{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,13]],"date-time":"2026-05-13T18:13:57Z","timestamp":1778696037849,"version":"3.51.4"},"reference-count":112,"publisher":"Association for Computing Machinery (ACM)","issue":"6","license":[{"start":{"date-parts":[[2026,5,13]],"date-time":"2026-05-13T00:00:00Z","timestamp":1778630400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"Ministry of Education, Singapore under its Academic Research Fund Tier 3","award":["MOET32020-0004"],"award-info":[{"award-number":["MOET32020-0004"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Softw. Eng. Methodol."],"published-print":{"date-parts":[[2026,6,30]]},"abstract":"<jats:p>Detecting vulnerabilities in smart contracts is vital for the security and reliability of decentralized apps. To facilitate vulnerability detection, contract codes, including bug patterns, are represented as heterogeneous graphs with various nodes and edges, like control-flow and function-call graphs. However, existing graph-learning techniques struggle with large, complex graphs. This article presents MANDO-LLM, a novel framework that combines heterogeneous graph transformers (HGTs) with large language models (LLMs) for detecting vulnerabilities in smart contracts represented as heterogeneous contract graphs built upon control-flow and call graphs. MANDO-LLM uses LLMs to capture code features from control-flow and call data, customizes HGTs to learn embeddings with specific node-edge meta relations, and employs classifiers for vulnerability detection in Solidity code at both contract and line levels. Our evaluation shows that MANDO-LLM significantly outperforms existing methods on real-world large-scale imbalanced datasets, with F1-score improvements from 0.59% to 80.72% at the contract level. It is also one of the first effective methods for identifying line-level vulnerabilities, with performance boosts ranging from 3.09% to over 95% across different vulnerability types. MANDO-LLM\u2019s versatility allows easy retraining for various vulnerabilities without needing manually defined patterns.<\/jats:p>","DOI":"10.1145\/3765751","type":"journal-article","created":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T12:41:26Z","timestamp":1764765686000},"page":"1-30","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["MANDO-LLM: Heterogeneous Graph Transformers with Large Language Models for Smart Contract Vulnerability Detection"],"prefix":"10.1145","volume":"35","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-0474-187X","authenticated-orcid":false,"given":"Nhat-Minh","family":"Nguyen","sequence":"first","affiliation":[{"name":"School of Computing and Information Systems, Singapore Management University, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0611-4634","authenticated-orcid":false,"given":"Hoang H.","family":"Nguyen","sequence":"additional","affiliation":[{"name":"Center for Urban Informatics and Progress, The University of Tennessee at Chattanooga, Chattanooga, Tennessee, USA and L3S Research Center, Leibniz University Hannover, Hannover, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-8971-0648","authenticated-orcid":false,"given":"Thanh","family":"Long Le","sequence":"additional","affiliation":[{"name":"School of Information and Communication Technology, Hanoi University of Science and Technology, Hanoi, Vietnam"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1110-4756","authenticated-orcid":false,"given":"Zahra","family":"Ahmadi","sequence":"additional","affiliation":[{"name":"L3S Research Center, Leibniz University Hannover, Hannover, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-3372-430X","authenticated-orcid":false,"given":"Thanh-Nam","family":"Doan","sequence":"additional","affiliation":[{"name":"Independent Researcher, Atlanta, Georgia, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3752-0718","authenticated-orcid":false,"given":"Daoyuan","family":"Wu","sequence":"additional","affiliation":[{"name":"Lingnan University, Hong Kong, Hong Kong"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4336-8548","authenticated-orcid":false,"given":"Lingxiao","family":"Jiang","sequence":"additional","affiliation":[{"name":"School of Computing and Information Systems, Singapore Management University, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2026,5,13]]},"reference":[{"key":"e_1_3_2_2_2","doi-asserted-by":"crossref","unstructured":"Debeshee Das Noble Saji Mathews Alex Mathai Srikanth Tamilselvam Kranthi Sedamaki Sridhar Chimalakonda and Atul Kumar. 2023. COMEX: A tool for generating customized source code representations. In 38th IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE 2054\u20132057.","DOI":"10.1109\/ASE56229.2023.00010"},{"key":"e_1_3_2_3_2","unstructured":"Google. 2025. Gemini API. \\( | \\) Google AI for Developers. Retrieved from https:\/\/ai.google.dev\/gemini-api\/docs"},{"key":"e_1_3_2_4_2","unstructured":"OpenAI. 2025. OpenAI Models Documentation. Retrieved from https:\/\/platform.openai.com\/docs\/models"},{"key":"e_1_3_2_5_2","first-page":"1775","volume-title":"32nd USENIX Security Symposium (USENIX Security \u201923)","author":"Abdelaziz Tamer","year":"2023","unstructured":"Tamer Abdelaziz and Aquinas Hobor. 2023. Smart learning to find dumb contracts. In 32nd USENIX Security Symposium (USENIX Security \u201923). USENIX Association, Anaheim, CA, 1775\u20131792. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/abdelaziz"},{"key":"e_1_3_2_6_2","first-page":"1","volume-title":"International Conference on Cloud Computing, Big Data and Blockchain","author":"Alharby M.","year":"2018","unstructured":"M. Alharby, A. Aldweesh, and A. V. Moorsel. 2018. Blockchain-based smart contracts: A systematic mapping study of academic research. In International Conference on Cloud Computing, Big Data and Blockchain, 1\u20136."},{"key":"e_1_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.3390\/electronics13234616"},{"key":"e_1_3_2_8_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2995183"},{"key":"e_1_3_2_9_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2020.106897"},{"key":"e_1_3_2_10_2","unstructured":"Bigcode. 2023. StarCoder. Retrieved from https:\/\/huggingface.co\/bigcode\/starcoder"},{"key":"e_1_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.15961\/j.jsuese.202100880"},{"key":"e_1_3_2_12_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2021.106576"},{"key":"e_1_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3087402"},{"key":"e_1_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/3391195"},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-021-10018-0"},{"key":"e_1_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1145\/3436877"},{"key":"e_1_3_2_17_2","first-page":"41","volume-title":"2019 24th International Conference on Engineering of Complex Computer Systems","author":"Cheng Xiao","year":"2019","unstructured":"Xiao Cheng, Haoyu Wang, Jiayi Hua, Miao Zhang, Guoai Xu, Li Yi, and Yulei Sui. 2019. Static detection of control-flow-related vulnerabilities using graph embedding. In 2019 24th International Conference on Engineering of Complex Computer Systems. IEEE, 41\u201350."},{"key":"e_1_3_2_18_2","unstructured":"Kyunghyun Cho Bart van Merrienboer Caglar Gulcehre Dzmitry Bahdanau Fethi Bougares Holger Schwenk and Yoshua Bengio. 2014. Learning phrase representations using RNN encoder-decoder for statistical machine translation. arXiv:1406.1078. Retrieved from https:\/\/arxiv.org\/abs\/1406.1078"},{"key":"e_1_3_2_19_2","unstructured":"Consensys. 