Smart Contract Vulnerabilities Based on Differential Evolutionary Algorithms and Solution Time Prediction Detection#br#

Journal of Information Security Reserach ›› 2026, Vol. 12 ›› Issue (1): 24-.

Previous Articles Next Articles

Smart Contract Vulnerabilities Based on Differential Evolutionary Algorithms and Solution Time Prediction Detection#br#

Cai Lizhi1,2,3, Ma Yuan1, and Yang Kang2,3

1(East China University of Science and Technology, Shanghai 200237)
2(Shanghai Key Laboratory of Computer Software Testing Evaluating, Shanghai 201112)
3(Shanghai Development Center of Computer Software Technology, Shanghai 201112)

Online:2026-01-10 Published:2026-01-10

基于差分进化算法与求解时间预测的智能合约漏洞检测

蔡立志1,2,3马原1杨康2,3

1(华东理工大学上海200237)
2(上海市计算机软件评测重点实验室上海201112)
3(上海计算机软件技术开发中心上海201112)

通讯作者: 蔡立志博士，研究员.主要研究方向为信息安全、测试技术、软件工程质量保障. clz@sscenter.sh.cn
作者简介:蔡立志博士，研究员.主要研究方向为信息安全、测试技术、软件工程质量保障. clz@sscenter.sh.cn 马原硕士.主要研究方向为测试技术、智能合约安全、漏洞挖掘. my190504@163.com 杨康博士.主要研究方向为恶意软件检测、网络安全、软件工程. yangkang@sscenter.sh.cn

Abstract

Abstract: Aiming at the problems of inefficient exploration, nonguided test case generation, and poor constraintsolving tenacity in current hybrid fuzzy testing frameworks for smart contracts, this paper proposes an improved hybrid fuzzy detection framework DEST.The model integrates the advantages of fuzzy testing and symbolic execution methods to efficiently detect smart contracts, incorporates the differential evolution (DE) algorithm to optimize the quality of test cases and global search capability, and learns SMT script features through LSTM framework to predict the solving time. The DEST model uses the differential evolutionary (DE) algorithm to optimize the quality of test cases and global search capability, and learns SMT script features through LSTM framework to predict the solving time,thereby improving the solving efficiency of symbolic execution. Experiments show that the DEST model improves vulnerability detection by 9.42% and average code coverage by 3.6% over the stateoftheart benchmark model.

Key words: deep learning, vulnerability detection, fuzzing test, symbolic execution, differential evolution algorithm

摘要： 针对目前智能合约的混合模糊测试框架存在探索效率低下、测试用例生成不具有引导性、约束求解韧性差等问题，提出了一种改进版混合模糊检测框架DEST(differential evolution with solution time).该模型融合模糊测试与符号执行方法的优点对智能合约进行高效率的探测，融入差分进化(differential evolution, DE)算法优化测试用例的质量和全局搜索能力，通过长短期记忆神经网络模型(long shortterm memory, LSTM)框架学习可满足性模理论(satisfiability modulo theories, SMT)脚本特征预测求解时间，提升符号执行的求解效率.实验表明，DEST模型比最先进的基准模型漏洞检测率提高9.42%，平均代码覆盖率提高3.6%.

关键词: 深度学习, 漏洞检测, 模糊测试, 符号执行, 差分进化算法

CLC Number:

TP309.2

蔡立志, 马原, 杨康, . 基于差分进化算法与求解时间预测的智能合约漏洞检测[J]. 信息安全研究, 2026, 12(1): 24-.

References

［1］Zheng Z, Xie S, Dai H N, et al. Blockchain challenges and opportunities: A survey［J］. International Journal of Web and Grid Services, 2018, 14(4): 352375［2］Wang Z, Jin H, Dai W, et al. Ethereum smart contract security research: Survey and future research opportunities［J］. Frontiers of Computer Science, 2021, 15: 118［3］崔展齐, 杨慧文, 陈翔, 等. 智能合约安全漏洞检测研究进展［J］. 软件学报, 2024, 35(5): 22352267［4］韩璇, 袁勇, 王飞跃. 区块链安全问题：研究现状与展望［J］. 自动化学报, 2019, 45(1): 206225［5］Torres C F, Iannillo A K, Gervais A, et al. Confuzzius: A data dependencyaware hybrid fuzzer for smart contracts［C］ Proc of the 2021 IEEE European Symp on Security and Privacy (EuroS&P). Piscataway, NJ: IEEE, 2021: 103119［6］He J, Balunovi M, Ambroladze N, et al. Learning to fuzz from symbolic execution with application to smart contracts［C］ Proc of the 2019 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2019: 531548［7］Chen W, Sun Z, Wang H, et al. Wasai: Uncovering vulnerabilities in wasm smart contracts［C］ Proc of the 31st ACM SIGSOFT Int Symp on Software Testing and Analysis. New York: ACM, 2022: 703715［8］Bhme M, Szekeres L, Metzman J. On the reliability ofcoveragebased fuzzer benchmarking［C］ Proc of the 44th Int Conf on Software Engineering. New York: ACM, 2022: 16211633［9］沈传年. 智能合约安全漏洞研究现状［J］. 信息安全研究, 2023, 9(12): 11661172［10］钱鹏, 刘振广, 何钦铭, 等. 智能合约安全漏洞检测技术研究综述［J］. 软件学报, 2022, 33(8): 30593085［11］Cadar C, Dunbar D, Engler D R. Klee: Unassisted and automatic generation of highcoverage tests for complex systems programs［C］ Proc of USENIX Symp on Operating Systems Design and Implementation. Berkeley, CA: USENIX Association, 2008: 209224［12］Barrett C, Tinelli C. Satisfiability modulo theories［J］. Handbook of Model Checking, 2018: 305343［13］李舟军, 张俊贤, 廖湘科, 等. 软件安全漏洞检测技术［J］. 计算机学报, 2015, 38(4): 717732［14］Ochoa P, Castillo O, Soria J. Optimization of fuzzy controller design using a differential evolution algorithm with dynamic parameter adaptation based on type1 and interval type2 fuzzy systems［J］. Soft Computing, 2020, 24(1): 193214［15］Luo S, Xu H, Bi Y, et al. Boosting symbolic execution via constraint solving time prediction (experience paper)［C］ Proc of the 30th ACM SIGSOFT Int Symp on Software Testing and Analysis. New York: ACM, 2021: 336347［16］Durieux T, Ferreira J F, Abreu R, et al. Empirical review of automated analysis tools on 47587 ethereum smart contracts［C］ Proc of the 42nd ACMIEEE Int Conf on Software Engineering. New York: ACM, 2020: 530541［17］Luu L, Chu D H, Olickel H, et al. Making smart contracts smarter［C］ Proc of the 2016 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2016: 254269［18］Nguyen T D, Pham L H, Sun J, et al. sFuzz: An efficient adaptive fuzzer for solidity smart contracts［C］ Proc of the 42nd ACMIEEE Int Conf on Software Engineering. New York: ACM, 2020: 778788

[1]	. Internet of Things Intrusion Detection Model Based on Federated Learning [J]. Journal of Information Security Reserach, 2025, 11(9): 788-.
[2]	. A Spectre Vulnerability Detection Method Integrating Fuzzing and #br# Taint Analysis#br# [J]. Journal of Information Security Reserach, 2025, 11(9): 822-.
[3]	. Fake News Detection Model Based on Crossmodal Attention Mechanism and#br# Weaksupervised Contrastive Learning#br# [J]. Journal of Information Security Reserach, 2025, 11(8): 693-.
[4]	. Encrypted Traffic Detection Method Based on Knowledge Distillation [J]. Journal of Information Security Reserach, 2025, 11(8): 702-.
[5]	. Deep Learningbased Method for Encrypted Website Fingerprinting [J]. Journal of Information Security Reserach, 2025, 11(4): 304-.
[6]	. Research on Dataenhanced Multimodal False Information #br# Detection Framework#br# [J]. Journal of Information Security Reserach, 2025, 11(4): 377-.
[7]	. Privacypreserving Federated Learning Research Based on #br# Confused Modulo Projection Homomorphic Encryption#br# [J]. Journal of Information Security Reserach, 2025, 11(3): 198-.
[8]	. Design of Adversarial Attack Scheme Based on YOLOv8 Object Detector [J]. Journal of Information Security Reserach, 2025, 11(3): 221-.
[9]	. Fake Face Detection Method Based on ConvNeXt [J]. Journal of Information Security Reserach, 2025, 11(3): 231-.
[10]	. Research on Deep Learningbased Spatiotemporal Feature Fusion Network Intrusion Detection Model [J]. Journal of Information Security Reserach, 2025, 11(2): 122-.
[11]	. A Malicious TLS Traffic Detection Method with Multimodal Features [J]. Journal of Information Security Reserach, 2025, 11(2): 130-.
[12]	. Robust Malicious Encrypted Traffic Detection Method Based on Dual Confidence Sample Selection [J]. Journal of Information Security Reserach, 2025, 11(10): 924-.
[13]	. Research of Invisible Backdoor Attack Based on Interpretability [J]. Journal of Information Security Reserach, 2025, 11(1): 21-.
[14]	. Container Anomaly Detection Based on Attention Mechanism and Multiscale Convolutional Neural Network [J]. Journal of Information Security Reserach, 2025, 11(1): 35-.
[15]	. Encrypted Traffic Detection Technology for Multisession Coordinated #br# Attack Based on Deep Learning#br# [J]. Journal of Information Security Reserach, 2025, 11(1): 66-.

Smart Contract Vulnerabilities Based on Differential Evolutionary Algorithms and Solution Time Prediction Detection#br#

基于差分进化算法与求解时间预测的智能合约漏洞检测

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics