Smart Contract Vulnerability Detection Using Large Language Models and Graph Structural Analysis  

作　　者：Ra-Yeon Choi Yeji Song Minsoo Jang Taekyung Kim Jinhyun Ahn Dong-Hyuk Im 

机构地区：[1]Department of Artificial Intelligence Application,Kwangwoon University,Seoul,01897,Republic of Korea [2]Department of Artificial Intelligence Convergence,Kwangwoon University,Seoul,01897,Republic of Korea [3]Department of Big Data Analytics,KyungHee University,Seoul,02447,Republic of Korea [4]Department of Management Information Systems,Jeju National University,Jeju,63243,Republic of Korea [5]School of Information Convergence,Kwangwoon University,Seoul,01897,Republic of Korea

出　　处：《Computers, Materials & Continua》2025年第4期785-801,共17页计算机、材料和连续体(英文)

基　　金：supported by the Seoul Business Agency(SBA),funded by the Seoul Metropolitan Government,through the Seoul R&BD Program(FB240022);by the Korea Institute for Advancement of Technology(KIAT),funded by the Korea Government(MOTIE)(RS-2024-00406796);through the HRD Program for Industrial Innovation;by the Excellent Researcher Support Project of Kwangwoon University in 2024.

摘　　要：Smart contracts are self-executing programs on blockchains that manage complex business logic with transparency and integrity.However,their immutability after deployment makes programming errors particularly critical,as such errors can be exploited to compromise blockchain security.Existing vulnerability detection methods often rely on fixed rules or target specific vulnerabilities,limiting their scalability and adaptability to diverse smart contract scenarios.Furthermore,natural language processing approaches for source code analysis frequently fail to capture program flow,which is essential for identifying structural vulnerabilities.To address these limitations,we propose a novel model that integrates textual and structural information for smart contract vulnerability detection.Our approach employs the CodeBERT NLP model for textual analysis,augmented with structural insights derived from control flow graphs created using the abstract syntax tree and opcode of smart contracts.Each graph node is embedded using Sent2Vec,and centrality analysis is applied to highlight critical paths and nodes within the code.The extracted features are normalized and combined into a prompt for a large language model to detect vulnerabilities effectivel.Experimental results demonstrate the superiority of our model,achieving an accuracy of 86.70%,a recall of 84.87%,a precision of 85.24%,and an F1-score of 84.46%.These outcomes surpass existing methods,including CodeBERT alone(accuracy:81.26%,F1-score:79.84%)and CodeBERT combined with abstract syntax tree analysis(accuracy:83.48%,F1-score:79.65%).The findings underscore the effectiveness of incorporating graph structural information alongside text-based analysis,offering improved scalability and performance in detecting diverse vulnerabilities.

关 键 词：Blockchain smart contract vulnerability detection large language model 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]