2017. Mythril Framework. Retrieved from https:\/\/github.com\/ConsenSys\/mythril"},{"key":"e_1_3_2_20_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53357-4_6"},{"key":"e_1_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1145\/3097983.3098036"},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380364"},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1207\/s15516709cog1402_1"},{"key":"e_1_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.1109\/WETSEB.2019.00008"},{"key":"e_1_3_2_25_2","doi-asserted-by":"crossref","unstructured":"Zhangyin Feng Daya Guo Duyu Tang Nan Duan Xiaocheng Feng Ming Gong Linjun Shou Bing Qin Ting Liu Daxin Jiang et al. 2020. CodeBERT: A pre-trained model for programming and natural languages. arXiv:2002.08155. Retrieved from https:\/\/arxiv.org\/abs\/2002.08155","DOI":"10.18653\/v1\/2020.findings-emnlp.139"},{"key":"e_1_3_2_26_2","first-page":"1349","volume-title":"35th IEEE\/ACM International Conference on Automated Software Engineering","author":"Ferreira Jo\u00e3o F.","year":"2020","unstructured":"Jo\u00e3o F. Ferreira, Pedro Cruz, Thomas Durieux, and Rui Abreu. 2020. SmartBugs: A framework to analyze solidity smart contracts. In 35th IEEE\/ACM International Conference on Automated Software Engineering, 1349\u20131352."},{"key":"e_1_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijinfomgt.2019.10.014"},{"key":"e_1_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.2971482"},{"key":"e_1_3_2_29_2","doi-asserted-by":"publisher","DOI":"10.1145\/3437378.3437879"},{"key":"e_1_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.1145\/3395363.3397385"},{"key":"e_1_3_2_31_2","article-title":"Ethertrust: Sound Static Analysis of Ethereum Bytecode","author":"Grishchenko Ilya","year":"2018","unstructured":"Ilya Grishchenko, Matteo Maffei, and Clara Schneidewind. 2018. Ethertrust: Sound Static Analysis of Ethereum Bytecode. Technical Report. Technische Universit\u00e4t Wien.","journal-title":"Technische Universit\u00e4t Wien"},{"key":"e_1_3_2_32_2","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1007\/978-3-319-96145-3_4","volume-title":"International Conference on Computer Aided Verification","author":"Grishchenko Ilya","year":"2018","unstructured":"Ilya Grishchenko, Matteo Maffei, and Clara Schneidewind. 2018. Foundations and tools for the static analysis of ethereum smart contracts. In International Conference on Computer Aided Verification. Springer, 51\u201378."},{"key":"e_1_3_2_33_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-89722-6_10"},{"key":"e_1_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939754"},{"key":"e_1_3_2_35_2","unstructured":"Daya Guo Shuai Lu Nan Duan Yanlin Wang Ming Zhou and Jian Yin. 2022. UniXcoder: Unified cross-modal pre-training for code representation. arXiv:2203.03850. Retrieved from https:\/\/arxiv.org\/abs\/2203.03850"},{"key":"e_1_3_2_36_2","unstructured":"Daya Guo Shuo Ren Shuai Lu Zhangyin Feng Duyu Tang Shujie Liu Long Zhou Nan Duan Alexey Svyatkovskiy Shengyu Fu et al. 2020. GraphCodeBERT: Pre-training code representations with data flow. arXiv:2009.08366. Retrieved from https:\/\/arxiv.org\/abs\/2009.08366"},{"key":"e_1_3_2_37_2","doi-asserted-by":"publisher","DOI":"10.19363\/J.cnki.cn10-1380\/tn.2020.05.08"},{"key":"e_1_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2018.00022"},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1162\/neco.1997.9.8.1735"},{"key":"e_1_3_2_40_2","unstructured":"Joran Honig. [n.\u2009d.]. Solidity Grammar for Tree-Sitter. Retrieved from https:\/\/github.com\/JoranHonig\/tree-sitter-solidity"},{"key":"e_1_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380027"},{"key":"e_1_3_2_42_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2024.3457162"},{"key":"e_1_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1145\/3457913.3457920"},{"key":"e_1_3_2_44_2","unstructured":"hululuzhu. [n\u2009d.]. T5 Model for Solidity (Web3 Smart Contract). Retrieved from https:\/\/huggingface.co\/hululuzhu\/solidity-t5"},{"key":"e_1_3_2_45_2","unstructured":"Hamel Husain Ho-Hsiang Wu Tiferet Gazit Miltiadis Allamanis and Marc Brockschmidt. 2020. CodeSearchNet challenge: Evaluating the state of semantic code search. arXiv:1909.09436. Retrieved from https:\/\/arxiv.org\/abs\/1909.09436"},{"key":"e_1_3_2_46_2","unstructured":"Andrei Ivanov. 