Peng Qian,Zhenguang Liu,Qinming He,Butian Huang,Duanzheng Tian,Xun Wang

DOI: https://doi.org/10.13328/j.cnki.jos.006375

2022-01-01

Journal of Software

Abstract: Smart contract, one of the most successful applications of blockchain, is taking the world by storm, playing an essential role in the blockchain ecosystem. However, frequent smart contract security incidents not only result in tremendous economic losses but also destroy the blockchain-based credit system. The security and reliability of smart contracts thus gain extensive attention from researchers worldwide. In this survey, we first summarize the common types and typical cases of smart contract vulnerabilities from three levels, i.e., Solidity code layer, EVM execution layer, and Block dependency layer. Further, we review the research progress of smart contract vulnerability detection and classify existing counterparts into five categories, i.e., formal verification, symbolic execution, fuzzing detection, intermediate representation, and deep learning. Empirically, we take 300 real-world smart contracts deployed on Ethereum as the test samples and compare the representative methods in terms of accuracy, F1-Score, and average detection time. Finally, we discuss the challenges in the field of smart contract vulnerability detection and combine with the deep learning technology to look forward to future research directions.

Jingjing Song,Haiwu He,Zhuo Lv,Chunhua Su,Guangquan Xu,Wei Wang

DOI: https://doi.org/10.1007/978-3-030-36938-5_26

2019-01-01

Abstract:Smart contracts are decentralized applications running on the blockchain to meet various practical scenario demands. The increasing number of security events regarding smart contracts have led to huge pecuniary losses and destroyed the ecological stability of contract layer on the blockchain. Faced with the increasing quantity of contracts, it is an emerging issue to effectively and efficiently detect vulnerabilities in smart contracts. Existing methods of detecting vulnerabilities in smart contracts like Oyente mainly employ symbolic execution. This method is very time-consuming, as the symbolic execution requires the exploration of all executable paths in a contract. In this work, we propose an efficient model for the detection of vulnerabilities in Ethereum smart contracts with machine learning techniques. The model is able to effectively and fast detect vulnerabilities based on the patterns learned from training samples. Our model is evaluated on 49502 real-world smart contracts and the results verify its effectiveness and efficiency.

Peng Qian,Zhenguang Liu,Yifang Yin,Qinming He

DOI: https://doi.org/10.1145/3543507.3583367

2023-01-01

Abstract:Over the past couple of years, smart contracts have been plagued by multifarious vulnerabilities, which have led to catastrophic financial losses. Their security issues, therefore, have drawn intense attention. As countermeasures, a family of tools has been developed to identify vulnerabilities in smart contracts at the source-code level. Unfortunately, only a small fraction of smart contracts is currently open-sourced. Another spectrum of work is presented to deal with pure bytecode, but most such efforts still suffer from relatively low performance due to the inherent difficulty in restoring abundant semantics in the source code from the bytecode. This paper proposes a novel cross-modality mutual learning framework for enhancing smart contract vulnerability detection on bytecode. Specifically, we engage in two networks, a student network as the primary network and a teacher network as the auxiliary network. takes two modalities, i.e., source code and its corresponding bytecode as inputs, while is fed with only bytecode. By learning from , is trained to infer the missed source code embeddings and combine both modalities to approach precise vulnerability detection. To further facilitate mutual learning between and , we present a cross-modality mutual learning loss and two transfer losses. As a side contribution, we construct and release a labeled smart contract dataset that concerns four types of common vulnerabilities. Experimental results show that our method significantly surpasses state-of-the-art approaches.

