Dynamic Vulnerability Detection on Smart Contracts Using Machine Learning
This addresses security risks for smart contract users and developers by providing a non-intrusive detection method, though it is incremental as it builds on existing vulnerability detection approaches.
The authors tackled the problem of detecting reentrancy vulnerabilities in Ethereum smart contracts by proposing Dynamit, a monitoring framework that uses transaction metadata and balance data with a machine learning model, achieving detection without domain knowledge or code instrumentation.
In this work we propose Dynamit, a monitoring framework to detect reentrancy vulnerabilities in Ethereum smart contracts. The novelty of our framework is that it relies only on transaction metadata and balance data from the blockchain system; our approach requires no domain knowledge, code instrumentation, or special execution environment. Dynamit extracts features from transaction data and uses a machine learning model to classify transactions as benign or harmful. Therefore, not only can we find the contracts that are vulnerable to reentrancy attacks, but we also get an execution trace that reproduces the attack.