Multi-Modal Semantic Fusion for Smart Contract Vulnerability Detection in Cloud-Based Blockchain Analytics Platforms

Abstract

With the growth of trusted computing demand for big data analysis, cloud computing platforms are reshaping trusted data infrastructure by integrating Blockchain as a Service (BaaS), which uses elastic resource scheduling and heterogeneous hardware acceleration to support petabyte level multi-institution data security exchange in medical, financial, and other fields. As the core hub of data-intensive scenarios, the BaaS platform has the dual capabilities of privacy computing and process automation. However, its deep dependence on smart contracts generates new code layer vulnerabilities, resulting in malicious contamination of analysis results. The existing detection schemes are limited to the perspective of single-source data, which makes it difficult to capture both global semantic associations and local structural details in a cloud computing environment, leading to a performance bottleneck in terms of scalability and detection accuracy. To address these challenges, this paper proposes a smart contract vulnerability detection method based on multi-modal semantic fusion for the blockchain analysis platform of cloud computing. Firstly, the contract source code is parsed into an abstract syntax tree, and the key code is accurately located based on the predefined vulnerability feature set. Then, the text features and graph structure features of key codes are extracted in parallel to realize the deep fusion of them. Finally, with the help of attention enhancement, the vulnerability probability is output through the fully connected network. The experiments on Ethereum benchmark datasets show that the detection accuracy of our method for re-entrancy vulnerability, timestamp vulnerability, overflow/underflow vulnerability, and delegatecall vulnerability can reach 92.2%, 96.3%, 91.4%, and 89.5%, surpassing previous methods. Additionally, our method has the potential for practical deployment in cloud-based blockchain service environments.

1. Introduction

With the increasing demand for trusted computing in big data analytics, cloud platforms are realizing the deep collaboration of distributed trust and elastic resources through Blockchain-as-a-Service (BaaS) architecture. Mainstream cloud service providers encapsulate smart contract execution engines as scalable microservices to support the secure sharing of petabytes of data in healthcare, finance, and other fields across institutions. This “cloud-chain collaboration” mode significantly reduces the deployment energy consumption of blockchain nodes and improves the transaction throughput by relying on the cloud-native resource scheduling mechanism, which effectively meets the real-time requirements of big data analysis [1].

In data-intensive scenarios, BaaS platforms play a dual key role: privacy computing hub and process automation core [2]. On the one hand, by integrating zero-knowledge proof and homomorphic encryption technology, the platform realizes the joint analysis of multi-party data “available and invisible”. On the other hand, its smart contract analysis tool supports automatic execution of rules such as data authorization and payment splitting, which verifies the feasibility of providing efficient contract security services in the cloud environment. However, this deep dependence on smart contracts also introduces new security vulnerabilities—about 23% of DeFi security incidents are due to contract code vulnerabilities (e.g., re-entry attacks), resulting in malicious tampering of analysis results.

Existing smart contract vulnerability detection methods mainly rely on static rules, symbolic execution, or expert-led engineering methods and only analyze Solidity code while ignoring heterogeneous data such as off-chain logs and API documents, resulting in the lack of correlation analysis between data and the problem of multi-modal data fragmentation. Some multi-modal methods, such as the combination of expert rules and graph neural networks, can effectively improve the interpretability and detection accuracy [3], and the combination of deep learning and graph features enhances the automatic detection ability [4]. In addition, recent studies have systematically evaluated various detection tools, providing a comprehensive survey of the field of smart contract security from the perspectives of data sources, detection methods, and defense mechanisms. The multi-modal detection method significantly outperforms traditional static analysis tools in terms of accuracy and recall.

Against this backdrop, this paper proposes a multi-modal semantic fusion smart contract vulnerability detection framework for the cloud environment; the core contributions are as follows:

• Precise extraction of key code for vulnerabilities: This paper parses the source code of smart contracts into an abstract syntax tree (AST) and extracts the key fragments of vulnerabilities based on a predefined set of vulnerability features. Each segment was further analyzed through data flow and control flow dependency analysis, resulting in the generation of critical code for vulnerabilities that fully retain the functionality, control, and exception ranges.
• Multi-modal complementary feature extraction: Based on the key vulnerability code, this paper synchronizes it into two complementary modalities of text and image. This mechanism takes into account both the long-term dependencies of the contract code and the fine-grained structural information, breaking through the information bottleneck of a single modality.
• Multi-modal deep fusion strategy: This paper aligns and concatenates the text and image embedding vectors at the node level, forming a unified representation that simultaneously incorporates global semantics and local structural features. This significantly enhances the model’s ability to express complex vulnerability patterns.

2. Related Work

2.1. Smart Contract Vulnerability Detection Methods

In the early stage of smart contract development, vulnerability detection mainly relied on the following three methods: static analysis, dynamic execution, and formal verification. The static analysis method examines the code without executing it, matching vulnerability patterns through predefined rules. Although this method is highly efficient, its false positive rate usually exceeds 30% [5]. The dynamic analysis method, such as symbolic execution, detects vulnerabilities like integer overflows through path constraint solving. However, its ability to handle complex control flows is limited, resulting in a recall rate lower than 70% [6]. Formal verification tools prove the correctness of the code by converting the contract into a mathematical model. Although they can provide a high level of security guarantee, they require manual specification and high computational overhead, making large-scale application difficult [7]. In recent years, for specific vulnerability types, hybrid static-dynamic methods have become a new trend. Xu et al. proposed a detection framework based on Hyperledger Fabric chain code, which combines static scanning of AST and dynamic verification through symbolic execution. When testing 15 actual projects, this framework was able to identify 13 unknown vulnerabilities, with an accuracy rate of up to 91% [8]. This study shows that the hybrid method has significant advantages in improving the efficiency and accuracy of vulnerability detection.

2.2. Machine-Learning-Driven Vulnerability Detection Technologies

Deep learning significantly enhances the generalization ability of vulnerability detection by automatically learning the semantic features of the code. According to the representation method of the code, existing research can be classified into three categories: sequence models, graph neural networks, and pre-trained models.

Sequence models treat the code as a text sequence and use recurrent neural networks (RNNs) or long short-term memory (LSTM) networks to capture the context dependencies. For example, the BLSTM-ATT model proposed by Qian et al. achieved an F1-score of 88.26% in detecting re-entry vulnerabilities [9]. However, serialization processing leads to the loss of code structure information, resulting in a relatively high false-negative rate in control flow vulnerability detection.

