A Study on Characteristics and Identification of Smart Ponzi Schemes

A smart Ponzi scheme (SPS) is a financial Ponzi scheme that is implemented and deployed in blockchain through smart contract technology. It is built on treachery and lies, by which, the organizers and speculators jointly deceive innocent investors by fostering a belief in obtaining the expected benefits. The occurrence of SPSs is originated from the vulnerability of the supervision mechanism on the blockchain. Although there are many excellent studies, these contributions overemphasized the methods themselves, did not describe the characteristics of the SPS well, and had certain limitations in practice. We made a thorough study on the characteristics of an SPS and brought out the vital features to identify an SPS for an investor. Based on the analysis of the contributions of predecessors, we propose an approach to test whether a contract is an SPS. This approach could deal with two situations, the contracts to be deployed and the long-run contracts respectively. Of the approach, the priori method can be exploited to distinguish whether the contract to be deployed is an SPS for the runner of a blockchain; the posterior method could protect an investor from being trapped in a fraud. At the same time, the posterior method can also be extended to monitor some contracts dynamically to alert users with the probability to be fallen into SPSs.


I. INTRODUCTION
Ponzi scheme is an ancient form of fraud that many people hate and seek after. The scam is built on treachery and lies, by which, the organizers and speculators jointly deceive innocent investors by fostering beliefs in obtaining the expected benefits. Ponzi schemes have entered the digital finance from the traditional financial along with times, and are called smart Ponzi scheme (SPS) [1] in the digital/virtual currency world.
SPSs are rooted in the blockchain ecosystems, especially in those implementing smart contracts. Blockchain technology enlarges the hiddenness of targets invested to, at the same time, smart contracts provide the flexibility to hidden fraud by information technology; the investors couldn't master or are difficult to know the true information of the initiators in the digital token world. Nevertheless, as a decentralized ledger, blockchain has stored not only full of information of all the transactions of the attenders but also the opcode and Application Binary Interface (ABI) of deployed smart contracts. Therefore, many researchers exploit this The associate editor coordinating the review of this manuscript and approving it for publication was Dongxiao Yu . information to build various methods to protect investors from SPSs.
From the view of researchers, the detection or identification of an SPS is a class-imbalanced problem [18]. Many of them put their focus on how to build an efficient and accurate classification method, such as Machine learning, ANN methods, based on static data. In contrast, some persons try to build a simulation system to run the contracts for distinguishing whether they are SPSs.
In the view of an investor, it is a decision problem. The investors need all the accurate information to determine the probability that the new fund is an SPS, and to trade off the possible loss when investing or not investing. However, most of the researchers could not conduct an in-depth analysis and summary of the characteristics of SPSs although they have built a lot of efficient methods. Therefore, it is very necessary to study the characteristics and natures of SPSs in detail while bringing out a new method.
This paper aims to provide a full of characteristics of an SPS based on bibliometric analysis and to establish a reasonable approach for investors to distinguish whether a fund is an SPS within a blockchain. We make a two steps route, that is from the analysis of the VOLUME 10, 2022 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ achievements of predecessors to establishing an approach ourselves. Therefore, we search the important references, articles, and datasets. Firstly, by inputting ''Ponzi scheme smart contract blockchain'' as keywords for ''subject/title/abstract'' into the search engine of EI Village, we got 19 results and obtained 15 articles by excluding the non-relative and the repeated eventually. Then by entering ''TS = (Ponzi scheme) and (smart contract) and (blockchain)'' as expressions into the search engine of Web of Science, we got 13 results, and we obtained 4 papers by removing the repetitions to EI results and the non-relative. At last, we got 19 papers that talk about the smart Ponzi scheme and have important effects.
The paper is structured as follows: Section II provides the analysis of the full characteristics of an SPS. Section III introduces the current methods to detect SPSs. Section IV talks about the proposed approach to identify an SPS. Section V gives a test to verify the proposed approach. In the last section, VI makes a conclusion.  [2]. Therefore, a smart Ponzi scheme is a financial Ponzi scheme that is implemented and deployed in blockchain through smart contract technology; Smart contracts are merely media and tools to realize Ponzi schemes. As for, an SPS has not only newly added features but also all the characteristics of a traditional Ponzi scheme.

B. ORIGINAL FEATHERS OF A PONZI SCHEME
According to the definition in the U.S. Securities and Exchange Commission and the item of Ponzi scheme in Wikipedia, a Ponzi scheme has features as follows.
• It is investment fraud.
• Its returns to existing investors come from the new investors.
• Its organizer has little or no legitimate earnings. • Its organizer promises high rewards to new investors.
• It can maintain a sustainable business until it cannot pay off withdrawals demanded by investors because there are not enough new patricians.
• A normal fund would become a Ponzi scheme while its legal income sources are permanently cut off.

C. FEATHERS OF AN SPS 1) ANONYMITY
The creator of each smart Ponzi scheme is anonymous, could be anywhere, and so do the other participants underlying the blockchain [3]- [5]. The anonymity protects against incrimination of the initiators while increasing the difficulty to identify an SPS for an investor.

2) IMMUTABILITY
While a smart contract is deployed, it is impossible to modify and is potentially unstoppable, so it is impossible to break the scheme. Therefore, the participants have a high degree of confidence that the return will continue [4]. Once an investor takes part in there is no easy way out [3]- [5].

3) METASTASIS
To cut down their losses, the participants have to continually invite new investors to the scheme while they are aware of being trapped in an SPS. This further hides the creator's malice and makes it more difficult for investors to distinguish [3].

4) TRUSTWORTHINESS
The appearance of the availability of the source code of a smart contract and the automation of the contract make users feel more reliable and credible. The investors could not believe that it is easy to deploy a scam in this transparent field, while they can see their invested money clearly shown in there [3]- [5].

5) INDISTINGUISHABILITY
It is difficult to extract the features of the Ponzi scheme from the smart contracts though with source code [6]. Like traditional Ponzi schemes, indistinguishability is a vital characteristic of an SPS. Therefore, many people manage to develop various methods or tools to help distinguish whether a scheme is a Ponzi scheme. However, these efforts did not lead to their targets.

6) OPENNESS AND TRANSPARENCY
All deployed contracts, related transactions, and accounts are accessible to anyone linked in the blockchain. All these records the whole information of the contracts and their historical activities, these are the basis to build identification methods.

D. OPERATION FEATURES OF AN SPS
The whole operation of an SPS can be divided into three explicit phrases: bootstrap, hyper-operation, and collapse, which picture the process of a scheme from starting to falling away [7].
• Bootstrap: It is the initial phrase that the fund is known by a very small amount of investors who are waiting and seeing.
• Hyper-operation: During this stage, more and more investors take part in the scheme, they all believe that they could get high returns, and invite new investors sincerely.
• Collapse: This phrase starts at the investors can't withdraw their investment and lose their confidence in the scheme, for, at that time, not enough entered new investments to support the rewards to early investors. In general, before this stage, the cheater will run away, which would accelerate this phrase to come.

E. KINDS OF AN SPS
As we all know, the owner's income in an SPS comes from investors, so how does he accumulate himself amount, allocate investments and return to investors? The internal structure of the contract answers these questions while determining their kinds. Based on the logical relations of accounts inside the contract, we group all the SPSs into two categories, tree-shaped, and array-shaped. Of each category, there are four important issues, return route, return ratio, reward time, and owner's income which expose the characteristics of an SPS. With this information, an investor could manually analyze the source code of the smart contract to determine whether it is an SPS.

1) TREE-SHAPED SCHEMES
Within this type of scheme, all the investors are arranged into a tree data structure, the initiator acts as the root; every new investor has a parent node that stores the inviter. This is to say that a new investor must have an inviter. And his investment will be divided into different parts to all his predecessors according to the pre-set ratios.
• Return route: along the branch of the tree to the initiator. • Return ratio: vary according to his descendants; different branch has a different ratio.

2) ARRAY-SHAPED SCHEMES
All the investors are linearly arranged into an array or list data structure. Generally, the creator takes the place of the head. With this type of scheme, the new investor may have or not have an inviter. Although this is a simple structure, the assignment of returns can change variously depending on the specific distribution algorithm.
• Return route: along the line to the head or from the head. • Return ratio: fixed or vary according to his descendants. • Waterfall schemes: the distribution of return always began from the head of the list with a fixed ratio to initiator balance, as a result, earlier investors got more rewards, and the later entered maybe get no return. TeasureChest and PiggyBack are such types of schemes.
• Handover schemes: the investment will be increased when a new investor comes, and most of the investment will return to the previous. KingOfTheEtherThrone is the representative example.

III. DETECTION METHODS OF AN SPS
Methods to detect an SPS can be grouped into two categories, static process methods, and dynamic process methods. Most of the current research belongs to static process methods, only a few consider the dynamic process methods.

A. STATIC PROCESS METHODS
All the data used by a method is static and not changed during the whole operation process. Source code, bytecode, transactions, and so on are fixed while the method begins. The focus of these methods is how to extract or build features of the dataset and adopt which algorithms to classify the data, and so are the research hotspots. This type can be divided into several subtypes based on the data that it depends mainly.

1) SOURCE CODE BASED
The source code of the contracts contains the whole logic to realize the organizer's intent. By analyzing the source code, it is easy to distinguish the rewards distribution map. Using multi-channel textCNN and transformer [8] to improve Ponzi scheme contract detection is a good example to establish a method based on the source codes of the contracts. This method can result in a more accurate Ponzi scheme prediction. Both pros and cons of this method are too dependent on source code. However, the methods that relied on source codes couldn't process the new deployed contacts yet since source codes don't be opened to extern nodes.

2) BYTECODE BASED
Almost all the static methods adopt the features of the bytecode of the contracts because the bytecode is the entity that represents the contracts completely, and contains the whole information of the contracts. For examples, Shen, X. et al. provided a method with OC-SVM and IForest algorithms to detect the Ponzi features on the bytecode [4]. This method innovatively transforms the classification of Ponzi scheme contracts into anomaly detection problems. However, the extracted features are difficult to reflect the real meaning of the bytecode. Lou, Y. et al. brought out an improved convolutional neural network with a high F-score of 0.959 [6]. But, the authors did not show a discussion of the features that they adopted in the method. Fan, S. et al.
proposed an anti-leakage detection method by segmenting the opcode sequence through n-gram with 0.96 F-score [9]. This method shows that the best gram length to extract the opcode features is 2. Fan, S. et a. brought out a detection method by transforming the opcode of every contract into eigenvectors with 0.98 F-score [10]. Chen, W. et al. proposed a novel semantic-aware approach: SADPonzi [11]. This method builds a static analysis tree and identifies smart contracts according to the presetting scam model. Although this method executes the bytecode statically, it is limited to VOLUME 10, 2022 the calling relationship of the related ''functions'' and does not reproduce the execution purpose of the bytecode. Peng, J. and Xiao, G. gave the detection method using opcode [15]. Within the method, the extremely randomized trees algorithm is used as the classifier and 669 opcode sequences are used as the features to detect frauds.

3) TRANSACTIONS BASED
Transactions are the operation results of a smart contract, to a certain extent, they are the agents of the contracts, so they imply the information of an SPS. For an instance, Yu, S. et al. provided a Ponzi scheme detection method based on the GCN model using two types of information: transaction amount and transaction time [12]. The number of the features, which come from transactions, adopted by the method is about 14 and all the features are real and observable. However, this method does not involve other related information such as the relationships among the transactions.

4) BYTECODE AND TRANSACTIONS BASED
Many researchers think that the information from bytecode is incomplete, it needs more information to build a good method in fact, and this information comes from the transactions of the contracts. Therefore, transactions are added to the dependent dataset. For examples, Chen, W. et al. used a boosting-based algorithm to detect smart Ponzi schemes on Ethereum [13]. This method builds account features by extracting information from transaction history and achieves high accuracy for practical use. Fan, S. et al. proposed a smart Ponzi scheme detection method using Federated Learning with 0.9655 F-score [14]. The method does not require the client to share the original training data so that it can protect the private data of all parties from leaking.

5) ACCOUNT INFORMATION ADDED
A part of researchers points out that only the contacts and their transactions could not reflect all the information to determine an SPS and account information could reveal the real intent. For instance, Wang, L. et al. proposed a method that exploits opcode and account features via oversampling-based Long Short-Term Memory (LSTM) to detect smart contracts [16]. Within this method, the oversampling technique is utilized to sample feature data and the LSTM model is trained for future Ponzi scheme detection. Liu L. et al. construct a heterogeneous graph transformer network to discover Blockchain-enabled fraud with account feature and code feature [19]. This method extracts features and constructs a heterogeneous information network, and uses the obtained node embedding to perform smart contract anomaly detection effectively and stably.

6) OTHER COMBINATIONS BASED
Each data related to smart contracts is a part of the whole scheme, and it carries more or less information. Therefore, the combination of the data varies according to certain research. For examples, the image-based scam detection method proposed by Bian, L. et al. relies on the combination of bytecode and ABI [17]. This method uses the bytecode and ABI of the contract for detection and analysis to improve upon the limitation resulting from only using the source code of the contract. However, the shortcoming of the method is that the training time required for the model is relatively long. Zhang, Y. et al. brought out an improved LightGBM algorithm to detect Ethereum Ponzi schemes exploiting the features extracted from opcodes, bytecodes, and user information [18]. This method extracts the bytecode similarity feature innovatively and combines it with the existing user transaction record and opcode frequency as a combined feature to test the Ponzi scheme.
Each combination of information data has its advantage in revealing the information of an SPS. it could not say which one is better than the others. According to the investigation of the methods on different data combinations by Ibba, G., Pierro, G. A., and Francesco, M. D., the F1-Score does not have extreme differences [5].

B. DYNAMIC PROCESS METHODS
A Ponzi scheme itself has dynamics, for some schemes are initialized as normal funds and are obliged into Ponzi schemes during the operations later because of external changes. The operation processes of each method of the contract realize the purpose of the creators at last. Sun and his colleagues provide a dynamic method to early detect SPSs based on behavior forest similarity [3]. By this method, an investor could inspect the contract without relying on anything else except for the smart contract itself.

IV. NEW APPROACH
There are two situations when investors want to judge whether a fund is a scam. One is that the scheme has run for a long time, at the hyper-operation or collapse stage; the other is that the scheme just begins or is at the bootstrap phase. In the first situation, it can detect the features of an SPS from the existing transactions; in contrast, In the second situation, the investors could not decide on seldom data. Therefore, how to judge whether the fund is a scam requires a comprehensive approach. When investors face the second situation they should adopt methods that mainly rely on bytecode information. And when with the first situation, they should exploit the methods that depend on transaction information merely.

A. POSTERIOR METHOD
Thorough out all the attributes of an SPS, we can see that the source of the organizer's income and the source of the investor's rewards are the two most important characteristics, which determine whether the scheme is a Ponzi scheme, to a certain extent. If both are from investors (or new investors), it is firmly a scam. Therefore, we propose an approach that exploits this feature to detect an SPS within a scenario. This method firstly makes a basis selection whether there is a possibility to be an SPS based on checking the operation profile of the scheme. If so, then, build the ecosystem of the SPS. At last, determine whether it is an SPS by examining the two income sources.

1) OPERATION PROFILE
We can see that there is an exponential increase [7] in the super-operation phase. This profile is explicitly different from the normal funds for high rewards. This can be taken as the first metric to judge an SPS. So, we divide these features into three indexes to show the detailed information of this metric.

a: DAILY TRANSACTION VOLUME (DTV)
DTV is a function of time to represent the amount of all the transactions in a day. The DTV of an SPS appears as a special curve and can be divided into three parts, the first part is a linear curve segment, the second part is an exponent curve segment, and the third part is a linear curve segment.
where, t 0 refers to the time that the amount of transactions boosts, t 1 refers to the time that the scheme begins to collapse, m refers to increase speed, and k refers to the initial constant.
We can exploit DTV to measure whether the transaction of a fund is normal and to determine the probability that the fund is an SPS.

b: DAILY INVESTORS NUMBER (DIN)
DIN is a function of time to represent the number of new investors entering the scheme, I (t). We suppose that the change of DIN depends on three causes, one is the information transmission rate, the second is the attending rate of known information, and the last one is the attractiveness of returns.
Suppose that, the information transmission rate can be calculated according to the following methods. A(n) represents the total number of those who are aware of the fund at n times transmission. And about x percent of A(n) will send this information to his friends, while, about y percent of A(n) will invest the fund. A 0 is the number of persons that the fund got by advertisement.
The transmission times, n, will decrease half of before in a day. Let initial value n be N 0 , then n is, where t is the number of days from starting. At last, we can obtain the total quantity of investors, I (t), DIN shows the change in the number of new investors and reflects the possibility that the fund is a scam.

c: DAILY VALUE FLOW (DVF)
DVF is a function of time to picture the amount of transaction income value in a day. We don't provide the formal equation because DVF is so complex that it is difficult to represent simply. But, it is important to outline the scam graphically and its curve is similar to the curve of a DTV.
When an investor finds that the transaction trend of the fund appears the features of DTV, DIN, and DVF, he or she should be vigilant and careful to avoid falling into a scam while making an investment decision.

2) THE ECOSYSTEM OF A SMART PONZI SCHEME
To realize its purpose, an SPS has to establish its ecosystem, as shown in Fig. 1. From the figure, we can see three sections that marked a circled number. No.1 indicates the entities controlled by the organizer of the scheme. Within it, the master account runs for creating the contract interfaced with investing accounts, exchanges Tokens with exchangers, and transacts with partners. The contract is the address deployed by the 'fund' to investors to perform transactions, deposits, or withdrawals. The most important are partner accounts, which are used to cover up the secret of the frauds and are the companies to implement the Ponzi scheme. No.2 shows the entities of victims, which are directive accounts and indirective investment accounts. No.3 is the Exchangers are the places victims buy Token and the fund gets real currency.
In the figure, all the arrows represent transactions among all the entities in the ecosystem. The single-line dark red arrows represent transactions between the accounts and exchangers. The double-line green arrows give the transactions between the contract and investing accounts, and between the contract and partner accounts. The single-line blue arrow shows the transactions between investing accounts and other related accounts. The single-dot-line black arrow represents the transactions between the master account and partner accounts. The single-dot-line orange arrow gives the transactions between the contract and exchangers. At last, the three-line blue arrow shows the transactions between the master account and the contract.
We can build the ecosystem based on the transactions of the given contact according to their route paths. The first work is to list all possible exchanger accounts by searching  As long as you find the creator of the contract, the address of the creator is the master account. It is easy to do so for there is only one ''create transaction'' related to the contract.

b: FIND INVESTING ACCOUNTS AND PARTNER ACCOUNTS
Firstly, build two sets, one for the accounts that as senders to the contract, and the other one for the accounts as a receiver from the contract. Secondly, exclude the accounts that could be found in the exchanger list from the two sets. Thirdly, make a new set that contains the shared accounts by the two sets. Fourthly, exclude the accounts that could be found in the sender set from the receiver set, and get the pure partner accounts. Fifthly, check the shared set to find out all the accounts that of each one its amount of received values is bigger than its quantity of sending values, which can be reasonably taken as a partner account, and move these accounts into the partner set. At last, move the rest of the shared set into the sender set, and then get investing accounts.

c: FIND OTHER ACCOUNTS
Check the receive transactions of each one of investing accounts, and get the sender accounts. Excluding exchanger accounts would get the indirective victim accounts.

3) EXAMINE INCOME SOURCES
To return to the investors, the scheme must have continuous incomes. If it can prove that these incomes come from the investors, in other words, the scheme income and the rewards to the investors are the same from the investors themselves, then it concludes that the scheme must be a finance fraud whether it is an SPS. The analysis process is shown as follows.
1. Collect all the transactions that the partner accounts send value to the contract. And calculate the total amount of the values sent, referred to as S p . 2. Collect all the transactions that the exchangers send value to the contract. And calculate the total amount of the values sent, referred to as S e . 3. Collect all the transactions that the contract sends the value to the investors. And calculate the total amount of the values sent, referred to as S ir . 4. Collect all the transactions that the investors send value to the contract. And calculate the total amount of the values sent, referred to as S is . 5. Collect all the transactions that the contract sends the value to the externals. And calculate the total amount of the values sent, referred to as S cs . 6. if S p + S e S ir and S cs + balance < S is then it is a scam.

B. PRIORI METHOD
Faced a newly or to be deployed contract, there are seldom transactions, we must adopt a priori way to test the possibility of being a fraud for the contract. Because all the income of an SPS comes from the investors, we could establish a virtual scenario to figure out this feature and determine whether it is an SPS.
Give a contract, the balance, M , of its owner can be represented as, where k is the nominal ratio for the owner income; I is the investment of an investor; F is the transaction fee; R is the return to an investor; n is the amount of the transactions; l is the number of investors that got returns. If we make each investment much larger than every possible transaction fee and be identical, we can get, We can use formula (5) to test whether the contract is an SPS. If the input data and the balance of the owner fit into this formula and there are not any other functions or methods that can send value to the contract, we firmly think that it is a fraud.
The following process is summarized to realize the priori method which exploits the dynamical behaviors of the contract.
1. Build a private operation network.
2. Translate the ABI into a public function list, find all the send methods and get the value functions. 3. Deploy the contract in a private network, and give a list of addresses with a fixed balance. 4. Run one of the send methods for each address with a fixed value, and record the value and the balance. 5. Analyze the result according to formula (5), if the result does not fit the formula, go to step 7, it says that the contact has a little possibility to be an SPS. 6. Repeat step 4 until all the send methods are performed.
Here you could think that the contract is much more possible a scam. 7. End

V. EXPERIMENTS
The purpose of these experiments is to verify the feasibility of the proposed method, provide users with demonstrative examples, and compare it with some existing methods. We selected the current popular dataset as test objects of the new approach, which comes from cn.therscan.com. The dataset contains 50 contracts that were labeled as Ponzi schemes.

A. DEMONSTRATIVE EXPERIMENTS
Firstly, we chose InfinitiMoney (address @ 0 × 53.6a6ba0d 913d5d6a4ce2c6eb7ed0de3c0f0b89e) as the analysis object to verify the posterior method. We got a total of 3231 transaction original records from cn.therscan.com and obtained 2586 successful transactions after excluding the errors. The first transaction is the create of the contract, so we get the master account @0xb648cc3367571c9166e966d1-eb97de3f9ebfb8fd. The rest of all the transactions are sent to the contract. We pictured the number of transactions and their values in Fig. 2. The horizontal axis corresponds to the days of transactions and the left vertical axis refers to the number of transactions, and the right vertical axis represents the values of transactions in Fig. 2. We exploit the DTV index to explain the curve of the quantity of the transactions. It explicitly has the same tendency as the DTV index. In addition, the transaction values, as the DVF index, has complex changes than the DTV index, but it clearly shows that it has three phrases. So that we can think that the scheme is a fraud.
We don't show the process that how to build the ecosystem of InfinitiMoney since it is relatively easy and verbose. We adopted the analysis process mentioned in part 3) of subsection A in section IV to collect, calculate and arrange the data into Table 1. We can find that Sp + S e S ir and S cs + balance < S is , so we regard reasonably InfinitiMoney as a scam. VOLUME 10, 2022   Secondly, we select Wallie.me (address @0xc0b52b760-55c392d67392622ae7737cdb6d42133) as the object to test the priori method. We got the bytecode and ABI from cn.therscan.com and deployed them into our private aleth-PM network. We took 2999 addresses as the investment accounts each of which was allocated 0×8000000000000000 as its balance. Each account invested one time with value, 0 × 2000000000, and made a one-time withdrawal. We got raw data of all the accounts as shown in Table 2. In Table 2, OB refers to the balance of the contract and IB represents the balance of an investment account. From Table 2, we can see that the OB increases with IB according to a certain rule. To show this rule, we rearrange the data into Table 3.
In Table 3, AR refers to the accumulated returns to the investors; TI refers to the accumulated investments of all the investors. From the right column, tilted TI-(OB+AR), we can see that all the differences are small and accumulated slowly. In fact, these differences are the transaction fees. It also shows that the contract income is all from the investors for the balance of the contract is nearly equal to the investments plus all the returns. So we can determine that Wallie.me is a scam.
By the above two examples, we explained and verified the test process of our proposed approach. Then, we tested all other contracts with a large number of transactions in the dataset, which shows that our approach is feasible and practical.

B. COMPARATIVE EXPERIMENTS
To further demonstrate the effectiveness of the proposed method, we selected four methods for comparison. The first is textCNN [8] which uses the feature information contained in the source code of smart contracts to classify the contracts with a neural network algorithm and is a static method. The second is SADPonzi [11] which exploits bytecode features, this method uses the inherent relationship of the bytecode to build a static analysis tree and identifies smart contracts according to the presetting scam model. Although this method executes the bytecode statically, it is limited to the calling relationship of the related ''functions'' and does not reproduce the execution purpose of the bytecode. It is still a static method, but it is a step towards a dynamic method. The third method is the improved LightGBM [18] with Smote + Tomek, which further expands the source of features. In addition to using the features of source code and bytecode, 7 user features are extracted and added, which greatly extend the range of features and belong to static methods. Among the added user features, Paid_rate and Kr could be used as training features of the detection model. The fourth method is S_HGTNs [19] which further expands the range of features, including account, transaction, and other information, but does not contain bytecode features. The authors exploit these features to construct a heterogeneous information network so that they can obtain some meta paths as the input of the convolution network to perform the classification process. And again, it is a static method.

1) EXPERIMENTAL DATA AND RESULTS
The comparative dataset consists of 50 contracts labeled SPS and 150 normal contracts. Among them, smart contracts without source code will be converted into equivalent source code by the decompile tools. 25 SPS contracts and 50 normal contracts were selected as the training set. The classification test data is the entire comparison dataset. The classification results, calculated by F1-score, are shown in Table 4, where the proposed method has not a training phase.

2) ANALYSIS OF COMPARATIVE RESULTS
It can be seen from Table 4 that the experimental results of method 1 are the worst, with relatively low precision and recall rate, which shows that it is impossible to accurately determine whether a contract is a scam only against the source code features. Since the source code is the text that represents the contract functionality, the text itself is difficult to fully represent the essential characteristics of the contract's functionality, so the three indicators are all low. Because method 2 adopts the calling structure features of the bytecode, which reflects the functionality of the smart contract, the experimental results are improved compared with those methods depending on the source code, especially the precision is the highest among all methods. However, some smart contracts with the same structural features are not all SPSs. Method 3 further improves the recognition results due to the adoption of more feature combinations, with the highest F1-score. Method 4 extracts a wider range of features, however, due to ignoring the features of the bytecode, the experimental results are not as ideal as method 3, the recall rate is low, and the results indicate that the features of the bytecode play an important role in judging an SPS. The experimental results of the proposed method are roughly equivalent to the results of method 4. The precision ranks second among the five methods, the recall rate ranks third, and F1-score ranks second. From the result, the proposed method has the same effectiveness as method 3 and method 4 in calculating the test set.
Although the four methods are different in the specific process and method of feature selection and extraction, they are all classification methods based on machine learning algorithms, and there is a learning phase that requires certain samples for training.
The proposed method reflects the essential characteristics and network characteristics of SPSs, and it is convenient for investors to operate, and has the following advantages.
1. It does not require a learning and training procedure before real use, can directly detect smart contracts, and is convenient for users to master. 2. It is highly adaptable and can deal with variants of the scam without other processing. Methods based on the training set need to be retrained in the face of new changes. 3. The curves provided by the three indicators, DTV, DIN, and DVF, can intuitively allow investors to screen whether the smart contract is a scam, which is simple and easy to use.

VI. CONCLUSION
The occurrence of SPSs is originated from the vulnerability of the supervision mechanism on a blockchain. In other words, there is not a safety system to ensure vicious addresses or contracts are not deployed. We propose an approach to test VOLUME 10, 2022 whether a contract is a fraud. This approach could deal with two situations, the contracts to be deployed and the long-run contracts respectively. Of the new approach, the priori method can be exploited to test the risk of being an SPS of a contract for the runner of a blockchain, and the posterior method can protect an investor from being trapped in a scam. At the same time, the posterior method can also be extended to monitor some contracts dynamically so that to alert users with the probability to be fallen into smart Ponzi schemes. Although the three indicators, DTV, DIN, and DVF are convenient for investors to observe the operation status of the fund, the information of their curves cannot be fully automated, and there is still a certain gap in deployment as a daemon service program. In addition, we have not given a formal model of DVF. To this end, we will further improve various indicator models and related algorithms in future research, and at the same time develop the method into an automated application service plug-in that is convenient for investors to use.