Papers
Topics
Authors
Recent
Search
2000 character limit reached

ContractShield: Bridging Semantic-Structural Gaps via Hierarchical Cross-Modal Fusion for Multi-Label Vulnerability Detection in Obfuscated Smart Contracts

Published 3 Apr 2026 in cs.CR | (2604.02771v1)

Abstract: Smart contracts are increasingly targeted by adversaries employing obfuscation techniques such as bogus code injection and control flow manipulation to evade vulnerability detection. Existing multimodal methods often process semantic, temporal, and structural features in isolation and fuse them using simple strategies such as concatenation, which neglects cross-modal interactions and weakens robustness, as obfuscation of a single modality can sharply degrade detection accuracy. To address these challenges, we propose ContractShield, a robust multimodal framework with a novel fusion mechanism that effectively correlates multiple complementary features through a three-level fusion. Self-attention first identifies patterns that indicate vulnerability within each feature space. Cross-modal attention then establishes meaningful connections between complementary signals across modalities. Then, adaptive weighting dynamically calibrates feature contributions based on their reliability under obfuscation. For feature extraction, ContractShield integrates (1) CodeBERT with a sliding window mechanism to capture semantic dependencies in source code, (2) Extended long short-term memory (xLSTM) to model temporal dynamics in opcode sequences, and (3) GATv2 to identify structural invariants in control flow graphs (CFGs) that remain stable across obfuscation. Empirical evaluation demonstrates resilience of ContractShield, achieving a 89 percentage Hamming Score with only a 1-3 percentage drop compared to non-obfuscated data. The framework simultaneously detects five major vulnerability types with 91 percentage F1-score, outperforming state-of-the-art approaches by 6-15 percentage under adversarial conditions.

Summary

  • The paper demonstrates a hierarchical cross-modal fusion architecture that integrates semantic, sequential, and structural modalities to robustly detect vulnerabilities in obfuscated smart contracts.
  • It leverages CodeBERT with sliding windows, xLSTM for opcode sequences, and GATv2 for control flow graphs to enable adaptive weighting across noisy modalities.
  • Experimental results show ContractShield’s superior resilience under adversarial obfuscation, outperforming unimodal baselines by 6–15% in key security metrics.

ContractShield: Hierarchical Cross-Modal Fusion for Robust Multi-Label Vulnerability Detection in Obfuscated Smart Contracts

Introduction

ContractShield introduces a hierarchical multimodal deep learning architecture for multi-label vulnerability detection in Ethereum smart contracts, designed to counteract the substantial challenges posed by obfuscated code. Unlike traditional unimodal and shallow multimodal models, ContractShield explicitly bridges semantic–structural gaps via a three-level cross-modal fusion strategy, facilitating fault-tolerant vulnerability analysis across source code, opcode, and control flow graph (CFG) representations. The framework combines transformer-based modeling (CodeBERT with a sliding window), extended LSTM (xLSTM) for opcode sequences, and GATv2 for bytecode-derived CFGs, synthesizing their joint evidence through attention-based fusion cascades. Figure 1

Figure 1: ContractShield system overview illustrating semantic (CodeBERT), sequential (xLSTM opcode), and structural (CFG+GATv2) branches, with hierarchical cross-modal fusion.

Methodology

ContractShield extracts three orthogonal modalities from contracts: Solidity source code, opcode sequences, and CFGs. Source code undergoes lexical normalization and abstraction of identifiers to reduce overfitting to superficial naming conventions. Opcode extraction is standardized across contract versions and postprocessed to reduce variant-induced redundancy. Runtime bytecode is parsed into .dot format CFGs using EtherSolve, then nodes (basic blocks) and edges (control flows) are embedded for graph-structured analysis. Figure 2

Figure 2: Example of a CFG generated from smart contract bytecode, represented as a .dot file.

Feature Extraction Modules

  • Semantic branch: Source code is chunked with a sliding window (to address CodeBERT’s sequence limit) and embedded into semantic tokens, supporting context preservation in large contracts. Figure 3

    Figure 3: Sliding window pipeline enabling large-sequence processing for transformer embedding.

  • Opcode branch: After Word2Vec embedding, xLSTM models long-range sequential dependencies, exploiting opcode interactions that signal nonobvious vulnerabilities. Figure 4

    Figure 4: The opcode embedding and extraction pipeline, capturing temporal dependencies via xLSTM.

  • Structural branch: Each CFG node’s opcode is semantically embedded (CodeBERT), and GATv2 layers propagate local and global graph context for capturing persistent control-flow features, including invariant patterns that survive common obfuscation. Figure 5

    Figure 5: Bytecode transformation and graph neural network embedding pipeline.

