Computer Science

Computer Science ›› 2026, Vol. 53 ›› Issue (2): 423-430.doi: 10.11896/jsjkx.241200144

• Information Security • Previous Articles     Next Articles

Heterogeneous Graph Attention Network-based Approach for Smart Contract Vulnerability
Detection

LI Chengyu1, HUANG Ke2, ZHANG Ruiheng3 , CHEN Wei4   

  1. 1 Shenzhen Institute for Advanced Study,UESTC,University of Electronic Science and Technology of China,Shenzhen,Guangdong 518110,China
    2 School of Computer Science & Engineering,University of Electronic Science and Technology of China,Chengdu 611731,China
    3 Nanjing Institute of Information Technology,Nanjing 210036,China
    4 School of Information and Software Engineering,University of Electronic Science and Technology of China,Chengdu 610031,China
  • Received:2024-12-18 Revised:2025-03-16 Published:2026-02-10
  • About author:LI Chengyu,born in 1999,postgra-duate.His main research interest is blockchain security.
    CHEN Wei,born in 1978,Ph.D,asso-ciate professor.His main research in-terests include network security and blockchain security.
  • Supported by:
    National Natural Science Foundation of China(U2336204) and Science Foundation of Sichuan(2023YFG0112,2024YFHZ0015).

PDF (PC)

66

Abstract: Security vulnerabilities in smart contracts on blockchain platforms such as Ethereum have long been a focus of industry attention.Bytecode analysis and vulnerability detection have become one of the mainstream approaches for identifying smart contract vulnerabilities.However,traditional methods,such as symbolic execution,rely on predefined vulnerability rules,leading to inefficiencies and low precision.Deep learning-based methods,on the other hand,lack a comprehensive understanding of bytecode semantics and struggle to simultaneously filter noise generated during the compilation process while capturing complete control flow and data flow information.To address these challenges,this paper proposes a novel method for constructing critical semantic graphs to detect smart contract vulnerabilities.Firstly,a set of specific denoising preprocessing rules is defined to remove irrelevant data while preserving key semantic information related to vulnerabilities.Next,a heterogeneous graph representation method is introduced to capture rich program semantics.Finally,a vulnerability detection model based on the HAN is designed.Experimental results demonstrate that the proposed method outperforms existing approaches for smart contract vulnerability detection.For denial of service,integer overflow,timestamp dependency,and unchecked function return value vulnerabilities,the F1 scores of the proposed method are improved by 17.75,5.94,28.94,and 27.85 percentage points,respectively.

Key words: Smart contract, Smart contract security, Graph neural network, Smart contract bytecode

CLC Number: 

  • TP311
[1]Wikipedia.The DAO[EB/OL].(2024-08-16)[2024-12-03].https://en.wikipedia.org/wiki/The_DAO.
[2]Slowmist.2024 Mid-year Blockchain Security and AML Report.[EB/OL].(2024-07-01)[2024-11-15].https://www.slowmist.com/report/first-half-of-the-2024-report(CN).pdf.
[3]FEIST J,GRIECO G,GROCE A.Slither:a static analysisframework for smart contracts[C]//2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain(WETSEB).IEEE,2019:8-15.
[4]ZHENG Z,SU J,CHEN J,et al.Dappscan:building large-scale datasets for smart contract weaknesses in dapp projects[J].IEEE Transactions on Software Engineering,2024,50(6):1360-1373.
[5]ZHUANG Y,LIU Z,QIAN P,et al.Smart contract vulnerability detection using graph neural networks[C]//Proceedings of the Twenty-Ninth International Conference on International Joint Conferences on Artificial Intelligence.2021:3283-3290.
[6]LIU Z,QIAN P,WANG X,et al.Smart contract vulnerability detection:from pure neural network to interpretable graph feature and expert pattern fusion[J].arXiv:2106.09282,2021.
[7]NGUYEN H H,NGUYEN N M,XIE C,et al.Mando:Multi-level heterogeneous graph embeddings for fine-grained detection of smart contract vulnerabilities[C]//2022 IEEE 9th International Conference on Data Science and Advanced Analytics(DSAA).IEEE,2020:1-10.
[8]LUO F,LUO R,CHEN T,et al.Scvhunter:Smart contract vulnerability detection based on heterogeneous graph attention network[C]//Proceedings of the IEEE/ACM 46th International Conference on Software Engineering.2024:1-13.
[9]Consensys.Mythril:Security analysis tool for EVM bytecode[DB/OL].(2024-08-13)[2024-11-12].https://github.com/Consensys/mythril.
[10]CHEN J,XIA X,LO D,et al.Defectchecker:Automated smart contract defect detection by analyzing evm bytecode[J].IEEE Transactions on Software Engineering,2021,48(7):2189-207.
[11]LUU L,CHU D H,OLICKEL H,et al.Making smart contracts smarter[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.2016:254-269.
[12]TSANKOV P,DAN A,DRACHSLER-COHEN D,et al.Securify:Practical security analysis of smart contracts[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.2018:67-82.
[13]MOSSBERG M,MANZANO F,HENNENFENT E,et al.Manticore:A user-friendly symbolic execution framework for binaries and smart contracts[C]//2019 34th IEEE/ACM International Conference on Automated Software Engineering(ASE).IEEE,2019:1186-1189.
[14]TORRES C F,IANNILLO A K,GERVAIS A,et al.Confuzzius:A data dependency-aware hybrid fuzzer for smart contracts[C]//2021 IEEE European Symposium on Security and Privacy(EuroS&P).IEEE,2021:103-119.
[15]CHOI J,KIM D,KIM S,et al.Smartian:Enhancing smart contract fuzzing with static and dynamic data-flow analyses[C]//2021 36th IEEE/ACM International Conference on Automated Software Engineering(ASE).IEEE,2021:227-239.
[16]ZENG Q,HE J,ZHAO G,et al.EtherGIS:a vulnerability detection framework for ethereum smart contracts based on graph learning features[C]//2022 IEEE 46th Annual Computers,Software,and Applications Conference(COMPSAC).IEEE,2022:1742-1749.
[17]CONTRO F,CROSARA M,CECCATO M,et al.Ethersolve:Computing an accurate control-flow graph from ethereum bytecode[C]//2021 IEEE/ACM 29th International Conference on Program Comprehension(ICPC).IEEE,2021:127-137.
[18]HUANG J,HAN S,YOU W,et al.Hunting vulnerable smart contracts via graph embedding based bytecode matching[J].IEEE Transactions on Information Forensics and Security,2021,16:2144-2156.
[19]LI Z,LU S,ZHANG R,et al.VulHunter:Hunting Vulnerable Smart Contracts at EVM bytecode-level via Multiple Instance Learning[J].IEEE Transactions on Software Engineering,2023,49(11):4886-4916.
[20]Smart Contract Weakness Classification(SWC)[EB/OL].(2024-07-16)[2024-12-01].https://swcregistry.io/.
[21]GRECH N,BRENT L,SCHOLZ B,et al.Gigahorse:thorough,declarative decompilation of smart contracts[C]//2019 IEEE/ACM 41st International Conference on Software Engineering(ICSE).IEEE,2019:1176-1186.
[22]TRUFFLE SUITE[EB/OL].(2024-10-07)[2024-12-01].ht-tps://archive.trufflesuite.com/docs/truffle/how-to/debug-test/use-truffle-develop-and-the-console/.
[23]YE M,NAN Y,ZHENG Z,et al.Detecting State Inconsistency Bugs in DApps via On-Chain Transaction Replay and Fuzzing[C]//Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis.2023:298-309.
[24]WANG X,JI H,SHI C,et al.Heterogeneous graph attentionnetwork[C]//The World Wide Web Conference.2019:2022-2032.
[25]KINGMA D P.Adam:A method for stochastic optimization[J].arXiv:1412.6980,2014.
[26]DURIEUX T,FERREIRA J F,ABREU R,et al.Empirical review of automated analysis tools on 47,587 ethereum smart contracts[C]//Proceedings of the 2020 ACM/IEEE 42nd International Conference on Software Engineering.2020:530-541.
[1] ZHAI Jie, CHEN Lexuan, PANG Zhiyu. Survey on Graph Neural Network-based Methods for Academic Performance Prediction [J]. Computer Science, 2026, 53(2): 16-30.
[2] YANG Ming, HE Chaobo, YANG Jiaqi. Direction-aware Siamese Network for Knowledge Concept Prerequisite Relation Prediction [J]. Computer Science, 2026, 53(2): 39-47.
[3] WANG Xinyu, SONG Xiaomin, ZHENG Huiming, PENG Dezhong, CHEN Jie. Contrastive Learning-based Masked Graph Autoencoder [J]. Computer Science, 2026, 53(2): 145-151.
[4] LIU Hongjian, ZOU Danping, LI Ping. Pedestrian Trajectory Prediction Method Based on Graph Attention Interaction [J]. Computer Science, 2026, 53(1): 97-103.
[5] LI Yaru, WANG Qianqian, CHE Chao, ZHU Deheng. Graph-based Compound-Protein Interaction Prediction with Drug Substructures and Protein 3D Information [J]. Computer Science, 2025, 52(9): 71-79.
[6] WU Hanyu, LIU Tianci, JIAO Tuocheng, CHE Chao. DHMP:Dynamic Hypergraph-enhanced Medication-aware Model for Temporal Health EventPrediction [J]. Computer Science, 2025, 52(9): 88-95.
[7] ZHOU Tao, DU Yongping, XIE Runfeng, HAN Honggui. Vulnerability Detection Method Based on Deep Fusion of Multi-dimensional Features from Heterogeneous Contract Graphs [J]. Computer Science, 2025, 52(9): 368-375.
[8] TANG Boyuan, LI Qi. Review on Application of Spatial-Temporal Graph Neural Network in PM2.5 ConcentrationForecasting [J]. Computer Science, 2025, 52(8): 71-85.
[9] GUO Husheng, ZHANG Xufei, SUN Yujie, WANG Wenjian. Continuously Evolution Streaming Graph Neural Network [J]. Computer Science, 2025, 52(8): 118-126.
[10] SU Shiyu, YU Jiong, LI Shu, JIU Shicheng. Cross-domain Graph Anomaly Detection Via Dual Classification and Reconstruction [J]. Computer Science, 2025, 52(8): 374-384.
[11] LUO Xuyang, TAN Zhiyi. Knowledge-aware Graph Refinement Network for Recommendation [J]. Computer Science, 2025, 52(7): 103-109.
[12] HAO Jiahui, WAN Yuan, ZHANG Yuhang. Research on Node Learning of Graph Neural Networks Fusing Positional and StructuralInformation [J]. Computer Science, 2025, 52(7): 110-118.
[13] JIANG Kun, ZHAO Zhengpeng, PU Yuanyuan, HUANG Jian, GU Jinjing, XU Dan. Cross-modal Hypergraph Optimisation Learning for Multimodal Sentiment Analysis [J]. Computer Science, 2025, 52(7): 210-217.
[14] ZHENG Chuangrui, DENG Xiuqin, CHEN Lei. Traffic Prediction Model Based on Decoupled Adaptive Dynamic Graph Convolution [J]. Computer Science, 2025, 52(6A): 240400149-8.
[15] TENG Minjun, SUN Tengzhong, LI Yanchen, CHEN Yuan, SONG Mofei. Internet Application User Profiling Analysis Based on Selection State Space Graph Neural Network [J]. Computer Science, 2025, 52(6A): 240900060-8.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.