Research on Smart Contract Vulnerability Detection Method Based on  Multimodal Feature Fusion

Journal of Information Security Reserach ›› 2026, Vol. 12 ›› Issue (6): 503-.

Previous Articles Next Articles

Research on Smart Contract Vulnerability Detection Method Based on Multimodal Feature Fusion

Chen Hong1, Lu Qi1, Jin Haibo1, Wu Cong2, and Wang Mingjun1

1(College of Software, Liaoning Technical University, Huludao, Liaoning 125105)
2(College of Innovation Practice, Liaoning Technical University, Fuxin, Liaoning 123000)

Online:2026-06-07 Published:2026-06-07

基于多模态特征融合的智能合约漏洞检测方法研究

陈虹1芦奇1金海波1武聪2王明君1

1(辽宁工程技术大学软件学院辽宁葫芦岛125105)
2(辽宁工程技术大学创新实践学院辽宁阜新123000)

通讯作者: 芦奇硕士研究生.主要研究方向为网络安全、智能合约漏洞检测. 13942932404@163.com
作者简介:陈虹硕士，副教授，CCF会员.主要研究方向为信息安全和网络安全. chh3188@163.com 芦奇硕士研究生.主要研究方向为网络安全、智能合约漏洞检测. 13942932404@163.com 金海波博士，副教授，CCF会员.主要研究方向为随机过程、决策理论、复杂系统优化维护、系统可靠性. jinhaibo@Intu.edu.cn 武聪博士，讲师.主要研究方向为电子商务、数据分析与智能决策. fxwucong@163.com 王明君硕士研究生.主要研究方向为网络安全、智能合约漏洞检测. 980020076@qq.com
基金资助:
国家自然科学基金项目(62173171)；辽宁省教育厅科研项目(LJKFZ20220198)

Abstract

Abstract: Most of the smart contract vulnerability detection methods rely on single mode feature extraction, which leads to the problem of low detection accuracy due to insufficient key feature extraction. This paper proposes a smart contract vulnerability detection method based on multimodal feature fusion. Firstly, the construction of the control flow graph (CFG) is constructed by leveraging the abstract syntax tree (AST) trimmed at the source code layer and the data flow relationship based on the opcode layer, which is imported into the graph attention network (GAT) to extract two types of static features. Secondly, the fuzzing test report generated by echidna, a dynamic detection tool, is used to extract path coverage, state changes and other information to build a graph model, and the dynamic features are extracted by graph neural network (GNN). Finally, the extracted static and dynamic features are fused and input into CNN bilstm att model for vulnerability detection, and relevant experiments are carried out on 47398 smart contracts. Experimental results show that compared with eight mainstream detection methods, such as SmartCheck, Mythril, Oyente, BiGGNN, ASTNN, DRGCN, SVCB and CBGRU, the accuracy, recall and F1 value of this method in reentry vulnerability, timestamp vulnerability, integer overflow vulnerability and Tx.origin vulnerability are increased by 50.26%, 59.54% and 58.40%.

Key words: smart contract, feature fusion, vulnerability detection, graph neural network, graph attention network

摘要： 针对智能合约漏洞检测方法中大多依赖单一模态进行特征提取时存在的关键特征提取不充分导致检测准确率较低的问题，提出了一种基于多模态特征融合的智能合约漏洞检测方法.首先，通过源代码层裁剪的抽象语法树(abstract syntax tree, AST)和操作码层依据的数据流关系分别构建控制流图(control flow graph, CFG)，将其导入图注意力网络(graph attention network, GAT)提取2类静态特征.其次，利用动态检测工具Echidna生成的模糊测试报告提取路径覆盖率、状态变化等信息构建图模型，通过图神经网络(graph neural network, GNN)提取动态特征.最后，对提取的静态和动态特征进行融合并输入CNNBiLSTMATT模型进行漏洞检测，并在47398个智能合约上进行相关实验.实验结果表明，相较于SmartCheck，Mythril，Oyente，BiGGNN，ASTNN，DRGCN，SVCB，CBGRU这8种主流检测方法，该方法对重入漏洞、时间戳漏洞、整数溢出漏洞、Tx.origin漏洞的准确率、召回率、F1值提升了50.26%，59.54%，58.40%.

