Journal of Machine and Computing


A Study on the Security Weakness Detection of Solidity Smart Contracts using Graph Neural Networks on Blockchain Platforms



Journal of Machine and Computing

Received On : 18 May 2024

Revised On : 23 October 2024

Accepted On : 05 December 2024

Volume 05, Issue 01


Article Views

Abstract


Blockchain is a distributed ledger technology that allows users to record and share information safely and transparently. A smart contract is a contract decided based on a blockchain and is a program that automatically executes or executes contract terms. Smart contracts improve the transparency and reliability of transactions by utilizing the tampering prevention function of blockchain technology. Software security vulnerability refers to the fundamental cause of vulnerabilities caused by logical errors, bugs, and mistakes that can be defective in software development. To prevent software security accidents, security weaknesses must be analyzed before the program is distributed. Smart contract codes that operate on ethereum, a blockchain-based framework, can have security vulnerabilities inside the code. When the contract is completed and the block is created, the chaincode cannot be arbitrarily modified, so the security weakness must be analyzed before execution. In this paper, we used deep learning's graph neural network (GNN) to detect security vulnerabilities in solidity codes. To analyze security vulnerabilities in solidity code, we defined eight types of security weakness items, converted the solidity code into graph data. In order to represent both the structural elements of the program, the control flow, and the data flow, the solidity code was converted into an abstract syntax tree (AST) and the graph information required for GNN learning was extracted from AST to convert the solidity code into a graph. Next, after generating several datasets for training GNN models by integrating these graph data and their properties with labels, it is possible to detect whether security vulnerabilities exist in the solidity code through GNN learning. This method performs security weakness detection more effectively than conventional rule-based methods.


Keywords


Blockchain, Smart Contract, Security Vulnerability, Solidity, Ethereum, Security Weakness Analyzer, Graph Neural Networks(GNN), Graph Convolution Network(GCN).


