DOI: 10.53759/7669/jmc202505019 ISSN: 2788-7669

A Study on the Security Weakness Detection of Solidity Smart Contracts using Graph Neural Networks on Blockchain Platforms

Sunghyun Kim, Seunggi Jung, Yunsik Son, Yangsun Lee

Blockchain is a distributed ledger technology that allows users to record and share information safely and transparently. A smart contract is a contract decided based on a blockchain and is a program that automatically executes or executes contract terms. Smart contracts improve the transparency and reliability of transactions by utilizing the tampering prevention function of blockchain technology. Software security vulnerability refers to the fundamental cause of vulnerabilities caused by logical errors, bugs, and mistakes that can be defective in software development. To prevent software security accidents, security weaknesses must be analyzed before the program is distributed. Smart contract codes that operate on ethereum, a blockchain-based framework, can have security vulnerabilities inside the code. When the contract is completed and the block is created, the chaincode cannot be arbitrarily modified, so the security weakness must be analyzed before execution. In this paper, we used deep learning's graph neural network (GNN) to detect security vulnerabilities in solidity codes. To analyze security vulnerabilities in solidity code, we defined eight types of security weakness items, converted the solidity code into graph data. In order to represent both the structural elements of the program, the control flow, and the data flow, the solidity code was converted into an abstract syntax tree (AST) and the graph information required for GNN learning was extracted from AST to convert the solidity code into a graph. Next, after generating several datasets for training GNN models by integrating graph data and their properties with labels, it is possible to detect whether security vulnerabilities exist in the solidity code through GNN learning. This method performs security weakness detection more effectively than conventional rule-based methods.

More from our Archive