Graph neural networks model the code structure based on AST. For example, AST-GCN aggregates the feature of syntax tree nodes through graph convolution and achieves an F1-score of 76.2% [10]. However, this method lacks the modeling of multi-function dependency relationships. The gated graph neural network proposed by Cai et al. improves the recall rate of re-entry vulnerability detection by enhancing the propagation of cyclic dependencies by 5.7% [11].

Pre-trained models learn multi-language general representations through masked language tasks. For example, CodeBERT achieved an F1-score of 86.7% in the smart contract detection task [12]. However, single-modal models have difficulty balancing grammatical and semantic information. For instance, SmartConDetect uses bidirectional encoders (BERT) to extract code snippet features and achieves an F1-score of 90.9% but ignores the spatial–temporal patterns of bytecode. Jeon et al. convert the opcode sequence into grayscale images and use convolutional neural networks (CNNs) to extract spatial features, but in this process, the semantic associations of variables are lost [13].

2.3. Exploration of Multi-Modal and Graph Representation Learning Fusion

To address the limitations of a single modality, multi-modal fusion has emerged as an emerging development direction. Image–text dual-modal methods stand out: Tahir et al. map bytecode into RGB images and combine opcode frequency text features, raising re-entrancy detection F1 to 99.07% [14], and the VNT Chain team fuses contract source code text and control flow graph images, aligning modal by attention and achieving similar progress in IEEE. Li et al. proposed a hybrid framework that integrates deep learning detection and knowledge enhanced large language model repair, significantly improving the efficiency of detecting and repairing re-entry vulnerabilities in smart contracts [15]. However, existing fusion methods mostly adopt static weighting strategies, ignoring inter-modal contribution differences, leading to modality preference bias [16]. Moreover, GNNs suffer from neighborhood noise: failure to distinguish child node importance causes irrelevant code segments to interfere with key vulnerability features [17]. Recently, Huang et al. proposed an interpretable smart contract vulnerability detection model based on graph isomorphism network, which improved the accuracy of vulnerability detection and enhanced the interpretability of prediction results [18]. However, the collaborative optimization of multi-modal and graph attention has not been fully studied.

2.4. Difference from Traditional Software Vulnerability Detection

Traditional software vulnerability detection in software engineering primarily targets issues such as buffer overflows, memory corruption, and pointer misuse in programs written in procedural or object-oriented languages (e.g., C/C++ and Java). These methods typically rely on static code analysis, symbolic execution, or dynamic taint tracking to identify vulnerabilities related to resource misuse or control-flow anomalies. However, smart contracts differ fundamentally from traditional software in both their execution environment and vulnerability characteristics.

First, smart contracts execute within a decentralized and deterministic blockchain environment (e.g., Ethereum Virtual Machine), where all state transitions are recorded immutably on-chain. As a result, vulnerabilities often arise from transaction ordering, re-entrancy, timestamp dependence, and gas exhaustion—issues that have no equivalent in conventional software systems. Second, smart contracts lack system-level APIs and mutable runtime states, meaning that typical memory or I/O-related exploits in traditional software are not applicable. Third, the execution semantics of smart contracts are transaction-driven and publicly visible, introducing attack surfaces related to concurrency, contract interaction, and external call invocation.

Consequently, most traditional software vulnerability detection techniques cannot be directly reused for smart-contract analysis. For instance, static analyzers designed for C/C++ do not consider the transaction-level dependencies or the deterministic execution model of blockchain platforms. In contrast, our proposed Multi-Modal Semantic Fusion (MMSF) framework is specifically designed to capture both the semantic features of contract code and the structural dependencies of its transaction flow. By jointly modeling these two modalities through Transformer and GGNN representations, MMSF effectively addresses blockchain-specific vulnerabilities that fall outside the scope of conventional software engineering approaches.

2.5. Comparative Summary and Innovation Highlights

Existing studies have mainly focused on single-modality or syntax-level vulnerability detection methods, as shown in

Table 1. Systematic comparison of existing smart contract vulnerability detection methods.

Category	Methods	Input Features	Strengths	Limitations
Static Analysis	Oyente, Mythril	Symbolic traces	Interpretable	High false positives
Deep Learning	VulDeeSmart, TMP	Tokenized code, graphs	Automated learning	Requires large datasets
Graph-based	GGNN, VulHunter	AST/CFG/DFG	Captures structure	Ignores semantics
Multi-modal	DMT, DeepVul-Graph	Text + Graph fusion	Robust integration	Static fusion
Proposed (Ours)	MMVul-Detection	Transformer + GGNN + attention	Adaptive fusion	Higher training cost

, such as symbolic execution tools (e.g., Oyente and Mythril) and graph-based learning frameworks (e.g., TMP and VulHunter). However, these approaches either suffer from limited scalability or rely solely on syntactic or structural information, neglecting semantic dependencies across functions.

In contrast, the proposed framework introduces three key innovations:

(1) Multi-modal semantic fusion: It jointly models textual semantics and structural dependencies, enabling comprehensive vulnerability reasoning across different code views.

(2) Cross-representation attention mechanism: A lightweight attention fusion layer is designed to dynamically weigh heterogeneous features, achieving higher interpretability and robustness than static fusion models used in prior work.

(3) Unified deployment perspective: Unlike prior detection frameworks that focus purely on static analysis, our scheme is designed for scalable integration within Blockchain-as-a-Service (BaaS) platforms, supporting real-time vulnerability scanning in production environments.

These distinctions collectively highlight the novelty of the proposed framework, bridging the gap between semantic representation learning and deployable vulnerability detection systems.

3. System Model

3.1. Model Definition

The smart contract vulnerability detection framework proposed in this paper adopts multi-modal collaborative analysis and semantic enhancement mechanism to construct an end-to-end vulnerability identification system. As shown in Figure 1, this paper firstly performs deep semantic preprocessing on the source code of the smart contract and then uses heterogeneous modal separation and fusion in the feature extraction stage. Finally, the multi-stage linkage neural network architecture is used to identify the vulnerability.

