A multi-level target critical path-based smart contract vulnerability detection method

By employing a method based on multi-level objective critical paths and hierarchical graph attention networks, the problem of low efficiency in smart contract vulnerability detection is solved, achieving automated and robust vulnerability detection and improving detection efficiency and accuracy.

CN116502231BActive Publication Date: 2026-06-23CHONGQING UNIV OF POSTS & TELECOMM

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHONGQING UNIV OF POSTS & TELECOMM
Filing Date
2023-04-23
Publication Date
2026-06-23

AI Technical Summary

Technical Problem

Existing smart contract vulnerability detection methods are inefficient when dealing with long code and rely on human intervention or fixed expert rules, making it difficult to efficiently discover complex logic vulnerabilities and resulting in a high false positive rate.

Method used

A multi-level objective critical path-based approach is adopted, which generates opcodes through an online smart contract compiler, defines critical instructions, generates a critical path contract graph, and uses the Word2Vec model for vectorization representation. It is combined with a hierarchical graph attention network for vulnerability detection, automated auditing, and improved robustness.

Benefits of technology

It improves the efficiency and accuracy of smart contract vulnerability detection, can automatically detect multiple vulnerability types, reduces false positive rate, and enhances the model's generalization ability on different types of graphs.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116502231B_ABST
    Figure CN116502231B_ABST
Patent Text Reader

Abstract

The application belongs to the technical field of blockchain smart contract security detection, and particularly relates to a smart contract vulnerability detection method based on a multi-level target critical path, which comprises the following steps: crawling smart contract source code data, preprocessing the data, compiling the smart contract source code, searching for a critical path containing a vulnerability feature according to a vulnerability opcode instruction; generating a contract graph, extracting graph node features, creating a graph embedding model, training a vulnerability detection model, using the trained model to detect smart contract vulnerabilities, and obtaining a detection result. The vulnerability detection method using the hierarchical graph attention network can automatically learn potential smart contract vulnerability features or representations, analyze semantic and syntactic information in complex logic, and better realize smart contract vulnerability detection and analysis.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of blockchain smart contract security monitoring technology, specifically involving a smart contract vulnerability detection method based on multi-level target critical paths. Background Technology

[0002] In recent years, second-generation blockchain platforms and applications, represented by smart contracts, have experienced explosive growth. With their characteristics of being unforgeable, immutable, traceable, and decentralized, they have had a profound impact on fields such as healthcare, edge computing, and electricity. However, blockchain itself also faces serious security issues. Unlike traditional programs, smart contracts cannot be modified once deployed, making all vulnerabilities, including security breaches, visible and difficult to quickly patch, making them perfect targets for cyberattacks.

[0003] Faced with various types of vulnerabilities in smart contracts, traditional vulnerability detection methods employ static and dynamic analysis to find these vulnerabilities. Currently, the main smart contract vulnerability detection methods include: manual auditing, pattern matching, symbolic execution, and formal verification. These methods can completely cover the behavior during code execution, thus eliminating the limitation of traditional testing methods that cannot exhaustively enumerate all possible inputs, while ensuring absolute correctness within a certain range. However, they have drawbacks: they require manual involvement in the modeling and reasoning process, resulting in very low efficiency. Fuzzing, due to the randomness of the generated test cases, has a limited scope of execution paths, leading to low path coverage and difficulty in discovering potential vulnerabilities. Most static vulnerability detection tools based on symbolic execution rely on existing expert rules, making them unable to identify complex logic vulnerabilities and resulting in a high false positive rate.

[0004] Recently, researchers have proposed a smart contract vulnerability detection method based on machine learning and neural networks. Compared with traditional methods, machine learning and deep learning models can automatically extract code features, eliminating the reliance on manual feature extraction and more efficiently capturing vulnerability features, thus improving detection accuracy and efficiency. However, for smart contract vulnerability detection methods based on machine learning and neural networks, detecting long smart contracts can lead to a decrease in vulnerability detection capability and a larger error. For example, when detecting long code, graph neural networks need to traverse every node in the path to obtain their features, resulting in high time complexity and low detection efficiency. Summary of the Invention

[0005] To address the aforementioned technical problems, this invention proposes a smart contract vulnerability detection method based on a multi-level target critical path, comprising the following steps:

[0006] S1: Combine the data from the open-source dataset with the data from the crawled smart contract source code to form a smart contract dataset, and preprocess the data in the dataset.