Meiying Wang,Zheyu Xie,Xuefan Wen,Jianmin Li,Kuanjiu Zhou

DOI: https://doi.org/10.3390/electronics12102327

IF: 2.9

2023-05-22

Electronics

Abstract:The wide application of Ethereum smart contracts in the Internet of Things, finance, medical, and other fields is associated with security challenges. Traditional detection methods detect vulnerabilities by stacking hard rules, which are associated with the bottleneck of a high false-positive rate and low detection efficiency. To make up for the shortcomings of traditional methods, existing deep learning methods improve model performance by combining multiple models, resulting in complex structures. From the perspective of optimizing the model feature space, this study proposes a vulnerability detection scheme for Ethereum smart contracts based on metric learning and a bidirectional long short-term memory (BiLSTM) network. First, the source code of the Ethereum contract is preprocessed, and the word vector representation is used to extract features. Secondly, the representation is combined with metric learning and the BiLSTM model to optimize the feature space and realize the cohesion of similar contracts and the discreteness of heterogeneous contracts, improving the detection accuracy. In addition, an attention mechanism is introduced to screen key vulnerability features to enhance detection observability. The proposed method was evaluated on a large-scale dataset containing four types of vulnerabilities: arithmetic vulnerabilities, re-entrancy vulnerabilities, unchecked calls, and inconsistent access controls. The results show that the proposed scheme exhibits excellent detection performance. The accuracy rates reached 88.31%, 93.25%, 91.85%, and 90.59%, respectively.

engineering, electrical & electronic,computer science, information systems,physics, applied

fan jiang,yuanlong cao,jianmao xiao,hui yi,gang lei,min liu,hao wang,shuiguang deng

DOI: https://doi.org/10.1007/978-3-031-20096-0_6

2022-01-01

Abstract:With the widespread use of smart contracts in various fields, the research on smart contract vulnerability detection has increased yearly. Most of the previous research work is based on symbol detection and comparison with expert-defined error patterns to analyze the possible vulnerabilities of smart contracts. The accuracy and performance of such methods are generally low. In response to this problem, this paper proposes an efficient smart contract vulnerability detection model VDDL (Vulnerability Detection Based on Deep Learning). VDDL uses a multi-layer bidirectional Transformer architecture as the model architecture, involving a multi-head attention mechanism and a masking mechanism. A multi-head attention mechanism is applied in the encoder-decoder layer. The masking mechanism randomly masks the input tokens and combined with the context to predict the masked tokens, a deep bidirectional representation for training is realized. Furthermore, VDDL incorporates CodeBERT, a large bimodal pre-trained model for natural and programming languages, to improve training performance. We collected 47,038 smart contracts as datasets for model training and testing. In the end, the accuracy of VDDL reached 92.35%, the recall reached 81.43%, and the F1-score reached 86.38%, which can efficiently detect possible loopholes in smart contracts.

Weichu Deng,Huanchun Wei,Teng Huang,Cong Cao,Yun Peng,Xuan Hu

DOI: https://doi.org/10.3390/s23167246

IF: 3.9

2023-08-19

Sensors

Abstract:With the rapid development and widespread application of blockchain technology in recent years, smart contracts running on blockchains often face security vulnerability problems, resulting in significant economic losses. Unlike traditional programs, smart contracts cannot be modified once deployed, and vulnerabilities cannot be remedied. Therefore, the vulnerability detection of smart contracts has become a research focus. Most existing vulnerability detection methods are based on rules defined by experts, which are inefficient and have poor scalability. Although there have been studies using machine learning methods to extract contract features for vulnerability detection, the features considered are singular, and it is impossible to fully utilize smart contract information. In order to overcome the limitations of existing methods, this paper proposes a smart contract vulnerability detection method based on deep learning and multimodal decision fusion. This method also considers the code semantics and control structure information of smart contracts. It integrates the source code, operation code, and control-flow modes through the multimodal decision fusion method. The deep learning method extracts five features used to represent contracts and achieves high accuracy and recall rates. The experimental results show that the detection accuracy of our method for arithmetic vulnerability, re-entrant vulnerability, transaction order dependence, and Ethernet locking vulnerability can reach 91.6%, 90.9%, 94.8%, and 89.5%, respectively, and the detected AUC values can reach 0.834, 0.852, 0.886, and 0.825, respectively. This shows that our method has a good vulnerability detection effect. Furthermore, ablation experiments show that the multimodal decision fusion method contributes significantly to the fusion of different modalities.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Chaofan Dai,Huahua Ding,Wubin Ma,Yahui Wu

