What problem does this paper attempt to address?

### What problems does this paper attempt to solve? This paper aims to solve two main problems in smart contract vulnerability detection: 1. **Limited quality and quantity of existing data sets**: The existing data sets used to train vulnerability detection tools may be insufficient, resulting in limited effectiveness of these tools. In particular, high - quality manually - verified data sets usually contain less than 1,000 vulnerability source - code samples, while larger - scale data sets rely on the verification of static analysis tools, which may not be reliable enough. 2. **Sensitivity of existing detection tools to code variation**: Since smart contract code can achieve the same semantic function (i.e., semantic equivalence) through multiple structures, traditional analysis tools may not be able to effectively identify vulnerabilities when faced with these code variations. Therefore, a method is needed to generate more diverse vulnerability codes to evaluate and improve the detection capabilities of existing tools. ### Specific objectives of the paper - **RQ1: How do code transformations affect vulnerability detection tools?** - By evaluating the quantity and quality of vulnerability examples in the newly generated data set, study whether code transformations can significantly increase the number of vulnerabilities that existing tools fail to detect (i.e., increase the false - negative rate). - **RQ2: Is the method of injecting vulnerabilities at all potential locations more effective than at only one location?** - Compare the effects of injecting vulnerabilities at a single location and at multiple potential locations, and evaluate which method can better reveal the limitations of existing tools. ### Solutions The paper proposes a method based on semantic - preserving code transformation. The specific steps are as follows: 1. **Code transformation**: Convert the source code containing vulnerabilities into an intermediate representation form (such as an abstract syntax tree AST), and then apply a series of transformation operations (such as variable renaming, function renaming, expression substitution, conditional branch swapping, etc.), ensuring that the transformed code still maintains the original semantics. 2. **Vulnerability injection**: Insert the transformed vulnerability code fragments into all potential locations of the smart contract source code to generate new contract versions containing vulnerabilities. 3. **Experimental evaluation**: Use multiple vulnerability detection tools (such as Slither, Mythril, CrossFuzz) to evaluate the newly generated data set, focusing on indicators such as the number of generated vulnerabilities and the false - negative rate. Through this method, the paper not only increases the quantity of the vulnerability data set but also improves its quality, enabling it to better test and improve the existing vulnerability detection tools.