2023. Alternative Reference Deep Graph Library (DGL) Implementation. Retrieved from https:\/\/github.com\/dmlc\/dgl\/tree\/master\/examples\/pytorch\/hgt"},{"key":"e_1_3_2_47_2","article-title":"SmartConDetect: Highly accurate smart contract code vulnerability detection mechanism using BERT","author":"Jeon Sowon","year":"2021","unstructured":"Sowon Jeon, Gilhee Lee, Hyoungshick Kim, and Simon S. Woo. 2021. SmartConDetect: Highly accurate smart contract code vulnerability detection mechanism using BERT. In 2021 KDD Workshop on Programming Language Processing (PLP).","journal-title":"In 2021 KDD Workshop on Programming Language Processing"},{"key":"e_1_3_2_48_2","doi-asserted-by":"publisher","DOI":"10.1109\/QRS54544.2021.00102"},{"key":"e_1_3_2_49_2","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238177"},{"key":"e_1_3_2_50_2","doi-asserted-by":"crossref","first-page":"1695","DOI":"10.1109\/SP40000.2020.00066","volume-title":"2020 IEEE Symposium on Security and Privacy (SP)","author":"Jiao Jiao","year":"2020","unstructured":"Jiao Jiao, Shuanglong Kan, Shang-Wei Lin, David Sanan, Yang Liu, and Jun Sun. 2020. Semantic understanding of smart contracts: Executable operational semantics of solidity. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 1695\u20131712."},{"key":"e_1_3_2_51_2","article-title":"Variational graph auto-encoders","author":"Kipf Thomas N.","year":"2016","unstructured":"Thomas N. Kipf and Max Welling. 2016. Variational graph auto-encoders. In NIPS Workshop on Bayesian Deep Learning.","journal-title":"NIPS Workshop on Bayesian Deep Learning"},{"key":"e_1_3_2_52_2","unstructured":"Denis Kocetkov Raymond Li Loubna Ben Allal Jia Li Chenghao Mou Carlos Mu\u00f1oz Ferrandis Yacine Jernite Margaret Mitchell Sean Hughes Thomas Wolf et al. 2022. The stack: 3 TB of permissively licensed source code. arXiv: 2211.15533. Retrieved from https:\/\/arxiv.org\/abs\/2211.15533"},{"key":"e_1_3_2_53_2","doi-asserted-by":"crossref","unstructured":"Taku Kudo and John Richardson. 2018. SentencePiece: A simple and language independent subword tokenizer and detokenizer for neural text processing. arXiv:1808.06226. Retrieved from http:\/\/arxiv.org\/abs\/1808.06226","DOI":"10.18653\/v1\/D18-2012"},{"key":"e_1_3_2_54_2","unstructured":"Raymond Li Loubna Ben Allal Yangtian Zi Niklas Muennighoff Denis Kocetkov Chenghao Mou Marc Marone Christopher Akiki Jia Li Jenny Chim et al. 2023. StarCoder: May the source be with you! arXiv:2305.06161. Retrieved from https:\/\/arxiv.org\/abs\/2305.06161"},{"key":"e_1_3_2_55_2","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468597"},{"key":"e_1_3_2_56_2","unstructured":"Zhiyu Li Shuai Lu Daya Guo Nan Duan Shailesh Jannu Grant Jenks Deep Majumder Jared Green Alexey Svyatkovskiy Shengyu Fu et al. 2022. Automating code review activities by large-scale pre-training. arXiv:2203.09095. Retrieved from https:\/\/arxiv.org\/abs\/2203.09095"},{"key":"e_1_3_2_57_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3076142"},{"key":"e_1_3_2_58_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3051525"},{"key":"e_1_3_2_59_2","volume-title":"The Network and Distributed System Security Symposium","author":"Li Zhen","year":"2018","unstructured":"Zhen Li, Deqing Zou, Shouhuai Xu, Xinyu Ou, Hai Jin, Sujuan Wang, Zhijun Deng, and Yuyi Zhong. 2018. VulDeePecker: A deep learning-based system for vulnerability detection. In The Network and Distributed System Security Symposium."},{"key":"e_1_3_2_60_2","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3417939"},{"key":"e_1_3_2_61_2","unstructured":"Zhenguang Liu Peng Qian Xiang Wang Lei Zhu Qinming He and Shouling Ji. 2021. Smart contract vulnerability detection: From pure neural network to interpretable graph feature and expert pattern fusion. arXiv:2106.09282. Retrieved from https:\/\/arxiv.org\/abs\/2106.09282"},{"key":"e_1_3_2_62_2","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2021.3095196"},{"key":"e_1_3_2_63_2","first-page":"254","volume-title":"The ACM SIGSAC Conference on Computer and Communications Security","author":"Luu Loi","year":"2016","unstructured":"Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making smart contracts smarter. In The ACM SIGSAC Conference on Computer and Communications Security, 254\u2013269."