By Abdelaziz & Hobor, to appear in USENIX Security 2023
Smart Learning to Find Dumb Contracts
July 28, 2023 10:30 am
Computer Science Building, 105
Speaker: Aquinas Hobor, University College London
This event is organized by the Princeton Programming Languages Group.
We introduce the Deep Learning Vulnerability Analyzer (DLVA), a vulnerability detection tool for Ethereum smart contracts based on powerful deep learning techniques for sequential data adapted for bytecode. We train DLVA to judge bytecode even though the supervising oracle, Slither, can only judge source code. DLVA’s training algorithm is general: we “extend” a source code analysis to bytecode without any manual feature engineering, predefined patterns, or expert rules. DLVA’s training algorithm is also robust: it overcame a 1.25% error rate mislabelled contracts, and—the student surpassing the teacher—found vulnerable contracts that Slither mislabelled. In addition to extending a source code analyser to bytecode, DLVA is much faster than conventional tools for smart contract vulnerability detection based on formal methods: DLVA checks contracts for 29 vulnerabilities in 0.2 seconds, a 10–1,000x speedup compared to traditional tools. We benchmark DLVA against nine well-known smart contract analysis tools. Despite using much less analysis time, DLVA completed every query, leading the pack with an average accuracy of 99.7%, pleasingly balancing high true positive rates with low false positive rates.