Enhancing Smart Contract Security: Static Heuristics and CodeBERT Embeddings

Smart contracts, while foundational to decentralized applications, are susceptible to security vulnerabilities due to their immutable nature, potentially leading to significant financial losses. Existing static analysis tools, such as Slither and Mythril, offer baseline detection but often lack accuracy and scalability for complex contracts. Similarly, emerging deep learning methods show promise but face challenges, including oversimplified multi-class classifications, difficulties processing long code sequences, and the constraint of assigning each contract to a single vulnerability category. To overcome these limitations, we propose a binary classification framework focused on determining whether a contract is secure or possesses at least one known vulnerability. This approach uniquely combines static heuristic features (e.g., control-flow complexity and external call frequency) with contextual semantic embeddings derived from CodeBERT. CodeBERT, a transformer-based model pre-trained on source code, provides rich semantic and syntactic representations that complement static features and enhance detection performance. Evaluating five distinct machine learning models on the SolidiFI and SmartBugs benchmark datasets, we demonstrate that this hybrid strategy significantly enhances detection performance. Notably, our Logistic XGBoost classifier achieves 100\% accuracy, precision, and recall on SolidiFI, although we acknowledge that SolidiFI's relative simplicity may contribute to overly optimistic results and potential overfitting risks. On SmartBugs, ensemble models consistently achieve over 95\% accuracy, indicating strong generalization across more diverse and complex contracts.