An Improved Vulnerability Detection System of Smart Contracts Based on Symbolic Execution

Abstract

Smart contracts emerged as programs running on the blockchain. Security is one of the major concerns against smart contracts which also exist various vulnerabilities as for any other traditional programs. What was worse, security vulnerabilities in smart contracts may lead to irreversible economic losses. Hence, there is an apparent demand for security audits of contracts before deployment. In recent years, a large number of smart contract vulnerability detection tools have emerged. The methods used by these tools include formal verification, symbolic execution, machine learning, and fuzz testing. These methods can well analyze vulnerabilities, but there are still limitations. In this paper, we optimized and extended the Mythril symbolic execution tool. The optimized pruning algorithm improves the speed of symbolic execution, while the proposed detection algorithm for Transaction Order Dependence vulnerability expands the range of detecting vulnerability. In addition, a machine learning vulnerability detection model is introduced as an auxiliary detection method, which is used to build the complete smart contract vulnerability detection system. The experimental results show that the proposed system reduces the execution time, and improves the accuracy as well as the recall of vulnerability detection compared with the original Mythril tool.