- The paper demonstrates a hierarchical cross-modal fusion architecture that integrates semantic, sequential, and structural modalities to robustly detect vulnerabilities in obfuscated smart contracts.
- It leverages CodeBERT with sliding windows, xLSTM for opcode sequences, and GATv2 for control flow graphs to enable adaptive weighting across noisy modalities.
- Experimental results show ContractShield’s superior resilience under adversarial obfuscation, outperforming unimodal baselines by 6–15% in key security metrics.
ContractShield: Hierarchical Cross-Modal Fusion for Robust Multi-Label Vulnerability Detection in Obfuscated Smart Contracts
Introduction
ContractShield introduces a hierarchical multimodal deep learning architecture for multi-label vulnerability detection in Ethereum smart contracts, designed to counteract the substantial challenges posed by obfuscated code. Unlike traditional unimodal and shallow multimodal models, ContractShield explicitly bridges semantic–structural gaps via a three-level cross-modal fusion strategy, facilitating fault-tolerant vulnerability analysis across source code, opcode, and control flow graph (CFG) representations. The framework combines transformer-based modeling (CodeBERT with a sliding window), extended LSTM (xLSTM) for opcode sequences, and GATv2 for bytecode-derived CFGs, synthesizing their joint evidence through attention-based fusion cascades.
Figure 1: ContractShield system overview illustrating semantic (CodeBERT), sequential (xLSTM opcode), and structural (CFG+GATv2) branches, with hierarchical cross-modal fusion.
Methodology
Modal Representation and Preprocessing
ContractShield extracts three orthogonal modalities from contracts: Solidity source code, opcode sequences, and CFGs. Source code undergoes lexical normalization and abstraction of identifiers to reduce overfitting to superficial naming conventions. Opcode extraction is standardized across contract versions and postprocessed to reduce variant-induced redundancy. Runtime bytecode is parsed into .dot format CFGs using EtherSolve, then nodes (basic blocks) and edges (control flows) are embedded for graph-structured analysis.
Figure 2: Example of a CFG generated from smart contract bytecode, represented as a .dot file.
- Semantic branch: Source code is chunked with a sliding window (to address CodeBERT’s sequence limit) and embedded into semantic tokens, supporting context preservation in large contracts.
Figure 3: Sliding window pipeline enabling large-sequence processing for transformer embedding.
- Opcode branch: After Word2Vec embedding, xLSTM models long-range sequential dependencies, exploiting opcode interactions that signal nonobvious vulnerabilities.
Figure 4: The opcode embedding and extraction pipeline, capturing temporal dependencies via xLSTM.
- Structural branch: Each CFG node’s opcode is semantically embedded (CodeBERT), and GATv2 layers propagate local and global graph context for capturing persistent control-flow features, including invariant patterns that survive common obfuscation.
Figure 5: Bytecode transformation and graph neural network embedding pipeline.
Hierarchical Cross-Modal Fusion
ContractShield employs a three-stage fusion:
- Low-level (intra-modal): Multi-head self-attention refines signals within each modality to amplify contextually salient features and suppress redundancy.
- Mid-level (inter-modal): Pairwise cross-modal attention extracts complementary dependencies between all modality pairs, enhancing feature interplay otherwise lost in concatenation-based fusion.
- High-level: Adaptive weighting via trainable softmax-normalized parameters enables dynamic calibration of modality importance based on observed reliability, actively downweighting obfuscated or corrupted sources during inference.
This cascading fusion is specifically motivated by the tendency for obfuscation (control flow flattening, bogus code, opcode disorder) to selectively degrade one or more modalities. The system remains robust via cross-modal reinforcement and dynamic rebalancing.
Code Obfuscation Resistance Evaluation
Robustness is assessed under semantic-preserving, adversarially-motivated code transformations:
Figure 7: Example of a human-readable contract before (top) and after (bottom) extensive source-level obfuscation.
Experimental Results
On SoliAudit-SmartBugs, CGT Weakness, and DAppScan, ContractShield achieves HS up to 89.16% and F1 up to 91.47%, outperforming CodeBERT-only, xLSTM-only, GATv2-only, bimodal, and existing multimodal baselines (e.g., [qian_auto_squen_mol], [cheong2024gnn], [deng2023smart]) by 6–15% in adversarially challenging settings. On clean code, single-modality models can be competitive; under obfuscation, their degradation is much greater (4–6% drop vs. 1–3% for ContractShield).
Obfuscation Robustness
ContractShield shows significant resilience, with only 1.2–3.4% Hamming Score degradation under rigorous source and bytecode obfuscation, compared to 4–6% for unimodal and shallow-fusion multimodal benchmarks. Adaptive weighting effectively rebalances the model’s attention, allowing the architecture to maintain detection accuracy even when one or two modalities are partially defeated.
Training and Inference Efficiency
Despite its architectural complexity, ContractShield’s hierarchical fusion enables convergence with moderate wall-clock resource consumption—training times are competitive with state-of-the-art multimodal and unimodal baselines, attributed to effective information compaction in pre-fusion branches.
Figure 8: Training time comparison showing ContractShield’s efficiency among deep multimodal and unimodal models.
Figure 9: Inference time comparison on Test Set A; ContractShield remains practical for deployment at scale.
Theoretical and Practical Implications
ContractShield’s approach demonstrates that hierarchical cross-modal fusion significantly increases fault tolerance for smart contract vulnerability detectors facing adversarial transformations. Its combination of semantic, sequential, and structural signal exploitation is extensible to other secure code domains, including binary analysis, malware classification, and potentially source-level cross-language vulnerability search.
The work rigorously evidences that shallow feature concatenation is insufficient for robust multimodal security analysis; deep attention-based fusion is required for tolerance against modality-specific adversarial attacks. This insight generalizes to the broader software security analysis and program understanding literature.
Future Directions
Expanding the feature set to include IRs, ASTs, CGs, and DFGs is a natural extension, as is the application of heterogeneous graph representations to unify even more modalities. Incorporation of additional security tasks and support for other blockchain ecosystems will further demonstrate the generalizability of the methodology.
Conclusion
ContractShield establishes a new paradigm in smart contract vulnerability analysis by leveraging hierarchical cross-modal fusion to integrate and reason over code, opcode, and control-flow modalities. By explicitly mitigating the effects of adversarial obfuscation at multiple representational levels and outperforming unimodal and shallow multimodal baselines, the framework demonstrates a practically significant advance in resilient automated security auditing for blockchain applications.
References
- ContractShield: Bridging Semantic-Structural Gaps via Hierarchical Cross-Modal Fusion for Multi-Label Vulnerability Detection in Obfuscated Smart Contracts (2604.02771)