Vulnerability-Hunter: An Adaptive Feature Perception Attention Network for Smart Contract Vulnerabilities
Yizhou Chen
TL;DR
This work tackles smart contract vulnerability detection by moving beyond static, rule-based graph sampling toward an adaptive, data-driven approach. AFPNet combines a Feature Perception Module that dynamically identifies crucial vulnerability snippets with a Relationship Perception Attention Module that models dependencies among those snippets, achieving superior performance on large-scale ESC and VSC datasets (including the deduplicated ESC_R). The method attains notable F1-score gains over both rule-based and deep-learning baselines, while maintaining linear time and space complexity, and it demonstrates practical efficiency by bypassing costly compilation steps. These results suggest AFPNet’s adaptive, snippet-focused strategy yields robust SCVD performance with meaningful real-world impact for securing blockchain-based systems.
Abstract
Smart Contract Vulnerability Detection (SCVD) is crucial to guarantee the quality of blockchain-based systems. Graph neural networks have been shown to be effective in learning semantic representations of smart contract code and are commonly adopted by existing deep learning-based SCVD. However, the current methods still have limitations in their utilization of graph sampling or subgraph pooling based on predefined rules for extracting crucial components from structure graphs of smart contract code. These predefined rule-based strategies, typically designed using static rules or heuristics, demonstrate limited adaptability to dynamically adjust extraction strategies according to the structure and content of the graph in heterogeneous topologies of smart contract code. Consequently, these strategies may not possess universal applicability to all smart contracts, potentially leading to false positives or omissions. To address these problems, we propose AFPNet, a novel vulnerability detection model equipped with a feature perception module that has dynamic weights for comprehensive scanning of the entire smart contract code and automatic extraction of crucial code snippets (the $P$ snippets with the largest weights). Subsequently, the relationship perception attention module employs an attention mechanism to learn dependencies among these code snippets and detect smart contract vulnerabilities. The efforts made by AFPNet consistently enable the capture of crucial code snippets and enhance the performance of SCVD optimization. We conduct an evaluation of AFPNet in the several large-scale datasets with vulnerability labels. The experimental results show that our AFPNet significantly outperforms the state-of-the-art approach by 6.38\%-14.02\% in term of F1-score. The results demonstrate the effectiveness of AFPNet in dynamically extracting valuable information and vulnerability detection.