Skip to main content

Advertisement

Springer Nature Link
Log in

HSVDetector: a heterogeneous semantic graph-based method for smart contract vulnerability detection

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

With the continuous advancement of blockchain technology, smart contracts have found widespread application across various domains. However, their security vulnerabilities have increasingly attracted attention. To overcome the limitations present in current detection methods, particularly in terms of semantic representation and structural comprehension, this paper proposes Heterogeneous Semantic Vulnerability Detector (HSVDetector), a novel vulnerability detection method for smart contracts based on a Heterogeneous Semantic Graph (HSG). We construct a Variable Dependency Graph (VDG) derived from the Abstract Syntax Tree (AST) of smart contracts to capture both data flow and control flow dependencies between variables. Additionally, we generate the HSG to provide a comprehensive representation of both semantic and structural aspects of the code. To efficiently learn the features of HSG, we design the HGAT-SC model, which employs a graph attention mechanism to analyze the characteristics of heterogeneous nodes and edges. We evaluate HSVDetector on four types of vulnerabilities: timestamp dependency, reentrancy attacks, delegatecall, and integer overflow/underflow. Experimental results indicate that HSVDetector achieves detection accuracies of 93.12%, 91.15%, 95%, and 89.89% for each respective vulnerability, significantly outperforming existing methods. HSVDetector offers an innovative and effective approach for enhancing the security of smart contracts.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Algorithm 1
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

Data availability

No new data were generated or analyzed in this study, so data sharing is not applicable to this article.

References

  1. Nakamoto S (2008) Bitcoin: a peer-to-peer electronic cash system. Satoshi Nakamoto. https://doi.org/10.2139/ssrn.3440802

    Article  MATH  Google Scholar 

  2. Zheng Z, Xie S, Dai H, et al (2017) An overview of blockchain technology: Architecture, consensus, and future trends. In: 2017 IEEE International Congress on Big Data, pp 557–564, https://doi.org/10.1109/BigDataCongress.2017.85

  3. Elisa N, Yang L, Chao F et al (2023) A framework of blockchain-based secure and privacy-preserving e-government system. Wireless Netw 29(3):1005–1015

    Article  MATH  Google Scholar 

  4. Leng J, Ye S, Zhou M et al (2020) Blockchain-secured smart manufacturing in industry 4.0: a survey. IEEE Trans Syst Man Cybernet Syst 51(1):237–252

    Article  MATH  Google Scholar 

  5. Ahmed I, Zhang Y, Jeon G et al (2022) A blockchain-and artificial intelligence-enabled smart iot framework for sustainable city. Int J Intell Syst 37(9):6493–6507

    Article  MATH  Google Scholar 

  6. Wamba SF, Queiroz MM (2020) Blockchain in the operations and supply chain management: benefits, challenges and future research opportunities. Int J Inf Manag 52:102064

    Article  MATH  Google Scholar 

  7. Wan Y, Gao Y, Hu Y (2022) Blockchain application and collaborative innovation in the manufacturing industry: based on the perspective of social trust. Technol Forecast Soc Chang 177:121540

    Article  MATH  Google Scholar 

  8. Alharby M, Aldweesh A, Moorsel Av (2018) Blockchain-based smart contracts: a systematic mapping study of academic research. In: 2018 International Conference on Cloud Computing, Big Data and Blockchain, pp 1–6, https://doi.org/10.1109/ICCBB.2018.8756390

  9. Hasan M, Starly B (2020) Decentralized cloud manufacturing-as-a-service (cmaas) platform architecture with configurable digital assets. J Manuf Syst 56:157–174. https://doi.org/10.1016/j.jmsy.2020.05.017

    Article  MATH  Google Scholar 

  10. Chen H, Pendleton M, Njilla L et al (2020) A survey on ethereum systems security: vulnerabilities, attacks, and defenses. ACM Comput Surv. https://doi.org/10.1145/3391195

    Article  MATH  Google Scholar 

  11. Badruddoja S, Dantu R, He Y, et al (2021) Making smart contracts smarter. In: 2021 IEEE International Conference on Blockchain and Cryptocurrency, pp 1–3, https://doi.org/10.1109/ICBC51069.2021.9461148

  12. f Jiang B, Liu Y, Chan W (2018) Contractfuzzer: fuzzing smart contracts for vulnerability detection. In: 2018 33rd IEEE/ACM International Conference on Automated Software Engineering, pp 259–269, https://doi.org/10.1145/3238147.3238177

  13. Feist J, Grieco G, Groce A (2019) Slither: a static analysis framework for smart contracts. In: 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain, pp 8–15, https://doi.org/10.1109/WETSEB.2019.00008