  1. I.C. Lin, T.C. Liao, “A Survey of Blockchain Security Issues and Challenges”, International Journal of Network Security, Vol. 19, No. 5, pp. 653–659, 2017.
  2. H. Wang, Z. Zheng, S. Xie, H. N. Dai, and X. Chen, “Blockchain challenges and opportunities: a survey,” International Journal of Web and Grid Services, vol. 14, no. 4, p. 352, 2018, doi: 10.1504/ijwgs.2018.10016848.
  3. S. Wang, Y. Yuan, X. Wang, J. Li, R. Qin, and F.-Y. Wang, “An Overview of Smart Contract: Architecture, Applications, and Future Trends,” 2018 IEEE Intelligent Vehicles Symposium (IV), pp. 108–113, Jun. 2018, doi: 10.1109/ivs.2018.8500488.
  4. S.-Y. Lin, L. Zhang, J. Li, L. Ji, and Y. Sun, “A survey of application research based on blockchain smart contract,” Wireless Networks, vol. 28, no. 2, pp. 635–690, Jan. 2022, doi: 10.1007/s11276-021-02874-x.
  5. S. N. Khan, F. Loukil, C. Ghedira-Guegan, E. Benkhelifa, and A. Bani-Hani, “Blockchain smart contracts: Applications, challenges, and future trends,” Peer-to-Peer Networking and Applications, vol. 14, no. 5, pp. 2901–2925, Apr. 2021, doi: 10.1007/s12083-021-01127-0.
  6. S. S. Kushwaha, S. Joshi, D. Singh, M. Kaur, and H.-N. Lee, “Systematic Review of Security Vulnerabilities in Ethereum Blockchain Smart Contract,” IEEE Access, vol. 10, pp. 6605–6621, 2022, doi: 10.1109/access.2021.3140091.
  7. M. E. Fagan, “Design and code inspections to reduce errors in program development,” IBM Systems Journal, vol. 38, no. 2.3, pp. 258–287, 1999, doi: 10.1147/sj.382.0258.
  8. Y. Son, Y. Lee, S. Oh, “A Software Weakness Analysis Methods for the Secured Software”, The Asian International Journal of Life Sciences, Vol. 12, pp. 423-434, 2015.
  9. “A Smart Contract Weakness and Security Hole Analyzer Using Virtual Machine Based Dynamic Monitor,” Journal of Logistics, Informatics and Service Science, Jan. 2022, doi: 10.33168/liss.2022.0104.
  10. “A Study on Intermediate Code Generation for Security Weakness Analysis of Smart Contract Chaincode,” Journal of Logistics, Informatics and Service Science, Jan. 2022, doi: 10.33168/liss.2022.0105.
  11. S. Kim, Y. Son, Y. Lee, "A Study on Chaincode Security Weakness Detector in Hyperledger Fabric Blockchain Framework for IT Development," Journal of Green Engineering, Alpha Publishers, Vol. 10, No. 10, pp. 7820-7844, Oct 2020.
  12. F. Scarselli, M. Gori, Ah Chung Tsoi, M. Hagenbuchner, and G. Monfardini, “The Graph Neural Network Model,” IEEE Transactions on Neural Networks, vol. 20, no. 1, pp. 61–80, Jan. 2009, doi: 10.1109/tnn.2008.2005605.
  13. L. Wu, P. Cui, J. Pei, and L. Zhao, Eds., Graph Neural Networks: Foundations, Frontiers, and Applications. Springer Nature Singapore, 2022. doi: 10.1007/978-981-16-6054-2.
  14. D. Zheng, M. Wang, Q. Gan, Z. Zhang, and G. Karypis, “Learning Graph Neural Networks with Deep Graph Library,” Companion Proceedings of the Web Conference 2020, pp. 305–306, Apr. 2020, doi: 10.1145/3366424.3383111.
  15. S. Kim, R. Y. C. Kim, and Y. B. Park, “Software Vulnerability Detection Methodology Combined with Static and Dynamic Analysis,” Wireless Personal Communications, vol. 89, no. 3, pp. 777–793, Dec. 2015, doi: 10.1007/s11277-015-3152-1.
  16. B. Chess and G. McGraw, “Static analysis for security,” IEEE Security and Privacy Magazine, vol. 2, no. 6, pp. 76–79, Nov. 2004, doi: 10.1109/msp.2004.111.
  17. A. Petukhov, et al., "Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis with Penetration Testing." online Proceedings of the Application Security Conference, (2008).
  18. Solidity Documentation, Ethereum, 2022.
  19. Solidity Documentation. https://solidity.readthedocs.io/en/v0.4.21/contracts.html
  20. S. Peyrott, An Introduction to Ethereum and Smart Contracts, Auth0, 2017.
  21. https://www.ethereum.org/
  22. Deep Graph Library (DGL), https://www.dgl.ai/
  23. Y. Lee, J. Jeong, and Y. Son, “Design and implementation of the secure compiler and virtual machine for developing secure IoT services,” Future Generation Computer Systems, vol. 76, pp. 350–357, Nov. 2017, doi: 10.1016/j.future.2016.03.014.

Acknowledgements


Author(s) thanks to aSSIST University for research lab and equipment support.


Funding


This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea Government (MSIT (No.2022R1F1A1063340))


Ethics declarations


Conflict of interest

The authors have no conflicts of interest to declare that are relevant to the content of this article.


Availability of data and materials


Data sharing is not applicable to this article as no new data were created or analysed in this study.


Author information


Contributions

All authors have equal contribution in the paper and all authors have read and agreed to the published version of the manuscript.


Corresponding author


Rights and permissions


Open Access This article is licensed under a Creative Commons Attribution NoDerivs is a more restrictive license. It allows you to redistribute the material commercially or non-commercially but the user cannot make any changes whatsoever to the original, i.e. no derivatives of the original work. To view a copy of this license, visit https://creativecommons.org/licenses/by-nc-nd/4.0/


Cite this article


Sunghyun Kim, Seunggi Jung, Yunsik Son and Yangsun Lee, “A Study on the Security Weakness Detection of Solidity Smart Contracts using Graph Neural Networks on Blockchain Platforms”, Journal of Machine and Computing. doi: 10.53759/7669/jmc202505039.


Copyright


© 2025 Sunghyun Kim, Seunggi Jung, Yunsik Son and Yangsun Lee. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.