DOI: https://doi.org/10.1109/cits61189.2024.10607982

2024-01-01

Abstract:Smart contracts are decentralized applications de-ployed extensively on blockchain. Due to their economic nature, vulnerabilities in smart contracts can lead to potential significant economic and property losses, disrupting the stable ecosystem of Ethereum. Therefore, the detection of smart contract vul-nerabilities is of paramount importance. Current mainstream methods for smart contract vulnerability detection rely on heuris-tic algorithms based on manual design, which lack reusability across different application scenarios, are time-consuming, and exhibit suboptimal accuracy. To enhance vulnerability detection effectiveness, a method tailored for timestamp vulnerabilities in smart contracts is proposed, named SESCD, based on self-ensembling pretraining. The proposed approach first identifies potential data propagation paths for timestamp vulnerabilities, prunes them, and leverages self-ensembling pretrained models to learn about these propagation paths. Furthermore, the training process is optimized through knowledge distillation to improve the model's ability to detect whether smart contracts contain timestamp vulnerabilities. SESCD demonstrates superior vulner-ability detection and generalization capabilities, alleviating performance instability issues caused by insufficient training data. To validate the effectiveness of SESCD, comparative experiments are conducted on a real-world dataset of smart contracts against 13 mainstream smart contract vulnerability detection methods. Experimental results show that SESCD achieves precision, recall, and F1 scores of 0.91, 0.93, and 0.92 respectively in detecting timestamp vulnerabilities. Compared to the 13 mainstream methods, SESCD exhibits an average relative improvement of 28%, 30%, and 30%, significantly enhancing the detection capabilities of timestamp vulnerabilities.

Li Duan,Wei Wang,Chunhong Liu,Liu Yang,Wei Ni

DOI: https://doi.org/10.1109/TNSM.2023.3278311

2023-12-01

IEEE Transactions on Network and Service Management

Abstract:Digital assets involved in smart contracts are on the rise. Security vulnerabilities in smart contracts have resulted in significant losses for the blockchain community. Existing smart contract vulnerability detection techniques have been typically single-purposed and focused only on the source code or opcode of contracts. This paper presents a new smart contract vulnerability detection method, which extracts features from different levels of smart contracts to train machine learning models for effective detection of vulnerabilities. Specifically, we propose to extract 2-gram features from the opcodes of smart contracts and token features from the source code using a pre-trained CodeBERT model, thereby capturing the semantic information of smart contracts at different levels. The 2-gram and token features are separately aggregated and then fused and input into machine-learning models to mine the vulnerability features of contracts. Over 10,266 smart contracts are used to verify the proposed method. Widespread reentrancy, timestamp dependence, and transaction-ordering dependence vulnerabilities are considered. Experiments show the fused features can help significantly improve smart contract vulnerability detection compared to the single-level features. The detection accuracy is as high as 98%, 98% and 94% for the three vulnerabilities, respectively. The average detection time is 0.99 second per contract, indicating the proposed method is suitable for automatic batch detection of vulnerabilities in smart contracts.

Computer Science

Mengliang Li,Xiaoxue Ren,Han Fu,Zhuo Li,Jianling Sun

DOI: https://doi.org/10.1109/issre59848.2023.00025

2023-01-01

Abstract:Smart contracts are essential for executing computing logic on blockchain networks. However, they are also susceptible to various vulnerabilities. In recent years, the detection of smart contract vulnerabilities has become a significant concern due to the substantial losses caused by hacker attacks. Traditional vulnerability detection approaches rely on expert rules, which often suffer from limitations in accuracy and completeness. Deep learning-based methods offer better coverage of vulnerabilities but may overlook certain vulnerability characteristics and suffer from overfitting during training. In this paper, we propose a novel approach called ConvMHSA-SCVD, which combines knowledge-driven and data-driven algorithms together to detect smart contract vulnerabilities. By incorporating feature selection, data balancing, and a combination of multi-channel convolution and multi-head self-attention neural networks, our ConvMHSA-SCVD achieves effective vulnerability detection in smart contracts. Extensive experiments demonstrate that our approach outperforms the state-of-the-art method in accuracy and F1 score, with improvements ranging from 0.4% to 3.84% and 1.28% to 1.90%, respectively.

Zhigang Xu,Xingxing Chen,Xinhua Dong,Hongmu Han,Zhongzhen Yan,Kangze Ye,Chaojun Li,Zhiqiang Zheng,Haitao Wang,Jiaxi Zhang

DOI: https://doi.org/10.4018/ijdwm.320473

2023-03-22

International Journal of Data Warehousing and Mining

Abstract:Efficient and convenient vulnerability detection for smart contracts is a key issue in the field of smart contracts. The earlier vulnerability detection for smart contracts mainly relies on static symbol analysis, which has high accuracy but low efficiency and is prone to path explosion. In this paper, the authors propose a static method for vulnerability detection based on deep learning. It first disassembles Ethereum smart contracts into opcode sequences and then converts the vulnerability detection problem into a natural language text classification problem. The word vector method is employed to map each opcode to a uniform vector space, and the opcode sequence matrix is trained by the TextCNN method to detect vulnerabilities. Furthermore, a code obfuscation method is given to enhance and balance the dataset, while three different opcode sequence generation methods are proposed to construct features. The experimental results verify that the average prediction accuracy of each smart contract exceeds 96%, and the average detection time is less than 0.1 s.

