{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,30]],"date-time":"2026-04-30T18:43:18Z","timestamp":1777574598649,"version":"3.51.4"},"reference-count":49,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2024,10,11]],"date-time":"2024-10-11T00:00:00Z","timestamp":1728604800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2024,10,11]],"date-time":"2024-10-11T00:00:00Z","timestamp":1728604800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"the Major Program of Natural Science Foundation of Zhejiang Province","award":["LD22F020002"],"award-info":[{"award-number":["LD22F020002"]}]},{"DOI":"10.13039\/501100001809","name":"the National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62372410"],"award-info":[{"award-number":["62372410"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"the National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U22B2028"],"award-info":[{"award-number":["U22B2028"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"the Zhejiang Provincial Natural Science Foundation of China","award":["LZ23F020011"],"award-info":[{"award-number":["LZ23F020011"]}]},{"name":"the Fundamental Research Funds for the Provincial Universities of Zhejiang","award":["RF-A2023009"],"award-info":[{"award-number":["RF-A2023009"]}]},{"name":"the Key R&D Projects in Zhejiang Province","award":["2021C01117"],"award-info":[{"award-number":["2021C01117"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Smart contracts have significant losses due to various types of vulnerabilities. However, traditional vulnerability detection methods rely extensively on expert rules, resulting in low detection accuracy and poor adaptability to novel attacks. To address these problems, in this paper, deep learning methods are combined with smart contract vulnerability code detection approaches. Abstract syntax trees (ASTs), which are special isomorphic graph structures, are an important bridge between source code and graph neural networks. By learning the AST, the model can understand the semantics of the source code. Moreover, graph neural networks have an increasing ability to address complex heterogeneous graphs. Therefore, control flow graphs are fused with data flow graphs on the basis of the ASTs to build heterogeneous graphs with richer code semantics. Furthermore, multigranularity analysis of the vulnerability detection results is performed, including coarse-grained contract-level vulnerability detection and fine-grained line-level vulnerability detection. Through this multigranularity detection approach, vulnerabilities in contracts can be identified and analysed more comprehensively, providing a richer perspective and more solutions for vulnerability detection. The experimental results show that the proposed multigranularity vulnerability detection method based on heterogeneous graphs (MVD-HG) improves both the accuracy and range of the detected vulnerability types in contract-level vulnerability detection tasks; moreover, in the line-level vulnerability detection task, the MVD-HG model achieves significant results and addresses the shortcomings of existing methods. In addition, based on code generation methods used in related fields, a data enhancement method based on the source code is developed, which effectively expands the experimental dataset to address the reduced credibility of the results due to insufficient amounts of data.