Given a smart contract C as input, it is composed of several functions $f_i$: $C=\{f_1,f_2,\dots ,f_n\}$, where each function $f_i$ contains an ordered sequence of statements $s_{ij}$, represented as $f_i=\{s_{i1},s_{i2},\dots ,s_{im}\}$. A set of vulnerability features $\mathcal{P}=\{p_1,p_2,\dots ,p_q\}$ is defined for matching the smart contract code. The vulnerability feature set $\mathcal{P}$ is usually closely related to the core functionality or security of the smart contract, such as functions involving fund transfers, permission control logic, variable operations, etc. For example, in re-entrancy vulnerabilities, the constant $call.value$ related to transaction amounts is often used as a vulnerability feature. For a detailed explanation of the symbols and variables used in this study, please refer to Appendix A.

In this work, cloud infrastructure is employed primarily to enhance the scalability and efficiency of the analytical process rather than merely for data storage. The multi-modal semantic fusion framework involves large-scale feature extraction from both token sequences and graph representations, which requires considerable parallel computing power. By deploying the model on a cloud-based platform, we are able to dynamically allocate GPU and memory resources according to the workload, thereby supporting high-volume batch inference and accelerating model training. The cloud environment also facilitates distributed data management and experiment orchestration, enabling multiple processing nodes to handle semantic and structural streams concurrently. This architecture ensures that our analytics remain scalable, reproducible, and adaptable to different dataset sizes or real-world auditing scenarios.

3.2. Comparison with Existing Multi-Modal Fusion Methods

Unlike previous multi-modal vulnerability detection frameworks that simply concatenate textual and structural features or apply static late fusion mechanisms, our approach employs a cross-representation attention fusion strategy. This design allows dynamic weighting between modalities based on contextual dependencies, ensuring that semantic cues from the Transformer and structural information from the gated graph neural network (GGNN) are jointly optimized during training.

Furthermore, the proposed architecture supports hierarchical fusion, where local and global dependencies are iteratively aligned. Such an adaptive attention mechanism differs fundamentally from static fusion models such as TMP and DMT, which lack fine-grained cross-modal interaction. This distinction underscores the architectural innovation and explains the observed performance gains.

4. Smart Contract Code Vulnerability Detection Method Based on Multi-Modal Semantic Fusion

4.1. Preprocessing of Smart Contract Code

Vulnerabilities in smart contracts exist within one or more specific functions; only some statements are directly related to these vulnerabilities. Therefore, in Section 3.1, the smart contract is divided into smaller ordered statement sequences $s_{ij}$ to provide more precise execution context, simplify the representation of complex control flows, optimize data flow tracing, and preprocess the smart contract code at a finer granularity.

Firstly, based on the ANTLR (ANother Tool for Language Recognition) tool, the contract source code C is converted into a syntax tree $T_{AST}$. $T_{AST}$ is a tree structure containing N nodes, represented as $T_{AST}=(V_{node},E_{edge}),\left|V_{node}\right|=N$. Each node contains an attribute tuple $v_i$, $v_i\in V_{node},v_i=<type,value,line\_num>$, such as variables, functions, operators, and control flow statements. By abstracting syntax trees (ASTs), important elements in each function of the smart contract are extracted, ensuring that the core logic and functionality of the contract can be captured.

Next, it is necessary to identify key vulnerability segments from the syntax tree $T_{AST}$. For any node $v_i\in V_{node}$ in the syntax tree $T_{AST}$, define the set of statements with data dependencies and control dependencies that match the vulnerability feature set $\mathcal{P}$ as the key vulnerability segment $vkf$. This process can be formally represented as

$$vkf=\{v_i\in V_{node}\mid {⌀}_{match}(v_i,\mathcal{P})=True\}$$

(1)

$${⌀}_{match}(v,\mathcal{P})=\left\{\begin{array}{c}1\\ 0\end{array}\right.\begin{array}{c}if\exists p\in \mathcal{P}:sim(V_{value},p)>\tau \\ otherwise,\end{array}$$

(2)

where $\tau$ is the similarity threshold.

Then, based on the key vulnerability segments, other statements related to the statement are obtained by tracking data dependencies and control dependencies to trace the propagation path and trigger conditions of potential vulnerabilities. All related statements together form the complete key vulnerability code $V_{svkf}$. This process can be formally represented as

$$V_{svkf}=V_{vkf}\cup \left\{v_j\mid \exists v_i\in V_{vkf}:{\psi }_{dep}(v_i,v_j)\right\},$$

(3)

where ${\psi }_{dep}$ is the dependency judgment function, which is divided into two categories: data dependencies and control dependencies. Data dependencies are represented as

$${\psi }_{data}(v_i,v_j)=\mathbb{I}[Def\left(v_i\right)\cap Use\left(v_j\right)\ne ⌀].$$

(4)

This means that there is a path without redefinition from $v_i$ to $v_j$ in the execution path of the smart contract program, that is, no other statements assign new values to the variables in $v_i$ during the execution from $v_i$ to $v_j$.

Control dependencies are represented as

$${\psi }_{ctrl}(v_i,v_j)=\mathbb{I}[v_j\in Dominators\left(v_i\right)].$$

(5)

This means that the execution result of $v_i$ directly determines whether the basic block where $v_j$ is located will be executed. In other words, $v_j$ is on a branch path of $v_i$, and $v_i$ is the nearest decision point that “controls” whether $v_j$ is executed.

As shown in Algorithm  1, it can be seen that the key code of the vulnerability extracts the code fragments that may lead to the vulnerability during the execution of the contract but ignores the scope of the statement in the smart contract code. For example, in a re-entrant vulnerability scenario, an external call function can invoke an arbitrary function on the target address. Since this function directly sends ether coins and calls functions in the target contract, if the target contract triggers malicious code immediately after receiving ether coins, this can lead to a re-entry attack, where the target contract calls the transfer function again before control is returned to the current contract, resulting in duplicate execution of logic or theft of funds. However, the critical vulnerability code ignores the key semantic structure information related to the vulnerability and does not know the function scope of the transfer function.

To address the issue of missing scope range in key vulnerability code, this paper defines three types of scope statements: function statements, control statements, and exception statements. Check each line of code or statement in the smart contract source code and apply the defined rule set to check whether the statement matches a certain scope.

