The Best of Both Worlds: Integrating Semantic Features with Expert Features for Smart Contract Vulnerability Detection

Over the past few years, smart contract suffers from serious security threats of vulnerabilities, resulting in enormous economic losses. What's worse, due to the immutable and irreversible features, vulnerable smart contracts which have been deployed in the the blockchain can only be detected rather than fixed. Conventional approaches heavily rely on hand-crafted vulnerability rules, which is time-consuming and difficult to cover all the cases. Recent deep learning approaches alleviate this issue but fail to explore the integration of them together to boost the smart contract vulnerability detection yet. Therefore, we propose to build a novel model, SmartFuSE, for the smart contract vulnerability detection by leveraging the best of semantic features and expert features. SmartFuSE performs static analysis to respectively extract vulnerability-specific expert patterns and joint graph structures at the function-level to frame the rich program semantics of vulnerable code, and leverages a novel graph neural network with the hybrid attention pooling layer to focus on critical vulnerability features. To evaluate the effectiveness of our proposed SmartFuSE, we conducted extensive experiments on 40k contracts in two benchmarks. The experimental results demonstrate that SmartFuSE can significantly outperform state-of-the-art analysis-based and DL-based detectors.