},{"key":"e_1_3_2_64_2","first-page":"1186","volume-title":"The 34th IEEE\/ACM International Conference on Automated Software Engineering","author":"Mossberg Mark","year":"2019","unstructured":"Mark Mossberg, Felipe Manzano, Eric Hennenfent, Alex Groce, Gustavo Grieco, Josselin Feist, Trent Brunson, and Artem Dinaburg. 2019. Manticore: A user-friendly symbolic execution framework for binaries and smart contracts. In The 34th IEEE\/ACM International Conference on Automated Software Engineering, 1186\u20131189."},{"key":"e_1_3_2_65_2","first-page":"2","volume-title":"9th Annual HITB Security Conference","author":"Mueller Bernhard","year":"2018","unstructured":"Bernhard Mueller. 2018. Smashing smart contracts for fun and real profit. In 9th Annual HITB Security Conference, 2\u201351."},{"key":"e_1_3_2_66_2","unstructured":"Dominik Muhs. 2024. Smart Contract Weakness Classification (SWC). Retrieved from https:\/\/swcregistry.io"},{"key":"e_1_3_2_67_2","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3558927"},{"key":"e_1_3_2_68_2","volume-title":"9th IEEE International Conference on Data Science and Advanced Analytics (DSAA)","author":"Nguyen Hoang H.","year":"2022","unstructured":"Hoang H. Nguyen, Nhat-Minh Nguyen, Chunyao Xie, Zahra Ahmadi, Daniel Kudendo, Thanh-Nam Doan, and Lingxiao Jiang. 2022. MANDO: Multi-level heterogeneous graph embeddings for Fine-Grained detection of smart contract vulnerabilities. In 9th IEEE International Conference on Data Science and Advanced Analytics (DSAA)."},{"key":"e_1_3_2_69_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSR59073.2023.00052"},{"key":"e_1_3_2_70_2","doi-asserted-by":"crossref","first-page":"778","DOI":"10.1145\/3377811.3380334","volume-title":"The ACM\/IEEE 42nd International Conference on Software Engineering","author":"Nguyen Tai D.","year":"2020","unstructured":"Tai D. Nguyen, Long H. Pham, Jun Sun, Yun Lin, and Quang Tran Minh. 2020. Sfuzz: An efficient adaptive fuzzer for solidity smart contracts. In The ACM\/IEEE 42nd International Conference on Software Engineering, 778\u2013788."},{"key":"e_1_3_2_71_2","volume-title":"International Conference on Learning Representations","author":"Nijkamp Erik","year":"2023","unstructured":"Erik Nijkamp, Hiroaki Hayashi, Caiming Xiong, Silvio Savarese, and Yingbo Zhou. 2023. CodeGen2: Lessons for training LLMs on programming and natural languages. In International Conference on Learning Representations."},{"key":"e_1_3_2_72_2","volume-title":"International Conference on Learning Representations","author":"Nijkamp Erik","year":"2023","unstructured":"Erik Nijkamp, Bo Pang, Hiroaki Hayashi, Lifu Tu, Huan Wang, Yingbo Zhou, Silvio Savarese, and Caiming Xiong. 2023. CodeGen: An open large language model for code with multi-turn program synthesis. In International Conference on Learning Representations."},{"key":"e_1_3_2_73_2","first-page":"912","volume-title":"26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering","author":"Park Daejun","year":"2018","unstructured":"Daejun Park, Yi Zhang, Manasvi Saxena, Philip Daian, and Grigore Ro\u015fu. 2018. A formal verification tool for ethereum VM bytecode. In 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 912\u2013915."},{"key":"e_1_3_2_74_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00024"},{"key":"e_1_3_2_75_2","unstructured":"Colin Raffel Noam Shazeer Adam Roberts Katherine Lee Sharan Narang Michael Matena Yanqi Zhou Wei Li and Peter J. Liu. 2019. Exploring the limits of transfer learning with a unified text-to-text transformer. arXiv:1910.10683. Retrieved from http:\/\/arxiv.org\/abs\/1910.10683"},{"key":"e_1_3_2_76_2","doi-asserted-by":"crossref","unstructured":"Michael Rodler Wenting Li Ghassan O. Karame and Lucas Davi. 2018. Sereum: Protecting existing smart contracts against re-entrancy attacks. arXiv:1812.05934. Retrieved from https:\/\/arxiv.org\/abs\/1812.05934","DOI":"10.14722\/ndss.2019.23413"},{"key":"e_1_3_2_77_2","first-page":"757","volume-title":"17th IEEE International Conference on Machine Learning and Applications (ICMLA)","author":"Russell Rebecca","year":"2018","unstructured":"Rebecca Russell, Louis Kim, Lei Hamilton, Tomo Lazovich, Jacob Harer, Onur Ozdemir, Paul Ellingwood, and Marc McConley. 