Abstract
Smart contract vulnerabilities hinder the development of decentralized finance (DeFi) applications due to overarching attacks and their impact on financial transactions. While rule-based static analysis tools can detect common exploits, they often fail to uncover subtle or rapidly evolving vulnerabilities.
Moreover, dynamic analysis techniques over-rely on patterns, limiting token representation and explainability of attack detection. We introduce a novel architecture that unites Abstract Syntax Trees (ASTs) with a transformer-based deep learning framework to improve the detection of vulnerable smart contracts. By encoding Solidity-based smart contracts into ASTs, the structural context essential for capturing complex code dependencies is retained.
Furthermore, the transformer model captures the context, dependencies, and semantics of vulnerabilities. Our performance evaluations show that the AST-transformer-based vulnerability detection method improved the detection rate precision by 4% compared to RNN, LSTM, GNN and vanilla transformer-based detection techniques. Additionally, we use Shapley additive explanation to determine the contribution of each to explain and reason the vulnerability detection. Moreover, we use saliency maps (heatmaps) to identify the line of code that is attributed to vulnerability detection.