Vulnerability Detection in Smart Contracts: A Comprehensive Survey
Christopher De Baets, Basem Suleiman, Armin Chitizadeh, Imran Razzak
TL;DR
The paper addresses the security of smart contracts by systematically reviewing how machine learning has been applied to vulnerability detection. It synthesizes 88 studies from 2018–2023, showing that classical ML methods often outperform static analysis, while multi-model and hybrid approaches yield the best performance in terms of precision and recall. Key contributions include a comprehensive literature repository, a taxonomy of ML approaches and vulnerabilities, and guidance on gaps and future directions to advance ML-enabled smart contract security. The study's findings have practical implications for researchers and industry practitioners seeking scalable, accurate vulnerability detection in on-chain code and bytecode, contributing to more trustworthy decentralized ecosystems.
Abstract
In the growing field of blockchain technology, smart contracts exist as transformative digital agreements that execute transactions autonomously in decentralised networks. However, these contracts face challenges in the form of security vulnerabilities, posing significant financial and operational risks. While traditional methods to detect and mitigate vulnerabilities in smart contracts are limited due to a lack of comprehensiveness and effectiveness, integrating advanced machine learning technologies presents an attractive approach to increasing effective vulnerability countermeasures. We endeavour to fill an important gap in the existing literature by conducting a rigorous systematic review, exploring the intersection between machine learning and smart contracts. Specifically, the study examines the potential of machine learning techniques to improve the detection and mitigation of vulnerabilities in smart contracts. We analysed 88 articles published between 2018 and 2023 from the following databases: IEEE, ACM, ScienceDirect, Scopus, and Google Scholar. The findings reveal that classical machine learning techniques, including KNN, RF, DT, XG-Boost, and SVM, outperform static tools in vulnerability detection. Moreover, multi-model approaches integrating deep learning and classical machine learning show significant improvements in precision and recall, while hybrid models employing various techniques achieve near-perfect performance in vulnerability detection accuracy. By integrating state-of-the-art solutions, this work synthesises current methods, thoroughly investigates research gaps, and suggests directions for future studies. The insights gathered from this study are intended to serve as a seminal reference for academics, industry experts, and bodies interested in leveraging machine learning to enhance smart contract security.