2018. Automated vulnerability detection in source code using deep representation learning. In 17th IEEE International Conference on Machine Learning and Applications (ICMLA), 757\u2013762."},{"key":"e_1_3_2_78_2","unstructured":"Saleforce. [n.\u2009d.]. CodeT5 Plus. Retrieved from https:\/\/huggingface.co\/Salesforce\/codet5p-770m"},{"key":"e_1_3_2_79_2","first-page":"593","volume-title":"15th International Conference on the Semantic Web (ESWC \u201918)","author":"Schlichtkrull Michael","year":"2018","unstructured":"Michael Schlichtkrull, Thomas N. Kipf, Peter Bloem, Rianne Van Den Berg, Ivan Titov, and Max Welling. 2018. Modeling relational data with graph convolutional networks. In 15th International Conference on the Semantic Web (ESWC \u201918). Springer, 593\u2013607."},{"key":"e_1_3_2_80_2","first-page":"621","volume-title":"2020 ACM SIGSAC Conference on Computer and Communications Security","author":"Schneidewind Clara","year":"2020","unstructured":"Clara Schneidewind, Ilya Grishchenko, Markus Scherer, and Matteo Maffei. 2020. Ethor: Practical and provably sound static analysis of ethereum smart contracts. In 2020 ACM SIGSAC Conference on Computer and Communications Security, 621\u2013640."},{"key":"e_1_3_2_81_2","unstructured":"Rico Sennrich Barry Haddow and Alexandra Birch. 2015. Neural machine translation of rare words with subword units. arXiv:1508.07909. Retrieved from http:\/\/arxiv.org\/abs\/1508.07909"},{"key":"e_1_3_2_82_2","first-page":"1361","volume-title":"30th USENIX Security Symposium","author":"So Sunbeom","year":"2021","unstructured":"Sunbeom So, Seongjoon Hong, and Hakjoo Oh. 2021. \\(SmarTest\\) : Effectively hunting vulnerable transaction sequences in smart contracts through language model-guided symbolic execution. In 30th USENIX Security Symposium, 1361\u20131378."},{"key":"e_1_3_2_83_2","unstructured":"Yuqiang Sun Daoyuan Wu Yue Xue Han Liu Haijun Wang Zhengzi Xu Xiaofei Xie and Yang Liu. 2023. When GPT meets program analysis: Towards intelligent detection of smart contract logic vulnerabilities in GPTScan. arXiv:2308.03314. Retrieved from https:\/\/arxiv.org\/abs\/2308.03314"},{"key":"e_1_3_2_84_2","volume-title":"24th International Conference on World Wide Web","author":"Tang Jian","year":"2015","unstructured":"Jian Tang, Meng Qu, Mingzhe Wang, Ming Zhang, Jun Yan, and Qiaozhu Mei. 2015. Line: Large-scale information network embedding. In 24th International Conference on World Wide Web."},{"key":"e_1_3_2_85_2","first-page":"9","volume-title":"The 1st International Workshop on Emerging Trends in Software Engineering for Blockchain","author":"Tikhomirov Sergei","year":"2018","unstructured":"Sergei Tikhomirov, Ekaterina Voskresenskaya, Ivan Ivanitskiy, Ramil Takhaviev, Evgeny Marchenko, and Yaroslav Alexandrov. 2018. SmartCheck: Static analysis of ethereum smart contracts. In The 1st International Workshop on Emerging Trends in Software Engineering for Blockchain, 9\u201316."},{"key":"e_1_3_2_86_2","doi-asserted-by":"publisher","DOI":"10.1145\/3464421"},{"key":"e_1_3_2_87_2","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274737"},{"key":"e_1_3_2_88_2","first-page":"1591","volume-title":"28th USENIX Security Symposium (USENIX Security \u201919)","author":"Torres Christof Ferreira","year":"2019","unstructured":"Christof Ferreira Torres, Mathis Steichen, and Radu State. 2019. The art of the scam: Demystifying honeypots in ethereum smart contracts. In 28th USENIX Security Symposium (USENIX Security \u201919), 1591\u20131607."},{"key":"e_1_3_2_89_2","unstructured":"tree sitter. [n\u2009d.]. Parser Generator Tool and an Incremental Parsing Library. Retrieved from https:\/\/tree-sitter.github.io\/tree-sitter\/"},{"key":"e_1_3_2_90_2","volume-title":"25th ACM Conference on Computer and Communications Security","author":"Tsankov Petar","year":"2018","unstructured":"Petar Tsankov, Andrei Dan, Dana Drachsler Cohen, Arthur Gervais, Florian Buenzli, and Martin Vechev. 