When a statement with semantic structure information is identified, traverse all statements within that scope. During the traversal process, determine whether there are statements within the semantic structure scope in the key vulnerability code. If there are, add the start and end statements of the semantic structure information statement to the program slice to ensure that the key vulnerability code can fully contain the semantic structure information.

By locating the semantic structure information statement and then inserting statements with scope range, the key vulnerability code with semantic structure information $V_{svkf}$ is generated, which not only reflects the dependency relationship of the code but also retains important semantic structure information.

Algorithm 1 Pseudocode of the smart contract code preprocessing algorithm

Output  smart contract $C=\{f_1,f_2,\dots ,f_n\}$ set of vulnerability features $\mathcal{P}=\{p_1,p_2,\dots ,p_q\}$ similarity threshold $\tau$ Ensure:  key vulnerability code $V_{svkf}$   1: // Step 1: Build an abstract syntax tree   2: $T_{AST}\leftarrow \mathrm{ANTLRParse}\left(C\right)$ {Parse the contract source into an AST}   3: $V_{\mathrm{node}}\leftarrow \mathrm{getAllNodes}\left(T_{AST}\right)$ {Get all nodes}   4: // Step 2: Extract the vulnerability key segments   5: $V_{\mathrm{vkf}}\leftarrow Ø$   6: for each node $v_i\in V_{\mathrm{node}}$ do   7:     if ${\varphi }_{\mathrm{match}}(v_i,\mathcal{P})=\mathrm{True}$ then   8:        $V_{\mathrm{vkf}}\leftarrow V_{\mathrm{vkf}}\cup \left\{v_i\right\}$    9:    end if 10: end for 11: // Step 3: Vulnerability critical segments are extended through dependencies 12: $V_{\mathrm{svkf}}\leftarrow V_{\mathrm{vkf}}$ {Initialized as a critical segments} 13: for each node $v_i\in V_{\mathrm{vkf}}$ do 14:     for each node $v_j\in V_{\mathrm{node}}$ do 15:        if ${\psi }_{\mathrm{dep}}(v_i,v_j)$ then 16:           $V_{\mathrm{svkf}}\leftarrow V_{\mathrm{svkf}}\cup \left\{v_j\right\}$ 17:        end if 18:     end for 19: end for 20: // Helper function definition ${\varphi }_{\mathrm{match}}(v,\mathcal{P})$ 21: for each $p\in \mathcal{P}$ do 22:     if $\mathrm{sim}(v.\mathrm{value},p)>\tau$ then 23:         return true 24:     end if 25: end for 26: return false ${\psi }_{\mathrm{dep}}(v_i,v_j)$ 27: if ${\psi }_{\mathrm{data}}(v_i,v_j)\vee {\psi }_{\mathrm{ctrl}}(v_i,v_j)$ then 28:      return true 29: else 30:      return false 31: end if ${\psi }_{\mathrm{data}}(v_i,v_j)$ 32: return $\mathbb{I}[\mathrm{Def}\left(v_i\right)\cap \mathrm{Use}\left(v_j\right)\ne Ø]$ and {No path from $v_i$ to $v_j$} ${\psi }_{\mathrm{ctrl}}(v_i,v_j)$ 33: return $\mathbb{I}[v_j\in \mathrm{Dominators}\left(v_i\right)]${$v_i$ control $v_j$} 34: return $V_{\mathrm{svkf}}$

4.2. Feature Extraction of Key Vulnerability Code

To address the issue of large amounts of smart contract code and low text scanning efficiency, this paper further converts the key vulnerability code $V_{svkf}$ with semantic structure information into a graph structure $G=(V,E,\mathbf{X})$ and performs text feature embedding and image feature embedding to standardize similar syntactic structures and semantic relationships. The vertex set $V=V_{svkf}$, edge set $E=\{(v_i,v_j)\mid path(v_i,v_j)\le d_{max}\}(d_{max}=3)$, vertex feature matrix $\mathbf{X}\in {\mathbb{R}}^{M\times d},$ and ${\mathbf{x}}_i=Embed\left(v_i^{type}\right)\oplus Embed\left(v_i^{value}\right)(d=128forembeddingdimension,\oplus representsvectorconcatenation)$

Next, we input the sequence embedding vectors and graph embedding vectors into the Transformer and gated graph neural network for training to capture the feature representation of the code. Then, we fuse the feature vectors output by these two networks through a fully connected layer into a unified joint feature vector. Finally, we use the joint feature vectors of the two code segments to be detected as input for the similarity detection task, predict the similarity probability, and compare it with the preset threshold to obtain the final similarity detection result.

Let $\left|T\right|$ denote the number of code tokens in the contract sequence and $\left|V\right|$ the number of nodes in its control/data-flow graph. Throughout this section, $i\in [1,|T\left|\right]$ indexes semantic tokens, and $j\in [1,|V\left|\right]$ indexes structural nodes.

4.2.1. Text Feature Extraction

To learn the semantic and syntactic features of the code, this paper uses the Transformer to extract the text features of $V_{svkf}$. Additionally, to capture the dependencies between various elements in the sequence, this method uses a self-attention structure. Specifically, we first perform a preorder traversal of the abstract syntax tree to generate a path sequence and map each node to an embedding vector through a unified vocabulary. Then, we input these embedding vectors into a Transformer model containing only an encoder, where each encoder unit includes a bidirectional multi-head self-attention layer and a feedforward neural network layer.

