A Smart Contract Risk Detection Model Based on OWASP-oriented Models and Machine Learning Methods

This study is devoted to the urgent problem of improving the security of decentralized applications based on blockchain (dApps). The main objective of the research is to develop and experimentally validate a model for automated risk detection of smart contracts based on OWASP-oriented normalization of threat categories and machine learning methods. Previous research has focused on finding vulnerabilities in the source code of smart contracts or analyzing certain aspects of their operation (for example, transaction history), so this study covers three main aspects where risks associated with smart contracts may arise: the source code of the smart contract (code_risk), the ability to identify tokens or addresses of organizations. (token_risk), and individual transactions performed by smart contracts on the blockchain (tx_scam).  Experimental results show that the best metrics are achieved for code_risk (Accuracy 0.9908; Macro-F1 0.9893; ROC-AUC_macro 0.9994), whereas for token_risk Accuracy 0.8286 and Macro-F1 0.8203, and for tx_scam - Accuracy 0.9335 and Macro-F1 0.9329. The practical significance of the work lies in the possibility of using the proposed approach in systems of preliminary audit of smart contracts, risk scoring of tokens and monitoring of suspicious transactions.