  14. Sak H, Senior A, Beaufays F (2014) Long short-term memory recurrent neural network architectures for large scale acoustic modeling. Interspeech 2014:338–342. https://doi.org/10.21437/Interspeech.2014-80

    Article  MATH  Google Scholar 

  15. Goller C, Kuchler A (1996) Learning task-dependent distributed representations by backpropagation through structure. In: Proceedings of International Conference on Neural Networks, vol 1, pp 347–352, https://doi.org/10.1109/ICNN.1996.548916

  16. Zhuang Y, Liu Z, Qian P, et al (2021) Smart contract vulnerability detection using graph neural networks. In: Proceedings of the Twenty-Ninth International Joint Conference on Artificial Intelligence

  17. Schlichtkrull M, Kipf TN, Bloem P, et al (2017) Modeling relational data with graph convolutional networks

  18. Veličković P, Cucurull G, Casanova A, et al (2018) Graph attention networks. https://doi.org/10.48550/arXiv.1710.10903

  19. Ghaleb A, Rubin J, Pattabiraman K (2022) etainter: detecting gas-related vulnerabilities in smart contracts. In: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, pp 728–739, https://doi.org/10.1145/3533767.3534378

  20. Ghaleb A, Rubin J, Pattabiraman K (2023) Achecker: Statically detecting smart contract access control vulnerabilities. In: 2023 IEEE/ACM 45th International Conference on Software Engineering, pp 945–956, https://doi.org/10.1109/ICSE48619.2023.00087

  21. Tolmach P, Li Y, Lin SW, et al (2021) Formal analysis of composable defi protocols. In: Financial Cryptography and Data Security. FC 2021 International Workshops, pp 149–161

  22. Wang Z, Wen B, Luo Z, et al (2021b) M-a-r: A dynamic symbol execution detection method for smart contract reentry vulnerability. In: Blockchain and Trustworthy Systems, pp 418–429

  23. Tsankov P, Dan A, Drachsler-Cohen D, et al (2018) Securify: Practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, p 67–82, https://doi.org/10.1145/3243734.3243780

  24. Nikolić I, Kolluri A, Sergey I, et al (2018) Finding the greedy, prodigal, and suicidal contracts at scale. In: Proceedings of the 34th Annual Computer Security Applications Conference, p 653–663, https://doi.org/10.1145/3274694.3274743

  25. Nguyen TD, Pham LH, Sun J, et al (2020) sfuzz: an efficient adaptive fuzzer for solidity smart contracts. In: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, p 778–788, https://doi.org/10.1145/3377811.3380334

  26. Rodler M, Li W, Karame GO, et al (2018) Sereum: Protecting existing smart contracts against re-entrancy attacks

  27. Torres CF, Schütte J, State R (2018) Osiris: Hunting for integer bugs in ethereum smart contracts. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp 664–676, https://doi.org/10.1145/3274694.3274737

  28. Kalra S, Goel S, Dhawan M, et al (2018) Zeus: Analyzing safety of smart contracts. In: Network and Distributed System Security Symposium, https://doi.org/10.14722/ndss.2018.23082

  29. Hildenbrandt E, Saxena M, Rodrigues N, et al (2018) Kevm: A complete formal semantics of the ethereum virtual machine. In: 2018 IEEE 31st Computer Security Foundations Symposium, pp 204–217, https://doi.org/10.1109/CSF.2018.00022

  30. Tikhomirov S, Voskresenskaya E, Ivanitskiy I, et al (2018) Smartcheck: Static analysis of ethereum smart contracts. In: 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain, pp 9–16

  31. Cai J, Li B, Zhang J et al (2023) Combine sliced joint graph with graph neural networks for smart contract vulnerability detection. J Syst Softw 195:111550. https://doi.org/10.1016/j.jss.2022.111550

    Article  MATH  Google Scholar 

  32. Hu T, Li B, Pan Z et al (2024) Detect defects of solidity smart contract based on the knowledge graph. IEEE Trans Reliab 73(1):186–202. https://doi.org/10.1109/TR.2023.3233999

    Article  MATH  Google Scholar 

  33. Liu L, Tsai WT, Bhuiyan MZA et al (2022) Blockchain-enabled fraud discovery through abnormal smart contract detection on ethereum. Futur Gener Comput Syst 128:158–166. https://doi.org/10.1016/j.future.2021.08.023

    Article  Google Scholar 

  34. Shakya S, Mukherjee A, Halder R, et al (2022) Smartmixmodel: Machine learning-based vulnerability detection of solidity smart contracts. In: 2022 IEEE International Conference on Blockchain, pp 37–44, https://doi.org/10.1109/Blockchain55522.2022.00016

