UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Schooling to Exploit Foolish Contracts

Abdelaziz, Tamer; Hobor, Aquinas; (2023) Schooling to Exploit Foolish Contracts. In: Proceedings of the Fifth International Conference on Blockchain Computing and Applications (BCCA) 2023. (pp. pp. 388-395). Institute of Electrical and Electronics Engineers (IEEE) Green open access

[thumbnail of Hobor_Schooling to Exploit Foolish Contracts_AAM.pdf]
Preview
Text
Hobor_Schooling to Exploit Foolish Contracts_AAM.pdf

Download (824kB) | Preview

Abstract

We introduce SCooLS, our Smart Contract Learning (Semi-supervised) engine. SCooLS uses neural networks to analyze Ethereum contract bytecode and identifies specific vulnerable functions. SCooLS incorporates two key elements: semi-supervised learning and graph neural networks (GNNs). Semi-supervised learning produces more accurate models than unsupervised learning, while not requiring the large oracle-labeled training set that supervised learning requires. GNNs enable direct analysis of smart contract bytecode without any manual feature engineering, predefined patterns, or expert rules. SCooLS is the first application of semi-supervised learning to smart contract vulnerability analysis, as well as the first deep learning-based vulnerability analyzer to identify specific vulnera-ble functions. SCooLS's performance is better than existing tools, with an accuracy level of 98.4%, an F1 score of 90.5%, and an exceptionally low false positive rate of only 0.8%. Furthermore, SCooLS is fast, analyzing a typical function in 0.05 seconds. We leverage SCooLS's ability to identify specific vulnerable functions to build an exploit generator, which was successful in stealing Ether from 76.9% of the true positives.

Type: Proceedings paper
Title: Schooling to Exploit Foolish Contracts
Event: Fifth International Conference on Blockchain Computing and Applications (BCCA)
Location: Kuwait, Kuwait
Dates: 24th-26th October 2023
Open access status: An open access version is available from UCL Discovery
DOI: 10.1109/BCCA58897.2023.10338924
Publisher version: https://doi.org/10.1109/BCCA58897.2023.10338924
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
Keywords: Ethereum smart contract, vulnerability classification, security threat detection, exploit generation, selfsupervised learning, bytecode (i.e., runtime bytecode).
UCL classification: UCL
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/10172222
Downloads since deposit
0Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item