关键词: 智能合约, 特征融合, 漏洞检测, 图神经网络, 图注意力网络

CLC Number:

TP393

陈虹, 芦奇, 金海波, 武聪, 王明君, . 基于多模态特征融合的智能合约漏洞检测方法研究[J]. 信息安全研究, 2026, 12(6): 503-.

References

［1］唐飞,冯卓,黄永洪. 基于区块链的公平可验证数据持有方案［J］. 电子学报, 2023, 51(2): 406415［2］Mehar M I, Shier C L, Giambattista A, et al. Understanding a revolutionary and flawed grand experiment in blockchain: The DAO attack［J］. Journal of Cases on Information Technology, 2019, 21 (1): 1932［3］朱雪阳. The DAO事件的形式化分析［J］. 信息安全与技术，2016, 7(12): 16［4］Bartoletti M, Pompianu L. An empirical analysis of smart contracts: Platforms, applications, and design patterns［C］ Proc of the 2017 FC Int Workshops on Financial Cryptography and Data Security. Berlin: Springer, 2017: 494509［5］Bybit. Bybit官方公告: 超15亿美元资产因ETH多签钱包转账攻击被盗［EBOL］. (20250222) ［20260510］. https:www.chaindd.net3879329.html［6］Beosin. 2025年Web3区块链安全态势年报［EBOL］. (20251229) ［20260510］. https:a.foresightnews.proarticledetail93544［7］Mueller B, Honig J. Mythril: Security analysis tool for Ethereum smart contracts using symbolic execution and control flow analysis［EBOL］. (20180801) ［20260512］. https:mythrilclassic.readthedocs.ioenmasterabout.html［8］Tikhokirov S, Vasilyev A, Murzin D, et al. SmartCheck: Static analysis of ethereum smart contracts［C］ Proc of the 2018 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2018: 23652367［9］Tsankov P, Dan A, DrachslerCohen D, et al. Securify: Practical security analysis of smart contracts［C］ Proc of the 2018 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2018: 22212237［10］Trail of Bits. Slither: A static analysis framework for solidity［EBOL］. (20190315) ［20260512］. https:github.comcryticslither［11］Luu L, Chu D H, Olichnowski H, et al. Making smart contracts smarter［C］ Proc of the 2016 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2016: 254269［12］Grie G, Nguyen P, Spoto S, et al. Echidna: A fast fuzzer for ethereum smart contracts［EBOL］. (20200817) ［20260512］. https:github.comcryticechidna［13］Wang X, Li Y, Zhang J, et al. SmartEmbed: A deep learning framework for smart contract vulnerability detection based on code similarity［J］. IEEE Access, 2021, 9: 165789165802［14］庄玉飞, 刘征, 钱鹏. 基于图神经网络的智能合约漏洞检测方法［J］. 软件学报, 2022, 33(12): 45874602［15］Liu H, Wang Y, Zhang L, et al. ReVuIDL: Graph pretrained model for smart contract vulnerability detection with propagation chain awareness［C］ Proc of the 2023 IEEE Int Conf on Software Engineering and Knowledge Engineering. Piscataway, NJ: IEEE, 2023: 112117［16］Zhang Q, Yang X, Zhou J, et al. BiGGNN: Bidirectional graph gated neural network for smart contract vulnerability detection［J］. Computers & Security, 2023, 129: 103125［17］Chen L, Zha J, Liu Y, et al. CGE: Graph neural network with expert knowledge for smart contract vulnerability detection［J］. IEEE Trans on Dependable and Secure Computing, 2024, 21(3): 18901905［18］Li S, Wu J, Zhang H, et al. ASTNN: Abstract syntax tree based neural network for smart contract vulnerability detection［C］ Proc the of 2021 Conf on Empirical Methods in Natural Language Processing. Stroudsburg, PA: ACL, 2021: 89768985［19］Wang Z, Liu Y, Xu B, et al. BGNN4VD: Multiview graph neural network for smart contract vulnerability detection［J］. KnowledgeBased Systems, 2024, 286: 111789［20］刘健, 张悦, 王旭. 基于 BiLSTM 与注意力机制的智能合约重入漏洞检测［J］. 计算机研究与发展, 2022, 59(8): 17561768［21］Zhuang Y, Liu Z, Qian P, et al. DRGCN and TMPN: Graph neural networks for smart contract reentrancy and timestamp dependency vulnerability detection［J］. IEEE Internet of Things Journal, 2023, 10(15): 1324513256［22］Zhang H, Wang L, Zhao J, et al. SVCB: Smart contract vulnerability detection scheme based on CNN and BiLSTM parallel architecture［J］. IEEE Access, 2022, 10: 8924589258［23］Liu Y, Chen L, Zhang Q, et al. Graph attention network based bytecode vulnerability detection for ethereum smart contracts［J］. Computers & Security, 2023, 122: 102987［24］Zhang L, Liu H, Wang Y, et al. CBGRU: A hybrid deep learning architecture for smart contract vulnerability detection［J］. KnowledgeBased Systems, 2024, 281: 111567