Hierarchical Cross-Modal Fusion

ContractShield employs a three-stage fusion:

  • Low-level (intra-modal): Multi-head self-attention refines signals within each modality to amplify contextually salient features and suppress redundancy.
  • Mid-level (inter-modal): Pairwise cross-modal attention extracts complementary dependencies between all modality pairs, enhancing feature interplay otherwise lost in concatenation-based fusion.
  • High-level: Adaptive weighting via trainable softmax-normalized parameters enables dynamic calibration of modality importance based on observed reliability, actively downweighting obfuscated or corrupted sources during inference.

This cascading fusion is specifically motivated by the tendency for obfuscation (control flow flattening, bogus code, opcode disorder) to selectively degrade one or more modalities. The system remains robust via cross-modal reinforcement and dynamic rebalancing.

Code Obfuscation Resistance Evaluation

Robustness is assessed under semantic-preserving, adversarially-motivated code transformations:

  • Source-level obfuscation: Using BiAn, contracts are hardened by extreme identifier renaming, layout scrambling, data-flow and control-flow distortions.
  • Bytecode-level obfuscation: Using BOSC, transformations inject junk opcode, reorder instructions, add unreachable branches, and disrupt bytes without changing execution semantics—targeting the efficacy of CFG- and opcode-based detectors. Figure 6

    Figure 6: The adversarial evaluation procedure, including clean and obfuscated versions of all sample contracts.

    Figure 7

Figure 7

Figure 7: Example of a human-readable contract before (top) and after (bottom) extensive source-level obfuscation.

Experimental Results

Baseline Comparison and Clean Data Performance

On SoliAudit-SmartBugs, CGT Weakness, and DAppScan, ContractShield achieves HS up to 89.16% and F1 up to 91.47%, outperforming CodeBERT-only, xLSTM-only, GATv2-only, bimodal, and existing multimodal baselines (e.g., [qian_auto_squen_mol], [cheong2024gnn], [deng2023smart]) by 6–15% in adversarially challenging settings. On clean code, single-modality models can be competitive; under obfuscation, their degradation is much greater (4–6% drop vs. 1–3% for ContractShield).

Obfuscation Robustness

ContractShield shows significant resilience, with only 1.2–3.4% Hamming Score degradation under rigorous source and bytecode obfuscation, compared to 4–6% for unimodal and shallow-fusion multimodal benchmarks. Adaptive weighting effectively rebalances the model’s attention, allowing the architecture to maintain detection accuracy even when one or two modalities are partially defeated.

Training and Inference Efficiency

Despite its architectural complexity, ContractShield’s hierarchical fusion enables convergence with moderate wall-clock resource consumption—training times are competitive with state-of-the-art multimodal and unimodal baselines, attributed to effective information compaction in pre-fusion branches. Figure 8

Figure 8: Training time comparison showing ContractShield’s efficiency among deep multimodal and unimodal models.

Figure 9

Figure 9: Inference time comparison on Test Set A; ContractShield remains practical for deployment at scale.

Theoretical and Practical Implications

ContractShield’s approach demonstrates that hierarchical cross-modal fusion significantly increases fault tolerance for smart contract vulnerability detectors facing adversarial transformations. Its combination of semantic, sequential, and structural signal exploitation is extensible to other secure code domains, including binary analysis, malware classification, and potentially source-level cross-language vulnerability search.

The work rigorously evidences that shallow feature concatenation is insufficient for robust multimodal security analysis; deep attention-based fusion is required for tolerance against modality-specific adversarial attacks. This insight generalizes to the broader software security analysis and program understanding literature.

Future Directions

Expanding the feature set to include IRs, ASTs, CGs, and DFGs is a natural extension, as is the application of heterogeneous graph representations to unify even more modalities. Incorporation of additional security tasks and support for other blockchain ecosystems will further demonstrate the generalizability of the methodology.

Conclusion

ContractShield establishes a new paradigm in smart contract vulnerability analysis by leveraging hierarchical cross-modal fusion to integrate and reason over code, opcode, and control-flow modalities. By explicitly mitigating the effects of adversarial obfuscation at multiple representational levels and outperforming unimodal and shallow multimodal baselines, the framework demonstrates a practically significant advance in resilient automated security auditing for blockchain applications.

References

  • ContractShield: Bridging Semantic-Structural Gaps via Hierarchical Cross-Modal Fusion for Multi-Label Vulnerability Detection in Obfuscated Smart Contracts (2604.02771)

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We're still in the process of identifying open problems mentioned in this paper. Please check back in a few minutes.

Collections

Sign up for free to add this paper to one or more collections.

Tweets

Sign up for free to view the 1 tweet with 0 likes about this paper.