Vulnerability_Detection_Blockchain_GNN_Presentation (1).pptx

Smart Contract Vulnerability detection using GNN Phase 1 Group No: 23 Guide: Ms.Neethu M R Review 1 Date: 21/09/2024 Team No:23 S.No Name Roll Number 1. Abhimanyu Valsarajan CB.EN.U4CSE21601 2. Ala Manas Royal CB.EN.U4CSE21603 3. Anantha Krishnan N R CB.EN.U4CSE21604 4. Sai Mohnish M CB.EN.U4CSE21633

Date Guide’s Approval Mail

Date Introduction Smart Contract - A computer program that controls the transfer of digital assets between parties. It comprises of rules that are coded initially before a transaction. Building an efficient algorithm to detect vulnerabilities External calls, Self-destruct vulnerabilities and Transaction Ordering Dependency using machine learning techniques. What is new? - Developing a Graph Neural Network -based model for the detection of vulnerabilities in smart contracts. - Detecting vulnerabilities in the execution phase dynamically . - Run time vulnerabilities that cannot be easily detecting during compile time.

Date Introduction External calls This vulnerability occurs when a contract makes a function call to an external contract or address, potentially allowing the external contract to manipulate the state of the calling contract in an unintended way . Self-Destruct Vulnerabilities This vulnerability occurs when a contract is designed to allow its destruction , potentially leading to an unwanted loss of funds. Transaction Order Dependence (TOD) This issue arises from the order in which transactions are processed leading to miscalculations and result in loss of funds.

Date Failing to adopt a runtime model for vulnerability detection has incurred huge losses for various industries. Attacks that had incurred loss due to run time vulnerabilities but failed to be detected: Motivation Attack Year What went wrong? How to avoid? Loss Incurred ($) References DAO 2016 External recursive call State transition monitoring 9.4 Billion Wikipedia Parity wallet 2017 Self-Destruct vulnerability Monitoring using a triggered flag 397 Million OpenZeppelin Paraluni 2022 External calls Real-time interaction monitoring 1.7 Million Certik DeFi Exploits 2023 Transaction Order Dependence Building a dynamic graph of flow in real time 1.8 Billion Medium

29-09-2024 Team G012 Literature Survey Vulnerabilities in Smart Contracts Methods used to detect vulnerabilities dynamically Graph Neural Networks (GNN) implementations Class - A Class - B Class - C

Date Title of Paper Authors Year Methodology Drawback / Research Gap Systematic Review of Security Vulnerabilities in Ethereum Blockchain Smart Contract Satpal Singh Kushwaha, Sandeep Joshi, Dilbag Singh, Manjit Kaur, Heung-No Lee 202 2 The paper employs systematic study methods to explore security vulnerabilities in Ethereum smart contracts. This approach helps in defining clear research questions and selection criteria for related articles . Lacks a complete and organized review of Ethereum smart contract vulnerabilities. Previous surveys did not cover all security vulnerabilities or provide sufficient details about detection tools and defence mechanisms. An overview on smart contracts: Challenges, advances and platforms Zibin Zheng a, Shaoan Xie a, Hong-Ning Dai b, Weili Chen a, Xiangping Chen a, Jian Weng c, Muhammad Imran d 201 9 The paper presents a survey on smart contracts, introducing the concept of blockchains and smart contracts, and discussing their challenges and recent technical advances. It categorizes smart contract applications and compares typical smart contract platforms, providing a comprehensive overview of the current landscape Failure to address rising challenges such as security vulnerabilities and illegal activities. There is a lack of focus on the integration of operational technology (OT) and information technology (IT). Current research neglects other significant aspects like user experience and the practical implementation of smart contracts in various industries. Vulnerabilities in Smart Contracts : Class A

