CEGT: Smart contract vulnerability detection via Connectivity-Enhanced GCN-Transformer

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Journal of Systems and Software Pub Date : 2025-04-21 DOI:10.1016/j.jss.2025.112454

Jiandong Shang , Jiaru Li , Yizhe Sui , Hengliang Guo , Xu Gao , Dujuan Zhang , Yang Guo , Gang Wu

{"title":"CEGT: Smart contract vulnerability detection via Connectivity-Enhanced GCN-Transformer","authors":"Jiandong Shang , Jiaru Li , Yizhe Sui , Hengliang Guo , Xu Gao , Dujuan Zhang , Yang Guo , Gang Wu","doi":"10.1016/j.jss.2025.112454","DOIUrl":null,"url":null,"abstract":"<div><div>The deployment of smart contracts on blockchains is rising rapidly. Accurate detection of security vulnerabilities in smart contracts can significantly minimize property losses. However, most existing machine learning (ML)-based models for smart contract vulnerability detection models overlook the contract graph structures and sequence information, reducing detection effectiveness. This study presents a Connectivity-Enhanced GCN-Transformer (CEGT), a method for detecting smart contract vulnerability detection that integrates graph and sequence models to enhance vulnerability detection accuracy. We improve node connectivity by identifying additional paths between nodes in the graph and augment the representation capability of node features through an additional orthogonal transformation layer, which performs an orthogonal transformation on the weight matrix. Moreover, we designed a novel attention mechanism, termed the dynamic attention mechanism, based on the sequence model and inspired by the concept of dynamic routing in capsule networks. Such a dynamic attention mechanism within the sequence model is introduced to integrate structural and sequential information of smart contracts, thereby enhancing vulnerability in detection accuracy. Our experiments demonstrate that CEGT surpasses state-of-the-art methods in detecting Reentrancy, Timestamp dependence, and Integer overflow vulnerabilities, achieving F1 scores of 93.47%, 89.33%, and 91.27%, respectively. This enables us to achieve greater accuracy in detecting smart contract vulnerabilities, helping to identify potential risks, reduce security threats, and ensure the reliability and safety of blockchain applications.</div><div><em>Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board</em>.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"227 ","pages":"Article 112454"},"PeriodicalIF":3.7000,"publicationDate":"2025-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems and Software","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0164121225001220","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

The deployment of smart contracts on blockchains is rising rapidly. Accurate detection of security vulnerabilities in smart contracts can significantly minimize property losses. However, most existing machine learning (ML)-based models for smart contract vulnerability detection models overlook the contract graph structures and sequence information, reducing detection effectiveness. This study presents a Connectivity-Enhanced GCN-Transformer (CEGT), a method for detecting smart contract vulnerability detection that integrates graph and sequence models to enhance vulnerability detection accuracy. We improve node connectivity by identifying additional paths between nodes in the graph and augment the representation capability of node features through an additional orthogonal transformation layer, which performs an orthogonal transformation on the weight matrix. Moreover, we designed a novel attention mechanism, termed the dynamic attention mechanism, based on the sequence model and inspired by the concept of dynamic routing in capsule networks. Such a dynamic attention mechanism within the sequence model is introduced to integrate structural and sequential information of smart contracts, thereby enhancing vulnerability in detection accuracy. Our experiments demonstrate that CEGT surpasses state-of-the-art methods in detecting Reentrancy, Timestamp dependence, and Integer overflow vulnerabilities, achieving F1 scores of 93.47%, 89.33%, and 91.27%, respectively. This enables us to achieve greater accuracy in detecting smart contract vulnerabilities, helping to identify potential risks, reduce security threats, and ensure the reliability and safety of blockchain applications.

Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board.

查看原文本刊更多论文

CEGT：通过连接性增强的GCN-Transformer进行智能合约漏洞检测

智能合约在区块链上的部署正在迅速增加。准确检测智能合约中的安全漏洞可以显著减少财产损失。然而，大多数基于机器学习的智能合约漏洞检测模型忽略了合约图结构和序列信息，降低了检测效率。本文提出了一种连接增强GCN-Transformer （CEGT）方法，该方法将图模型和序列模型相结合，提高了智能合约漏洞检测的准确性。我们通过识别图中节点之间的附加路径来提高节点的连通性，并通过对权矩阵进行正交变换的附加正交变换层来增强节点特征的表示能力。此外，在序列模型的基础上，受胶囊网络中动态路由概念的启发，设计了一种新的注意机制——动态注意机制。在序列模型中引入这种动态关注机制，整合智能合约的结构信息和序列信息，提高漏洞检测精度。我们的实验表明，CEGT在检测重入性、时间戳依赖性和整数溢出漏洞方面超过了最先进的方法，分别达到了93.47%、89.33%和91.27%的F1分数。这使我们能够更准确地检测智能合约漏洞，帮助识别潜在风险，减少安全威胁，确保区块链应用程序的可靠性和安全性。编者注：开放科学材料由系统与软件开放科学委员会杂志验证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Systems and Software 工程技术-计算机：理论方法

CiteScore

8.60

自引率

5.70%

发文量

193

审稿时长

16 weeks

期刊介绍： The Journal of Systems and Software publishes papers covering all aspects of software engineering and related hardware-software-systems issues. All articles should include a validation of the idea presented, e.g. through case studies, experiments, or systematic comparisons with other approaches already in practice. Topics of interest include, but are not limited to: •Methods and tools for, and empirical studies on, software requirements, design, architecture, verification and validation, maintenance and evolution •Agile, model-driven, service-oriented, open source and global software development •Approaches for mobile, multiprocessing, real-time, distributed, cloud-based, dependable and virtualized systems •Human factors and management concerns of software development •Data management and big data issues of software systems •Metrics and evaluation, data mining of software development resources •Business and economic aspects of software development processes The journal welcomes state-of-the-art surveys and reports of practical experience for all of these topics.