Sol2Vy: Cross-Language Vulnerability Detection
- Sol2Vy is a three-stage framework that utilizes a language-agnostic intermediate representation (SlithIR) to bridge Solidity and Vyper for vulnerability detection.
- It employs a multi-view encoder combining a Transformer for sequential analysis and a Graph Attention Network for structural insight, aligned via Maximum Mean Discrepancy.
- The framework achieves effective zero-shot classification for reentrancy, weak randomness, and unchecked transfer vulnerabilities, outperforming traditional baselines.
Sol2Vy denotes a three-stage, cross-language vulnerability detection framework that learns only from Solidity but detects vulnerabilities in Vyper smart contracts in a zero-shot way, without ever seeing labeled Vyper vulnerabilities during training (Hu et al., 22 Mar 2026). Its central mechanism is to map both languages into the language-agnostic intermediate representation SlithIR, learn shared semantic embeddings for Solidity and Vyper IR with a multi-view encoder plus Maximum Mean Discrepancy (MMD) alignment using unlabeled contracts from both languages, and then train a vulnerability classifier on Solidity-only labeled data for direct reuse on Vyper. The same label also appears, in the phrase “Sol2Vy”-type algorithm, in a separate solar-physics context for inferring a horizontal velocity component from the induction equation; that usage is methodologically unrelated and should be distinguished from the smart-contract framework (Crespo et al., 17 Feb 2026).
1. Problem setting and conceptual scope
Sol2Vy addresses zero-shot vulnerability detection in Vyper smart contracts by training only on Solidity labeled data, leveraging unlabeled Solidity and Vyper code to learn language-agnostic representations (Hu et al., 22 Mar 2026). The motivating problem is that Solidity has abundant labeled datasets of vulnerable contracts and many tools and benchmarks, whereas Vyper is low-resource: it has very few labeled vulnerable contracts, limited support by analysis tools, and no existing deep learning models for Vyper vulnerabilities because deep models need large labeled datasets. The target vulnerabilities are reentrancy, weak randomness, and unchecked transfer.
The framework is designed around a specific asymmetry between source and target domains. Solidity serves as the source domain with labeled and unlabeled data. Vyper serves as the target domain with unlabeled data in representation learning and unlabeled contracts at inference time. This makes Sol2Vy an instance of unsupervised domain adaptation and zero-shot transfer in which the vulnerability classifier is never trained on labeled Vyper vulnerabilities.
A central point in the problem formulation is that shared intermediate representation alone is not sufficient. Both Solidity and Vyper can be lowered to SlithIR, but the IRs differ due to compiler choices and language features. Solidity IR includes constructs such as MODIFIER_CALL, while Vyper inlines the logic; different AST shapes also lead to different IR sequences even for semantically equivalent functions. The reported experiments show that a model trained on Solidity SlithIR performs poorly on Vyper SlithIR if used directly, so Sol2Vy introduces explicit cross-language alignment rather than assuming that IR alone “magically” resolves the domain gap.
2. Three-stage framework and transfer pipeline
Sol2Vy is organized as a three-stage pipeline (Hu et al., 22 Mar 2026). In Stage 1, unsupervised transferable knowledge learning uses a general dataset of unlabeled Solidity and Vyper contracts. Both languages are compiled and lifted to SlithIR, and a multi-view encoder processes each contract. The encoder outputs for Solidity and Vyper are aligned using MMD so that their distributions in the embedding space become language-invariant. The result is a frozen multi-view encoder that produces language-agnostic embeddings.
In Stage 2, supervised vulnerability detection is performed on Solidity. The Solidity vulnerability detection dataset is labeled as safe or vulnerable for each vulnerability type, and the multi-view encoder is frozen. A classification MLP is trained on top of the encoder’s output embeddings to predict vulnerability labels, with one separate classifier per vulnerability type. The paper explicitly reports that the encoder learned in Stage 1 is not updated by the supervised loss in Stage 2.
In Stage 3, zero-shot testing is applied to Vyper. Each Vyper contract is converted to SlithIR, encoded via the frozen multi-view encoder, and passed to the pre-trained Solidity classifier. No further training or fine-tuning is performed. The transfer mechanism therefore combines three ingredients: shared IR to reduce syntactic differences, multi-view semantic encoding to represent sequential and structural program properties, and MMD alignment to place Solidity and Vyper embeddings in a common latent distribution.
