Write a Blog >>
ESEC/FSE 2022
Mon 14 - Fri 18 November 2022 Singapore
Wed 16 Nov 2022 14:45 - 14:52 at SRC LT 50 - Security Chair(s): Andreea Costea

Smart contracts are increasingly used with blockchain systems for high-value applications. Blockchain’s immutability makes changing a deployed smart contract almost impossible, and any bug or security vulnerability in a deployed smart contract can have devastating consequences for developers and users of the smart contract. Thus, it is highly desired to ensure the quality of smart contracts before they are deployed, especially to detect all potential vulnerabilities in the smart contract source code. This paper proposes a new deep learning-based tool, MANDO-GURU, that aims to accurately detect vulnerabilities in smart contract source code at both coarse-grained contract-level and fine-grained line-level. Using a combination of control-flow graphs and call graphs of Solidity smart contracts, we design new heterogeneous graph attention neural networks to encode more structural and potentially semantic relations among different types of nodes and edges of such graphs and use the encoded embeddings of the graphs and nodes to detect vulnerabilities more accurately in Solidity code. Our validation of real-world smart contract datasets shows that MANDO-GURU can significantly improve many other vulnerability detection techniques by up to 24% in terms of F1-score at the contract level, depending on vulnerability types. More importantly, it is the first learning-based tool that identifies vulnerabilities at the line level and significantly improves the traditional code analysis-based techniques by up to 63.4%. Our tool is publicly available at https://github.com/MANDO-Project/ge-sc-machine. We provide a tutorial to use Docker Image to deploy on local machines in the Github repository. A test version is currently deployed at http://mandoguru.com, and a demo video of our tool is available at http://mandoguru.com/demo-video.

Wed 16 Nov

Displayed time zone: Beijing, Chongqing, Hong Kong, Urumqi change

14:00 - 15:30
SecurityDemonstrations / Research Papers at SRC LT 50
Chair(s): Andreea Costea School of Computing, National University Of Singapore
14:00
15m
Talk
Automated Unearthing of Dangerous Issue Reports
Research Papers
shengyi pan Zhejiang University, Jiayuan Zhou Huawei, Filipe Cogo Huawei, Xin Xia Huawei, Lingfeng Bao Zhejiang University, Xing Hu Zhejiang University, Shanping Li Zhejiang University, Ahmed E. Hassan Queen’s University
DOI
14:15
15m
Talk
On the Vulnerability Proneness of Multilingual Code
Research Papers
Wen Li Washington State University, Li Li Monash University, Haipeng Cai Washington State University
DOI Pre-print
14:30
7m
Talk
VulCurator: A Vulnerability-Fixing Commit Detector
Demonstrations
Truong Giang Nguyen Singapore Management University, Le-Cong Thanh Singapore Management University, Hong Jin Kang Singapore Management University, Xuan-Bach D. Le University of Melbourne, David Lo Singapore Management University
14:38
7m
Talk
KVS: A Tool for Knowledge-Driven Vulnerability Searching
Demonstrations
Xingqi Cheng Yangzhou University, Xiaobing Sun Yangzhou University, Lili Bo Yangzhou University, Ying Wei Yangzhou University
14:45
7m
Talk
MANDO-GURU: Vulnerability Detection for Smart Contract Source Code By Heterogeneous Graph Embeddings
Demonstrations
Hoang H. Nguyen L3S Research Center, Leibniz Universität Hannover, Hannover, Germany, Nhat-Minh Nguyen Singapore Management University, Singapore, Hong-Phuc Doan Hanoi University of Science and Technology, Hanoi, Vietnam, Zahra Ahmadi L3S Research Center, Leibniz Universität Hannover, Hannover, Germany, Thanh-Nam Doan Independent Researcher, Atlanta, Georgia, USA, Lingxiao Jiang Singapore Management University
DOI Pre-print Media Attached
14:53
7m
Talk
FastKLEE: Faster Symbolic Execution via Reducing Redundant Bound Checking of Type-Safe Pointers
Demonstrations
Haoxin Tu Singapore Management University, Singapore, Lingxiao Jiang Singapore Management University, Xuhua Ding Singapore Management University, He Jiang Dalian University of Technology