2018. Securify: Practical security analysis of smart contracts. In 25th ACM Conference on Computer and Communications Security."},{"key":"e_1_3_2_91_2","first-page":"5998","article-title":"Attention is all you need","author":"Vaswani Ashish","year":"2017","unstructured":"Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N. Gomez, \u0141ukasz Kaiser, and Illia Polosukhin. 2017. Attention is all you need. In Advances in Neural Information Processing Systems, 5998\u20136008.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_92_2","volume-title":"International Conference on Learning Representations","author":"Veli\u010dkovi\u0107 Petar","year":"2018","unstructured":"Petar Veli\u010dkovi\u0107, Guillem Cucurull, Arantxa Casanova, Adriana Romero, Pietro Li\u00f2, and Yoshua Bengio. 2018. Graph attention networks. In International Conference on Learning Representations."},{"key":"e_1_3_2_93_2","doi-asserted-by":"crossref","first-page":"173","DOI":"10.1109\/DSA51864.2020.00031","volume-title":"2020 7th International Conference on Dependable Systems and Their Applications (DSA)","author":"Wang Anqi","year":"2020","unstructured":"Anqi Wang, Hao Wang, Bo Jiang, and Wing Kwong Chan. 2020. Artemis: An improved smart contract verification tool for vulnerability detection. In 2020 7th International Conference on Dependable Systems and Their Applications (DSA). IEEE, 173\u2013181."},{"key":"e_1_3_2_94_2","unstructured":"Jiexin Wang Liuwen Cao Xitong Luo Zhiping Zhou Jiayuan Xie Adam Jatowt and Yi Cai. 2023. Enhancing large language models for secure code generation: A dataset-driven study on vulnerability mitigation. arXiv:2310.16263. Retrieved from https:\/\/arxiv.org\/abs\/2310.16263"},{"key":"e_1_3_2_95_2","doi-asserted-by":"publisher","DOI":"10.1145\/3308558.3313562"},{"key":"e_1_3_2_96_2","doi-asserted-by":"crossref","unstructured":"Yue Wang Weishi Wang Shafiq Joty and Steven C. H. Hoi. 2021. CodeT5: Identifier-aware unified pre-trained encoder-decoder models for code understanding and generation. arXiv:2109.00859. Retrieved from https:\/\/arxiv.org\/abs\/2109.00859","DOI":"10.18653\/v1\/2021.emnlp-main.685"},{"key":"e_1_3_2_97_2","first-page":"747","volume-title":"European Symposium on Research in Computer Security","author":"Weiss Konrad","year":"2019","unstructured":"Konrad Weiss and Julian Sch\u00fctte. 2019. Annotary: A concolic execution system for developing secure smart contracts. In European Symposium on Research in Computer Security. Springer, 747\u2013766."},{"key":"e_1_3_2_98_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2023.3340267"},{"key":"e_1_3_2_99_2","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2020.emnlp-demos.6"},{"key":"e_1_3_2_100_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2016.2521368"},{"key":"e_1_3_2_101_2","volume-title":"The 32nd International Symposium on Software Reliability Engineering","author":"Wu Hongjun","year":"2021","unstructured":"Hongjun Wu, Zhuo Zhang, Shangwen Wang, Yan Lei, Bo Lin, Yihao Qin, Haoyu Zhang, and Xiaoguang Mao. 2021. Peculiar: Smart contract vulnerability detection based on crucial data flow graph and pre-training techniques. In The 32nd International Symposium on Software Reliability Engineering."},{"key":"e_1_3_2_102_2","volume-title":"2022 IEEE\/ACM 44th International Conference on Software Engineering (ICSE)","author":"Wu Yueming","year":"2022","unstructured":"Yueming Wu, Deqing Zou, Shihan Dou, Wei Yang, Duo Xu, and Hai Jin. 2022. VulCNN: An image-inspired scalable vulnerability detection system. In 2022 IEEE\/ACM 44th International Conference on Software Engineering (ICSE)."},{"key":"e_1_3_2_103_2","first-page":"1029","volume-title":"2020 35th IEEE\/ACM International Conference on Automated Software Engineering (ASE)","author":"Xue Yinxing","year":"2020","unstructured":"Yinxing Xue, Mingliang Ma, Yun Lin, Yulei Sui, Jiaming Ye, and Tianyong Peng. 2020. Cross-contract static analysis for detecting practical reentrancy vulnerabilities in smart contracts. In 2020 35th IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE, 1029\u20131040."