The framework’s operating assumption is not that Solidity and Vyper are identical, but that vulnerability-relevant semantics can be made comparable after abstraction and alignment. This explains both its strengths and its limits: when the source-language vulnerability patterns are represented in the target language through sufficiently aligned IR patterns, zero-shot transfer is feasible; when Vyper expresses vulnerabilities in patterns not covered by Solidity training data, performance is expected to degrade.
3. Representation learning, normalization, and alignment objective
Sol2Vy extracts SlithIR at function level, on the premise that vulnerability patterns typically manifest at function level, while contract-level state is represented via storage references (Hu et al., 22 Mar 2026). SlithIR includes linearized three-address instructions, basic blocks, call sites, event emissions, and storage read/writes. Each instruction is decomposed into tokens, including operation tokens such as ASSIGN, CONDITION, INTERNAL_CALL, SOLIDITY_CALL, and Emit; variables tokenized with separate markers to encode scope and lifetime; types such as uint256, bool, and address; and control-flow markers for function boundaries and branch conditions.
A substantial part of the framework is normalization. Temporary and reference names are normalized, for example TMP_0 → <TMP>, REF_3 → <REF>, and TUP_2 → <TUP>. Variable suffixes are simplified, as in amount_1 → amount. Messages are removed from require, and all string literals are replaced with <STR>. This normalization is meant to remove compiler-specific variability and bring semantically similar IR constructs from Solidity and Vyper closer together.
The multi-view encoder has two parallel branches. The sequential encoder is a Transformer over tokenized instruction sequences with embedding matrix , , and 6 layers with 8 attention heads each. It is intended to capture temporal or ordering information, such as external call before state update. The hierarchical encoder is a 3-layer Graph Attention Network over a graph built from SlithIR and AST, with edge types , , and , and node features with . It is intended to capture structural semantics such as nested conditionals, multi-branch structure, and data-flow chains. Their outputs are concatenated as
The alignment objective is MMD between Solidity embeddings 0 and Vyper embeddings 1: 2 The kernel is composite: 3 with 4, 5, and best hyperparameters 6, 7. The paper attributes the effectiveness of freezing the encoder to preservation of language invariance: a joint-training variant using 8 significantly hurts cross-language generalization because classification updates inject more Solidity-specific information into the representations.
4. Vulnerability classes, datasets, and empirical performance
The three vulnerability classes are reentrancy, weak randomness, and unchecked transfer (Hu et al., 22 Mar 2026). Reentrancy is defined by an external call that allows re-entry before critical state update. Weak randomness is defined by using manipulable on-chain values such as block.timestamp, block.number, or blockhash in security-relevant conditions. Unchecked transfer is defined by performing value transfer without checking the return value or ensuring revert, for example ignoring the boolean return of addr.call{value: x}("") or send.
The Solidity vulnerability detection dataset is built from SmartBugs, SWC-registry, DAppSCAN, and Etherscan. Labels are verified via a two-step process: automated tool consensus, requiring at least two tools to agree on a vulnerability type, followed by manual verification by two reviewers who record vulnerability type, evidence location, and exploit rationale. Final Solidity counts are Safe: 1,275; RE: 753; WR: 785; UT: 813, with 80% used as 9 and 20% as 0. The general unlabeled dataset used for Stage 1 contains 1,842 Solidity contracts and 1,193 Vyper contracts, with no overlap with the vulnerability detection dataset. Training stops when validation MMD loss 1. The Vyper evaluation dataset is constructed from public repositories, analyzed with Slither and Mythril, and augmented with synthetic vulnerable variants that are manually verified as reachable, executable, semantically consistent, and not dead code. Final Vyper counts are Safe: 434; RE: 236; WR: 226; UT: 307.
The paper primarily reports FPR and FNR. It also reports AUC in hyperparameter studies. The Solidity-only train/test setting is described as an approximate upper bound because the training and test distributions match.
| Vulnerability type | Solidity train/test | Zero-shot Solidity 2 Vyper |
|---|---|---|
| Reentrancy | FPR 0.09 / FNR 0.13 | FPR 0.13 / FNR 0.15 |
| Weak randomness | FPR 0.08 / FNR 0.12 | FPR 0.12 / FNR 0.14 |
| Unchecked transfer | FPR 0.11 / FNR 0.14 | FPR 0.13 / FNR 0.15 |
In the direct baseline-comparison table, the paper reports a second set of zero-shot Vyper numbers for the full Sol2Vy system: RE 3, WR 4, and UT 5. The same comparison lists substantially weaker results for Slither, Mythril, a Vyper-trained classification network, CodeT5+, GraphCodeBERT, GPT‑4.1, CodeLlama‑7b, Qwen-Coder‑7b, and a joint-training Sol2Vy variant without freezing. The reported interpretation is that Sol2Vy significantly outperforms all baselines on Vyper detection and that the cross-language performance drop relative to Solidity-only evaluation is small.
