Murala Dileep Kumar, Loucif Samia, Rao K Vara Prasada, Hamam Habib
Department of Computer Science and Engineering, Faculty of Science and Technology, ICFAI Foundation for Higher Education, Hyderabad, 501203, Telangana, India.
College of Technological Innovation, Zayed University, P.O. Box 144534, Abu Dhabi, UAE.
Sci Rep. 2025 May 3;15(1):15532. doi: 10.1038/s41598-025-99267-3.
Smart contracts are changing many business areas with blockchain technology, but they still have vulnerabilities that can cause major financial losses. Because deployed smart contracts (SCs) are irreversible once deployed, fixing these vulnerabilities before deployment is critical. This research introduces a new method that combines code embedding with Generative Adversarial Networks (GANs) to find integer overflow vulnerabilities in smart contracts. Using Abstract Syntax Trees, we can vectorize the source code of smart contracts while keeping all of the important contract characteristics and going beyond what can be achieved with conventional textual or structural analysis. Synthesizing contract vector data using GANs alleviates data scarcity and facilitates source code acquisition for training our detection system. The proposed method is very good at finding vulnerabilities because it uses both GAN discriminator feedback and vector similarity measures based on cosine and correlation coefficients. Experimental results show that our GAN-based proactive analysis method achieves up to 18.1% improvement in accuracy over baseline tools such as Oyente and sFuzz.
智能合约正在通过区块链技术改变许多业务领域,但它们仍然存在可能导致重大财务损失的漏洞。由于已部署的智能合约一旦部署就不可逆转,因此在部署前修复这些漏洞至关重要。本研究引入了一种将代码嵌入与生成对抗网络(GAN)相结合的新方法,以发现智能合约中的整数溢出漏洞。使用抽象语法树,我们可以将智能合约的源代码向量化,同时保留所有重要的合约特征,并且超越传统文本或结构分析所能达到的效果。使用GAN合成合约向量数据可缓解数据稀缺问题,并便于获取用于训练我们检测系统的源代码。所提出的方法在发现漏洞方面非常出色,因为它同时使用了GAN判别器反馈以及基于余弦和相关系数的向量相似性度量。实验结果表明,我们基于GAN的主动分析方法在准确率上比诸如Oyente和sFuzz等基线工具提高了高达18.1%。
