Construction of Multi-Label Vulnerability Dataset for Smart Contracts in Golang

doi:10.3778/j.issn.1002-8331.2409-0255

Abstract

Abstract: In recent years, the alliance chain platform has been widely used at home and abroad. Due to the lack of sharing of its contract code, the corresponding vulnerability dataset is scarce, which restricts the development of smart contract security detection technology. To this end, based on the Golang language smart contract widely used in the alliance chain, a method for constructing a smart contract multi-label vulnerability dataset is proposed. The Golang language smart contract code is collected from GitHub and real application scenarios as the original data of the dataset. According to the definition of 16 common vulnerabilities, the GPT model is used to automatically insert vulnerability codes into the original contract to generate contract samples containing multiple vulnerability types. Through manual proofreading and verification, the annotation quality and code syntax correctness of the dataset are ensured, and a multi-label Golang language smart contract vulnerability dataset (GoSCV-GPT) containing 7 246 contract files is successfully constructed. Experimental results show that this dataset can effectively improve the performance of various benchmark neural network models in the Golang language smart contract vulnerability detection task.

Key words: consortium blockchain, smart contract, dataset construction, Golang

摘要： 联盟链平台近年来在国内外得到广泛应用，由于其合约代码缺乏共享，相应的漏洞数据集稀缺，制约了智能合约安全检测技术的发展。为此，基于联盟链广泛使用的Golang语言智能合约，提出了一种智能合约多标签漏洞数据集构建方法。从GitHub和真实应用场景中收集Golang语言智能合约代码，作为数据集的原始数据；根据16种常见漏洞的定义，利用GPT模型自动在原始合约中插入漏洞代码，生成包含多种漏洞类型的合约样本；通过人工校对和验证，确保数据集的标注质量和代码语法正确性，成功构建了一个包含7 246个合约文件的多标签Golang语言智能合约漏洞数据集（GoSCV-GPT）。实验结果表明，该数据集能够有效提升多种基准神经网络模型在Golang语言智能合约漏洞检测任务上的性能。

关键词: 联盟链, 智能合约, 数据集构建, Golang语言

REN Hong, ZHAO Fan, MA Yupeng, ZHOU Xi. Construction of Multi-Label Vulnerability Dataset for Smart Contracts in Golang[J]. Computer Engineering and Applications, 2025, 61(24): 313-321.

任虹, 赵凡, 马玉鹏, 周喜. Golang语言智能合约多标签漏洞数据集构建[J]. 计算机工程与应用, 2025, 61(24): 313-321.