[1]	. EWGNN: Edge Weightaware Graph Neural Network for Encrypted Traffic Classification [J]. Journal of Information Security Reserach, 2026, 12(6): 533-.
[2]	. LLMenhanced Static Analysis for Detecting Broken Object Level Authorization Vulnerabilities in Java Web Applications#br# #br# [J]. Journal of Information Security Reserach, 2026, 12(5): 394-.
[3]	. Research on Harmful Website Detection Based on Graph Neural Network and Multifeature Fusion [J]. Journal of Information Security Reserach, 2026, 12(5): 420-.
[4]	. Research on Domain Adaptive Intrusion Detection Method Based on Dynamic Feature Fusion [J]. Journal of Information Security Reserach, 2026, 12(4): 294-.
[5]	. Anomaly Encrypted Traffic Detection Method Based on Graph Attention Network [J]. Journal of Information Security Reserach, 2026, 12(3): 237-.
[6]	. Smart Contract Vulnerabilities Based on Differential Evolutionary Algorithms and Solution Time Prediction Detection#br# [J]. Journal of Information Security Reserach, 2026, 12(1): 24-.
[7]	. Research and Application of General Testbed for Heterogeneous and Multimodal Blockchain#br# [J]. Journal of Information Security Reserach, 2026, 12(1): 51-.
[8]	. A Spectre Vulnerability Detection Method Integrating Fuzzing and #br# Taint Analysis#br# [J]. Journal of Information Security Reserach, 2025, 11(9): 822-.
[9]	. Model of Insider Threat Behavior Detection Based on Graph Neural Network [J]. Journal of Information Security Reserach, 2025, 11(7): 586-.
[10]	. Dualbranch Malicious Code Homology Analysis Model Based on Feature Fusion [J]. Journal of Information Security Reserach, 2025, 11(7): 594-.
[11]	. Research and Implementation of a Blockchainbased Biometric #br# Information Sharing Scheme#br# [J]. Journal of Information Security Reserach, 2025, 11(5): 402-.
[12]	. Research on Malware Detection Based on Word Embedding and Feature Fusion#br# #br# [J]. Journal of Information Security Reserach, 2025, 11(5): 412-.
[13]	. Multiaccess Controls for Defense Against Smart Contract Reentry Attacks [J]. Journal of Information Security Reserach, 2025, 11(4): 333-.
[14]	. An Image Steganography Method Based on Threechannel Deep Fusion Technology [J]. Journal of Information Security Reserach, 2025, 11(3): 257-.
[15]	. Research on Deep Learningbased Spatiotemporal Feature Fusion Network Intrusion Detection Model [J]. Journal of Information Security Reserach, 2025, 11(2): 122-.

Research on Smart Contract Vulnerability Detection Method Based on Multimodal Feature Fusion

基于多模态特征融合的智能合约漏洞检测方法研究

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics