Write a Blog >>
Thu 13 Oct 2022 11:10 - 11:30 at Ballroom C East - Technical Session 23 - Security Chair(s): John-Paul Ore

Smart contracts have been widely and rapidly used to automate financial and business transactions together with blockchains, helping people make agreements while minimizing trusts. With millions of smart contracts deployed on blockchain, various bugs and vulnerabilities in smart contracts have emerged. Following the rapid development of deep learning, many recent studies have used deep learning for vulnerability detection to conduct security checks before deploying smart contracts. However, these approaches are limited to providing only the decision on whether a smart contract is vulnerable or not, without further analysis on locating suspicious statements potentially responsible for the detected vulnerability.

To address this problem, we propose a deep learning based two-phase smart contract debugger for the Reentrancy vulnerability, one of the most severe vulnerabilities, named as ReVulDL: Reentrancy Vulnerability Detection and Localization. ReVulDL integrates the vulnerability detection and localization into a unified debugging pipeline. For the detection phase, given a smart contract, ReVulDL uses a graph-based pre-training model to learn the complex relationships in propagation chains for detecting whether the smart contract contains a reentrancy vulnerability. For the localization phase, if a reentrancy vulnerability is detected, ReVulDL utilizes interpretable machine learning to locate the suspicious statements in smart contract to provide interpretations of the detected vulnerability. Our large-scale empirical study on 47,398 smart contracts shows that ReVulDL achieves promising results in detecting reentrancy vulnerabilities (e.g., outperforming 15 state-of-the-art vulnerability detection approaches) and locating vulnerable statements (e.g., 70.38% of the vulnerable statements are ranked within top-10).

Thu 13 Oct

Displayed time zone: Eastern Time (US & Canada) change

10:00 - 12:00
Technical Session 23 - SecurityTool Demonstrations / Journal-first Papers / Late Breaking Results / Research Papers at Ballroom C East
Chair(s): John-Paul Ore North Carolina State University
10:00
10m
Demonstration
V-Achilles: An Interactive Visualization of Transitive Security Vulnerabilities
Tool Demonstrations
Vipawan Jarukitpipat Mahidol University, Xiao Peng China EverBright Bank, Xiao Peng China EverBright Bank, Chaiyong Ragkhitwetsagul Mahidol University, Thailand, Morakot Choetkiertikul Mahidol University, Thailand, Thanwadee Sunetnanta Mahidol University, Raula Gaikovina Kula Nara Institute of Science and Technology, Bodin Chinthanet Nara Institute of Science and Technology, Takashi Ishio Nara Institute of Science and Technology, Kenichi Matsumoto Nara Institute of Science and Technology
10:10
20m
Paper
Automatic Detection of Java Cryptographic API Misuses: Are We There Yet?
Journal-first Papers
Ying Zhang Virginia Tech, USA, Md Mahir Asef Kabir Virginia Tech, Ya Xiao Virginia Tech, Daphne Yao Virginia Tech, Na Meng Virginia Tech
DOI Pre-print
10:30
10m
Demonstration
A transformer-based IDE plugin for vulnerability detectionVirtual
Tool Demonstrations
Cláudia Mamede FEUP, U.Porto, Eduard Pinconschi FEUP, U.Porto, Rui Abreu Faculty of Engineering, University of Porto, Portugal
10:40
10m
Demonstration
Quacky: Quantitative Access Control Permissiveness Analyzer
Tool Demonstrations
William Eiers University of California at Santa Barbara, USA, Ganesh Sankaran University of California Santa Barbara, Albert Li University of California Santa Barbara, Emily O'Mahony University of California Santa Barbara, Benjamin Prince University of California Santa Barbara, Tevfik Bultan University of California, Santa Barbara
10:50
10m
Paper
Towards Robust Models of Code via Energy-Based Learning on Auxiliary DatasetsVirtual
Late Breaking Results
Nghi D. Q. Bui Singapore Management University, Yijun Yu Huawei Ireland Research Center
11:00
10m
Demonstration
Xscope: Hunting for Cross-Chain Bridge AttacksVirtual
Tool Demonstrations
Jiashuo Zhang Peking University, China, Jianbo Gao Peking University, Yue Li Peking University, Ziming Chen Peking University, Zhi Guan Peking University, Zhong Chen
11:10
20m
Research paper
Reentrancy Vulnerability Detection and Localization: A Deep Learning Based Two-phase ApproachVirtual
Research Papers
Zhuo Zhang Chongqing University, Yan Lei Chongqing University, Meng Yan Chongqing University, Yue Yu College of Computer, National University of Defense Technology, Changsha 410073, China, Jiachi Chen Sun Yat-Sen University, Shangwen Wang National University of Defense Technology, Xiaoguang Mao National University of Defense Technology