Enhancing Smart Contract Security: Static Heuristics and CodeBERT Embeddings
Conference paper
Soofiyan, S. and Karami, A. 2025. Enhancing Smart Contract Security: Static Heuristics and CodeBERT Embeddings. Applied Intelligence and Computing. The Institution of Electronics and Telecommunication Engineers (IETE), Delhi Centre, India 26 - 27 Jul 2025 IEEE.
Authors | Soofiyan, S. and Karami, A. |
---|---|
Type | Conference paper |
Abstract | Smart contracts, while foundational to decentralized applications, are susceptible to security vulnerabilities due to their immutable nature, potentially leading to significant financial losses. Existing static analysis tools, such as Slither and Mythril, offer baseline detection but often lack accuracy and scalability for complex contracts. Similarly, emerging deep learning methods show promise but face challenges, including oversimplified multi-class classifications, difficulties processing long code sequences, and the constraint of assigning each contract to a single vulnerability category. To overcome these limitations, we propose a binary classification framework focused on determining whether a contract is secure or possesses at least one known vulnerability. This approach uniquely combines static heuristic features (e.g., control-flow complexity and external call frequency) with contextual semantic embeddings derived from CodeBERT. CodeBERT, a transformer-based model pre-trained on source code, provides rich semantic and syntactic representations that complement static features and enhance detection performance. Evaluating five distinct machine learning models on the SolidiFI and SmartBugs benchmark datasets, we demonstrate that this hybrid strategy significantly enhances detection performance. Notably, our Logistic XGBoost classifier achieves 100\% accuracy, precision, and recall on SolidiFI, although we acknowledge that SolidiFI's relative simplicity may contribute to overly optimistic results and potential overfitting risks. On SmartBugs, ensemble models consistently achieve over 95\% accuracy, indicating strong generalization across more diverse and complex contracts. |
Year | 2025 |
Conference | Applied Intelligence and Computing |
Publisher | IEEE |
Accepted author manuscript | License File Access Level Anyone |
Publication process dates | |
Accepted | Jul 2025 |
Deposited | 09 Jul 2025 |
Journal citation | p. In press |
Web address (URL) of conference proceedings | https://ieeexplore.ieee.org/xpl/conhome/1847284/all-proceedings |
Web address (URL) | https://scrs.in/conference/aic2025 |
Copyright holder | © 2025 IEEE |
Copyright information | Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. |
https://repository.uel.ac.uk/item/8zx41
Download files
2
total views2
total downloads2
views this month2
downloads this month