a high-speed random access memory and may also include a non-volatile memory.

An embodiment of the present disclosure provides a storage medium storing computer executable instructions, wherein the computer executable instructions are configured to execute the above-mentioned method for detecting smart contract vulnerabilities.

The above-mentioned storage medium may be a transient computer-readable storage medium or a non-transitory computer-readable storage medium.

The technical solution of the embodiment of the present disclosure can be embodied in the form of a software product, which is stored in a storage medium and includes one or more instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method described in the embodiment of the present disclosure. The aforementioned storage medium may be a non-transient storage medium, including: a USB flash drive, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a disk or an optical disk, and other media that can store program codes, or a transient storage medium.

The above description and the accompanying drawings fully illustrate the embodiments of the present disclosure so that those skilled in the art can practice them. Other embodiments may include structural, logical, electrical, process and other changes. The embodiments represent only possible changes. Unless explicitly required, individual components and functions are optional, and the order of operations may vary. Parts and features of some embodiments may be included in or replace parts and features of other embodiments. Moreover, the words used in this application are only used to describe the embodiments and are not used to limit the claims. As used in the description of the embodiments and the claims, unless the context clearly indicates otherwise, the singular forms "a", "an" and "the" are intended to include plural forms as well. Similarly, the term "and/or" as used in this application refers to any and all possible combinations of one or more associated listings. In addition, when used in this application, the term "comprise" and its variants "comprises" and/or including (comprising) refer to the existence of stated features, wholes, steps, operations, elements, and/or components, but do not exclude the existence or addition of one or more other features, wholes, steps, operations, elements, components and/or groups of these. In the absence of further restrictions, the elements defined by the sentence "comprising a ..." do not exclude the existence of other identical elements in the process, method or device comprising the elements. In this article, each embodiment may focus on the differences from other embodiments, and the same or similar parts between the embodiments may refer to each other. For the methods, products, etc. disclosed in the embodiments, if they correspond to the method part disclosed in the embodiments, then the relevant parts can refer to the description of the method part.

Those skilled in the art will appreciate that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software may depend on the specific application and design constraints of the technical solution. The technicians may use different methods for each specific application to implement the described functions, but such implementations should not be considered to exceed the scope of the embodiments of the present disclosure. The technicians may clearly understand that for the convenience and simplicity of description, the specific working processes of the systems, devices and units described above can refer to the corresponding processes in the aforementioned method embodiments, and will not be repeated here.

In the embodiments disclosed herein, the disclosed methods and products (including but not limited to devices, equipment, etc.) can be implemented in other ways. For example, the device embodiments described above are only schematic. For example, the division of the units can be only a logical function division. There may be other division methods in actual implementation, such as multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. In addition, the coupling or direct coupling or communication connection between each other shown or discussed can be through some interfaces, indirect coupling or communication connection of devices or units, which can be electrical, mechanical or other forms. The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to implement this embodiment. In addition, each functional unit in the embodiment of the present disclosure may be integrated in a processing unit, or each unit may exist physically alone, or two or more units may be integrated in one unit.

The flowcharts and block diagrams in the accompanying drawings show the possible architecture, functions and operations of the system, method and computer program product according to the embodiments of the present disclosure. In this regard, each box in the flowchart or block diagram can represent a module, a program segment or a part of a code, and the module, program segment or a part of the code contains one or more executable instructions for implementing the specified logical function. In some alternative implementations, the functions marked in the box can also occur in an order different from that marked in the accompanying drawings. For example, two consecutive boxes can actually be executed substantially in parallel, and they can sometimes be executed in the opposite order, which can depend on the functions involved. In the descriptions corresponding to the flowcharts and block diagrams in the accompanying drawings, the operations or steps corresponding to different boxes can also occur in an order different from that disclosed in the description, and sometimes there is no specific order between different operations or steps. For example, two consecutive operations or steps can actually be executed substantially in parallel, and they can sometimes be executed in the opposite order, which can depend on the functions involved. Each box in the block diagram and/or flowchart, and the combination of boxes in the block diagram and/or flowchart can be implemented with a dedicated hardware-based system that performs a specified function or action, or can be implemented with a combination of dedicated hardware and computer instructions.

Claims (10)

1. A method for detecting a smart contract vulnerability, comprising:

Constructing hypergraphs corresponding to intelligent contract source codes;

converting the hypergraph into a matrix form to form a multi-mode hypergraph;

Executing a message passing algorithm based on the multi-mode hypergraph to obtain sample data;

Training the graph neural network model by using the sample data to obtain an intelligent contract vulnerability detection model;

And classifying the multi-mode hypergraph by using an intelligent contract vulnerability detection model.

2. The method of claim 1, wherein constructing a hypergraph corresponding to the smart contract source code comprises:

And respectively constructing nodes, time sequence edges, scope edges and data flow edges of the hypergraph according to the intelligent contract source codes.

3. The method of claim 2, wherein constructing nodes of the hypergraph from the smart contract source code comprises:

Obtaining the type of the vulnerability to be detected;

and constructing nodes corresponding to functions and variables in the intelligent contract source code according to the type of the vulnerability to be detected.

4. The method of claim 2, wherein constructing the timing edge of the hypergraph from the smart contract source code comprises:

and constructing a time sequence edge according to the execution sequence of the intelligent contract source codes.

5. The method of claim 2, wherein constructing a scope hyperedge of the hypergraph from the smart contract source code comprises:

And constructing a scope overrun according to the scope of the intelligent contract source code.

6. The method of claim 2, wherein constructing the data flow superside of the hypergraph from the smart contract source code comprises:

And constructing the data flow superside according to the calling relation of the function in the intelligent contract source code.

7. The method of claim 1, wherein performing a message passing algorithm based on the multi-modal hypergraph comprises:

Calculating node degree according to the superside of the multi-mode supergraph;

And calculating the edge degree according to the nodes of the multi-mode hypergraph.

8. The method of claim 1, wherein classifying the multimodal hypergraph using an intelligent contract vulnerability detection model comprises:

Carrying out data modeling on the multi-mode hypergraph;

message transmission is carried out according to the superside in the multi-mode supergraph;

The characteristics of the multimodal hypergraph after message delivery are classified.

9. An apparatus for detecting a smart contract vulnerability, comprising a processor and a memory storing program instructions, wherein the processor is configured to perform the method for detecting a smart contract vulnerability of any one of claims 1-8 when executing the program instructions.

10. A storage medium storing program instructions which, when executed, perform the method for detecting a smart contract vulnerability of any one of claims 1 to 8.