Smart contracts empower many blockchain applications but are exposed to code-level defects. Existing methods do not scale to the evolving code, do not represent complex control and data flows, and lack granular and calibrated evidence. To address the above concerns, we present an across-graph corresponding contract-graph method for vulnerability detection: abstract syntax, control flow, and data flow are fused into a typed, directed contract-graph whose nodes are enriched with pre-code embeddings (GraphCodeBERT or CodeT5+). A Graph Matching Network (GMN) with cross-graph attention compares contract-graphs, aligns homologous sub-graphs associated with vulnerabilities, and supports the interpretation of statements at the level of balance between a broad structural coverage and a discriminative pairwise alignment. The evaluation follows a deploymentoriented protocol with thresholds fixed for validation, multi-seed averaging, and a conservative estimate of sensitivity under low-false-positive budgets. On SmartBugsWild, the method consistently and markedly exceeds strong rule-based and learning baselines and maintains a higher sensitivity to matching false-positive rates; ablations track the gains to multi-graph fusion, pre-trained encoders, and cross-graph matching, stable through seeds.
Loading....