A smart contract vulnerability line detection method based on graph neural network and fusion of multidimensional code representation

To address the limitations of existing smart contract vulnerability detection methods-particularly incomplete semantic information and insufficient detection accuracy caused by reliance on single-code representations-this study proposes MCR-VD, an interpretable vulnerability detection method based on graph neural networks (GNNs). The innovation of MCR-VD lies in three key aspects. First, a code property graph (CPG) is constructed by integrating the abstract syntax tree (AST), control flow graph (CFG), and program dependency graph (PDG) of smart contracts. This approach combines syntactic, control-flow, and data-flow semantic information across multiple dimensions, overcoming the limitations of single-representation methods. Second, a graph transformation mechanism for Graph of Vulnerability Region Candidates (GVRCs) and a GNN model are designed. By leveraging graph attention mechanisms, MCR-VD achieves line-level granularity in vulnerability localization, significantly enhancing the interpretability of detection results. Third, extensive evaluations on three benchmark datasets-Smartbugs Curated, Solidifi-Benchmark, and Clean Smart Contracts-demonstrate that MCR-VD outperforms state-of-the-art methods in critical metrics, including an F1-score of 92.7 %, accuracy of 94.1 %, precision of 93.5 %, and recall of 91.9 %. Furthermore, the method requires only 2.3 s per contract on average, achieving a two-order-of-magnitude efficiency improvement compared to traditional symbolic execution tools. This work presents a novel solution for smart contract security detection that balances high precision with computational efficiency.