Date Methods used to detect vulnerabilities dynamically : Class B Title of Paper Authors Year Methodology Drawback / Research Gap A Survey of Vulnerability Detection Techniques by Smart Contract Tools Zulfiqar Ali Khan and Akbar Siami Namin 202 4 Tool Classification : Tools were classified into different vulnerability detection classes focusing on software testing, program analysis, and EVM modules . Vulnerability Focus : The survey concentrated on 20 specific vulnerabilities, categorizing them into areas like Security Survey and Blockchain Security. Scope Limitations : Does not analyse the practical application of the tools discussed. Tool Familiarization : While the authors familiarized themselves with tools like Truffle and Remix, the depth of this understanding is not detailed, potentially affecting the analysis quality. A survey on smart contract vulnerabilities: Data sources, detection and repair Peiqiang Li, Guojun Wang, Xiaofei Xing, et al. 2024 The paper surveys smart contract vulnerabilities, focusing on data sources, detection, and repair methods. It highlights the complexity of smart contract security, which requires a multi-dimensional approach . It identifies ten mainstream vulnerabilities categorized into three levels: language, virtual machine, and blockchain . Inadequate Coverage of Vulnerabilities : Many studies focus on specific aspects, leading to gaps in understanding the overall security landscape . Dynamic Application Requirements : The diverse application scenarios of smart contracts lead to dynamic requirements for designers, which are not always addressed in existing research.

Date Dynamic Vulnerability Detection on Smart Contracts Using Machine Learning Mojtaba Eshghie , Cyrille Artho, Dilian Gurov 2023 The paper introduces Dynamit , a monitoring framework designed to detect Reentrancy vulnerabilities in Ethereum smart contracts. It relies solely on transaction metadata. The framework extracts features from transaction data and employs a machine learning model, specifically a random forest classifier, to classify transactions as benign or harmful. This approach not only identifies vulnerable contracts but also provides an execution trace of the attack . Potential for bias in the machine learning model due to insufficient randomness in transaction generation. The study also highlights the risk of tricking dynamic detectors that rely on specific variable checks, indicating a vulnerability in the detection mechanism itself . While the combination of machine learning and oracle-supported detection is suggested to reduce false negatives, the paper does not explore this integration in depth, leaving a gap for future research. Title of Paper Authors Year Methodology Drawback / Research Gap

Date Title of Paper Authors Year Methodology Drawback / Research Gap A Smart Contract Vulnerability Detection Model Based on Graph Neural Networks Daojun Han, Qiuyue Li, Lei Zhang, Tao Xu 2022 This paper utilizes a Graph Neural Network (GNN) model to represent the smart contract as a control flow graph, with nodes representing the code's instructions. Additionally, it introduces Convolutional Neural Networks (CNN). A notable gap is that the approach primarily works for specific vulnerabilities and doesn't generalize to all vulnerability types. There is also room for improvement in handling complex real-world smart contracts and expanding to different programming languages. DA-GNN: A Smart Contract Vulnerability Detection Method Based on Dual Attention GNN Zixian Zhen, Xiangfu Zhao, Jinkai Zhang, Yichen Wang 2024 The model proposed in this paper introduces a dual-attention GNN method, which integrates the semantic features of the control flow graph and graph nodes. It uses both global and local attention mechanisms to enhance the vulnerability detection process. Despite the performance gains, the model only detects a limited set of vulnerabilities. It struggles with scalability in the face of newly emerging vulnerabilities and lacks generalization to broader types of smart contract vulnerabilities. Smart Contract Vulnerability Detection for Educational Blockchain Based on Graph Neural Networks Zhifeng Wang, Wanxuan Wu,Chunyan Zeng, Jialong Yao, Yang Yang , Hongmin Xu 202 2 Bytecode Analysis : The process begins with analyzing smart contract bytecode files and generating decompiled code. . Lack of Semantic Processing : Does not incorporate semantic processing, which could enhance the characterization of graph node features. This gap may contribute to lower precision and F1 scores in the model's prediction. Graph Neural Networks (GNN) implementations : Class C

Date Research Gap There is a critical need for dynamic smart contract vulnerability detection, as most current methods rely on static analysis, which only examines code without execution. Static techniques miss vulnerabilities that emerge during runtime, such as cross-function or external call-related issues, and are unable to adapt to evolving contract behaviors. Dynamic detection, by analyzing contracts during execution, would provide more comprehensive and real-time identification of vulnerabilities, addressing the limitations of static methods. There is a need for more advanced detection methods that can effectively handle smart contracts written in different programming languages like Solidity, Vyper , and Rust. Current tools are often tailored to a single language, which limits their ability to detect vulnerabilities in multi-language contract systems or contracts ported between languages. This creates blind spots in security analysis, making it essential to develop techniques that can seamlessly analyze and detect vulnerabilities across various programming languages without loss of accuracy.

Date Problem Statement Develop an efficient algorithm that implements a scalable GNN-based model for detecting External calls, Self-destruct vulnerabilities and Transaction Order Dependence in smart contracts dynamically.

Date Architecture Diagram

Date Module Description

Date Role of each Student S.No Name Roll No Roles 1. Abhimanyu Valsarajan CB.EN.U4CSE21601 Designing and building of the GNN model 2. Ala Manas Royal CB.EN.U4CSE21603 Model evaluation and testing 3. Anantha Krishnan N R CB.EN.U4CSE21604 Algorithm implementation for vulnerabilities 4. Sai Mohnish M CB.EN.U4CSE21633 Data preprocessing and Feature Extraction

Date Dataset Overview Dataset Name Number of records Features of the dataset Link to the dataset Ethereum_smart_contract_dataset 40,000 Concerns External Call vulnerabilities https://drive.google.com/file/d/1yFJSCiUuoiSx4uWYNcCESUvsEs5DOGM9/view Contract_hex 500 Concerns Self destruct vulnerabilities https://github.com/ZZXLX/contract_hex/tree/master Malicious-smart-contract 70,000 Concerns all three vulnerabilities (mixed) https://huggingface.co/datasets/forta/malicious-smart-contract-dataset?library=datasets

Date Implementation Parsing the Solidity Code The Solidity smart contract is parsed to extract key components like functions, variables, and control structures (e.g., loops, conditionals). Building the Abstract Syntax Tree (AST) The parsed code is represented as an AST, where each node corresponds to a code element (e.g., expressions, statements). Graph Construction The AST is transformed into a graph by connecting nodes based on control flow (how execution moves through the code) and data flow (how data moves between variables). Nodes represent contract elements (functions, variables), and edges represent relationships (function calls, variable accesses). Graph Features Each node and edge is enriched with attributes like function types, variable names, and operation types, making the graph suitable for analysis by Graph Neural Networks (GNNs).

Date Methodology Graph Attention Networks (GAT) are leveraged in this project to detect vulnerabilities in smart contracts by focusing on the relationships between contract components. The GAT model enhances performance by: Applying attention mechanisms to selectively emphasize the most relevant neighbors for each node in the graph, ensuring critical patterns are highlighted. Using multi-head attention to gather insights from multiple perspectives, improving the detection of vulnerabilities like reentrancy and overflow issues. This attention-driven approach allows the model to capture nuanced interactions within smart contracts, making it highly effective for vulnerability prediction.

Date Key Indicators for Reentrancy Vulnerability in Graphs In smart contract graphs, reentrancy is a vulnerability where a contract function can be repeatedly invoked before the previous execution is finished, potentially leading to unauthorized fund withdrawals. Key indicators in the graph structure include: Circular Call Patterns : Loops or cycles where a contract function calls itself or another function that can invoke it again before completion. Unprotected External Calls : Nodes representing external contract calls without proper validation or access control. Missing State Updates : Functions that fail to update the contract state before making an external call, increasing vulnerability to reentrant attacks. By identifying these structural patterns, the GNN detects contracts prone to reentrancy attacks, flagging them for potential security issues.

Date Inferences Overall Performance in Vulnerability Detection : The model's average accuracy of 91.33% indicates that the Graph Convolutional Network (GCN) is highly effective in detecting vulnerabilities in smart contracts. This shows that representing smart contracts as graphs and leveraging GNNs enables the model to capture the structural and semantic relationships within the contract code, allowing for accurate identification of security flaws. The average F1-Score of 87.33% , with a low variability, demonstrates that the GNN model consistently performs well across different types of smart contracts. This suggests that the model can generalize across a variety of smart contract structures, making it suitable for analyzing diverse smart contracts deployed on platforms like Ethereum. The consistent F1-Score shows that the model’s design, particularly its use of graph-based representations, captures essential security-related patterns, like control flow or data flow vulnerabilities, in different smart contracts.

Date Work in progress GNN Improvements for Complex Vulnerabilities : Improve the model to detect complex vulnerabilities such as self-destruct vulnerabilities and transaction order dependency during the execution phase Runtime Monitoring : Integrate advanced vulnerability detection within the monitoring layer, enabling real-time identification of abnormal smart contract behaviors directly on the blockchain client. Privacy-Preserving Detection : Implementing federated learning can allow decentralized nodes to collaboratively train vulnerability detection models while preserving privacy, enhancing security without exposing sensitive blockchain data.

Date References Kushwaha, Satpal Singh, Sandeep Joshi, Dilbag Singh, Manjit Kaur, and Heung-No Lee. "Systematic review of security vulnerabilities in ethereum blockchain smart contract." IEEE Access 10 (2022): 6605-6621. Zheng, Zibin, Shaoan Xie, Hong-Ning Dai, Weili Chen, Xiangping Chen, Jian Weng, and Muhammad Imran. "An overview on smart contracts: Challenges, advances and platforms." Future Generation Computer Systems 105 (2020): 475- 491. Chu, Hanting, Pengcheng Zhang, Hai Dong, Yan Xiao, Shunhui Ji, and Wenrui Li. "A survey on smart contract vulnerabilities: Data sources, detection and repair." Information and Software Technology 159 (2023): 107221. Khan, Zulfiqar A., and Akbar Siami Namin . "A Survey of Vulnerability Detection Techniques by Smart Contract Tools." IEEE Access (2024).

Date References Eshghie , Mojtaba, Cyrille Artho, and Dilian Gurov. "Dynamic vulnerability detection on smart contracts using machine learning." In Proceedings of the 25th International Conference on Evaluation and Assessment in Software Engineering , pp. 305-312. 2021. Zhen, Zixian , Xiangfu Zhao, Jinkai Zhang, Yichen Wang, and Haiyue Chen. "DA-GNN: A smart contract vulnerability detection method based on Dual Attention Graph Neural Network." Computer Networks 242 (2024): 110238. Wang, Zhifeng, Wanxuan Wu, Chunyan Zeng, Jialong Yao, Yang Yang , and Hongmin Xu. "Smart contract vulnerability detection for educational blockchain based on graph neural networks." In 2022 International Conference on Intelligent Education and Intelligent Research (IEIR) , pp. 8-14. IEEE, 2022. Han, Daojun , Qiuyue Li, Lei Zhang, and Tao Xu. "A smart contract vulnerability detection model based on graph neural networks." In 2022 4th International Conference on Frontiers Technology of Information and Computer (ICFTIC) , pp. 834-837. IEEE, 2022.

Vulnerability_Detection_Blockchain_GNN_Presentation (1).pptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Vulnerability_Detection_Blockchain_GNN_Presentation (1).pptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

8-top-ai-courses-for-customer-support-representatives-in-2025.pptx

7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx

25-essential-ai-courses-for-user-support-specialists-in-2025.pptx

8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx

Know for Certain

PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx