Open Access

ARTICLE

GMS: A Novel Method for Detecting Reentrancy Vulnerabilities in Smart Contracts

Dawei Xu^1,2, Fan Huang¹, Jiaxin Zhang¹, Yunfang Liang¹, Baokun Zheng^3,*, Jian Zhao¹

1 School of Computer Science, Changchun University, Changchun, 130012, China
2 School of Computer Science and Technology, Beijing Institute of Technology, Beijing, 100081, China
3 School of Information Management for Law, China University of Political Science and Law, Beijing, 102249, China

* Corresponding Author: Baokun Zheng. Email:

(This article belongs to the Special Issue: Security and Privacy for Blockchain-empowered Internet of Things)

Computers, Materials & Continua 2025, 83(2), 2207-2220. https://doi.org/10.32604/cmc.2025.061455

Received 25 November 2024; Accepted 13 January 2025; Issue published 16 April 2025

Abstract

With the rapid proliferation of Internet of Things (IoT) devices, ensuring their communication security has become increasingly important. Blockchain and smart contract technologies, with their decentralized nature, provide strong security guarantees for IoT. However, at the same time, smart contracts themselves face numerous security challenges, among which reentrancy vulnerabilities are particularly prominent. Existing detection tools for reentrancy vulnerabilities often suffer from high false positive and false negative rates due to their reliance on identifying patterns related to specific transfer functions. To address these limitations, this paper proposes a novel detection method that combines pattern matching with deep learning. Specifically, we carefully identify and define three common patterns of reentrancy vulnerabilities in smart contracts. Then, we extract key vulnerability features based on these patterns. Furthermore, we employ a Graph Attention Neural Network to extract graph embedding features from the contract graph, capturing the complex relationships between different components of the contract. Finally, we use an attention mechanism to fuse these two sets of feature information, enhancing the weights of effective information and suppressing irrelevant information, thereby significantly improving the accuracy and robustness of vulnerability detection. Experimental results demonstrate that our proposed method outperforms existing state-of-the-art techniques, achieving a 3.88% improvement in accuracy compared to the latest vulnerability detection model AME (Attentive Multi-Encoder Network). This indicates that our method effectively reduces false positives and false negatives, significantly enhancing the security and reliability of smart contracts in the evolving IoT ecosystem.

---

Keywords

---