<\/jats:p>","DOI":"10.1186\/s42400-024-00245-5","type":"journal-article","created":{"date-parts":[[2024,10,11]],"date-time":"2024-10-11T01:01:47Z","timestamp":1728608507000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["MVD-HG: multigranularity smart contract vulnerability detection method based on heterogeneous graphs"],"prefix":"10.1186","volume":"7","author":[{"given":"Jingjie","family":"Xu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ting","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mingqi","family":"Lv","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4664-3311","authenticated-orcid":false,"given":"Tieming","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tiantian","family":"Zhu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Baiyang","family":"Ji","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,10,11]]},"reference":[{"key":"245_CR1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2021.106576","volume":"136","author":"S Cao","year":"2021","unstructured":"Cao S, Sun X, Bo L, Wei Y, Li B (2021) BGNN4VD: constructing bidirectional graph neural-network for vulnerability detection. Inf Softw Technol 136:106576","journal-title":"Inf Softw Technol"},{"key":"245_CR2","unstructured":"Consensys (2022) Consensys\/mythril: security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. https:\/\/github.com\/Consensys\/mythril"},{"key":"245_CR3","unstructured":"Crytic (2022) crytic\/solc-select: Manage and switch between Solidity compiler versions. https:\/\/github.com\/crytic\/solc-select"},{"key":"245_CR4","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2023.107168","volume":"158","author":"Y Dong","year":"2023","unstructured":"Dong Y, Tang Y, Cheng X, Yang Y, Wang S (2023) SEDSVD: statement-level software vulnerability detection based on relational graph convolutional network with subgraph embedding. Inf Softw Technol 158:107168","journal-title":"Inf Softw Technol"},{"key":"245_CR5","doi-asserted-by":"crossref","unstructured":"Durieux T, Ferreira JF, Abreu R, Cruz P (2020) Empirical review of automated analysis tools on 47,587 Ethereum smart contracts. In: Proceedings of the ACM\/IEEE 42nd international conference on software engineering, pp 530\u2013541","DOI":"10.1145\/3377811.3380364"},{"key":"245_CR6","unstructured":"ethereum (2022) Contracts\u2014Solidity 0.8.22 documentation. https:\/\/docs.soliditylang.org\/en\/latest\/contracts.html#fallback-function"},{"key":"245_CR7","doi-asserted-by":"crossref","unstructured":"Fan Y, Shang S, Ding X (2021) Smart contract vulnerability detection based on dual attention graph convolutional network. In: Collaborative computing: networking, applications and worksharing: 17th EAI international conference, CollaborateCom 2021, Virtual Event, October 16\u201318, 2021, Proceedings, Part II 17. Springer, pp 335\u2013351","DOI":"10.1007\/978-3-030-92638-0_20"},{"key":"245_CR8","doi-asserted-by":"crossref","unstructured":"Feist J, Grieco G, Groce A (2019) Slither: a static analysis framework for smart contracts. In: 2019 IEEE\/ACM 2nd international workshop on emerging trends in software engineering for blockchain (WETSEB). IEEE, pp 8\u201315","DOI":"10.1109\/WETSEB.2019.00008"},{"key":"245_CR9","doi-asserted-by":"crossref","unstructured":"Ferreira JF, Cruz P, Durieux T, Abreu R (2020) SmartBugs: a framework to analyze solidity smart contracts. In: Proceedings of the 35th IEEE\/ACM international conference on automated software engineering, pp 1349\u20131352","DOI":"10.1145\/3324884.3415298"},{"key":"245_CR10","unstructured":"Grishchenko I, Maffei M, Schneidewind C (2018) EtherTrust: sound static analysis of Ethereum bytecode. Technische Universit\u00e4t Wien, technical report, pp 1\u201341"},{"key":"245_CR11","doi-asserted-by":"crossref","unstructured":"Hildenbrandt E, Saxena M, Rodrigues N, Zhu X, Daian P, Guth D, Moore B, Park D, Zhang Y, Stefanescu A (2018) KEVM: a complete formal semantics of the Ethereum virtual machine. In: 2018 IEEE 31st computer security foundations symposium (CSF). IEEE, pp 204\u2013217","DOI":"10.1109\/CSF.2018.00022"},{"key":"245_CR12","doi-asserted-by":"crossref","unstructured":"Hu B, Zhang Z, Liu J, Liu Y, Yin J, Lu R, Lin X (2021) A comprehensive survey on smart contract construction and execution: paradigms, tools, and systems. Patterns 2(2)","DOI":"10.1016\/j.patter.2020.100179"},{"key":"245_CR13","unstructured":"Jeon S, Lee G, Kim H, Woo SS (2021) SmartConDetect: highly accurate smart contract code vulnerability detection mechanism using BERT. In: KDD workshop on programming language processing"},{"key":"245_CR14","doi-asserted-by":"crossref","unstructured":"Jiang F, Cao Y, Xiao J, Yi H, Lei G, Liu M, Deng S, Wang H (2022) VDDL: a deep learning-based vulnerability detection model for smart contracts. In: International conference on machine learning for cyber security. Springer, pp 72\u201386","DOI":"10.1007\/978-3-031-20096-0_6"},{"key":"245_CR15","doi-asserted-by":"crossref","unstructured":"Jiang B, Liu Y, Chan WK (2018) ContractFuzzer: fuzzing smart contracts for vulnerability detection. In: Proceedings of the 33rd ACM\/IEEE international conference on automated software engineering, pp 259\u2013269","DOI":"10.1145\/3238147.3238177"},{"key":"245_CR16","doi-asserted-by":"crossref","unstructured":"Kalra S, Goel S, Dhawan M, Sharma S (2018) Zeus: analyzing safety of smart contracts. In: Ndss, pp 1\u201312","DOI":"10.14722\/ndss.2018.23082"},{"key":"245_CR17","unstructured":"Kipf TN, Welling M (2016) Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907"},{"key":"245_CR18","unstructured":"Li J (2023) Metamorphic testing for smart contract vulnerabilities detection. arXiv preprint arXiv:2303.03179"},{"key":"245_CR19","doi-asserted-by":"publisher","first-page":"116309","DOI":"10.1109\/ACCESS.2019.2936948","volume":"7","author":"H Liang","year":"2019","unstructured":"Liang H, Sun L, Wang M, Yang Y (2019) Deep learning with customized abstract syntax tree for bug localization. IEEE Access 7:116309\u2013116320","journal-title":"IEEE Access"},{"issue":"7","key":"245_CR20","doi-asserted-by":"publisher","first-page":"3289","DOI":"10.1109\/TII.2018.2821768","volume":"14","author":"G Lin","year":"2018","unstructured":"Lin G, Zhang J, Luo W, Pan L, Xiang Y, De Vel O, Montague P (2018) Cross-project transfer representation learning for vulnerable function discovery. IEEE Trans Ind Inf 14(7):3289\u20133297","journal-title":"IEEE Trans Ind Inf"},{"key":"245_CR21","doi-asserted-by":"crossref","unstructured":"Liu C, Liu H, Cao Z, Chen Z, Chen B, Roscoe B (2018) ReGuard: finding reentrancy bugs in smart contracts. In: Proceedings of the 40th international conference on software engineering: companion proceedings, pp 65\u201368","DOI":"10.1145\/3183440.3183495"},{"key":"245_CR22","doi-asserted-by":"crossref","unstructured":"Liu Z, Qian P, Wang X, Zhuang Y, Qiu L, Wang X (2021) Combining graph neural networks with expert knowledge for smart contract vulnerability detection. IEEE Trans Knowl Data Eng","DOI":"10.1109\/TKDE.2021.3095196"},{"key":"245_CR23","doi-asserted-by":"crossref","unstructured":"Luu L, Chu D-H, Olickel H, Saxena P, Hobor A (2016) Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pp 254\u2013269","DOI":"10.1145\/2976749.2978309"},{"key":"245_CR24","unstructured":"Mikolov T, Chen K, Corrado G, Dean J (2013) Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781"},{"key":"245_CR25","unstructured":"Mikolov T, Sutskever I, Chen K, Corrado GS, Dean J (2013) Distributed representations of words and phrases and their compositionality. Adv Neural Inf Process Syst 26"},{"key":"245_CR26","doi-asserted-by":"crossref","unstructured":"Murray Y, Anisi DA (2019) Survey of formal verification methods for smart contracts on blockchain. In: 2019 10th IFIP international conference on new technologies, mobility and security (NTMS). IEEE, pp 1\u20136","DOI":"10.1109\/NTMS.2019.8763832"},{"key":"245_CR27","doi-asserted-by":"crossref","unstructured":"Nguyen HH, Nguyen N-M, Xie C, Ahmadi Z, Kudendo D, Doan T-N, Jiang L (2022) MANDO: multi-level heterogeneous graph embeddings for fine-grained detection of smart contract vulnerabilities. In: 2022 IEEE 9th international conference on data science and advanced analytics (DSAA). IEEE, pp 1\u201310","DOI":"10.1109\/DSAA54385.2022.10032337"},{"key":"245_CR28","doi-asserted-by":"crossref","unstructured":"Nikoli\u0107 