computer science, software engineering

Lee Song Haw Colin,Purnima Murali Mohan,Jonathan Pan,Peter Loh Kok Keong

DOI: https://doi.org/10.1109/access.2024.3364351

IF: 3.9

2024-02-20

IEEE Access

Abstract:perceptron (MLP). We use feature vectors from the Opcodes and CFG for the machine learning (ML) model training. The existing ML-based approaches for analyzing the smart contract code are constrained by the vulnerability detection space, significantly varying Solidity versions, and no unified approach to verify against the ground truth. The primary contributions in this paper are 1) a standardized pre-processing method for smart contract training data, 2) introducing bugs to create a balanced dataset of flawed files across Solidity versions using AST, and 3) standardizing vulnerability identification using the Smart Contract Weakness Classification (SWC) registry. The ML models employed for benchmarking the proposed MLP, and a multi-input model combining MLP and Long short-term memory (LSTM) in our study are Random forest (RF), XGBoost (XGB), Support vector machine (SVM). The performance evaluation on real-time smart contracts deployed on the Ethereum Blockchain show an accuracy of up to 91% using MLP with the lowest average False Positive Rate (FPR) among all tools and models, measuring at 0.0125.

computer science, information systems,telecommunications,engineering, electrical & electronic

Dongcheng Li,W. Eric Wong,Xiaodan Wang,Sean Pan,Liang-Seng Koh

2024-10-01

Abstract:This paper introduces a method for detecting vulnerabilities in smart contracts using static analysis and a multi-objective optimization algorithm. We focus on four types of vulnerabilities: reentrancy, call stack overflow, integer overflow, and timestamp dependencies. Initially, smart contracts are compiled into an abstract syntax tree to analyze relationships between contracts and functions, including calls, inheritance, and data flow. These analyses are transformed into static evaluations and intermediate representations that reveal internal relations. Based on these representations, we examine contract's functions, variables, and data dependencies to detect the specified vulnerabilities. To enhance detection accuracy and coverage, we apply a multi-objective optimization algorithm to the static analysis process. This involves assigning initial numeric values to input data and monitoring changes in statement coverage and detection accuracy. Using coverage and accuracy as fitness values, we calculate Pareto front and crowding distance values to select the best individuals for the new parent population, iterating until optimization criteria are met. We validate our approach using an open-source dataset collected from Etherscan, containing 6,693 smart contracts. Experimental results show that our method outperforms state-of-the-art tools in terms of coverage, accuracy, efficiency, and effectiveness in detecting the targeted vulnerabilities.

Software Engineering

Yiping Liu,Jie Xu,Baojiang Cui

DOI: https://doi.org/10.1007/978-981-16-9229-1_12

2022-01-01

Abstract:With the rapid development of the blockchain, smart contract technology has been widely applied. The number of smart contracts has grown at a high rate and nearly at an average of thousands per day. However, the correctness and security of the smart contract itself are facing huge problems. The well-known DAO vulnerability, and Parity multi-signature wallet' vulnerabilities have leaded to a hundreds of millions dollars loss, and they are both caused by the security problems of smart contracts. Once the smart contract vulnerability is exploited, it is very likely to bring the loss of cryptocurrencies, the disorder of the financial order and other catastrophic consequences. Therefore the security of smart contracts is imminent. This project has designed and implemented a vulnerability detection system of Ethereum smart contract. The system uses the assembly instruction sequences of the smart contract to generate the control flow graph, then performs symbolic execution and vulnerability constraint solving over the control flow. The system can detect some common types of vulnerabilities, such as the integer overflow and underflow vulnerability, reentry vulnerability and unchecked call return value vulnerability. It has a high accuracy of detection result, and gives support for export vulnerability report.