The Transformer is a deep learning model based on the attention mechanism, mainly composed of encoders and decoders. Its core self-attention mechanism allows the model to focus on information at different positions when processing input sequences, thereby effectively alleviating the problem of long-distance dependencies. Self-attention consists of three parts: query, key, and value. Its calculation formula is

$$Attention(Q,K,V)=SoftMax\left({\displaystyle \frac{Q{K}^T}{\sqrt{d_k}}}\right)V,$$

(6)

where $Q\in {\mathbb{R}}^{l\times d}$, $K\in {\mathbb{R}}^{l\times d}$, and $V\in {\mathbb{R}}^{l\times d}$ are the embedding path sequence vectors, l represents the size of the embedding sequence, and d represents the actual length of the input sequence. To capture more semantic content from the input sequence, this paper uses a multi-head mechanism to implement self-attention. The multi-head mechanism divides the queries, keys, and values into h heads. The self-attention calculation for each head is shown in the formula:

$$hea{d}_i=Attention(Q_i,K_i,V_i)=SoftMax\left({\displaystyle \frac{Q_i{K}_i^T}{\sqrt{d_k}}}\right)V_i.$$

(7)

Subsequently, we concatenate all the attention vectors of the heads to obtain the final result of the multi-head self-attention layer:

$$MultiHead(Q,K,V)=Concat(hea{d}_1,hea{d}_2,\dots ,hea{d}_h)W^O.$$

(8)

To more effectively capture the features in the input sequence, this paper adds a feedforward neural network layer to further process the output of the multi-head attention. The feedforward neural network consists of two linear transformations and one non-linear activation function, whose calculation process is shown in the following formula:

$$FFH\left(X\right)=ReLU(X{W}_1+b_1)W_2+b_2.$$

(9)

Through the above self-attention mechanism and feedforward neural network, the internal relationships of the input sequence vectors are captured. The final node representation $T=[t_1^T,t_2^T,\dots ,t_{\left|d\right|}^T]$ contains all the information of all nodes in the input sequence, i.e., the generated text sequence feature vectors.

4.2.2. Image Feature Embedding

Although the sequence-based $V_{svkf}$ can learn the global structure and syntactic features of the code from the path sequence, since the path sequence is essentially a flattened expression, it inevitably ignores some semantic structural information that the code originally has. In a similar code, consider that the code structures of different programming languages are different, but the code logic is usually the same. The structures between the if_statement parts of different programming languages $V_{svkf}$ are similar. Therefore, this paper uses the GGNN to extract the local features of the code, taking the aforementioned $G=(V,E,\mathbf{X})$ as input to capture the semantic features of the code. For the edge types in $G=(V,E,\mathbf{X})$, the method of merging adjacency matrices is used for processing.

GGNN is a neural network model specifically designed for graph-structured data, which can efficiently capture the dependency relationships and hierarchical structures between nodes. GGNN initializes each node as a feature vector and uses an iterative information propagation mechanism to continuously update the node state. The specific process is as follows:

Node initialization: First, each node in $G=(V,E,\mathbf{X})$ is initialized, using the previously generated unified graph embedding representation as the initial feature vector of the node, as shown in the following formula:

$$h_i^{\left(0\right)}=v_i.$$

(10)

Domain aggregation: At each time step, the node sends its current embedding vector as a message to all adjacent nodes. Each node aggregates the messages sent by its neighboring nodes to update its own representation. That is, the formula is

$$m_i^{\left(t\right)}=\sum _{j\in N\left(i\right)}Message(h_i^{(t-1)},h_j^{(t-1)}).$$

(11)

State update: Then, we use the gating mechanism to update the node state. That is, the formula is

$$h_i^{\left(t\right)}=Update(h_i^{(t-1)},m_i^{\left(t\right)}),$$

(12)

where the $Update$ function combines the state $h_i^{(t-1)}$ of node i at time step $t-1$ and the aggregated message $m_i^{\left(t\right)}$ to generate the new node state $h_i^{\left(t\right)}$, and $h_i^{\left(t\right)}$ is the new state of node i at time step t. After T rounds of iteration for all nodes in the graph, the state $h_i^{\left(t\right)}$ of each node after T rounds of iteration is the final representation of the node. The final output representation is $G=[g_1^{tr},g_2^{tr},\dots ,g_{\left|d\right|}^{tr}]$, where d represents the number of nodes in the graph.

4.2.3. Multi-Modal Fusion of Image–Text Features

The Transformer extracts text features to obtain the global structure and logical features of the code. With its powerful self-attention mechanism, it can capture long-distance dependency relationships and overall logical flow in the code. At the same time, by using GGNN to extract the features of the extended attribute graph to capture the local structure and semantic features of the code, the details of the code graph structure and the dependency relationships between nodes can be obtained through the message passing and state update between graph nodes. After obtaining the feature vectors generated by the two models, it is necessary to integrate these two different features for the downstream similarity detection task. To this end, this paper proposes a feature multi-modal fusion, aiming to comprehensively integrate the global information of sequences and the local information of structures. The specific process is as follows:

Feature representation: In this section, through the upstream work, the text features and image features of the smart contract code are obtained, as shown in the following formula:

$$T=[t_1^{tr},t_2^{tr},\dots ,t_{\left|d\right|}^{tr}]$$

(13)

$$G=[g_1^{tr},g_2^{tr},\dots ,g_{\left|d\right|}^{tr}],$$

(14)

where $T\in {\mathbb{R}}^{d\times m}$ represents the features learned in $V_{svkf}$, and $G\in {\mathbb{R}}^{d\times m}$ represents the features obtained from the graph $G=(V,E,\mathbf{X})$.

Feature pairing: In this section, the text features and image features corresponding to each node in $G=(V,E,\mathbf{X})$ are paired, and $P_i$ in the formula represents the pairing of the i-th pair of feature vectors:

$$P_i=(t_i^{tr},g_i^{tr}).$$

(15)

Feature vector connection: In this section, after pairing the feature vectors of each node, the paired feature vectors are connected to generate new feature vectors, as shown in the following formula:

$$h_i^{combined}=Concat(t_i^{tr},g_i^{tr}),$$

(16)

where $h_i^{combined}$ is the newly generated feature vector of node i, and $Concat$ represents the concatenation of the two vectors.

Finally, we combine all the feature vectors of the nodes together:

$$H_{combined}=[h_1^{combined},h_2^{combined},\dots ,h_d^{combined}].$$

(17)

Through the above process in this section, the obtained $H_{combined}\in {\mathbb{R}}^{2\times d\times m}$ is the joint feature vector of the code, which comprehensively includes the global structural features and local structural and semantic features of the code.

4.3. Vulnerability Detection

This paper adopts a multi-level linked neural network architecture to achieve an end-to-end detection process from feature extraction to vulnerability determination. As shown in Algorithm 2, first, through the Transformer model and GGNN model, we obtain the text sequence feature vectors $T=[t_1^{tr},t_2^{tr},\dots ,t_{\left|d\right|}^{tr}]$ and image feature vectors $G=[g_1^{tr},g_2^{tr},\dots ,g_{\left|d\right|}^{tr}]$ of the smart contract, respectively, representing the semantic information and structural patterns of the code. Then, through multi-modal feature fusion, a joint representation $H_{combined}=[h_1^{combined},h_2^{combined},\dots ,h_d^{combined}]$ is generated. This fusion mechanism effectively retains the complementarity of text and image features, providing a unified representation space for subsequent analysis.

To introduce vulnerability prior knowledge, this paper designs an attention-enhanced feature interaction module. For a given vulnerability feature set $\mathcal{P}$, first calculate the similarity matrix between the joint feature $H_{combined}$ and $\mathcal{P}$:

$$A=softmax\left({\displaystyle \frac{H_{combined}·\mathcal{P}}{\sqrt{d}}}\right),$$

(18)

where d is the feature dimension, and $\sqrt{d}$ is the scaling factor to prevent gradient vanishing. Next, aggregate vulnerability features dynamically through similarity weights:

$${\mathcal{P}}_{ctx}=A·\mathcal{P}.$$

(19)

This process achieves context-aware feature enhancement, enabling the vulnerability detection model to adaptively adjust the weights of vulnerability patterns based on the current contract features. Finally, generate residual-connected feature representations

$$H_{combined}^{*}=LayerNorm(H_{combined}+W_p{\mathcal{P}}_{ctx}),$$

(20)

where $W_p$ is the linear transformation matrix, and LayerNorm is used to ensure the stability of feature distribution.

Algorithm 2 Multi-Modal Vulnerability Detection Process

Input: Contract source C, token sequence T, contract graph $G=(V,E)$ Output: Predicted label $\widehat{y}$ Notation: $\left|T\right|$ denotes the number of tokens in T; $\left|V\right|$ the number of nodes in G. Indices $i\in [1,|T\left|\right]$ index tokens; $j\in [1,|V\left|\right]$ index graph nodes. Step 1: Semantic Encoding for $i\leftarrow 1$ to $\left|T\right|$ do     $x_i\leftarrow f_T\left(T_i\right)$, // embedding of the i-th token end for $X\leftarrow {\left\{x_i\right\}}_{i=1}^{\left|T\right|}$ Step 2: Structural Encoding for $j\leftarrow 1$ to $\left|V\right|$ do     $h_j\leftarrow f_G\left(v_j,\mathcal{N}\left(v_j\right)\right)$, // hidden state of node $v_j$ end for $H\leftarrow {\left\{h_j\right\}}_{j=1}^{\left|V\right|}$ Step 3: Cross-Representation Attention and Fusion for $i\leftarrow 1$ to $\left|T\right|$ do     for $j\leftarrow 1$ to $\left|V\right|$ do         ${\alpha }_{ij}\leftarrow \mathrm{Attn}(x_i,h_j)$, // pairwise attention weight     end for end for $z\leftarrow {\displaystyle \sum _{i=1}^{\left|T\right|}}{\displaystyle \sum _{j=1}^{\left|V\right|}}{\alpha }_{ij}[x_i\oplus h_j]$, // bounded double-sum fusion Step 4: Classification and Decision $s\leftarrow Wz+b$;    $\widehat{y}\leftarrow \sigma \left(s\right)$ return $\widehat{y}$

Finally, a fully connected network is used as a classifier to detect smart contract vulnerabilities. Each neuron in the fully connected layer is connected to all neurons in the previous layer, which can be represented as

$$logits=W_2·\sigma (W_1{H}_{combined}^{*}+b_1)+b_2,$$

(21)

where $\sigma$ is the GELU activation function, and $W_1$ and $W_2$ are weight matrices. The output layer generates vulnerability probabilities through the sigmoid function:

$$p_{vuln}={\displaystyle \frac{1}{1+e^{-logits}}}$$

(22)

5. Framework Deployment in Cloud-Based BaaS Environment

To validate the feasibility of deploying the proposed framework in practice, we further analyze its integration path into a real Blockchain-as-a-Service (BaaS) platform. The deployment architecture contains three layers: contract analysis layer, data fusion layer, and cloud orchestration layer.

(1) Contract analysis layer: The smart contracts uploaded by users are processed by a sandboxed execution engine and forwarded to the analysis service via RESTful APIs.

(2) Data fusion layer: The proposed multi-modal semantic fusion module runs as a microservice in Kubernetes clusters. This layer performs vulnerability parsing, feature extraction, and multi-modal attention fusion on distributed GPU nodes, utilizing asynchronous task queues for large-scale parallel analysis.

(3) Cloud orchestration layer: The detection results are returned to the blockchain service dashboard through the message bus, and vulnerability reports are stored in distributed object storage. The framework can, therefore, operate as a plug-in detection service for cloud-native BaaS ecosystems such as AWS Managed Blockchain or Alibaba Cloud BaaS.

6. Experimental

In this section, we empirically evaluate our proposed method using a publicly available dataset. In order to evaluate the performance of the proposed method, the following research questions were designed:

• RQ1: Can our proposed method effectively detect common vulnerabilities in smart contracts, and is its vulnerability detection better than that of existing methods?
• RQ2: Does adding multi-modal semantic fusion help improve model performance?
• RQ3: How does the proposed multi-modal fusion mechanism (Transformer–GGNN with attention alignment) improve vulnerability detection accuracy and interpretability compared to unimodal and static fusion baselines? Can it be applied on a large scale?

The following experiments address each of these research questions.

6.1. Experimental Setup

Smartbugs Curated is an open-source project dedicated to the security of smart contracts [7]. It offers a meticulously curated dataset of Solidity smart contracts, which contain marked security vulnerabilities. The main purpose of this project is to evaluate the accuracy of automated analysis tools and provide a standard dataset for the research on the security of smart contracts. Therefore, this paper selects Smartbugs Curated on the Ethereum platform as the benchmark dataset.

In order to further examine the generalizability of the proposed method beyond curated datasets, we additionally collected a small corpus of real-world smart contracts deployed on the Ethereum mainnet. These contracts were obtained from verified sources on Etherscan between January and June 2025, covering decentralized finance (DeFi) applications, non-fungible token (NFT) marketplaces, and decentralized autonomous organization (DAO) governance modules. Unlike Smartbugs Curated, which provides manually annotated vulnerability types in a controlled setting, the real-world corpus reflects the diverse coding styles, third-party library dependencies, and complex contract inheritance structures commonly observed in production environments. Each contract was automatically labeled through a cross-validation of results produced by Slither and Mythril and a manual inspection of execution traces, resulting in approximately 1200 unique labeled contracts. Although this supplementary evaluation is limited in scale, its consistent accuracy trend with the benchmark dataset suggests that the proposed multi-modal semantic fusion model maintains strong detection capability under practical deployment conditions.