I, Kolluri A, Sergey I, Saxena P, Hobor A (2018) Finding the greedy, prodigal, and suicidal contracts at scale. In: Proceedings of the 34th annual computer security applications conference, pp 653\u2013663","DOI":"10.1145\/3274694.3274743"},{"key":"245_CR29","unstructured":"Praitheeshan P, Pan L, Yu J, Liu J, Doss R (2019) Security analysis methods on Ethereum smart contract vulnerabilities: a survey. arXiv preprint arXiv:1908.08605"},{"key":"245_CR30","doi-asserted-by":"publisher","first-page":"19685","DOI":"10.1109\/ACCESS.2020.2969429","volume":"8","author":"P Qian","year":"2020","unstructured":"Qian P, Liu Z, He Q, Zimmermann R, Wang X (2020) Towards automated reentrancy detection for smart contracts based on sequential models. IEEE Access 8:19685\u201319695","journal-title":"IEEE Access"},{"key":"245_CR31","unstructured":"Rameder H (2021) Systematic review of Ethereum smart contract security vulnerabilities, analysis methods and tools"},{"key":"245_CR32","unstructured":"Samreen NF, Alalfi MH (2021) A survey of security vulnerabilities in Ethereum smart contracts. arXiv preprint arXiv:2105.06974"},{"key":"245_CR33","doi-asserted-by":"crossref","unstructured":"Schlichtkrull M, Kipf TN, Bloem P, Van Den\u00a0Berg R, Titov I, Welling M (2018) Modeling relational data with graph convolutional networks. In: The semantic web: 15th international conference, ESWC 2018, Heraklion, Crete, Greece, June 3\u20137, 2018, Proceedings 15. Springer, pp 593\u2013607","DOI":"10.1007\/978-3-319-93417-4_38"},{"key":"245_CR34","doi-asserted-by":"crossref","unstructured":"Tang X, Zhou K, Cheng J, Li H, Yuan Y (2021) The vulnerabilities in smart contracts: a survey. In: Advances in artificial intelligence and security: 7th international conference, ICAIS 2021, Dublin, Ireland, July 19\u201323, 2021, Proceedings, Part III 7. Springer, pp 177\u2013190","DOI":"10.1007\/978-3-030-78621-2_14"},{"key":"245_CR35","doi-asserted-by":"crossref","unstructured":"Tikhomirov S, Voskresenskaya E, Ivanitskiy I, Takhaviev R, Marchenko E, Alexandrov Y (2018) SmartCheck: static analysis of Ethereum smart contracts. In: Proceedings of the 1st international workshop on emerging trends in software engineering for blockchain, pp 9\u201316","DOI":"10.1145\/3194113.3194115"},{"key":"245_CR36","unstructured":"Torres CF, ichen M (2019) The art of the scam: demystifying honeypots in Ethereum smart contracts. In: 28th USENIX security symposium (USENIX security 19), pp 1591\u20131607"},{"key":"245_CR37","doi-asserted-by":"crossref","unstructured":"Torres CF, Sch\u00fctte J, State R (2018) Osiris: hunting for integer bugs in Ethereum smart contracts. In: Proceedings of the 34th annual computer security applications conference, pp 664\u2013676","DOI":"10.1145\/3274694.3274737"},{"key":"245_CR38","doi-asserted-by":"crossref","unstructured":"Tsankov P, Dan A, Drachsler-Cohen D, Gervais A, Buenzli F, Vechev M (2018) Securify: practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC conference on computer and communications security, pp 67\u201382","DOI":"10.1145\/3243734.3243780"},{"key":"245_CR39","unstructured":"Veli\u010dkovi\u0107 P, Cucurull G, Casanova A, Romero A, Lio P, Bengio Y (2017) Graph attention networks. arXiv preprint arXiv:1710.10903"},{"issue":"2","key":"245_CR40","doi-asserted-by":"publisher","first-page":"1133","DOI":"10.1109\/TNSE.2020.2968505","volume":"8","author":"W Wang","year":"2020","unstructured":"Wang W, Song J, Xu G, Li Y, Wang H, Su C (2020) ContractWard: automated vulnerability detection models for Ethereum smart contracts. IEEE Trans Netw Sci Eng 8(2):1133\u20131144","journal-title":"IEEE Trans Netw Sci Eng"},{"key":"245_CR41","doi-asserted-by":"crossref","unstructured":"Wang X, Ji H, Shi C, Wang B, Ye Y, Cui P, Yu PS (2019) Heterogeneous graph attention network. In: The world wide web conference, pp 2022\u20132032","DOI":"10.1145\/3308558.3313562"},{"key":"245_CR42","doi-asserted-by":"crossref","unstructured":"Wang W, Li G, Ma B, Xia X, Jin Z (2020) Detecting code clones with graph neural network and flow-augmented abstract syntax tree. In: 2020 IEEE 27th international conference on software analysis, evolution and reengineering (SANER). IEEE, pp 261\u2013271","DOI":"10.1109\/SANER48275.2020.9054857"},{"key":"245_CR43","doi-asserted-by":"crossref","unstructured":"Wong SC, Gatt A, Stamatescu V, McDonnell MD (2016) Understanding data augmentation for classification: when to warp? In: 2016 international conference on digital image computing: techniques and applications (DICTA). IEEE, pp 1\u20136","DOI":"10.1109\/DICTA.2016.7797091"},{"key":"245_CR44","doi-asserted-by":"crossref","unstructured":"Wu H, Zhang Z, Wang S, Lei Y, Lin B, Qin Y, Zhang H, Mao X (2021) Peculiar: smart contract vulnerability detection based on crucial data flow graph and pre-training techniques. In: 2021 IEEE 32nd international symposium on software reliability engineering (ISSRE). IEEE, pp 378\u2013389","DOI":"10.1109\/ISSRE52982.2021.00047"},{"issue":"3","key":"245_CR45","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3450352","volume":"39","author":"T Yang","year":"2021","unstructured":"Yang T, Hu L, Shi C, Ji H, Li X, Nie L (2021) HGAT: heterogeneous graph attention networks for semi-supervised short text classification. ACM Trans Inf Syst TOIS 39(3):1\u201329","journal-title":"ACM Trans Inf Syst TOIS"},{"key":"245_CR46","doi-asserted-by":"crossref","unstructured":"Zhang Y, Chen L, Nie X, Shi G (2022) An effective buffer overflow detection with super data-flow graphs. In: 2022 IEEE international conference on parallel & distributed processing with applications, big data & cloud computing, sustainable computing & communications, social computing & networking (ISPA\/BDCloud\/SocialCom\/SustainCom). IEEE, pp 684\u2013691","DOI":"10.1109\/ISPA-BDCloud-SocialCom-SustainCom57177.2022.00093"},{"key":"245_CR47","doi-asserted-by":"crossref","unstructured":"Zhang J, Wang X, Zhang H, Sun H, Wang K, Liu X (2019) A novel neural source code representation based on abstract syntax tree. In: 2019 IEEE\/ACM 41st international conference on software engineering (ICSE). IEEE, pp 783\u2013794","DOI":"10.1109\/ICSE.2019.00086"},{"key":"245_CR48","doi-asserted-by":"crossref","unstructured":"Zhao H, Su P, Wei Y, Gai K, Qiu M (2021) Gan-enabled code embedding for reentrant vulnerabilities detection. In: Knowledge science, engineering and management: 14th international conference, KSEM 2021, Tokyo, Japan, August 14\u201316, 2021, Proceedings, Part III 14. Springer, pp 585\u2013597","DOI":"10.1007\/978-3-030-82153-1_48"},{"key":"245_CR49","doi-asserted-by":"crossref","unstructured":"Zhuang Y, Liu Z, Qian P, Liu Q, Wang X, He Q (2021) Smart contract vulnerability detection using graph neural networks. In: Proceedings of the twenty-ninth international conference on international joint conferences on artificial intelligence, pp 3283\u20133290","DOI":"10.24963\/ijcai.2020\/454"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-024-00245-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-024-00245-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-024-00245-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,11]],"date-time":"2024-10-11T01:04:26Z","timestamp":1728608666000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-024-00245-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,11]]},"references-count":49,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024,12]]}},"alternative-id":["245"],"URL":"https:\/\/doi.org\/10.1186\/s42400-024-00245-5","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,10,11]]},"assertion":[{"value":"31 October 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"10 April 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"11 October 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"55"}}