English

BugSweeper: Function-Level Detection of Smart Contract Vulnerabilities Using Graph Neural Networks

Cryptography and Security 2025-12-15 v2 Artificial Intelligence Machine Learning

Abstract

The rapid growth of Ethereum has made it more important to quickly and accurately detect smart contract vulnerabilities. While machine-learning-based methods have shown some promise, many still rely on rule-based preprocessing designed by domain experts. Rule-based preprocessing methods often discard crucial context from the source code, potentially causing certain vulnerabilities to be overlooked and limiting adaptability to newly emerging threats. We introduce BugSweeper, an end-to-end deep learning framework that detects vulnerabilities directly from the source code without manual engineering. BugSweeper represents each Solidity function as a Function-Level Abstract Syntax Graph (FLAG), a novel graph that combines its Abstract Syntax Tree (AST) with enriched control-flow and data-flow semantics. Then, our two-stage Graph Neural Network (GNN) analyzes these graphs. The first-stage GNN filters noise from the syntax graphs, while the second-stage GNN conducts high-level reasoning to detect diverse vulnerabilities. Extensive experiments on real-world contracts show that BugSweeper significantly outperforms all state-of-the-art detection methods. By removing the need for handcrafted rules, our approach offers a robust, automated, and scalable solution for securing smart contracts without any dependence on security experts.

Keywords

Cite

@article{arxiv.2512.09385,
  title  = {BugSweeper: Function-Level Detection of Smart Contract Vulnerabilities Using Graph Neural Networks},
  author = {Uisang Lee and Changhoon Chung and Junmo Lee and Soo-Mook Moon},
  journal= {arXiv preprint arXiv:2512.09385},
  year   = {2025}
}

Comments

This paper is accepted to AAAI 2026

R2 v1 2026-07-01T08:18:27.214Z