Adamantis, Maksym та Sokolov, Volodymyr та Skladannyi, Pavlo (2025) Evaluation of State-of-the-Art Machine Learning Smart Contract Vulnerability Detection Method Advances in Computer Science for Engineering and Education VII (242). ISSN 2367-4512
![[thumbnail of Adamantis_M_Sokolov_V_Skladannyi_P_LNDECT_242.pdf]](https://elibrary.kubg.edu.ua/style/images/fileicons/text.png) |
Текст
Adamantis_M_Sokolov_V_Skladannyi_P_LNDECT_242.pdf Download (57kB) |
Анотація
Proactive detection of vulnerabilities in smart contracts is imperative for ensuring the security of user funds entrusted to them. Once deployed, a smart contract is immutable and therefore cannot be updated. This posits the challenge of detecting and fixing all vulnerabilities before deployment. In this context, static analysis has proved to be a formidable tool, even though there is still a lot to be discovered in this field, and the likelihood of the discovery of new classes of vulnerabilities is high. Since 2019, there has been a rise in methods that use Machine (ML) and Deep Learning (DL) to enhance the existing methods, whether in static or dynamic analysis, to cover this issue. This research presents a comprehensive review of existing ML models that detect vulnerabilities in smart contracts statically, i.e. without running their code. The authors evaluate the accuracy of four publicly available models in identifying reentrancy in smart contracts based on their F1 score when tested on a foreign dataset with files of newer Solidity versions. The findings point to the limitations of such models in adapting to the continuously evolving nature of the Solidity language, which is still going through its infancy, with F1 scores on a foreign dataset ranging from 0.06 to 0.23. The authors also explore and share the optimal parameters for training and testing those models, detailing things that were overlooked by the official documentation. All the scripts used for integration and interoperability were published on GitHub to facilitate further research in this area. The research highlights the critical need for constantly updating the existing detectors to avoid false negatives. To alleviate the problem, the authors suggest choosing training features that are more likely to remain useful over time, such as DFGs and ASTs. This research is significant for the broader blockchain community, safeguarding smart contract integrity and fortifying overall system security
| Тип елементу : | Стаття |
|---|---|
| Ключові слова: | Smart contracts; Vulnerability detection; Decentralized finance; Blockchain security; Static analysis; Machine learning |
| Типологія: | Статті у базах даних > Scopus > У виданнях Q4 Scopus |
| Підрозділи: | Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки ім. професора Володимира Бурячка |
| Користувач, що депонує: | Павло Миколайович Складанний |
| Дата внесення: | 24 Квіт 2025 09:23 |
| Останні зміни: | 24 Квіт 2025 09:23 |
| URI: | https://elibrary.kubg.edu.ua/id/eprint/51665 |
Actions (login required)
 |
Перегляд елементу |