[0007] S2: Use the Remix online smart contract compiler to compile the preprocessed smart contract source code in the dataset to generate opcodes;

[0008] S3: Define key instructions for different vulnerabilities, and quickly find the critical path that may contain vulnerabilities in the opcode based on the key instructions of the vulnerability, and generate a critical path contract graph based on the critical path.

[0009] S4: Shrink the obtained critical path contract graph;

[0010] S5: Use the Word2Vec model to vectorize the edge and node features of the shrunken critical path contract graph to obtain a matrix vector;

[0011] S6: Establish a vulnerability detection model based on hierarchical graph attention network. Input the matrix vector into the hierarchical graph attention network vulnerability detection model for model training. When the loss function is minimized, the model training is complete.

[0012] S7: Input the smart contract source code into the trained hierarchical graph attention network vulnerability detection model to perform vulnerability detection and obtain the detection results.

[0013] The beneficial effects of this invention are:

[0014] (1) This invention provides key opcodes for five types of vulnerabilities: upper integer overflow vulnerabilities, lower integer overflow vulnerabilities, transaction order dependency vulnerabilities, timestamp dependency vulnerabilities, and reentrancy vulnerabilities. Based on these key opcodes, the critical paths of potential vulnerabilities are found, and only these critical paths are detected, thereby improving detection efficiency.

[0015] (2) In terms of finding critical paths to vulnerabilities, this invention defines a multi-level target critical path search method, which searches for vulnerability keywords and opcode keywords involving addresses in each executable path and marks the critical paths where vulnerabilities may exist.

[0016] (3) This invention introduces a hierarchical graph attention network to detect smart contract vulnerabilities. Compared with traditional smart contract vulnerability detection methods, this invention does not rely on fixed expert rules and achieves automated auditing. Compared with smart contract vulnerability detection methods that use machine learning and neural networks, this invention has better robustness and improves the generalization ability of the trained model on other types of graphs. Attached Figure Description

[0017] Figure 1 This is a flowchart of a smart contract vulnerability detection method based on a multi-level target critical path according to the present invention;

[0018] Figure 2 This is a diagram of the smart contract code for the present invention. Detailed Implementation

[0019] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0020] A smart contract vulnerability detection method based on a multi-level target critical path, such as... Figure 1 As shown, it includes:

[0021] S1: Combine the data from the open-source dataset with the data from the crawled smart contract source code to form a smart contract dataset, and preprocess the data in the dataset.

[0022] S2: Use the Remix online smart contract compiler to compile the preprocessed smart contract source code in the dataset to generate opcodes;

[0023] S3: Define key instructions for different vulnerabilities, and quickly find the critical path that may contain vulnerabilities in the opcode based on the key instructions of the vulnerability, and generate a critical path contract graph based on the critical path.

[0024] The critical path contract graph includes three types of nodes and three types of edges. The three types of nodes include main nodes, secondary nodes, and callback nodes. The main nodes include functions, the secondary nodes include variables, and the callback nodes include internal calls and external calls. The three types of edges include data flow edges, callback edges, and control flow edges.

[0025] S4: Shrink the obtained critical path contract graph;

[0026] S5: Use the Word2Vec model to vectorize the edge and node features of the shrunken critical path contract graph to obtain a matrix vector;

[0027] S6: Establish a vulnerability detection model for hierarchical graph attention networks and train the model.

[0028] S7: Input the smart contract source code into the trained hierarchical graph attention network vulnerability detection model to perform vulnerability detection and obtain the detection results.

[0029] Then, the SmartBugs Wild dataset and the crawled smart contracts were used together as the dataset. Because the distribution of vulnerable smart contract samples in the SmartBugs Wild dataset is uneven, using such a dataset would lead to overfitting. Therefore, Python web scraping technology was used to scrape a total of 25,138 smart contracts from the SWC smart contract vulnerability database and the Ethereum official website Etherscan, which were then combined with the SmartBugs Wild dataset to form a new dataset, ensuring that the distribution of the number of various vulnerabilities in the dataset is reasonable.

