Esim: EVM Bytecode Similarity Detection Based on Stable-Semantic Graph
Zhuo Chen, Gaoqiang Ji, Yiling He, Lei Wu, Yajin Zhou
TL;DR
This work tackles the problem of detecting similarity between EVM bytecodes in the DeFi ecosystem, where code reuse and vulnerabilities propagate rapidly. It introduces Stable-Semantic Graph ($SSG$), a heterogeneous graph representation that captures stable instructions and data flows, and Esim, a two-module system (SSG Builder and SSG Embedding Generator) that learns embeddings via a heterogeneous Graph Neural Network. Esim achieves state-of-the-art performance, with $F1$ scores of $100\%$ for SCFG, $95.16\%$ for SDFG, and an AUC of $0.963$, while processing millions of contracts across six chains and outperforming Etherscan in vulnerability-code search. The approach demonstrates strong generalization across compiler versions and optimizations and offers a scalable tool for security analysts and researchers in DeFi.
Abstract
Decentralized finance (DeFi) is experiencing rapid expansion. However, prevalent code reuse and limited open-source contributions have introduced significant challenges to the blockchain ecosystem, including plagiarism and the propagation of vulnerable code. Consequently, an effective and accurate similarity detection method for EVM bytecode is urgently needed to identify similar contracts. Traditional binary similarity detection methods are typically based on instruction stream or control flow graph (CFG), which have limitations on EVM bytecode due to specific features like low-level EVM bytecode and heavily-reused basic blocks. Moreover, the highly-diverse Solidity Compiler (Solc) versions further complicate accurate similarity detection. Motivated by these challenges, we propose a novel EVM bytecode representation called Stable-Semantic Graph (SSG), which captures relationships between 'stable instructions' (special instructions identified by our study). Moreover, we implement a prototype, Esim, which embeds SSG into matrices for similarity detection using a heterogeneous graph neural network. Esim demonstrates high accuracy in SSG construction, achieving F1-scores of 100% for control flow and 95.16% for data flow, and its similarity detection performance reaches 96.3% AUC, surpassing traditional approaches. Our large-scale study, analyzing 2,675,573 smart contracts on six EVM-compatible chains over a one-year period, also demonstrates that Esim outperforms the SOTA tool Etherscan in vulnerability search.