To verify the detection effectiveness of this model, this paper employed automated detection tools (Oyente [19], Mythril [20], and Slither [10]) and deep learning methods (TMP [21] and DMT [22]).

Oyente performs its main functions by parsing command-line parameters, loading smart contract files, invoking the analysis engine for security analysis, and outputting the analysis results. Its core functions include security checks, compliance verification, performance evaluation, and code quality analysis. It can automatically detect security vulnerabilities in smart contracts, such as re-entry attacks and integer overflows.

Mythril is a static vulnerability analysis tool that utilizes symbolic execution and SMT methods to conduct vulnerability detection. It supports the detection of various security vulnerabilities, including integer overflows, timestamp dependencies, and re-entry attacks.

Slither identifies and fixes security vulnerabilities in smart contracts through static analysis. Its rapid detection capabilities and user-friendly API make it a powerful tool for smart contract security analysis. Although it may not be as sensitive as other tools in detecting certain specific types of vulnerabilities, its comprehensive detection capabilities and ease of integration enable it to have a place in the field of smart contract security.

TMP is a novel temporal information propagation network that learns the vulnerability features in the normalized contract graph through graph convolutional learning. A contract graph is a graph structure that represents the data and control dependencies among program statements. This network can identify potential security vulnerabilities in smart contracts and provides a new perspective and method for the security analysis of smart contracts.

DMT is a novel cross-modal mutual learning framework, aiming to enhance the performance of smart contract vulnerability detection at the bytecode level. The DMT framework improves the accuracy of vulnerability detection by combining the two modalities of source code and corresponding bytecode.

Experiments were conducted on the four vulnerabilities: re-entrancy, timestamp, overflow/underflow, and delegatecall. The experimental parameters are set as shown in

Table 2. Experimental setup parameters.

Dataset Configuration
Dataset	Smartbugs Curated
Supplementary Dataset	1200 real-world Ethereum mainnet contracts
Vulnerability Type	Re-entrancy
	Timestamp
	Overflow/Underflow
	Delegatecall
Baseline Methods
Symbolic Execution	Oyente [19]
Industrial Tool	Mythril [20]
Industrial Tool	Slither [10]
Graph-based Model	TMP [21]
Neural network Model	DMT [22]
Evaluation Metrics
Performance Metrics	Accuracy, Precision, Recall, F1-score
Hardware/Software Environment
OS	Windows 10
CPU	Intel Core i5-14600
RAM	16 GB
GPU	NVIDIA GTX4070
Deep Learning Framework	PyTorch 1.12

.

6.2. Resource Consumption Analysis

We deployed a prototype of the proposed framework in a Kubernetes-based testbed with three worker nodes (each equipped with Intel i5-14600 CPUs, 16 GB RAM, and one NVIDIA RTX 4070 GPU). On average, the detection of 1000 contracts required 2.3 min, with per-contract GPU utilization below 38% and memory consumption under 1.5 GB. This performance demonstrates that the system can efficiently handle batch detection workloads in distributed cloud environments without incurring excessive computational overhead.

6.3. Computational Cost and Energy-Efficiency Analysis

Training Time: The end-to-end training process, including Transformer pretraining and GGNN fine-tuning, requires approximately 7.8 h for convergence on 18,000 labeled contracts. Early stopping is triggered after 20 epochs with a batch size of 32, where validation accuracy stabilizes within ±0.3%.

Algorithmic Complexity: The theoretical computational complexity of the model can be expressed as

$$O(N_T·d^2)+O(N_G·\left|E\right|),$$

(23)

where $N_T$ denotes sequence length in Transformer encoding, d is embedding dimension, and $N_G$ and $\left|E\right|$ are the number of nodes and edges in the GGNN graph, respectively. Given that $N_T\approx 200$ and $\left|E\right|/N_G\le 3$ for smart contract code graphs, the overall time complexity is approximately linear with respect to code size.

Energy Consumption: Power usage was profiled using the NVIDIA-SMI monitoring tool. The average GPU power draw during training was 124 W, resulting in a total energy consumption of approximately 3.5 kWh for a complete training session. Inference tasks exhibit much lower power demand (≤45 W per batch), corresponding to an energy footprint of less than 0.002 kWh per contract.

These results confirm that although the multi-modal architecture increases training complexity, the overall resource cost remains within acceptable limits for modern GPU-equipped cloud environments.

6.4. Detection Performance Comparison (Addressing RQ1)

From Figure 2, Figure 3, Figure 4 and Figure 5, compared to traditional vulnerability detection tools such as Oyente Mythril and Slither, our proposed method demonstrates excellent experimental results. Traditional detection tools have not yet achieved high accuracy in detecting these four types of vulnerabilities. In terms of re-entrancy vulnerability detection, our proposed method achieves an accuracy rate of 92.2%, surpassing other automated detection tools with an average improvement of 19%. Our method achieves an accuracy rate of 96.3% in detecting timestamp vulnerabilities, far surpassing traditional detection tools. This is attributed to our keyword extraction and the sensitivity of timestamp vulnerabilities to blockchain information fields. In delegatecall vulnerabilities, we also maintain a relatively high accuracy rate. Compared to deep learning methods, our approach outperforms TMP (76.5%) and DMT (89.5%) in re-entrancy vulnerability detection, demonstrating that multi-modal fusion can effectively capture the semantic meaning of smart contract vulnerabilities. In terms of precision, our proposed method achieves an average improvement of approximately 17% over TMP and 3.7% over DMT, indicating that our method has an advantage in reducing false positives.

6.5. Ablation Experiments (Addressing RQ2)

To validate the effectiveness of each stage, four ablation experiments were designed. As shown in

Table 3. Ablation experiment results.

