Millions of smart contracts have been deployed onto the Ethereum platform, posing potential attack subjects. Therefore, analyzing contract binaries is vital since their sources are unavailable, involving identification comprising function entry identification and detecting its boundaries. Such boundaries are critical to many smart contract applications, e.g. reverse engineering and profiling. Unfortunately, it is challenging to identify functions from these stripped contract binaries due to the lack of internal function call statements and the compiler-inducing instruction reshuffling. Recently, several existing works excessively relied on a set of handcrafted heuristic rules which impose several faults. To address this issue, we propose a novel neural network-based framework for EVM bytecode Function Entries and Boundaries Identification (neural-FEBI) that does not rely on a fixed set of handcrafted rules. Instead, it used a two-level bi-Long Short-Term Memory network and a Conditional Random Field network to locate the function entries. The suggested framework also devises a control flow traversal algorithm to determine the code segments reachable from the function entry as its boundary. Several experiments on 38,996 publicly available smart contracts collected as binary demonstrate that neural-FEBI confirms the lowest and highest F1-scores for the function entries identification task across different datasets of 88.3 to 99.7, respectively. Its performance on the function boundary identification task is also increased from 79.4% to 97.1% compared with state-of-the-art. We further demonstrate that the identified function information can be used to construct more accurate intra-procedural CFGs and call graphs. The experimental results confirm that the proposed framework significantly outperforms state-of-the-art, often based on handcrafted heuristic rules.
翻译:数以百万计的智能合同被部署到 Etheum 平台上, 构成了潜在的攻击对象。 因此, 分析合同二进制至关重要, 因为它们没有来源, 包括功能输入识别和探测其边界。 这些界限对于许多智能合同应用程序至关重要, 例如反向工程和剖析。 不幸的是, 由于缺乏内部功能调用声明和编译导指令重组, 确定这些被剥除的合同二进制的二进制书箱的功能非常困难。 最近, 一些现有的工程过分依赖一套手工制作的超常规则, 从而造成若干错误。 为了解决这个问题, 我们提议为 EVM 元代码识别和边界进行新的神经网络化网络化框架。 EVM 字码功能和边界识别( National- FEBIB) 。 这些界限框架并不依赖一套固定的手写规则。 相反, 它使用双级双级双长期内存内存存储器网络和调控调字段网络来定位功能。 拟议的框架还设计一种基于控制流传动的调算算法, 来确定从函数条目条目条目条目条目条目条目条目进入的代码。 在38- 996 上进行数的实验运行智能功能中, 。 运行智能功能中, 运行运行中, 运行中, 运行中, 运行中的数据功能将显示最高智能功能功能功能的功能功能将显示为最高级智能功能, 。