Blockchain systems have become fundamental infrastructures in various domains such as finance, supply chain, and governance. However, smart contracts, as the software backbone of these systems, face increasing security threats that can lead to severe economic and operational losses. Existing research has made progress in improving contract security, yet most efforts focus on Solidity-based contracts, leaving the unique semantics and concurrency patterns of Go-based smart contracts underexplored. To address this gap, we propose a vulnerability detection framework specifically tailored for Go-based smart contracts. Our approach integrates function-level semantic embeddings derived from GraphCodeBERT with structural representations based on function call graphs (FCGs), including graph neural networks (GNNs) such as GCN, GAT, GATv2, GIN, and GraphSAGE for vulnerability classification. We propose SAGAT++, an attention-enhanced GNN that combines inductive aggregation with multi-head attention to effectively capture semantic interactions between functions. Experiments on a custom Go contract dataset show that our method outperforms baseline models across multiple vulnerability categories, confirming its effectiveness.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Multi-label Vulnerability Detection for Go Smart Contracts with Call Graphs and Semantic Code Embeddings

  • Chunkai Wu,
  • Hengyang Wu,
  • Bingrong Dai,
  • Jianhui Yang,
  • Jia Wu

摘要

Blockchain systems have become fundamental infrastructures in various domains such as finance, supply chain, and governance. However, smart contracts, as the software backbone of these systems, face increasing security threats that can lead to severe economic and operational losses. Existing research has made progress in improving contract security, yet most efforts focus on Solidity-based contracts, leaving the unique semantics and concurrency patterns of Go-based smart contracts underexplored. To address this gap, we propose a vulnerability detection framework specifically tailored for Go-based smart contracts. Our approach integrates function-level semantic embeddings derived from GraphCodeBERT with structural representations based on function call graphs (FCGs), including graph neural networks (GNNs) such as GCN, GAT, GATv2, GIN, and GraphSAGE for vulnerability classification. We propose SAGAT++, an attention-enhanced GNN that combines inductive aggregation with multi-head attention to effectively capture semantic interactions between functions. Experiments on a custom Go contract dataset show that our method outperforms baseline models across multiple vulnerability categories, confirming its effectiveness.