Smart contract vulnerability detection method based on echo state network

doi:10.11772/j.issn.1001-9081.2024010025

Journal of Computer Applications ›› 2025, Vol. 45 ›› Issue (1): 153-161.DOI: 10.11772/j.issn.1001-9081.2024010025

• Cyber security • Previous Articles Next Articles

Smart contract vulnerability detection method based on echo state network

Chunxia LIU, Hanying XU, Gaimei GAO(), Weichao DANG, Zilu LI

College of Computer Science and Technology，Taiyuan University of Science and Technology，Taiyuan Shanxi 030024，China

Received:2024-01-15 Revised:2024-04-10 Accepted:2024-04-10 Online:2024-05-09 Published:2025-01-10
Contact: Gaimei GAO
About author:LIU Chunxia， born in 1977， M. S.， associate professor. Her research interests include software engineering， database.
XU Hanying， born in 1997， M. S. candidate. Her research interests include blockchain， smart contract security.
DANG Weichao， born in 1974， Ph. D.， associate professor. His research interests include intelligent computing， software reliability.
LI Zilu， born in 2000， M. S. candidate. His research interests include smart contract security， network security.
Supported by:
Shanxi Province Applied Basic Research Program(202203021221153)

基于回声状态网络的智能合约漏洞检测方法

刘春霞, 徐晗颖, 高改梅(), 党伟超, 李子路

太原科技大学计算机科学与技术学院，太原 030024

通讯作者: 高改梅
作者简介:刘春霞（1977—），女，山西大同人，副教授，硕士，CCF会员，主要研究方向：软件工程、数据库；
徐晗颖（1997—），女，黑龙江密山人，硕士研究生，主要研究方向：区块链、智能合约安全；
党伟超（1974—），男，山西运城人，副教授，博士，CCF会员，主要研究方向：智能计算、软件可靠性；
李子路（2000—），男，山西太原人，硕士研究生，主要研究方向：智能合约安全、网络安全。
基金资助:
山西省应用基础研究计划项目(202203021221153)

Abstract

Abstract:

Smart contracts on blockchain platforms are decentralized applications to provide secure and trusted services to multiple parties on the chain. Smart contract vulnerability detection can ensure the security of these contracts. However， the existing methods for detecting smart contract vulnerabilities encountered issues of insufficient feature learning and low vulnerability detection accuracy when dealing with imbalanced sample sizes and incomplete semantic information mining. Moreover， these methods cannot detect new vulnerabilities in contracts. A smart contract vulnerability detection method based on Echo State Network （ESN） was proposed to address the above problems. Firstly， different semantic and syntactic edges were learned on the basis of contract graph， and feature vectors were obtained through Skip-Gram model training. Then， ESN was combined with transfer learning to achieve transfer and extension of new contract vulnerabilities in order to improve the vulnerability detection rate. Finally， experiments were conducted on the smart contract dataset collected on Etherscan platform. Experimental results show that the accuracy， precision， recall， and F1-score of the proposed method reach 94.30%， 97.54%， 91.68%， and 94.52%， respectively. Compared with Bidirectional Long Short-Term Memory （BLSTM） network and Bidirectional Long Short-Term Memory with ATTention mechanism （BLSTM-ATT）， the proposed method has the accuracy increased by 5.93 and 11.75 percentage points respectively， and the vulnerability detection performance is better. The ablation experiments also further validate the effectiveness of ESN for smart contract vulnerability detection.

Key words: vulnerability detection, smart contract, Echo State Network (ESN), transfer learning, blockchain

摘要：

区块链平台上的智能合约是为链上各方提供安全可信赖服务的去中心化应用程序，而智能合约漏洞检测能确保智能合约的安全性。然而，现有的智能合约漏洞检测方法在样本数量不均衡和语义信息挖掘不全面时，会出现特征学习不足和漏洞检测准确率低的问题，而且，这些方法无法对新的合约漏洞进行检测。针对上述问题，提出一种基于回声状态网络（ESN）的智能合约漏洞检测方法。首先，根据合约图，对不同语义、语法边进行学习，并利用Skip-Gram模型训练得到特征向量；其次，结合ESN和迁移学习，实现对新合约漏洞的迁移扩展，以提高漏洞检测率；最后，在Etherscan平台搜集的智能合约数据集上进行实验。实验结果表明，所提方法的准确率、精确率、召回率和F1分数分别达到了94.30%、97.54%、91.68%和94.52%，与双向长短时记忆（BLSTM）网络、自注意力机制的双向长短时记忆（BLSTM-ATT）相比，所提方法的准确率分别提高了5.93和11.75个百分点，漏洞检测性能更优。消融实验也进一步验证了ESN对智能合约漏洞检测的有效性。

关键词: 漏洞检测, 智能合约, 回声状态网络, 迁移学习, 区块链

CLC Number:

TP309

Chunxia LIU, Hanying XU, Gaimei GAO, Weichao DANG, Zilu LI. Smart contract vulnerability detection method based on echo state network[J]. Journal of Computer Applications, 2025, 45(1): 153-161.

刘春霞, 徐晗颖, 高改梅, 党伟超, 李子路. 基于回声状态网络的智能合约漏洞检测方法[J]. 《计算机应用》唯一官方网站, 2025, 45(1): 153-161.

Figures/Tables 12

References 33

1	SZABO N. Smart contracts： building blocks for digital markets ［EB/OL］. ［2023-12-29］. .
2	Hacked SlowMist. SlowMist statistics ［EB/OL］. ［2023-12-29］. .
3	YANG Z， LEI H. FEther： an extensible definitional interpreter for smart-contract verifications in Coq ［J］. IEEE Access， 2019， 7： 37770-37791.
4	BHARGAVAN K， DELIGNAT-LAVAUD A， FOURNET C， et al. Formal verification of smart contracts： short paper ［C］// Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security. New York： ACM， 2016： 91-96.
5	LUU L， CHU D C， OLICKEL H， et al. Making smart contracts smarter ［C］// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York： ACM， 2016： 254-269.
6	KALRA S， GOEL S， DHAWAN M， et al. Zeus： analyzing safety of smart contracts ［C］// Proceedings of the 2018 Network and Distributed System Security Symposium. Reston， VA： Internet Society， 2018： 1-15.
7	TSANKOV P， DAN A， DRACHSLER-COHEN D， et al. Securify： practical security analysis of smart contracts ［C］// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York： ACM， 2018： 67-82.
8	JIANG B， LIU Y， CHAN W K. ContractFuzzer： fuzzing smart contracts for vulnerability detection ［C］// Proceedings of the 33rd IEEE/ACM International Conference on Automated Software Engineering. Piscataway： IEEE， 2018： 259-269.
9	CHEN T， ZHANG Y， LI Z， et al. TokenScope： automatically detecting inconsistent behaviors of cryptocurrency tokens in Ethereum ［C］// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York： ACM， 2019： 1503-1520.
10	FEIST J， GRIECO G， GROCE A. Slither： a static analysis framework for smart contracts ［C］// Proceedings of the IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain. Piscataway： IEEE， 2019： 8-15.
11	HWANG S J， CHOI S H， SHIN J， et al. CodeNet： code-targeted convolutional neural network architecture for smart contract vulnerability detection ［J］. IEEE Access， 2022， 10： 32595-32607.
12	MAO Y， LI Y， SUN J， et al. Explainable software vulnerability detection based on attention-based bidirectional recurrent neural networks ［C］// Proceedings of the 2020 IEEE International Conference on Big Data. Piscataway： IEEE， 2020： 4651-4656.
13	JAEGER H. The “echo state” approach to analysing and training recurrent neural networks — with an erratum note ［R/OL］. ［2023-10-02］. .
14	钱鹏，刘振广，何钦铭，等.智能合约安全漏洞检测技术研究综述［J］.软件学报， 2022， 33（8）： 3059-3085.
	QIAN P， LIU Z G， HE Q M， et al. Smart contract security vulnerability detection technique： a survey ［J］. Journal of Software， 2022， 33（8）： 3059-3085.
15	QIAN P， LIU Z， HE Q， et al. Towards automated reentrancy detection for smart contracts based on sequential models ［J］. IEEE Access， 2020， 8： 19685-19695.
16	SUN Y， GU L. Attention-based machine learning model for smart contract vulnerability detection ［J］. Journal of Physics： Conference Series， 2021， 1820： No.012004.