References

[1] LEE J S, CHEW C J, LIU J Y, et al. Medical blockchain: data sharing and privacy preserving of EHR based on smart contract[J]. Journal of Information Security and Applications, 2022, 65: 103117.
[2] HESHAN NIRANGA G D, NAIR V S, B S S N. Design of a secured medical data access management using ethereum smart contracts, truffle suite and Web3[C]//Proceedings of the 20th ACM Conference on Embedded Networked Sensor Systems. New York: ACM, 2023: 1215-1221.
[3] BANDHU K C, LITORIYA R, LOWANSHI P, et al. Making drug supply chain secure traceable and efficient: a blockchain and smart contract based implementation[J]. Multimedia Tools and Applications, 2023, 82(15): 23541-23568.
[4] KHALID M, HAMEED S, QADIR A, et al. Towards SDN-based smart contract solution for IoT access control[J]. Computer Communications, 2023, 198: 1-31.
[5] WANG C B, LIU X, LI H, et al. Smart contract-based integrity audit method for IoT[J]. Information Sciences, 2023, 647: 119413.
[6] XU C H, GE J Q, LI Y, et al. SCEI: a smart-contract driven edge intelligence framework for IoT systems[J]. IEEE Transactions on Mobile Computing, 2024, 23(5): 4453-4466.
[7] JEONG S, AHN B. A study of application platform for smart contract visualization based blockchain[J]. The Journal of Supercomputing, 2022, 78(1): 343-360.
[8] SIDDIQUI S, HAMEED S, SHAH S A, et al. Smart contract-based security architecture for collaborative services in municipal smart cities[J]. Journal of Systems Architecture, 2023, 135: 102802.
[9] DU Y, WANG Z, LI J, et al. Blockchain-aided edge computing market: smart contract and consensus mechanisms[J]. IEEE Transactions on Mobile Computing, 2023, 22(6): 3193-3208.
[10] NATGUNANATHAN I, PRAITHEESHAN P, GAO L X, et al. Blockchain-based audio watermarking technique for multimedia copyright protection in distribution networks[J]. ACM Transactions on Multimedia Computing, Communications, and Applications, 2022, 18(3): 1-23.
[11] HALGAMUGE M N, GURUGE D. Fair rewarding mechanism in music industry using smart contracts on public-permissionless blockchain[J]. Multimedia Tools and Applications, 2022, 81(2): 1523-1544.
[12] GARCíA R, CEDIEL A, TEIXIDó M, et al. Semantics and non-fungible tokens for copyright management on the metaverse and beyond[J]. ACM Transactions on Multimedia Computing, Communications, and Applications, 2024, 20(7): 1-20.
[13] ZHANG G F, ZHENG L L, SU Z P, et al. M-sequences and sliding window based audio watermarking robust against large-scale cropping attacks[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 1182-1195.
[14] 钱鹏, 刘振广, 何钦铭, 等. 智能合约安全漏洞检测技术研究综述[J]. 软件学报, 2022, 33(8): 3059-3085.
QIAN P, LIU Z G, HE Q M, et al. Smart contract vulnerability detection technique: a survey[J]. Journal of Software, 2022, 33(8): 3059-3085.
[15] 任芃锟, 邵怡敏, 王保全, 等. 面向Fabric性能态势感知的联盟链可视分析方法[J]. 计算机辅助设计与图形学学报, 2024, 36(5): 668-677.
REN P K, SHAO Y M, WANG B Q, et al. Visual analysis method of consortium chain for fabric performance situational awareness[J]. Journal of Computer-Aided Design & Computer Graphics, 2024, 36(5): 668-677.
[16] 吴海博, 刘辉, 孙毅, 等. 一种面向联盟链Hyperledger Fabric的并发冲突事务优化方法[J]. 计算机研究与发展, 2024, 61(8): 2110-2126.
WU H B, LIU H, SUN Y, et al. A concurrent conflict transaction optimization method for consortium blockchain hyper-ledger fabric[J]. Journal of Computer Research and Development, 2024, 61(8): 2110-2126.
[17] 陆艺仁, 朱友文. 基于中继链的联盟链跨链监管机制[J]. 计算机工程与应用, 2023, 59(22): 268-275.
LU Y R, ZHU Y W. Cross-chain supervision mechanism for consortium blockchain based on relay-chain technology[J]. Computer Engineering and Applications, 2023, 59(22): 268-275.
[18] BROTSIS S, KOLOKOTRONIS N, LIMNIOTIS K, et al. On the security and privacy of hyperledger fabric: challenges and open issues[C]//Proceedings of the 2020 IEEE World Congress on Services. Piscataway: IEEE, 2020: 197-204.
[19] GHALEB A, PATTABIRAMAN K. How effective are smart contract analysis tools? evaluating smart contract static analysis tools using bug injection[C]//Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. New York: ACM, 2020: 415-427.
[20] CHEN J C, XIA X, LO D, et al. Defining smart contract defects on ethereum[J]. IEEE Transactions on Software Engineering, 2022, 48(1): 327-345.
[21] FERREIRA J F, CRUZ P, DURIEUX T, et al. SmartBugs: a framework to analyze solidity smart contracts[C]//Proceedings of the 2020 35th IEEE/ACM International Conference on Automated Software Engineering. Piscataway: IEEE, 2020: 1349-1352.
[22] LV P H, WANG Y, WANG Y Z, et al. Potential risk detection system of hyperledger fabric smart contract based on static analysis[C]//Proceedings of the 2021 IEEE Symposium on Computers and Communications. Piscataway: IEEE, 2021: 1-7.
[23] 何晨, 苑迎春, 王克俭, 等. 高校学业文本命名实体识别及数据集构建研究[J]. 计算机工程与应用, 2023, 59(22): 322-328.
HE C, YUAN Y C, WANG K J, et al. Research on college academic text named entity recognition and dataset constru-ction[J]. Computer Engineering and Applications, 2023, 59(22): 322-328.
[24] 郑小萌, 高猛, 滕俊元. 航天器软件缺陷预测数据集构建方法研究[J]. 计算机科学, 2021, 48(S1): 575-580.
ZHENG X M, GAO M, TENG J Y. Research on construction method of defect prediction dataset for spacecraft software[J]. Computer Science, 2021, 48(S1): 575-580.
[25] ZHANG D Y, YU J W, JIN S Y, et al. MultiCMET: a novel Chinese benchmark for understanding multimodal metaphor[C]//Proceedings of the Findings of the Association for Computational Linguistics. Stroudsburg: ACL, 2023: 6141-6154.
[26] 孙媛, 刘思思, 陈超凡, 等. 面向机器阅读理解的高质量藏语数据集构建[J]. 中文信息学报, 2024, 38(3): 56-64.
SUN Y, LIU S S, CHEN C F, et al. Construction of high-quality Tibetan dataset for machine reading comprehension[J]. Journal of Chinese Information Processing, 2024, 38(3): 56-64.
[27] ZHU S L, PAN L Y, LI B, et al. LANDeRMT: dectecting and routing language-aware neurons for selectively finetuning LLMs to machine translation[C]//Proceedings of the 62nd Annual Meeting of the Association for Computational Linguistics. Stroudsburg: ACL, 2024: 12135-12148.
[28] ZHU S L, PAN L Y, XIONG D Y. FEDS-ICL: enhancing translation ability and efficiency of large language model by optimizing demonstration selection[J]. Information Processing & Management, 2024, 61(5): 103825.
[29] SIVAKUMAR M, BELLE A B, SHAN J J, et al. Prompting GPT 4 to support automatic safety case generation[J]. Expert Systems with Applications, 2024, 255: 124653.
[30] SVYATKOVSKIY A, DENG S K, FU S Y, et al. IntelliCode compose: code generation using transformer[C]//Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. New York: ACM, 2020: 1433-1443.
[31] WU L I, SU Y X, LI G Q. Zero-shot construction of Chinese medical knowledge graph with GPT-3.5-turbo and GPT-4[J]. ACM Transactions on Management Information Systems, 2025, 16(2): 1-17.
[32] QAZI Z, SHIAO W, PAPALEXAKIS E E. GPT-generated text detection: benchmark dataset and tensor-based detection method[C]//Proceedings of the ACM Web Conference 2024. New York: ACM, 2024: 842-846.
[33] KURT PEHLIVANO?LU M, GOBOSHO R T, SYAKURA M A, et al. Comparative analysis of paraphrasing performance of ChatGPT, GPT-3, and T5 language models using a new ChatGPT generated dataset: ParaGPT[J]. Expert Systems, 2024, 41(11): e13699.