[0030] Perform targeted processing on the data in the smart contract dataset, define dataset cleaning rules, write dataset cleaning scripts, and delete redundant, duplicate, and missing data in the smart contract dataset;

[0031] The smart contract data after targeted processing is defined as a string of length N. If it does not contain any vulnerabilities, it returns a string of length N consisting entirely of zeros. If it contains vulnerabilities, the index i of the vulnerabilities in the string is set to 1, and the index i of the other strings is set to 0, where 1 ≤ i ≤ N. A smart contract sample may contain any one or more of the N types of vulnerabilities. For example, if there are four existing vulnerabilities V1, V2, V3, and V4, it is marked as 0000 if it does not contain any vulnerabilities; it is marked as 0100 if it contains the V2 vulnerability; and it is marked as 0101 if it contains both the V2 and V4 vulnerabilities.

[0032] Using the Oyente contract vulnerability detection tool, smart contract data with vulnerabilities are categorized and labeled. For example, smart contracts with reentrancy vulnerabilities are labeled as 1; smart contracts with timestamp dependency vulnerabilities are labeled as 2; smart contracts with transaction order dependency vulnerabilities are labeled as 3; smart contracts with integer overflow vulnerabilities are labeled as 4; and smart contracts with integer underflow vulnerabilities are labeled as 5. The data is divided into five categories: reentrancy vulnerabilities, timestamp dependency vulnerabilities, transaction order dependency vulnerabilities, integer overflow vulnerabilities, and integer underflow vulnerabilities.

[0033] A set of tagged smart contract samples was compiled, and the smart contract source code was compiled using the online smart contract compiler Remix to generate opcodes. The purpose of using the online compiler Remix to compile the smart contract source code is twofold: first, to ensure that the smart contract has no syntax errors and the code can run; second, to generate bytecode files after compilation, which facilitates the construction of semantic graphs.

[0034] The critical path search process:

[0035] Determining Opcode Dependencies: After obtaining the smart contract opcodes, they need to be divided into basic blocks. By combining these basic blocks, the dependencies between the opcodes can be found. The specific steps are as follows: (1) Starting from the smart contract function entry point (such as the location of the function keyword), traverse the opcodes and construct basic blocks according to the execution order of the opcodes. The first opcode of each basic block is the entry point, and the last opcode is a jump statement or a function return statement. (2) During the traversal of the opcodes, record the entry address and exit address of each basic block. The entry address is the address of the first opcode of the basic block, and the exit address is the address after the last opcode of the basic block. If the last opcode of the basic block is a jump statement, then the basic block jumps to the address of PUSH at the top of the stack to continue execution. (3) During the traversal of the opcodes, record the relationship between the address of the jump statement and the jump target address. If the jump target address is inside the current basic block, then mark the jump statement as an internal jump; otherwise, mark it as an external jump. (4) For all internal jumps, connect the basic block where the jump statement is located with the basic block where the jump target address is located. For all external jumps, connect the basic block where the jump statement is located with a new basic block. The new basic block only contains the opcode where the jump target address is located. (5) Each basic block obtained in the end can be regarded as a basic control flow unit, which is the basis for vulnerability critical path analysis.

[0036] The control flow graph generation stage: add control flow information to the basic blocks and edges, and generate the control flow graph based on the dependencies between the basic blocks; the specific steps are as follows: (1) Create branches according to the conditional transfer opcodes. If there are conditional branches between the opcodes, convert them into two basic blocks. One basic block represents the case where the conditional branch is true, and the other represents the case where the conditional branch is false. This makes it easier to analyze and operate the branch logic in subsequent processing; (2) Convert exception handling into basic blocks. For each opcode that may cause an exception, connect the basic block in which it is located to an exception handling block; (3) Create a control flow graph. Create a control flow graph based on the dependencies between the basic blocks. The dependencies between the basic blocks can be identified by the conditional transfer opcodes and the exception handling opcodes.

[0037] A set of labeled smart contract samples is abstracted into a graph representation. Based on the complex logic, control flow, and data flow of each smart contract's source code context, a semantic graph of the smart contract code is generated. For example... Figure 2 The source code shown is a smart contract with an integer overflow vulnerability. Different nodes in the diagram represent key function calls or variables, while the edges capture their execution time trajectories.

[0038] Critical path search phase: Based on the control flow graph, search for basic block nodes of vulnerable operation instructions, take the node as the vulnerable node, traverse and mark the subsequent execution path of the node, and all paths containing the vulnerable node are critical paths that may contain vulnerabilities.