  35. Tann WJW, Han XJ, Gupta SS, et al (2019) Towards safer smart contracts: a sequence learning approach to detecting security threats

  36. Qian P, Liu Z, He Q et al (2020) Towards automated reentrancy detection for smart contracts based on sequential models. IEEE Access 8:19685–19695. https://doi.org/10.1109/ACCESS.2020.2969429

    Article  MATH  Google Scholar 

  37. Wang W, Song J, Xu G et al (2021) Contractward: automated vulnerability detection models for ethereum smart contracts. IEEE Trans Netw Sci Eng 8(2):1133–1144. https://doi.org/10.1109/TNSE.2020.2968505

    Article  MATH  Google Scholar 

  38. Chawla NV, Bowyer KW, Hall LO et al (2002) Smote: synthetic minority over-sampling technique. J Artif Int Res 16(1):321–357

    MATH  Google Scholar 

  39. Batista GEAPA, Prati RC, Monard MC (2004) A study of the behavior of several methods for balancing machine learning training data. SIGKDD Explor Newsl 6(1):20–29. https://doi.org/10.1145/1007730.1007735

    Article  MATH  Google Scholar 

  40. Wu Z, Pan S, Chen F et al (2021) A comprehensive survey on graph neural networks. IEEE Trans Neural Netw Learn Syst 32(1):4–24. https://doi.org/10.1109/TNNLS.2020.2978386

    Article  MathSciNet  MATH  Google Scholar 

  41. Kipf TN, Welling M (2017) Semi-supervised classification with graph convolutional networks

  42. Chen H, Pendleton M, Njilla L et al (2020) A survey on ethereum systems security: vulnerabilities, attacks, and defenses. ACM Comput Surv. https://doi.org/10.1145/3391195

    Article  MATH  Google Scholar 

  43. Gao J, Liu H, Liu C, et al (2019) Easyflow: keep ethereum away from overflow. In: 2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings, pp 23–26, https://doi.org/10.1109/ICSE-Companion.2019.00029

  44. Praitheeshan P, Pan L, Yu J, et al (2020) Security analysis methods on ethereum smart contract vulnerabilities: a survey

  45. Qian P, Liu Z, Yin Y, et al (2023) Cross-modality mutual learning for enhancing smart contract vulnerability detection on bytecode. In: Proceedings of the ACM Web Conference 2023, p 2220–2229, https://doi.org/10.1145/3543507.3583367

  46. di Angelo M, Durieux T, Ferreira JF, et al (2023) SmartBugs 2.0: An execution framework for weakness detection in ethereum smart contracts. In: 38th IEEE/ACM International Conference on Automated Software Engineering, pp 2102–2105, https://doi.org/10.1109/ASE56229.2023.00060

  47. Mueller B (2017) A framework for bug hunting on the ethereum blockchain

  48. Chung J, Gulcehre C, Cho K, et al (2014) Empirical evaluation of gated recurrent neural networks on sequence modeling. https://doi.org/10.48550/arXiv.1412.3555, 1412.3555

  49. Liu Z, Qian P, Wang X et al (2023) Combining graph neural networks with expert knowledge for smart contract vulnerability detection. IEEE Trans Knowl Data Eng 35(2):1296–1310. https://doi.org/10.1109/TKDE.2021.3095196

    Article  MATH  Google Scholar 

  50. Hu T, Liu X, Chen T et al (2021) Transaction-based classification and detection approach for ethereum smart contract. Inf Process Manag 58(2):102462

    Article  MATH  Google Scholar 

  51. Hamilton WL, Ying R, Leskovec J (2017) Inductive representation learning on large graphs. In: Proceedings of the 31st International Conference on Neural Information Processing Systems, p 1025–1035

Download references

Funding

This research was conducted without any external financial support or funding.

Author information

Authors and Affiliations

  1. School of Information Science and Engineering, Yunnan University, Kunming, 650500, China

    Heming Zhu, Hao Li & Gehao Lu

Authors
  1. Heming Zhu
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Hao Li
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Gehao Lu
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

Heming Zhu, as the author, conceived and designed the study, developed the HSVDetector model, conducted the experiments, and was responsible for data collection, analysis, manuscript writing, and preparation of all figures. Gehao Lu and Hao Li, as the corresponding author, provided guidance on the research direction and reviewed and approved the final manuscript.

Corresponding authors

Correspondence to Hao Li or Gehao Lu.

Ethics declarations

Conflict of interest

The authors declare no Conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhu, H., Li, H. & Lu, G. HSVDetector: a heterogeneous semantic graph-based method for smart contract vulnerability detection. J Supercomput 81, 584 (2025). https://doi.org/10.1007/s11227-025-06951-2

Download citation

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11227-025-06951-2

Keywords