Smart Contract Vulnerability Detection Based on Code Graph Embedding Approach

The security of smart contracts has attracted widespread attention due to the huge property losses caused by vulnerabilities. However, existing program analysis techniques usually have high false positives, resulting in low detection accuracy. In this paper, we propose a smart contract vulnerability detection method based on code graph embedding. We transform key functions and dependencies of key functions related to vulnerabilities in the source code into graph features, which in turn serve as vulnerability features for smart contracts. Specifically, we first filter out the vulnerability-related functions in the source code, namely the key functions. Then, we utilize the word2vec model to perform graph embedding operations on the key functions to compress the whole function into vector form. Second, we generate call graphs and data dependency graphs for each target smart contract. For simplicity, only the key function nodes in these two graphs are retained. The two graphs are simplified and merged into one total code graph. Finally, the vectors transformed from the source code of the function are used as node features of the code graph. The final code graph is fed into the model for learning. The GGNN model learns the graph features to detect the presence of vulnerabilities. Existing deep learning-based vulnerability prediction methods also face challenges concerning training data, such as data duplication and unrealistic distribution of vulnerability classes. Therefore, we balanced the adopted dataset using a synthetic minority oversampling technique. The experimental results show that our model has 5% higher precision and 7% higher recall compared to the best-performing model in the literature.