Method	Vulnerability	Recall	Precision	Accuracy	F1-Score
w/o Text feature	Re-entrancy	88.7	89.8	88.9	89.3
w/o Image feature		79.8	80.8	79.5	80.6
Full model		96.2	97.1	96.5	95.8
w/o Text feature	Timestamp	79.2	80.2	81.4	80.7
w/o Image feature		85.6	85.6	87.9	83.9
Full model		92.5	93.1	92.8	91.2
w/o Text feature	Overflow/Underflow	80.4	81.6	83.7	81.1
w/o Image feature		88.9	86.9	89.2	84.5
Full model		92.8	93.8	93.1	91.7
w/o Text feature	Delegatecall	81.6	85.6	83.9	82.9
w/o Image feature		87.5	84.7	88.8	84.3
Full model		93.4	94.4	93.7	92.1

, when detecting re-entrancy vulnerabilities, removing image features resulted in a significant decrease in accuracy and recall rates. This is because re-entrancy vulnerabilities are not only related to key text information features but also to the re-entrancy vulnerability attack behavior. Re-entrancy vulnerabilities require specific contract execution behavior to trigger, and image features can effectively capture the relationships between graph nodes. Timestamp vulnerabilities are primarily caused by the use of sensitive information inherent to the blockchain, making them highly sensitive to text features. Removing text features results in a significant decline in detection capability. Delegatecall and overflow/underflow vulnerabilities are sensitive to both text and image features, and their detection quality decreases as features are removed. This highlights the importance of text and graph attention in dependency modeling.

6.6. Efficiency Studies (Addressing RQ3)

As shown in

Table 4. Average detection time for 200 contracts.

	Oyente	Mythril	Slither	Proposed
Time/s	45	30	10	2

, we conducted detection experiments on 200 smart contracts. Since Oyente is based on symbolic execution, it traverses all possible execution paths to perform a full path analysis of the code logic. This can lead to path explosion and unsolvable paths, resulting in lengthy execution times. Although Mythril combines static analysis and symbolic execution, it essentially cannot avoid the same issues as Oyente. Slither performs static analysis based on source-level abstract syntax trees (ASTs) without executing the code. It detects vulnerabilities through syntax and logical rules, avoiding complex path issues, so it is faster. The method that we propose averages only 2 s, with the majority of the time spent on text and image feature extraction and cross-modal feature fusion, while model prediction takes only a small amount of time. This indicates that our method can be used for large-scale detection.

6.7. Dataset Diversity Discussion

To further validate the generalization capability of the proposed multi-modal semantic fusion framework, additional simulations were performed using a real-world Ethereum dataset collected from verified contracts on Etherscan. These contracts span DeFi, NFT, and DAO application domains, introducing significant heterogeneity in coding style, inheritance depth, and external library dependency.

Figure 6 illustrates two sets of results. Subfigure (a) compares the model’s accuracy and F1-scores on both Smartbugs Curated and real-world Ethereum datasets, showing that performance degradation remains within 2%. Subfigure (b) presents the ablation analysis, where the full multi-modal model consistently outperforms single-modality variants by 8–10 percentage points across datasets. These findings demonstrate that the fusion of textual and structural features enables stable and robust detection of complex vulnerabilities even under unbalanced, production-level data distributions.

6.8. Cross-Language Adaptability and Portability Analysis

Although the experiments in this study are conducted on the Solidity-based contracts’ EVM bytecode, the proposed framework is inherently language-agnostic due to its multi-modal semantic representation.

Language Adaptability: The text embedding stage in the Transformer encoder operates on tokenized AST paths, which can be extracted from any programming language with a defined grammar. By replacing the ANTLR grammar rules, the same preprocessing pipeline can be directly adapted to Vyper (Python-based EVM language), Move (Aptos/Sui), or Rust-based smart contracts (Solana, Near). Preliminary tests on 300 Vyper contracts demonstrate that the token and structure embedding coverage exceeds 93 indicating high cross-language compatibility.

Bytecode Ecosystem Adaptation: At the graph-modeling level, the GGNN component relies on dependency relationships (data and control flow) rather than language syntax. Therefore, by transforming bytecode instruction graphs (e.g., EVM opcode, WASM IR, and SVM instruction graphs) into unified intermediate representations, the same feature fusion mechanism can be applied without modifying the neural architecture. This modular design supports heterogeneous blockchain ecosystems.

6.9. Qualitative Case Analysis and Reproducibility Statement

To complement the quantitative evaluation, we conducted a qualitative inspection of the detection outcomes on selected smart contracts.

Table 5. Representative qualitative analysis of detection outcomes.

Contract Name	Vulnerability Type	Detection Result
EtherBank.sol	Re-entrancy	Detected ✓
LotteryDAO.sol	Timestamp Dependency	Missed ✗
SafeToken.sol	Arithmetic Overflow	Detected ✓
MultiSend.sol	Delegatecall Misuse	Detected ✓

presents representative examples, including both successfully identified and missed vulnerabilities.

Case Study 1—Re-entrancy in Nested Calls: The model successfully detected the multi-level re-entrancy vulnerability in the EtherBank contract due to the clear call–transfer dependency captured by the GGNN attention module.

Case Study 2—Timestamp Dependency in Multi-Function Logic: The framework failed to detect the timestamp vulnerability in LotteryDAO, where the timestamp was indirectly invoked via an external library. The limitation arises from the incomplete propagation of dependency edges across imported files.

Case Study 3—Arithmetic Overflow with SafeMath Wrapper: The model correctly classified contracts using SafeMath as non-vulnerable, demonstrating contextual reasoning through the Transformer encoder.

Case Study 4—Delegatecall Misuse in Modular Contracts: The framework correctly detected the misuse of the delegatecall instruction in the MultiSend.sol contract, which was exploited to override storage variables of the calling contract.

7. Conclusions

This study proposes a multi-modal semantic fusion smart contract vulnerability detection framework for Blockchain-as-a-Service platforms in the cloud environment. Through abstract syntax tree parsing, vulnerability feature matching, and data/control dependency tracking, the method accurately locates and retains the critical code of the vulnerability with scope information. Then, the text sequence and graph structure features are extracted in parallel, the attention mechanism is used to achieve deep fusion, and the final vulnerability probability is output. The experiments on Ethereum large-scale benchmark datasets show that the proposed method is superior to the existing baselines in accuracy, recall rate, and F1-value, and the average detection time of a single contract is less than 2 s, which meets the real-time requirements of cloud services.