Smart Contract Vulnerability Detection Technology Based on Abstract Syntax Tree Embedding

Currently, in deep learning-based smart contract vulnerability detection solutions, the direct use of bytecode or source code for textual sequence feature representation lacks a comprehensive understanding of program semantics. The smart contract vulnerability detection technology based on Abstract Syntax Tree (AST) embedding fully considers the syntax and semantic features needed for contract vectorization and appropriate processing granularity, enabling more accurate capturing of smart contract vulnerability features. First, it employs Solidity syntax tree parsing to design a smart-contract vectorization method based on AST embedding. It partitions node types recursively at the statement level to generate sequences of statement trees. Subsequently, a recursive neural network is employed to encode each statement tree from the bottom up, transforming the intricate AST structure into statement-level feature vectors. Building on this foundation, a Bidirectional Gated Recurrent neural network model with an Attention mechanism (BiGRU-ATT) is constructed. This facilitates the learning of features from the sequences of statement trees and accomplishes the detection and categorization of five typical vulnerabilities: re-entrancy, unchecked return values, timestamp dependency, access control, and denial-of-service attacks. Experimental results demonstrate that the proposed method improves the micro-F1 and macro-F1 metrics by 13 and 10 percentage points, respectively, compared to the direct vectorization of source code as a text sequence. In tasks related to timestamp dependence, access control, and denial-of-service attack vulnerability classification, the BiGRU-ATT model with the attention mechanism achieves an F1 value of over 88%.