Friday, July 28, 10:30am in room CS105: Programming Languages Seminar
Title: Smart Learning to Find Dumb Contracts (by Abdelaziz & Hobor, to appear in USENIX Security 2023)
Speaker: Aquinas Hobor  (University College London)
Abstract:
We introduce the Deep Learning Vulnerability Analyzer (DLVA), a vulnerability detection tool for Ethereum smart contracts based on powerful deep learning techniques for sequential data adapted for bytecode. We train DLVA to judge bytecode even though the supervising oracle, Slither, can only judge source code. DLVA’s training algorithm is general: we “extend” a source code analysis to bytecode without any manual feature engineering, predefined patterns, or expert rules. DLVA’s training algorithm is also robust: it overcame a 1.25% error rate mislabelled contracts, and—the student surpassing the teacher—found vulnerable contracts that Slither mislabelled. In addition to extending a source code analyser to bytecode, DLVA is much faster than conventional tools for smart contract vulnerability detection based on formal methods: DLVA checks contracts for 29 vulnerabilities in 0.2 seconds, a 10–1,000x speedup compared to traditional tools. We benchmark DLVA against nine well-known smart contract analysis tools. Despite using much less analysis time, DLVA completed every query, leading the pack with an average accuracy of 99.7%, pleasingly balancing high true positive rates with low false positive rates.