17	ZHUANG Y， LIU Z， QIAN P， et al. Smart contract vulnerability detection using graph neural network ［C］// Proceedings of the 29th International Joint Conference on Artificial Intelligence. California： ijcai.org， 2020： 3283-3290.
18	LUTZ O， CHEN H， FEREIDOONI H， et al. ESCORT： Ethereum smart contracts vulnerability detection using deep neural network and transfer learning ［EB/OL］. ［2023-12-02］. .
19	LUKOŠEVIČIUS M. A practical guide to applying echo state networks ［M］// MONTAVON G， ORR G B， MÜLLER K R. Neural networks： tricks of the trade， LNCS 7700. ed2nd. Berlin： Springer， 2012： 659-686.
20	LIU C， LI Y， DUAN Z， et al. Echo state network-based robust tracking control for unknown constrained nonlinear systems by using integral reinforcement learning ［J］. IEEE Access， 2024， 12： 15133-15144.
21	YU Q， ZHAO H， TENG L， et al. Prediction for nonlinear time series by improved deep echo state network based on reservoir states reconstruction ［J］. Autonomous Intelligent Systems， 2024， 4： No.3.
22	DE VITA F， NOCERA G， BRUNEO D， et al. A novel echo state network autoencoder for anomaly detection in industrial IoT systems ［J］. IEEE Transactions on Industrial Informatics， 2023， 19（8）： 8985-8994.
23	ZHANG D， LIN R， WEI T， et al. A novel deep transfer learning framework with adversarial domain adaptation： application to financial time-series forecasting ［J］. Neural Computing and Applications， 2023， 35（34）： 24037-24054.
24	ZHOU X， SHEN F， LIU L， et al. Graph convolutional network hashing ［J］. IEEE Transactions on Cybernetics， 2020， 50（4）： 1460-1472.
25	SHEN S， SHINDE S， RAMESH S， et al. Neuro-symbolic execution： the feasibility of an inductive approach to symbolic execution ［C］// Proceedings of the 2019 Network and Distributed System Security Symposium. Reston， VA： Internet Society， 2019： 1-15.
26	ALLAMANIS M， BROCKSCHMIDT M， KHADEMI M. Learning to represent programs with graphs ［EB/OL］. ［2023-09-02］. .
27	CAI H， ZHENG V W， CHANG K C C. A comprehensive survey of graph embedding： problems， techniques， and applications ［J］. IEEE Transactions on Knowledge and Data Engineering， 2018， 30（9）： 1616-1637.
28	LIU Z， QIAN P， WANG X， et al. Smart contract vulnerability detection： from pure neural network to interpretable graph feature and expert pattern fusion ［C］// Proceedings of the 30th International Joint Conference on Artificial Intelligence. California： ijcai.org， 2021： 2751-2759.
29	TIKHOMIROV S， VOSKRESENSKAYA E， IVANITSKIY I， et al. SmartCheck： static analysis of Ehereum smart contracts ［C］// Proceedings of the ACM/IEEE 1st International Workshop on Emerging Trends in Software Engineering for Blockchain. New York： ACM， 2018： 9-16.
30	MUELLER B. Introducing Mythril： a framework for bug hunting on the Ethereum blockchain ［EB/OL］. ［2023-10-02］. .
31	平安科技（深圳）有限公司.基于双向长期短时记忆网络模型的中文编码方法和装置： PCT/CN2019/104335 ［P］. 2020-10-29.
	Ping An Tech （Shenzhen） Company Limited. Chinese coding method and apparatus based on bidirectional long short-term memory network model： PCT/CN2019/104335 ［P］. 2020-10-29.
32	CHUNG J， GULCEHRE C， CHO K， et al. Empirical evaluation of gated recurrent neural networks on sequence modeling ［EB/OL］. ［2023-02-02］. .
33	LUO R， LUO F， WANG B， et al. Smart contract vulnerability detection based on variant LSTM ［C］// Proceedings of the 2022 International Conference on Big Data， IoT， and Cloud Computing. New York： ACM， 2022： No.11.

漏洞类型	描述	防范方法
可重入漏洞	当合约调用外部合约时，有时会再次调用原合约	使用withdrawal模式，将资金提取到用户地址之前进行状态更新
整数溢出漏洞	在进行整数运算时，未正确处理边界情况	使用SafeMath库确保运算结果在合理范围内
权限问题漏洞	合约未正确实现权限控制	采用适当的权限控制机制
逻辑漏洞	合约中的逻辑错误可能导致不符合预期的合约执行路径	仔细审查合约逻辑，进行测试
拒绝服务漏洞	使目标合约无法正常执行	合理设置合约的Gas Limit；对于可能导致阻塞的操作，使用异步和超时机制
类型混乱漏洞	合约中的数据类型错误，从而引发意外行为	在合约中进行严格的类型检查，确保数据类型的一致性
未知函数调用漏洞	允许攻击者调用合约中未预期的函数	通过Solidity中的函数可见性关键字限制函数的访问范围
以太冻结漏洞	智能合约中的以太币被永久冻结，无法再次访问或提取	使用安全的资金提取机制，尽量避免复杂的资金流程

漏洞类型	描述	防范方法
可重入漏洞	当合约调用外部合约时，有时会再次调用原合约	使用withdrawal模式，将资金提取到用户地址之前进行状态更新
整数溢出漏洞	在进行整数运算时，未正确处理边界情况	使用SafeMath库确保运算结果在合理范围内
权限问题漏洞	合约未正确实现权限控制	采用适当的权限控制机制
逻辑漏洞	合约中的逻辑错误可能导致不符合预期的合约执行路径	仔细审查合约逻辑，进行测试
拒绝服务漏洞	使目标合约无法正常执行	合理设置合约的Gas Limit；对于可能导致阻塞的操作，使用异步和超时机制
类型混乱漏洞	合约中的数据类型错误，从而引发意外行为	在合约中进行严格的类型检查，确保数据类型的一致性
未知函数调用漏洞	允许攻击者调用合约中未预期的函数	通过Solidity中的函数可见性关键字限制函数的访问范围
以太冻结漏洞	智能合约中的以太币被永久冻结，无法再次访问或提取	使用安全的资金提取机制，尽量避免复杂的资金流程

类型（缩写）	语义	描述	类别
AS	assert｛x｝	如果x不成立，合约的执行被终止，将合约的状态回滚到之前的状态	控制流
RQ	require｛x｝	用于验证执行前提条件，确保合约在执行操作之前满足条件
IT	if｛x｝ throw	如果x不符合预期，触发异常处理，中止当前交易
IF	if｛x｝	一种条件判断的语法结构
IE	if｛…｝ else｛y｝	用于根据某个条件的真假执行不同的代码块
ITN	if｛…｝ then｛y｝	用于某些特定的智能合约编程
FD	for｛x｝ do｛…｝	用于迭代执行一系列操作
NO	自然顺序关系	按照默认顺序处理数据或执行操作
ASG	assign｛x｝	一种自定义的或特定合约中定义的语法	数据流
AC	access｛x｝	一种自定义的或特定合约中定义的语法	数据流
FB	与回退函数相关的	与合约的回退函数有关的内容	回退

类型（缩写）	语义	描述	类别
AS	assert｛x｝	如果x不成立，合约的执行被终止，将合约的状态回滚到之前的状态	控制流
RQ	require｛x｝	用于验证执行前提条件，确保合约在执行操作之前满足条件
IT	if｛x｝ throw	如果x不符合预期，触发异常处理，中止当前交易
IF	if｛x｝	一种条件判断的语法结构
IE	if｛…｝ else｛y｝	用于根据某个条件的真假执行不同的代码块
ITN	if｛…｝ then｛y｝	用于某些特定的智能合约编程
FD	for｛x｝ do｛…｝	用于迭代执行一系列操作
NO	自然顺序关系	按照默认顺序处理数据或执行操作
ASG	assign｛x｝	一种自定义的或特定合约中定义的语法	数据流
AC	access｛x｝	一种自定义的或特定合约中定义的语法	数据流
FB	与回退函数相关的	与合约的回退函数有关的内容	回退

方法	准确率	召回率	精确率	F1分数
Smartcheck	52.97	32.08	25.00	28.10
Oyente	61.62	54.71	38.16	44.96
Mythril	60.54	71.69	39.58	51.02
Securify	71.89	56.60	50.85	53.57
Slither	77.12	74.28	68.42	71.23
ESNVD	94.30	97.54	91.68	94.52

Smart contract vulnerability detection method based on echo state network

基于回声状态网络的智能合约漏洞检测方法

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 12

References 33

Related Articles 15

Recommended Articles

Metrics

方法	准确率	召回率	精确率	F1分数
BLSTM	88.37	97.67	82.35	89.36
BLSTM-ATT	82.55	95.34	75.92	84.53
GRU	76.74	95.34	69.49	80.39
LSTM	75.58	97.67	67.74	80.02
ESNVD	94.30	97.54	91.68	94.52

智能合约漏洞		F1分数/%
初始漏洞	可重入漏洞	93.52
	整数溢出漏洞	95.57
	权限问题漏洞	95.31
	逻辑漏洞	92.34
	拒绝服务漏洞	96.12
	类型混乱漏洞	94.26
新漏洞	未知函数调用漏洞	92.32
新漏洞	以太冻结漏洞	93.74

方法	准确率	召回率	精确率	F1分数
ESN	87.85	88.79	80.02	84.15
ESN（平均法）	89.15	87.62	85.24	86.41
ESN（降维）	90.19	89.69	86.25	87.94
ESNVD	94.30	97.54	91.68	94.52

[1]	Min SUN, Shihang JIAO, Chenyan WANG. Credit based committee consensus mechanism [J]. Journal of Computer Applications, 2025, 45(1): 170-177.
[2]	Tingwei CHEN, Jiacheng ZHANG, Junlu WANG. Random validation blockchain construction for federated learning [J]. Journal of Computer Applications, 2024, 44(9): 2770-2776.
[3]	Xiaoling SUN, Danhui WANG, Shanshan LI. Dynamic ciphertext sorting and retrieval scheme based on blockchain [J]. Journal of Computer Applications, 2024, 44(8): 2500-2505.
[4]	Baoyan SONG, Junxiang DING, Junlu WANG, Haolin ZHANG. Consortium blockchain modification method based on chameleon hash and verifiable secret sharing [J]. Journal of Computer Applications, 2024, 44(7): 2087-2092.
[5]	He HUANG, Yu JIN. Cloud data auditing scheme based on voting and Ethereum smart contracts [J]. Journal of Computer Applications, 2024, 44(7): 2093-2101.
[6]	Jiao LI, Xiushan ZHANG, Yuanhang NING. Blockchain sharding method for reducing cross-shard transaction proportion [J]. Journal of Computer Applications, 2024, 44(6): 1889-1896.
[7]	Feiyu ZHAI, Handa MA. Hybrid classical-quantum classification model based on DenseNet [J]. Journal of Computer Applications, 2024, 44(6): 1905-1910.
[8]	Wangjun SHI, Jing WANG, Xiaojun NING, Youfang LIN. Sleep stage classification model by meta transfer learning in few-shot scenarios [J]. Journal of Computer Applications, 2024, 44(5): 1445-1451.
[9]	Hongtian LI, Xinhao SHI, Weiguo PAN, Cheng XU, Bingxin XU, Jiazheng YUAN. Few-shot object detection via fusing multi-scale and attention mechanism [J]. Journal of Computer Applications, 2024, 44(5): 1437-1444.
[10]	Lipeng ZHAO, Bing GUO. Blockchain consensus improvement algorithm based on BDLS [J]. Journal of Computer Applications, 2024, 44(4): 1139-1147.
[11]	Meihong CHEN, Lingyun YUAN, Tong XIA. Data classified and graded access control model based on master-slave multi-chain [J]. Journal of Computer Applications, 2024, 44(4): 1148-1157.
[12]	Haoran WANG, Dan YU, Yuli YANG, Yao MA, Yongle CHEN. Domain transfer intrusion detection method for unknown attacks on industrial control systems [J]. Journal of Computer Applications, 2024, 44(4): 1158-1165.
[13]	Gaimei GAO, Jin ZHANG, Chunxia LIU, Weichao DANG, Shangwang BAI. Privacy protection scheme for crowdsourced testing tasks based on blockchain and CP-ABE policy hiding [J]. Journal of Computer Applications, 2024, 44(3): 811-818.
[14]	Haifeng MA, Yuxia LI, Qingshui XUE, Jiahai YANG, Yongfu GAO. Attribute-based encryption scheme for blockchain privacy protection [J]. Journal of Computer Applications, 2024, 44(2): 485-489.
[15]	Yifan WANG, Shaofu LIN, Yunjiang LI. Highway free-flow tolling method based on blockchain and zero-knowledge proof [J]. Journal of Computer Applications, 2024, 44(12): 3741-3750.