Ablation results differentiate the contributions of the two encoder branches. Removing the sequential encoder causes large degradation for reentrancy, while removing the hierarchical encoder causes especially large degradation for weak randomness. Unchecked transfer degrades when either branch is removed. This supports the claim that reentrancy relies heavily on temporal patterns, weak randomness on structural patterns, and unchecked transfer on both.
5. Evidence for alignment, position among methods, and limitations
The paper provides three explicit tests for whether the aligned representation is meaningful rather than a superficial domain collapse (Hu et al., 22 Mar 2026). In the semantic-equivalency test, cosine similarity between semantically equivalent Solidity and Vyper SlithIR patterns increases after MMD training; examples in Table I include reentrancy pattern 6 and balance update 7. In the language-discriminability test, a logistic regression classifier predicting whether an embedding comes from Solidity or Vyper drops from about 8 accuracy before MMD to about 9 after MMD. In the no-representation-collapse test, intra-language variance decreases only slightly, from 0 for Solidity and 1 for Vyper.
Within the smart-contract analysis landscape, Sol2Vy is positioned against static and dynamic analysis tools, deep learning approaches trained directly on Vyper, pretrained code models fine-tuned on Vyper, and prompted LLM baselines. Its distinctive feature is explicit cross-language alignment at representation level using MMD over SlithIR embeddings, rather than language-specific rule systems or direct prompting. A common misconception is that zero-shot transfer here is purely a consequence of using SlithIR. The results and ablations argue against that interpretation: the reported failure of direct Solidity-trained SlithIR models on Vyper, together with the performance collapse of the joint-training variant without freezing, indicates that transfer depends on the combined design of normalization, dual-view encoding, MMD alignment, and frozen representations.
The limitations are stated directly. Coverage is restricted to three vulnerabilities: RE, WR, and UT. The framework depends on Solidity patterns for supervisory signal; if Vyper idioms for vulnerabilities are fundamentally different and not aligned by MMD, the model may miss them. The method is specific to SlithIR and the EVM setting. The Solidity labels may still reflect bias toward vulnerabilities that current tools detect well, and the Vyper dataset includes injected vulnerabilities whose synthetic patterns might not capture all real-world exploit nuances. External validity is also limited with respect to unseen vulnerability types, very new language features or compiler versions that change IR structure significantly, and other smart-contract languages or blockchains. The paper suggests that analogous techniques should theoretically generalize to other low-resource smart contract languages if suitable IRs exist, and notes few-shot improvement as an open direction.
6. Distinct solar-atmosphere usage of the label
A separate 2026 solar-physics paper uses the expression “Sol2Vy”-type algorithm to describe an inversion kernel that, given the magnetic field and its evolution plus the LOS velocity, infers the horizontal velocity component 2 as a function of height (Crespo et al., 17 Feb 2026). In that work, the physical setting is a 2D configuration in the 3 plane with 4, and the unknown 5 is inferred from known 6, 7, 8, 9, and 0. The governing equation is the ideal-MHD induction equation,
1
specialized to
2
That method discretizes the induction equation via finite differences, assembles an overdetermined sparse linear system, and solves it in the least-squares sense. In analytic tests and in 2D slices from CO5BOLD magneto-hydrodynamic simulations of the solar surface, the horizontal velocity component in a two-dimensional domain can be successfully recovered with a mean error of about 3. The method is described as establishing the foundation for future extensions to three-dimensional reconstructions of the horizontal velocity field.
This solar usage is unrelated to the Vyper vulnerability-detection framework except for the label. A plausible implication is that “Sol2Vy” is currently a homonymous term rather than a single cross-domain concept. In technical writing, the ambiguity is usually resolved by context: in smart-contract security it denotes Solidity-to-Vyper transfer learning, while in solar-atmosphere inversion it refers to recovering 4 from magnetic-field evolution and line-of-sight velocity.