EtherGIS: A Vulnerability Detection Framework for Ethereum Smart Contracts Based on Graph Learning Features

The financial property of Ethereum makes smart contract attacks frequently bring about tremendous economic loss. Method for effective detection of vulnerabilities in contracts imperative. Existing efforts for contract security analysis heavily rely on rigid rules defined by experts, which are labor-intensive and non-scalable. There is still a lack of effort that considers combining expert-defined security patterns with deep learning. This paper proposes EtherGIS, a vulnerability detection framework that utilizes graph neural networks (GNN) and expert knowledge to extract the graph feature from smart contract control flow graphs (CFG). To gain multi-dimensional contract information and reinforce the attention of vulnerability-related graph features, sensitive EVM instruction corpora are constructed by analyzing EVM underlying logic and diverse vulnerability triggering mechanisms. The characteristic of nodes and edges in a CFG is initially confirmed according to the corpora, generating the corresponding attribute graph. GNN is adopted to aggregate the whole graph's attribute and structure information, bridging the semantic gap between low-level graph features and high-level contract features. The feature representation of the graph is finally input into the graph classification model for vulnerability detection. Furthermore, automated machine learning (AutoML) is adopted to automate the entire deep learning process. Data for this research was collected from Ethereum to build up a dataset of six vulnerabilities for evaluation. Experimental results demonstrate that EtherGIS can productively detect vulnerabilities in Ethereum smart contracts in terms of accuracy, precision, recall, and F1-score. All aspects outperform the existing work.