Vulnerability Detection in Ethereum Smart Contracts using Deep Neural Networks and Transfer Learning

Abstract

In this talk, we focus on the problem of vulnerability detection in Ethereum smart contracts. Smart contracts are programs that execute on top of blockchains and are often in charge of significant financial assets. At the same time, they were shown to suffer from various vulnerability classes (e.g., reentrancy or multiple send bugs), which were exploited multiple times in the real world – for instance, losses from cryptocurrency theft account for $1.9 billion in 2020. In our work, we present the first Deep Neural Network (DNN)-based vulnerability detection framework. It employs a multi-output architecture where the feature extractor learns the program semantics and each branch of the DNN captures the semantics of a specific vulnerability class. This architecture enables the detection of new vulnerability classes by simply concatenating a new classification branch to the feature extractor and training the new branch using transfer learning. Our framework can detect vulnerabilities in under 2 seconds per smart contract and yields an average F1 score of 95% across all evaluated vulnerability classes. It supports lightweight transfer learning to enable the detection of bugs from previously unseen vulnerability classes and outperforms existing vulnerability detection methods in terms of performance, coverage, and generalizability.