{"title":"Enhanced Smart Contract Vulnerability Detection via Graph Neural Networks: Achieving High Accuracy and Efficiency","authors":"Chang Xu;Huaiyu Xu;Liehuang Zhu;Xiaodong Shen;Kashif Sharif","doi":"10.1109/TSE.2025.3570421","DOIUrl":null,"url":null,"abstract":"As blockchain technology becomes prevalent, smart contracts have shown significant utility in finance and supply chain management. However, vulnerabilities in smart contracts pose serious threats to blockchain security, leading to substantial economic losses. Therefore, developing effective vulnerability detection solutions is urgent. To address this issue, we propose a method for detecting vulnerabilities in smart contracts using graph neural networks (GNNs) that can identify eight common vulnerabilities. Our method is fully automated, applicable to all Ethereum smart contracts, and does not require expert-defined rules or manually defined features. We extract the Control Flow Graph and Abstract Syntax Graph from the smart contract code, which are then processed by a GNN to generate feature vectors for classification. Experiments on a real Ethereum dataset demonstrate that our method significantly outperforms existing state-of-the-art approaches. For individual detection tasks, the combined source code and bytecode method achieves an average accuracy of 95.78%, with a peak of 99.13%, and an average F1 score of 93.80%. Compared to competitors, our method shows an average improvement of 51.92% in accuracy and 47.21% in F1 score. The bytecode-only method achieves an average accuracy of 94.68% and an F1 score of 92.36%. For multi-class tasks, both methods achieve high accuracies of 91.26% and 87.34%, with F1 scores of 97.42% and 96.43%, respectively.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"51 6","pages":"1854-1865"},"PeriodicalIF":6.5000,"publicationDate":"2025-03-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Software Engineering","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11005726/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0
Abstract
As blockchain technology becomes prevalent, smart contracts have shown significant utility in finance and supply chain management. However, vulnerabilities in smart contracts pose serious threats to blockchain security, leading to substantial economic losses. Therefore, developing effective vulnerability detection solutions is urgent. To address this issue, we propose a method for detecting vulnerabilities in smart contracts using graph neural networks (GNNs) that can identify eight common vulnerabilities. Our method is fully automated, applicable to all Ethereum smart contracts, and does not require expert-defined rules or manually defined features. We extract the Control Flow Graph and Abstract Syntax Graph from the smart contract code, which are then processed by a GNN to generate feature vectors for classification. Experiments on a real Ethereum dataset demonstrate that our method significantly outperforms existing state-of-the-art approaches. For individual detection tasks, the combined source code and bytecode method achieves an average accuracy of 95.78%, with a peak of 99.13%, and an average F1 score of 93.80%. Compared to competitors, our method shows an average improvement of 51.92% in accuracy and 47.21% in F1 score. The bytecode-only method achieves an average accuracy of 94.68% and an F1 score of 92.36%. For multi-class tasks, both methods achieve high accuracies of 91.26% and 87.34%, with F1 scores of 97.42% and 96.43%, respectively.
期刊介绍:
IEEE Transactions on Software Engineering seeks contributions comprising well-defined theoretical results and empirical studies with potential impacts on software construction, analysis, or management. The scope of this Transactions extends from fundamental mechanisms to the development of principles and their application in specific environments. Specific topic areas include:
a) Development and maintenance methods and models: Techniques and principles for specifying, designing, and implementing software systems, encompassing notations and process models.
b) Assessment methods: Software tests, validation, reliability models, test and diagnosis procedures, software redundancy, design for error control, and measurements and evaluation of process and product aspects.
c) Software project management: Productivity factors, cost models, schedule and organizational issues, and standards.
d) Tools and environments: Specific tools, integrated tool environments, associated architectures, databases, and parallel and distributed processing issues.
e) System issues: Hardware-software trade-offs.
f) State-of-the-art surveys: Syntheses and comprehensive reviews of the historical development within specific areas of interest.