[0039] Path pruning phase: Nodes in the control flow graph that are irrelevant to the critical path are pruned to obtain nodes containing only vulnerability operation instructions, which are then stored in the critical node queue. After identifying the critical path that may contain vulnerabilities, many nodes in the graph are still irrelevant to the vulnerabilities. These irrelevant nodes need to be pruned so that the model only focuses on nodes and edges related to the vulnerabilities, improving the accuracy of feature extraction. Therefore, irrelevant nodes in the control flow graph also need to be pruned to reduce the input of irrelevant nodes. The specific pruning process is as follows: First, traverse from the root node to find nodes containing vulnerability operation instructions, and add them as pruned nodes to the queue storing critical nodes. Finally, add the child nodes of the critical nodes to the queue according to the jump relationship between basic blocks until the traversal is complete. For example, if a node containing a vulnerability operation instruction contains an if statement, then regardless of whether the if statement is true or false, the child nodes after that vulnerability operation instruction node should be added to the critical node queue. For nodes that do not contain vulnerability operation instructions, traverse their child nodes one by one to check if there are other nodes containing vulnerability operation instructions, thereby achieving the purpose of pruning unnecessary nodes.

[0040] Generate a critical path contract graph based on the critical path, including:

[0041] A critical path contract graph SCG = (V, E) is generated based on the critical path nodes, where V represents the node set, containing three types of nodes and three types of edges. The three types of nodes include primary nodes, secondary nodes, and callback nodes. Primary nodes are basic block nodes that use functions as entry points, callback nodes are nodes that jump from basic blocks or call other basic blocks, and secondary nodes are basic block nodes that execute normally without jumps. The three types of edges include data flow edges, callback edges, and control flow edges. Nodes contain characteristics such as variable calls, function calls, and data flows. E represents the edge set, where each edge is a triple E. i =(V i V j ,isLink), V i V j Representing nodes i and j, isLink indicates whether nodes i and j are connected. The edges describe the transmission process of data flow and control flow in the contract, and also reflect variable passing and function calls.

[0042] Shrink the critical path contract graph, including:

[0043] The characteristics of secondary nodes S and callback nodes C in the critical path contract graph are passed to their adjacent primary nodes F, ultimately retaining only the primary nodes, denoted as node X. i The contracted critical path contract graph SCG is obtained. i =(X i E).

[0044] The Word2Vec model is used to vectorize the edge and node features of the shrunk critical path contract graph, including:

[0045] The node features of the shrunk critical path contract graph are segmented into words, and Word2Vec is used to transform the segmented words to obtain the corresponding vector of each word. The multiple vectors are then fused by summation to obtain the vector representation of each node in the graph and form a feature matrix.

[0046] Word2Vec cannot directly recognize graph nodes. Therefore, the method to convert graph nodes into vectors is to first represent the graph nodes as words, and then use Word2Vec for conversion. Specifically, first, the features of the graph node and its neighboring nodes are segmented into words. Then, Word2Vec is used to convert the segmented words to obtain the corresponding vector for each word. Finally, the multiple vectors obtained can be fused using summation or other combination operations to obtain the vector representation of each node in the graph, which is then converted into a matrix vector. The node features are represented as... Where N represents the number of nodes, and t is the input to the model.

[0047] The hierarchical graph attention network vulnerability detection model includes:

[0048] The hierarchical graph attention network vulnerability detection model includes: a graph embedding layer, a statement layer, a function layer, a fully connected layer, a softmax layer, and a vulnerability classification layer. The graph embedding layer embeds source code while preserving its hierarchical structure. The statement layer captures semantic features at different levels from the embedded source code. The function layer contributes different statement weights to vulnerability detection based on the learned semantic features at different levels. The fully connected layer uses weighted fusion to learn sentence representations, resulting in contract representations. Finally, the softmax layer performs classification and prediction on these contract representations.

[0049] Using the feature matrix as input, assuming a contract shrinking graph has N nodes, the feature vector matrix of the input graph attention network is represented as:

[0050]

[0051] In the formula, t is the feature vector matrix input to the graph attention network; Let N be the feature vector of the i-th node; N is the number of nodes; and T is the number of node features.

[0052] At the statement layer, feature extraction and learning are performed only on the statement logic within functions, mainly including features such as the sequence flow and control flow within the function. The final output of all node features is represented as follows:

[0053]

[0054] In the formula, T' is the dimension of the new node feature vector.

[0055] For each contraction node X in the contract contraction graph i Each node learns the importance weights of its neighbors. To acquire sufficient expressive power to learn attention weights, a learnable linear transformation ω is needed to enhance features. Let ω be the weight matrix that transforms input features into output features. The formula for calculating the attention coefficient of node j at node i is as follows:

[0056]

[0057] In the formula, e ij α represents the attention coefficient, indicating the importance of node j to node i; α is a single-layer feedforward neural network.

[0058] Then, the LeakyReLU activation function was used for feature extraction. The calculation formula is as follows:

[0059]

[0060] In the formula, α T α is the transpose of α; || is the concatenation operation.

[0061] Find the contraction node X i After calculating the attention values ​​for all neighboring nodes, the attention weights are normalized using the Softmax function. The formula for calculating the statement-level attention weights is as follows:

[0062]

[0063] In the formula, α ij For in e ij The attention coefficient is normalized based on the above.

[0064] Most smart contract vulnerabilities occur in callback functions, but these callback functions may not be invoked within their own context. At the function layer, only the call relationships between functions are considered. The input to the function layer is the output of the statement layer concatenated with the feature vector of the function call flow. The formula for calculating the attention weights at the function level is as follows:

[0065]

[0066] Then, the Softmax function is used for normalization, and the calculation formula is as follows:

[0067] β ij =Softmax(n ij )

[0068] By using a two-layer attention network, the feature vectors of each node are summed according to their weight coefficients to obtain a weighted vector representing the features of the entire graph. The calculation formula is as follows:

[0069]

[0070] In the formula, σ is the nonlinear activation function LeakyReLU; β ij Let ω be the attention correlation coefficient between node i and its neighboring node j; ω is the weight matrix for feature multiplication.

[0071] This model uses a multi-head attention network, independently calculating k groups of attention coefficients and then averaging them to prevent overfitting. The final output of the model is calculated as follows:

[0072]

[0073] In the formula, K represents the total number of attention operations; k represents the k-th attention operation; ω k Let be the linear transformation weight matrix representation of the input features under the k-th attention operation.

[0074] The loss function used to train the hierarchical graph attention network vulnerability detection model includes:

[0075]

[0076] Where N is the number of nodes; y i Let be the true label of the i-th node; Let be the predicted label for the i-th node.

[0077] The smart contract source code is input into a pre-trained hierarchical graph attention network vulnerability detection model to perform vulnerability detection, and the detection results are obtained, including:

[0078] Taking the smart contract source code as input, the system first converts the source code into a contract graph according to the conversion rules of the contract graph and generates feature vectors. Then, it performs word segmentation according to Word2Vec to obtain the vector representation of each node in the graph. Based on the vector representation of the nodes, the system learns the sentence representation through weighted fusion to obtain the contract representation. The system then performs classification prediction on the contract representation to obtain the classification result. The hierarchical graph attention network vulnerability detection determines whether the detected smart contract has a vulnerability and what kind of vulnerability it has based on the classification result, and outputs the classification result.

[0079] Although embodiments of the invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made to these embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the appended claims and their equivalents.