},{"key":"e_1_3_2_104_2","doi-asserted-by":"publisher","DOI":"10.1145\/3450352"},{"key":"e_1_3_2_105_2","volume-title":"2022 IEEE\/ACM 30th International Conference on Program Comprehension (ICPC)","author":"Zhang Kechi","year":"2022","unstructured":"Kechi Zhang, Wenhan Wang, Huangzhao Zhang, Ge Li, and Zhi Jin. 2022. Learning to represent programs with heterogeneous graphs. In 2022 IEEE\/ACM 30th International Conference on Program Comprehension (ICPC)."},{"key":"e_1_3_2_106_2","unstructured":"Shichang Zhang Neil Shah Yozen Liu and Yizhou Sun. 2022. Explaining graph-level predictions with communication structure-aware cooperative games. arXiv:2201.12380. Retrieved from https:\/\/arxiv.org\/abs\/2201.12380"},{"key":"e_1_3_2_107_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2023.3279125"},{"key":"e_1_3_2_108_2","first-page":"585","article-title":"GAN-enabled code embedding for reentrant vulnerabilities detection","author":"Zhao Hui","year":"2021","unstructured":"Hui Zhao, Peng Su, Yihang Wei, Keke Gai, and Meikang Qiu. 2021. GAN-enabled code embedding for reentrant vulnerabilities detection. In International Conference on Knowledge Science, Engineering and Management, 585\u2013597.","journal-title":"International Conference on Knowledge Science, Engineering and Management"},{"key":"e_1_3_2_109_2","doi-asserted-by":"crossref","unstructured":"Qinkai Zheng Xiao Xia Xu Zou Yuxiao Dong Shan Wang Yufei Xue Zihan Wang Lei Shen Andi Wang Yang Li et al. 2023. CodeGeeX: A pre-trained model for code generation with multilingual evaluations on HumanEval-X. arXiv:2303.17568. Retrieved from https:\/\/arxiv.org\/abs\/2303.17568","DOI":"10.1145\/3580305.3599790"},{"key":"e_1_3_2_110_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2024.3383422"},{"key":"e_1_3_2_111_2","unstructured":"Li Zhong and Zilong Wang. 2023. Can ChatGPT replace StackOverflow? A study on robustness and reliability of large language model code generation. arXiv:2308.10335. Retrieved from https:\/\/arxiv.org\/abs\/2308.10335"},{"key":"e_1_3_2_112_2","article-title":"Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks","volume":"32","author":"Zhou Yaqin","year":"2019","unstructured":"Yaqin Zhou, Shangqing Liu, Jingkai Siow, Xiaoning Du, and Yang Liu. 2019. Devign: Effective vulnerability identification by learning comprehensive program semantics via graph neural networks. In Advances in Neural Information Processing Systems, Vol. 32.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_113_2","first-page":"3283","volume-title":"29th International Conference on International Joint Conferences on Artificial Intelligence","author":"Zhuang Yuan","year":"2021","unstructured":"Yuan Zhuang, Zhenguang Liu, Peng Qian, Qi Liu, Xiang Wang, and Qinming He. 2021. Smart contract vulnerability detection using graph neural networks. In 29th International Conference on International Joint Conferences on Artificial Intelligence, 3283\u20133290."}],"container-title":["ACM Transactions on Software Engineering and Methodology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3765751","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,13]],"date-time":"2026-05-13T17:27:42Z","timestamp":1778693262000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3765751"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,5,13]]},"references-count":112,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2026,6,30]]}},"alternative-id":["10.1145\/3765751"],"URL":"https:\/\/doi.org\/10.1145\/3765751","relation":{},"ISSN":["1049-331X","1557-7392"],"issn-type":[{"value":"1049-331X","type":"print"},{"value":"1557-7392","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,5,13]]},"assertion":[{"value":"2024-12-11","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-07-27","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2026-05-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}