SmartScope: Smart contract vulnerability detection via heterogeneous graph embedding with local semantic enhancement

Smart contracts are integral to blockchain ecosystems, yet their security remains a critical concern due to the prevalence of exploitable vulnerabilities. Existing conventional and deep learning-based vulnerability detection methods often struggle to capture the fine-grained semantics and heterogeneous structural dependencies essential for accurate analysis. We propose and implement SmartScope, a novel technique for smart contract vulnerability detection that leverages heterogeneous graph embedding with local semantic enhancement. Specifically, SmartScope constructs a semantically rich contract graph that depicts control-flow, data-flow, and fallback relations among critical code elements. To guide the graph learning process, we empirically assign various importance coefficients to vulnerability-relevant subgraphs, thereby enhancing the detection model’s focus on semantically critical regions. The heterogeneous graph transformer is then employed to generate context-aware node representations, which are then passed to an MLP-based detector for vulnerability classification. To the best of our knowledge, this is the first method that structurally encodes domain knowledge into the heterogeneous graph learning for achieving effective smart contract analysis. Experimental results demonstrate that SmartScope outperforms 10 representative conventional and deep learning-based baselines on over 5K smart contracts. The evaluation spans multiple vulnerability types, including reentrancy, timestamp dependence, and infinite loops, highlighting the effectiveness and robustness of our work.