Jinggang Li,Gehao Lu,Yulian Gao,Feng Gao

DOI: https://doi.org/10.3390/math11234823

IF: 2.4

2023-11-30

Mathematics

Abstract:With the proliferation of blockchain technology in decentralized applications like decentralized finance and supply chain and identity management, smart contracts operating on a blockchain frequently encounter security issues such as reentrancy vulnerabilities, timestamp dependency vulnerabilities, tx.origin vulnerabilities, and integer overflow vulnerabilities. These security concerns pose a significant risk of causing substantial losses to user accounts. Consequently, the detection of vulnerabilities in smart contracts has become a prominent area of research. Existing research exhibits limitations, including low detection accuracy in traditional smart contract vulnerability detection approaches and the tendency of deep learning-based solutions to focus on a single type of vulnerability. To address these constraints, this paper introduces a smart contract vulnerability detection method founded on multimodal feature fusion. This method adopts a multimodal perspective to extract three modal features from the lifecycle of smart contracts, leveraging both static and dynamic features comprehensively. Through deep learning models like Graph Convolutional Networks (GCNs) and bidirectional Long Short-Term Memory networks (bi-LSTMs), effective detection of vulnerabilities in smart contracts is achieved. Experimental results demonstrate that the proposed method attains detection accuracies of 85.73% for reentrancy vulnerabilities, 85.41% for timestamp dependency vulnerabilities, 83.58% for tx.origin vulnerabilities, and 90.96% for integer Overflow vulnerabilities. Furthermore, ablation experiments confirm the efficacy of the newly introduced modal features, highlighting the significance of fusing dynamic and static features in enhancing detection accuracy.

mathematics

Yuhang Sun,Lize Gu

DOI: https://doi.org/10.1088/1742-6596/1820/1/012004

2021-01-01

Journal of Physics Conference Series

Abstract:Abstract Ethereum attracts extensive attention due to its distinctive function of smart contract and decentralized applications (Dapps). Since the number of contracts on blockchain has increased vigorously, various security vulnerabilities come up. Researchers rely on static symbolic analysis method at first, and it seems to perform well in the accuracy of vulnerability detection. However, this method requires manual analysis in advance and it needs to traverse all the possible execution paths to find out the vulnerable ones. The deeper the path goes, the more time it costs to detect the contracts. This paper proposes an approach to detect smart contracts vulnerability on blockchain by using machine learning(ML) methods. This approach aims to build a general benchmark for new vulnerability detection in order to reduce the demand of expert manpower. Moreover, the high-speed-performance ML algorithm makes quick detection comes true. As long as we adjust the threshold of the model, it can work as a fast prefilter for the traditional symbolic analysis tools in further improvement of accuracy.

Kuo Zhou,Jing Huang,Honggui Han,Bei Gong,Ao Xiong,Wei Wang,Qihui Wu

DOI: https://doi.org/10.1016/j.jisa.2023.103555

IF: 4.96

2023-01-01

Journal of Information Security and Applications

Abstract:Vulnerability detection is important for smart contracts because of their immutable and irreversible features. In this work, a new detection method based on adversarial multi-task learning is proposed to improve the accuracy of existing vulnerability detection methods, which is based on the multi-task learning framework, including a shared part and a task-specific part. We optimize the multi-task learning frameworks and propose the mixed parameter sharing method to make each task not only maintain its uniqueness, but also share features with other tasks, which helps solve the problem that the hard parameter sharing method cannot constrain the underlying shared layer and improve the quality of extracted features. In addition, we introduce adversarial transfer learning to reduce noise pollution caused by the private feature and interference between the general feature and the private feature. We experimented on datasets obtained from our previous work, and the experimental results prove that our proposed model can judge whether there are vulnerabilities in smart contracts and then identify their types. Additionally, the results also show that our model effectively improves detection accuracy and has an advantage in performance over representative methods.

Yingjie Xu,Gengran Hu,Lin You,Chengtang Cao

DOI: https://doi.org/10.1155/2021/5798033

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:In recent years, a lot of vulnerabilities of smart contracts have been found. Hackers used these vulnerabilities to attack the corresponding contracts developed in the blockchain system such as Ethereum, and it has caused lots of economic losses. Therefore, it is very important to find out the potential problems of the smart contracts and develop more secure smart contracts. As blockchain security events have raised more important issues, more and more smart contract security analysis methods have been developed. Most of these methods are based on traditional static analysis or dynamic analysis methods. There are only a few methods that use emerging technologies, such as machine learning. Some models that use machine learning to detect smart contract vulnerabilities cost much time in extracting features manually. In this paper, we introduce a novel machine learning-based analysis model by introducing the shared child nodes for smart contract vulnerabilities. We build the Abstract-Syntax-Tree (AST) for smart contracts with some vulnerabilities from two data sets including SmartBugs and SolidiFI-benchmark. Then, we build the Abstract-Syntax-Tree (AST) of the labeled smart contract for data sets named Smartbugs-wilds. Next, we get the shared child nodes from both of the ASTs to obtain the structural similarity, and then, we construct a feature vector composed of the values that measure structural similarity automatically to build our machine learning model. Finally, we get a KNN model that can predict eight types of vulnerabilities including Re-entrancy, Arithmetic, Access Control, Denial of Service, Unchecked Low Level Calls, Bad Randomness, Front Running, and Denial of Service. The accuracy, recall, and precision of our KNN model are all higher than 90%. In addition, compared with some other analysis tools including Oyente and SmartCheck, our model has higher accuracy. In addition, we spent less time for training .

Jing Huang,Kuo Zhou,Ao Xiong,Dongmeng Li

DOI: https://doi.org/10.3390/s22051829

IF: 3.9

2022-02-25

Sensors

Abstract:The key issue in the field of smart contract security is efficient and rapid vulnerability detection in smart contracts. Most of the existing detection methods can only detect the presence of vulnerabilities in the contract and can hardly identify their type. Furthermore, they have poor scalability. To resolve these issues, in this study, we developed a smart contract vulnerability detection model based on multi-task learning. By setting auxiliary tasks to learn more directional vulnerability features, the detection capability of the model was improved to realize the detection and recognition of vulnerabilities. The model is based on a hard-sharing design, which consists of two parts. First, the bottom sharing layer is mainly used to learn the semantic information of the input contract. The text representation is first transformed into a new vector by word and positional embedding, and then the neural network, based on an attention mechanism, is used to learn and extract the feature vector of the contract. Second, the task-specific layer is mainly employed to realize the functions of each task. A classical convolutional neural network was used to construct a classification model for each task that learns and extracts features from the shared layer for training to achieve their respective task objectives. The experimental results show that the model can better identify the types of vulnerabilities after adding the auxiliary vulnerability detection task. This model realizes the detection of vulnerabilities and recognizes three types of vulnerabilities. The multi-task model was observed to perform better and is less expensive than a single-task model in terms of time, computation, and storage.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Jie Yu,Xiao Yu,Jiale Li,Haoxin Sun,Mengdi Sun

DOI: https://doi.org/10.1007/978-981-97-5588-2_29

2024-01-01

Abstract:The wide application of smart contracts advances the growth of blockchain technology. Still, the corresponding security issues also posed serious challenges to the stability of the blockchain contract layer. Many smart contract vulnerability detection methods are limited to a single modal representation, failing to capture the contracts' semantic and structural information completely. To address this issue, this paper suggests a novel approach that combines multi-modal feature fusion and deep learning to detect smart contract vulnerability, usingWord2Vec and Gated Graph Neural Network (GGNN) to extract word vectors and semantic graph features, Multilayer Perceptron (MLP) to extract expert rule features from source code of smart contracts. A multiple-encoder network combining the self-attention mechanism and multi-channel convolution is used to fuse the extracted features, learn feature representation, and train the model for vulnerability detection. In the experiments, the proposed method is tested against a dataset of 40,932 smart contract codes. Results show that for reentrancy and timestamp dependency vulnerabilities, the accuracy is 92.01% and 93.31%, respectively, and the corresponding F1-scores are 88.66% and 92.28%.

Chi Jiang,Xihan Liu,Shenao Wang,Jinzhuo Liu,Yin Zhang

DOI: https://doi.org/10.24963/ijcai.2024/469

2024-01-01

Abstract:Because of the wide deployment of smart contracts, smart contract vulnerabilities pose a challenging risk to blockchain security. Currently, deep learning-based vulnerability detection is a very attractive solution due to its ability to identify complex patterns and features. The existing methods mainly consider the contract code content features, expert knowledge patterns, and contract code modalities. To further enhance smart contract vulnerability detection, this paper attempts to identify community features from smart contracts with similar semantic and syntactic structures, and shared features from two related vulnerability detection tasks, vulnerability classification and localization. The experimental results verify that the proposed approach significantly outperforms the state-of-the-art methods in terms of accuracy, recall, precision, and F1-score.