Next Article in Journal
Synthetic Aperture Radar Image Despeckling Based on a Deep Learning Network Employing Frequency Domain Decomposition
Previous Article in Journal
GPT-Driven Source-to-Source Transformation for Generating Compilable Parallel CUDA Code for Nussinov’s Algorithm
 
 
Article
Peer-Review Record

Smart Contract Vulnerability Detection Based on Multi-Scale Encoders

Electronics 2024, 13(3), 489; https://doi.org/10.3390/electronics13030489
by Junjun Guo *, Long Lu and Jingkui Li
Reviewer 2: Anonymous
Electronics 2024, 13(3), 489; https://doi.org/10.3390/electronics13030489
Submission received: 29 December 2023 / Revised: 18 January 2024 / Accepted: 22 January 2024 / Published: 24 January 2024

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

Based on the article "Smart Contract Vulnerability Detection based on Multi-scale Encoders" by Junjun Guo, Long Lu, and Jingkui Li, the paper proposes a novel Multi-scale Encoder Vulnerability Detection (MEVD) approach for detecting vulnerabilities in smart contracts. This approach uses a unique architecture comprising of a Surface Feature Encoder (SFE), a dual-branch encoder combining a Base Transformer Encoder (BTE) and a Detail CNN Encoder (DCE), and a Deep Residual Shrinkage Network (DRSN). The method shows promise, demonstrating an average detection accuracy of 90% on datasets of high-risk vulnerabilities.

Strengths:

1. Novelty of Approach: The MEVD method's multi-scale encoder architecture is a significant contribution to the field of smart contract vulnerability detection. The integration of SFE, BTE, DCE, and DRSN is innovative and shows a deep understanding of the complexity involved in smart contract code analysis.

2. High Accuracy: The reported average detection accuracy of 90% is impressive and indicates that the method can effectively identify vulnerabilities in smart contracts, which is crucial given the financial and security implications of these contracts.

3. Comprehensive Testing: The paper includes extensive experiments and comparisons with state-of-the-art methods, providing a robust validation of the proposed approach.

 

Areas for Improvement:

1. Clarity and Structure: The paper would benefit from clearer organization and presentation. Some sections are densely packed with technical jargon, which could be simplified for better understanding. Clearer subheadings and concise summaries at the end of each section would enhance readability.

2. Expanded Explanation of Novel Components: While the paper introduces innovative components like the SFE and DRSN, the explanation of these components' unique contributions compared to existing technologies could be more detailed. This would help in highlighting the novelty of the approach more effectively.

3.Broader Impact Discussion: The paper could expand on the potential broader impacts of this research, including implications for blockchain technology, finance, and cybersecurity. A discussion on how this method could adapt to evolving smart contract platforms and languages would be beneficial.

4. Dataset and Reproducibility: More information about the datasets used for testing, including their accessibility, would help in assessing the reproducibility of the results. Additionally, a discussion on the limitations of the current datasets and how they might affect the generalizability of the findings would be useful.

5. Comparison with Other Domains: The paper could draw parallels with vulnerability detection in other domains, providing a more interdisciplinary perspective. This might include comparisons with traditional software vulnerability detection methods and how techniques from those areas could be integrated or adapted to smart contract analysis.

6. Practical Deployment Considerations: Discussion on how the MEVD method could be implemented in real-world scenarios, potential challenges in deployment, and how it integrates with existing smart contract development tools would be practical additions.

Comments on the Quality of English Language

The English language quality of the article is generally satisfactory, especially in its use of technical language. However, improvements are needed for enhanced clarity and readability. Key areas for improvement include:

1. Simplifying Complex Language: Some sections are convoluted and could benefit from simpler, more direct language.

2. Grammar and Syntax: Minor grammatical errors and awkward phrasings should be corrected through thorough proofreading.

3. Clarity and Consistency: Better explanation of technical terms and consistent terminology use would improve understanding.

4. Sentence and Paragraph Structure: Shortening complex sentences and breaking down long paragraphs would aid readability.

Overall, a careful review and revision focusing on these aspects can significantly improve the language quality of the paper.

Author Response

Thank you very much for your valuable comments and professional advice. We really appreciate the opportunity you've given us to resubmit a revised version of the manuscript. We greatly appreciate your time and consideration. These opinions are an important contribution to the academic rigor and overall quality of our article. Based on your suggestions and requests, we have made corrected modifications on the revised manuscript. We hope that our work can be improved further.

Comment 1. Clarity and Structure: The paper would benefit from clearer organization and presentation. Some sections are densely packed with technical jargon, which could be simplified for better understanding. Clearer subheadings and concise summaries at the end of each section would enhance readability.

Response 1. Thank you for your suggestion. Some sections are densely packed with technical jargon:Based on your suggestion, we have reinterpreted each step in Figure 2 and improved the technical jargon to make it as understandable as possible for readers.

Clearer subheadings and concise summaries at the end of each section:For subheadings, we have added them at the beginning of paragraphs. At the end of the section on related work, we have added a brief summary and compared our methods with existing ones to explain our contributions.

 

Comment 2. Expanded Explanation of Novel Components: While the paper introduces innovative components like the SFE and DRSN, the explanation of these components' unique contributions compared to existing technologies could be more detailed. This would help in highlighting the novelty of the approach more effectively.

Response 2. Thank you for your valuable feedback. To highlight the importance of the SFE and DRSN modules, we have added detailed explanations of the SFE and DRSN modules in lines 623-637 of the revised submission, including an analysis of how they differ from existing techniques and the unique contributions and capabilities of these components.

 

Comment 3. Broader Impact Discussion: The paper could expand on the potential broader impacts of this research, including implications for blockchain technology, finance, and cybersecurity. A discussion on how this method could adapt to evolving smart contract platforms and languages would be beneficial.

Response 3. Thank you for your suggestion. First, in the introduction section, we have added references to illustrate the successes achieved by current blockchain technology across various fields. Next, in the conclusion and future work section, we have supplemented the text with broader potential impacts and limitations of this study in certain areas.

 

Comment 4. Dataset and Reproducibility: More information about the datasets used for testing, including their accessibility, would help in assessing the reproducibility of the results. Additionally, a discussion on the limitations of the current datasets and how they might affect the generalizability of the findings would be useful.

Response 4. Thank you for your valuable comments and suggestions. The experimental data and result used in this study will be posted on the repository(https://github.com/COPELONG/MEVD). In addition, in response to your question, we have added a discussion of the current limitations of our data and further considerations in section 6.2 "Future work".    

 

Comment 5. Comparison with Other Domains: The paper could draw parallels with vulnerability detection in other domains, providing a more interdisciplinary perspective. This might include comparisons with traditional software vulnerability detection methods and how techniques from those areas could be integrated or adapted to smart contract analysis.

Response 5. Thank you for your feedback. Our study compares state-of-the-art deep learning-based methods for detecting vulnerabilities. Among the methods compared, TMP has been compared with traditional detection methods in the relevant literature. It is important to note that our proposed method outperforms TMP in terms of detection performance, so we did not directly compare it with traditional methods. Of course, in response to your valuable suggestion, we have added several bar charts to make it more intuitive to compare the performance of these different methods. In addition, we have added a discussion of integrating or adapting techniques from other fields into smart contract analysis in Section 6.2, "Future Work". We are very grateful for your suggestions, as they not only enrich our research content, but also provide new directions for our future studies in the area of vulnerability detection.

 

Comment 6. Practical Deployment Considerations: Discussion on how the MEVD method could be implemented in real-world scenarios, potential challenges in deployment, and how it integrates with existing smart contract development tools would be practical additions.

Response 6. We sincerely appreciate your valuable suggestions. In response to your comments, we have made comprehensive additions and discussions in Section 6.2, where we thoroughly explore the application of the MEVD method in real-world scenarios and the potential challenges.

 

Finally, we would like to thank you for spending your valuable time and effort to thoroughly review our paper and provide invaluable feedback. Your unique insights and professional suggestions have not only provided new perspectives and directions for our research, but have also greatly enriched our academic horizon. This revision process has been more than just an improvement of the paper, it has been a valuable learning experience from which we have benefited greatly. We greatly appreciate you taking the time out of your busy schedule to provide such professional and accurate feedback.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

The authors of this paper propose a Multi-Scale Encoder Vulnerability Detection approach to find well-recognized high-risk vulnerabilities in smart contracts. The results seem quite promising. The paper is quite well-structured and written. However, I have some proposals to improve its overall quality. They are listed below:

1. Within the abstract, I would suggest to make clearer the research gap you aim to fill. 

2. In the introduction, when you talk about the blockchain technology, it is important to highlight that this technology was successful so far in several sectors. I strongly suggest to cite the following literature review papers for each sector of interest: energy [R1], agriculture [R2], healthcare [R3], e-government [R4]. This is very important to convince the reader that the concept of "smart contract" is mature enough. 

[R1] Andoni et al. (2019). Blockchain technology in the energy sector: A systematic review of challenges and opportunities. Renewable and sustainable energy reviews, 100, 143-174.

[R2] Mirabelli et al. (2021). Blockchain-based solutions for agri-food supply chains: A survey. International Journal of Simulation and Process Modelling, 17(1), 1-15.

[R3] Hasselgren et al. (2020). Blockchain in healthcare and health sciences—A scoping review. International Journal of Medical Informatics, 134, 104040.

[R4] Batubara et al. (2018, May). Challenges of blockchain technology adoption for e-government: a systematic literature review. In Proceedings of the 19th annual international conference on digital government research: governance in the data age (pp. 1-9).

3. The major contributions of the paper, well written in Section 1, should be better justified in Section 2 and/or Section 3. Basically, i would suggest to compare your paper with the others in the literature, similar in terms of topic treated / methodology applied, by using a specific table.

4. I would suggest to unify Sections 2 and 3 in one single section, concerning the current scientific literature.

5. Please, provide more details on the different "steps" represented in Figure 2. Some readers can not be so expert.

6. I would suggest to move the research questions in the first part of the document. They should "drive" the manuscript.

7. Equations (23): you wrote "preccision" instead of "precision". Please, re-read carefully the entire manuscript to avoid typos.

8. In the conclusions, I would suggest to focus more on the limitations behind your study.

Comments on the Quality of English Language

Dear Authors,

I think that the English language is fine. There are only some typos, which must be corrected. Please, re-read the entire manuscript carefully.

 

Author Response

Thank you very much for your valuable comments and professional advice. We really appreciate the opportunity you've given us to resubmit a revised version of the manuscript. We greatly appreciate your time and consideration. These opinions are an important contribution to the academic rigor and overall quality of our article. Based on your suggestions and requests, we have made corrected modifications on the revised manuscript. We hope that our work can be improved further.

 

Comment 1. Within the abstract, I would suggest to make clearer the research gap you aim to fill. 

Response 1. Thank you for your suggestion, based on your advice we have briefly described the problem we aim to solve in abstract section.

 

Comment 2. In the introduction, when you talk about the blockchain technology, it is important to highlight that this technology was successful so far in several sectors.

Response 2. Thank you very much for your valuable comments on our paper. We have made appropriate revisions in the introduction section, highlighting the successful applications of blockchain technology in various domains. Citing these references provides additional technical support for our paper.

 

Comment 3. The major contributions of the paper, well written in Section 1, should be better justified in Section 2 and/or Section 3. Basically, i would suggest to compare your paper with the others in the literature, similar in terms of topic treated / methodology applied, by using a specific table.

Response 3. Thank you for your valuable comments. Based on your guidance, we have made appropriate additions to Chapter 3, "Related Work". First, we have compared our research with other deep learning methods to justify the major contributions of our study. Second, we have added a summary at the end of the section. We apologize for not presenting the information in table format and will consider using tables in appropriate sections in future work to improve the clarity and presentation of the paper.     Thank you again for your comments.

 

Comment 4. I would suggest to unify Sections 2 and 3 in one single section, concerning the current scientific literature.

Response 4. Thank you for your suggestions. We fully understand and respect your opinion regarding the merging of Chapter 2 (Background) and Chapter 3 (Related Work). Our consideration is that although both chapters involve scientific literature, they each play different roles and serve different functions. Chapter 2, "Background", primarily aims to provide foundational knowledge and a theoretical framework for the entire research field, helping readers better understand the specific content in the subsequent chapters. In contrast, Chapter 3, "Related Work", focuses on analyzing and reviewing previous research directly related to our study, providing a specific academic context for the positioning and contributions of our research.

We think that keeping these two chapters separate allows for a clearer definition of their respective focus and scope, and helps the reader to grasp more systematically the differences and connections between the research background and related work.   Based on these considerations, we prefer to maintain the independence of these two chapters. Of course, we will continue to consider how to optimize the chapter structure to better present the research content. Thank you again for your valuable comments, which we take very seriously and will consider carefully.

 

Comment 5. Please, provide more details on the different "steps" represented in Figure 2. Some readers can not be so expert.

Response 5. We are very grateful for your valuable suggestions. In response to your advice, we have already provided a detailed supplement to the description of Figure 2, ensuring a clear and direct explanation of each step shown in the figure. Our aim is to help readers understand the content of Figure 2 more intuitively. We sincerely hope that these improvements will meet with your approval.

 

Comment 6. I would suggest to move the research questions in the first part of the document. They should "drive" the manuscript.

Response 6. Thank you for your valuable comments on our manuscript. Regarding your suggestion to move the research questions to the beginning of the document, we have placed the research questions in the second paragraph of the introduction. We think that the current arrangement of the paragraphs better guides the reader to gradually understand the background of smart contract security, related events and their implications. This provides sufficient context and motivation when introducing the research questions. We believe that this progressive narrative approach helps to reinforce the importance of the research questions, making the entire article more logical and compelling.

 

Comment 7. Equations (23): you wrote "preccision" instead of "precision". Please, re-read carefully the entire manuscript to avoid typos.

Response 7. We sincerely thank you for your meticulous and professional review.  The spelling errors you pointed out were indeed due to an oversight on our, for which we deeply apologize. Your careful scrutiny and rigorous attitude to research are admirable and have made us more aware of the importance of attention to detail. As a result, we have carefully re-examined the entire manuscript. Once again, we thank you for your thoughtful guidance and valuable suggestions on our work.

 

Comment 8. In the conclusions, I would suggest to focus more on the limitations behind your study.

Response 8. We sincerely appreciate your valuable comments. Indeed, your suggestion about the need to further discuss the limitations of the study in the conclusion section is very important. Consequently, we have added a new section, 6.2 "Future work", in which we detail the limitations of our study and outline our future research directions.

 

Finally, we would like to thank you for spending your valuable time and effort to thoroughly review our paper and provide invaluable feedback. Your unique insights and professional suggestions have not only provided new perspectives and directions for our research, but have also greatly enriched our academic horizon. This revision process has been more than just an improvement of the paper, it has been a valuable learning experience from which we have benefited greatly. We greatly appreciate you taking the time out of your busy schedule to provide such professional and accurate feedback.

Author Response File: Author Response.docx

Round 2

Reviewer 1 Report

Comments and Suggestions for Authors

This version now meets the required standards.

Back to TopTop