Propagation-Based Code Clone Analysis for Detecting Smart Contract Vulnerability

Abstract

Smart contracts are self-executing programs that operate on a blockchain. Once deployed, they cannot be altered, which introduces distinct maintenance challenges unlike those found in traditional software systems. Bugs and vulnerabilities in smart contracts have led to significant economic losses, drawing increased attention to their security. The immutability of smart contracts has made thorough security checks prior to deployment a priority. In this paper, we introduce a smart contract timestamp vulnerability detection technique PropaDT with propagation-based code clone analysis. The core idea of this technique involves using dataflow analysis based on an Abstract Syntax Tree (AST) to extract propagation chains that reveal how variables interact, potentially leading to vulnerabilities. Next, we extract code snippets based on the propagation chains and compare them with known vulnerability patterns in a database. This allows us to determine whether the tested smart contract contains a timestamp vulnerability, facilitating the detection of potential timestamp vulnerabilities in the code.