SmartMixModel: Machine Learning-based Vulnerability Detection of Solidity Smart Contracts

Abstract

The growing popularity of Ethereum and Solidity smart contracts makes them attractive targets for security threats and attacks. Even though researchers have been dedicating substantial efforts in developing machine learning-based vulnerability detection models for Solidity smart contracts, the models achieved considerably lower accuracy due to shallow coverage of the feature space. In this paper, we introduce SmartMixModel, an improved vulnerability detection model considering an expanded feature space covering both the source- and byte-codes of the Solidity smart contracts. In particular, our contribution in this paper is threefold. First, we collect close to seventy thousand real-world Solidity smart contracts deployed on the Ethereum mainnet and employ the SmartCheck tool to label them considering ten types of vulnerabilities. Next, we generate a mixed-level embedding feature space considering both the high-level syntactic features of the source codes and the low-level features extracted from the compiled byte codes. Finally, we train various Machine Learning and Deep Learning models on our dataset balanced with SMOTETomek. We observe an improved detection performance compared to the state-of-the-art models, achieving the highest Micro-F1 of 98.34%, Macro-F1 of 98.20%, maximum F1-score rate of 99%, and maximum AUROC of 99.60% in the case of XGBoost classifier. © 2022 IEEE.