Claims

1. A smart contract vulnerability detection method based on a multi-level target critical path, characterized in that, include: S1: Combine the data from the open-source dataset with the data from the crawled smart contract source code to form a smart contract dataset, and preprocess the data in the dataset. S2: Use the Remix online smart contract compiler to compile the preprocessed smart contract source code in the dataset to generate opcodes; S3: Define key instructions for different vulnerabilities, and quickly find the critical path that may contain vulnerabilities in the opcode based on the key instructions of the vulnerability, and generate a critical path contract graph based on the critical path. The critical path search process includes: Opcode dependency determination stage: After obtaining the smart contract opcode, the opcode is decomposed into basic blocks, and the dependencies between the opcodes are found by combining these basic blocks. Control flow graph generation stage: Add control flow information to basic blocks and edges, and generate a control flow graph based on the dependencies between basic blocks; Critical path search phase: Based on the control flow graph, search for basic block nodes of vulnerable operation instructions, take the node as the vulnerable node, traverse and mark the subsequent execution path of the node, and all paths containing the vulnerable node are critical paths that may contain vulnerabilities. Path pruning phase: Prune nodes in the control flow graph that are not related to the critical path to obtain nodes that only contain vulnerability operation instructions, and store them in the queue of critical nodes; S4: Shrink the obtained critical path contract graph; S5: Use the Word2Vec model to vectorize the edge and node features of the shrunken critical path contract graph to obtain a matrix vector; S6: Establish a vulnerability detection model based on hierarchical graph attention network. Input the matrix vector into the hierarchical graph attention network vulnerability detection model for model training. When the loss function is minimized, the model training is complete. The hierarchical graph attention network vulnerability detection model includes: The hierarchical graph attention network vulnerability detection model includes: a graph embedding layer, a statement layer, a function layer, a fully connected layer, a softmax layer, and a vulnerability classification layer. The graph embedding layer embeds source code while preserving its hierarchical structure. The statement layer captures semantic features at different levels from the embedded source code. The function layer contributes different statement weights to vulnerability detection based on the learned semantic features at different levels. The fully connected layer uses weighted fusion to learn sentence representations, resulting in contract representations. Finally, the softmax layer performs classification and prediction on these contract representations. S7: Input the smart contract source code into the trained hierarchical graph attention network vulnerability detection model to perform vulnerability detection and obtain the detection results.

2. The smart contract vulnerability detection method based on a multi-level target critical path according to claim 1, characterized in that, Preprocessing of the data in the dataset includes: Perform targeted processing on the data in the smart contract dataset, define dataset cleaning rules, write dataset cleaning scripts, and delete redundant, duplicate, and missing data in the smart contract dataset; The smart contract data after targeted processing is defined as a string of length N. If it does not contain vulnerabilities, it returns a string of length N consisting entirely of zeros. If it contains vulnerabilities, the position i of the vulnerability index in the string is 1, and the position i of the other strings is 0. Using the Oyente contract vulnerability detection tool, vulnerable smart contract data was categorized and labeled into five types: reentrancy vulnerabilities, timestamp-dependent vulnerabilities, transaction order-dependent vulnerabilities, integer overflow vulnerabilities, and integer underflow vulnerabilities.

3. The smart contract vulnerability detection method based on a multi-level target critical path according to claim 1, characterized in that, Generate a critical path contract graph based on the critical path, including: A critical path contract graph SCG=(V, E) is generated based on the critical path nodes, where V represents the node set, containing three types of nodes and three types of edges. The three types of nodes include primary nodes, secondary nodes, and callback nodes. Primary nodes are basic block nodes that use functions as entry points, callback nodes are nodes that jump from basic blocks or call other basic blocks, and secondary nodes are basic block nodes that execute normally without jumps. The three types of edges include data flow edges, callback edges, and control flow edges. Nodes contain characteristics such as variable calls, function calls, and data flows. E represents the edge set, where each edge is a triple E. i =(V i V j (, isLink), V i V j Representing nodes i and j, isLink indicates whether nodes i and j are connected. The edges describe the transmission process of data flow and control flow in the contract, and also reflect variable passing and function calls.

4. The smart contract vulnerability detection method based on a multi-level target critical path according to claim 1, characterized in that, Shrink the critical path contract graph, including: The characteristics of secondary nodes S and callback nodes C in the critical path contract graph are passed to their adjacent primary nodes F, ultimately retaining only the primary nodes, denoted as node X. i The contracted critical path contract graph SCG is obtained. i = (X i E).

5. The smart contract vulnerability detection method based on a multi-level target critical path according to claim 1, characterized in that, The Word2Vec model is used to vectorize the edge and node features of the shrunk critical path contract graph, including: The node features of the shrunk critical path contract graph are segmented into words, and Word2Vec is used to transform the segmented words to obtain the corresponding vector of each word. The multiple vectors are then fused by summation to obtain the vector representation of each node in the graph and form a feature matrix.

6. The smart contract vulnerability detection method based on a multi-level target critical path according to claim 1, characterized in that, The loss function used to train the hierarchical graph attention network vulnerability detection model includes: Where N is the number of nodes; y i Let be the true label of the i-th node; Let be the predicted label for the i-th node.