JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2026, Vol. 61 ›› Issue (3): 20-28.doi: 10.6040/j.issn.1671-9352.9.2025.001

Previous Articles    

Chaincode vulnerability detection method based on pre-training model

  

  1. 1. School of Computer Science, School of Cyber Science and Engineering, Nanjing University of Information Science &
    Technology, Nanjing 210044, Jiangsu, China;
    2. Engineering Research Center of Digital Forensics Ministry of Education, Nanjing University of Information Science &
    Technology, Nanjing 210044, Jiangsu, China
  • Published:2026-03-18

PDF (PC)

5

Abstract: Aiming at the problem of security vulnerabilities in chain codes in the consortium chain Hyperledger Fabric, a deep learning vulnerability detection network based on vulnerability subtrees and pre-trained models is proposed. The detection method includes two key stages: first, the chain code is extracted into an abstract syntax tree through an automated tool, and a vulnerability subtree structure VB-tree is designed to ensure that the model focuses on key vulnerability features. On this basis, it is converted into a data flow graph based on the data and control dependencies between program statements; second, the extracted features are processed using a pre-trained model to accurately identify potential vulnerabilities. Finally, chain codes of 6 935 open source projects in different fields are collected from Github to construct a dataset that can be used to evaluate the effectiveness of the method. Experimental results show that when detecting 21 types of vulnerabilities in chain codes, the average F1 score of the model is 93.68%, which is better than existing methods.

Key words: blockchain, smart contract, vulnerability detection

CLC Number: 

  • TP309
[1] 参考文献:[1] SZABO N. Smart contracts: building blocks for digital markets[J]. EXTROPY, 1996(16):18.
[2] SUN Nan, WANG Wei, TONG Yongxin, et al. Blockchain based federated learning for intrusion detection for Internet of Things[J]. Frontiers of Computer Science, 2024, 18(5):185328.
[3] CHEN Xingxing, CHENG Qingfeng, YANG Weidong, et al. An anonymous authentication and secure data transmission scheme for the Internet of Things based on blockchain[J]. Frontiers of Computer Science, 2024, 18(3):183807.
[4] QU Youyang, MA Lichuan, YE Wenjie, et al. Towards privacy-aware and trustworthy data sharing using blockchain for edge intelligence[J]. Big Data Mining and Analytics, 2023, 6(4):443-464.
[5] ZHANG Xiaofeng, LI Ling. A review of blockchain solutions in supply chain traceability[J]. Tsinghua Science and Technology, 2022, 28(3):500-510.
[6] BUTERIN V. A next-generation smart contract and decentralized application platform[J]. White Paper, 2014, 3(37):2-1.
[7] NAKAMOTO S. Bitcoin: a peer-to-peer electronic cash system[EB/OL]. https://bitcoin.org/en/bitcoin-paper.
[8] DANNEN C. Introducing Ethereum and solidity[M]. Berkeley:Apress, 2017.
[9] DEL C M. The DAO attacked: code issue leads to $60 million ether theft[J]. Saatavissa, 2016, 3:1-4.
[10] LUU L, CHU D H, OLICKEL H, et al. Making smart contracts smarter[C] //2016 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2016:254-269.
[11] TSANKOV P, DAN A, DRACHSLER-COHEN D, et al. Securify: practical security analysis of smart contracts[C] //2018 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2018:67-82.
[12] KALRA S, GOEL S, DHAWAN M, et al. Zeus: analyzing safety of smart contracts[C] //25th Annual Network and Distributed System Security Symposium(NDSS 2018). San Diego: Internet Society, 2018:1-12.
[13] BHARGARAN K, DELIGNAT-LAVAUD A, FOURNET C, et al. Formal verification of smart contracts: short paper[C] //2016 ACM Workshop on Programming Languages and Analysis for Security. New York: ACM, 2016:91-96.
[14] JIANG Bo, LIU Ye, CHAN W K. Contractfuzzer: fuzzing smart contracts for vulnerability detection[C] //2018 33rd ACM/IEEE International Conference on Automated Software Engineering(ASE). New York: ACM, 2018:259-269.
[15] LIU Zhenguang, QIAN Peng, et al. Rethinking smart contract fuzzing: fuzzing with invocation ordering and important branch revisiting[J]. IEEE Transactions on Information Forensics and Security, 2023, 18:1237-1251.
[16] ZHUANG Yuan, LIU Zhenguang, QIAN Peng, et al. Smart contract vulnerability detection using graph neural networks[C] //30th International Joint Conference on Artificial Intelligence(IJCAI-21), 2021:3283-3290.
[17] ZHANG Zhuo, YAN Lei, YAN Meng, et al. Reentrancy vulnerability detection and localization: a deep learning based two-phase approach[C] //2022 37th IEEE/ACM International Conference on Automated Software Engineering(ASE). New York: ACM, 2022:1-13.
[18] CACHIN C. Architecture of the hyperledger blockchain fabric[C] //Workshop on Distributed Cryptocurrencies and Consensus Ledgers. 2016, 310(4):1-4.
[19] PETERS M E, NEUMANN M, IYYER M, et al. Deep contextualized word representations[C] //2018 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies. New Orleans: ACL, 2018:2227-2237.
[20] RADFORD A, NARASIMHAN K, SALIMANS T, et al. Improving language understanding by generative pre-training[EB/OL]. 2018.
[21] DEVLIN J, CHANG M W, LEE K, et al. BERT: pre-training of deep bidirectional transformers for language understanding[C] //2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies. Minneapolis: ACL, 2019:4171-4186.
[22] GUO Daya, REN Shuo, LU Shuai, et al. GraphCodeBERT: pre-training code representations with data flow[C] //2021 International Conference on Learning Representations. ICLR, 2021.
[23] WU Hongjun, et al. Peculiar: smart contract vulnerability detection based on crucial data flow graph and pre-training techniques[C] //2021 IEEE 32nd International Symposium on Software Reliability Engineering(ISSRE). IEEE, 2021.
[24] ANDROULAKI E, BARGER A, BORTNIKOV V, et al. Hyperledger fabric: a distributed operating system for permissioned blockchains[C] //2018 13th EuroSys Conference. New York: ACM, 2018:1-15.
[25] SOUSA J, BESSANI A, VUKOLIC M. A byzantine fault-tolerant ordering service for the hyperledger fabric blockchain platform[C] //2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks(DSN). IEEE, 2018.
[26] HUANG Yongfeng, BIAN Yiyang, et al. Smart contract security: a software lifecycle perspective[J]. IEEE Access, 2019, 7:150184-150202.
[27] LV Penghui. Potential risk detection system of hyperledger fabric smart contract based on static analysis[C] //2021 IEEE Symposium on Computers and Communications(ISCC). IEEE, 2021:1-7.
[28] YAMASHITA K, NOMURA Y, ZHOU E, et al. Potential risks of hyperledger fabric smart contracts[C] //2019 IEEE International Workshop on Blockchain Oriented Software Engineering(IWBOSE). IEEE, 2019:1-10.
[29] LI Peiru, WANG Yizheng, HUANG Hao, et al. A vulnerability detection framework for hyperledger fabric smart contracts based on dynamic and static analysis[C] //Proceedings of the 26th International Conference on Evaluation and Assessment in Software Engineering. New York: ACM, 2022:366-374.
[30] XU Xiaofei, HU Tiaoyuan, LI Bixin, et al. CCDetector: detect chaincode vulnerabilities based on knowledge graph[C] //2023 IEEE 47th Annual Computers, Software, and Applications Conference(COMPSAC). IEEE, 2023:699-704.
[31] LUA T. Tree-sitter[EB/OL]. 2023. https://tree-sitter.github.io/tree-sitter/.
[1] GUI Yunmiao, YANG Lan, HU Hongchun. Blockchain service investment decision of logistics platform under two-sided market [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2025, 60(6): 63-75.
[2] Cong SHI,Guitao ZHANG,Xiao ZHANG,Shuaicheng LIN. Platform supply chain network operation decision based on blockchain technology under cap-and-trade regulation [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2024, 59(1): 100-114, 123.
[3] Yun LIU,Pengjun ZHU,Luyao CHEN,Kai SONG. Optimization of blockchain sharding by profit incentive algorithm based on edge computing [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2023, 58(7): 88-96.
[4] GUI Yun-miao, HU Hong-chun, GONG Ben-gang. Research on information disclosure decision of bilateral platform in the blockchain era [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2022, 57(3): 89-95.
[5] KANG Hai-yan, DENG Jie. Survey on blockchain data privacy protection [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2021, 56(5): 92-110.
[6] Yu-bo SONG,Shi-qi ZHANG,Rui SONG. A blockchain consensus mechanism based on voting rights competition [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2020, 55(3): 43-50.
[7] Jing ZHANG,Cheng CHEN,Huan-ke ZHENG. Fuzzing sample optimization method for software vulnerability detection [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2019, 54(9): 1-8, 35.
[8] ZHANG Jian-hong, BAI Wen-le, OU Pei-rong. Blockchain-based anonymous cryptocurrency payment system [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2019, 54(1): 88-95.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
Copyright 2018 © Editorial office of JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE)
Supported by Beijing Magtech Co.Ltd