BugSweeper: Function-Level Detection of Smart Contract Vulnerabilities Using Graph Neural Networks
This addresses the need for automated, scalable vulnerability detection in Ethereum smart contracts without relying on expert-designed rules, offering a robust solution for developers and auditors.
The paper tackles the problem of detecting smart contract vulnerabilities by introducing BugSweeper, an end-to-end deep learning framework that uses graph neural networks on function-level graphs, achieving significant performance improvements over state-of-the-art methods in experiments on real-world contracts.
The rapid growth of Ethereum has made it more important to quickly and accurately detect smart contract vulnerabilities. While machine-learning-based methods have shown some promise, many still rely on rule-based preprocessing designed by domain experts. Rule-based preprocessing methods often discard crucial context from the source code, potentially causing certain vulnerabilities to be overlooked and limiting adaptability to newly emerging threats. We introduce BugSweeper, an end-to-end deep learning framework that detects vulnerabilities directly from the source code without manual engineering. BugSweeper represents each Solidity function as a Function-Level Abstract Syntax Graph (FLAG), a novel graph that combines its Abstract Syntax Tree (AST) with enriched control-flow and data-flow semantics. Then, our two-stage Graph Neural Network (GNN) analyzes these graphs. The first-stage GNN filters noise from the syntax graphs, while the second-stage GNN conducts high-level reasoning to detect diverse vulnerabilities. Extensive experiments on real-world contracts show that BugSweeper significantly outperforms all state-of-the-art detection methods. By removing the need for handcrafted rules, our approach offers a robust, automated, and scalable solution for securing smart contracts without any dependence on security experts.