AttackPathGNN: Cross-function vulnerability detection in smart contracts using state interference graphs and conjunction pooling

2026-06-06 · Source: cs.AI updates on arXiv.org · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Blockchain & Distributed Ledger Technology · Depth: Expert, quick

Summary

AttackPathGNN is a novel graph neural network (GNN) designed to detect cross-function vulnerabilities in Solidity smart contracts, addressing limitations of prior methods that focus solely on single-function syntactic patterns. This GNN reframes detection by reasoning over explicit attack paths, incorporating two distinct architectural elements. First, it employs a State Interference Graph that connects functions sharing mutable storage via typed, weighted edges and defines directed reentrancy-path edges using a five-condition predicate. Second, it utilizes conjunction pooling, a differentiable AND-aggregator over eight exploit preconditions, which ensures exploit scores collapse if any single mitigation like a reentrancy guard or SafeMath is present. AttackPathGNN achieved 92.3+/-0.2% F1 on the SmartBugs Wild test partition, with a 4.3+/-0.3% false-negative rate. It also demonstrated a 90.8+/-2.5% detection rate on the SmartBugs Curated benchmark, recovering 6/10 DASP10 categories at 100% and Reentrancy at 98.7+/-1.8%. Each prediction includes a structured remediation report.

Key takeaway

For AI Security Engineers developing smart contract auditing tools, AttackPathGNN demonstrates a superior approach to detecting complex, cross-function vulnerabilities. You should consider integrating graph-based analysis that explicitly models inter-function state interference and uses conjunction pooling for exploit preconditions. This method provides higher detection rates for critical exploits like Reentrancy and offers actionable, function-level remediation reports, significantly enhancing your automated security assessments beyond syntactic pattern matching.

Key insights

Cross-function smart contract vulnerabilities require reasoning over inter-function relationships, not just single-function patterns.

Principles

• Model inter-function state dependencies.
• Aggregate exploit preconditions conjunctively.
• Mitigations should negate exploit scores.

Method

AttackPathGNN constructs a State Interference Graph linking functions via mutable storage and reentrancy paths, then uses conjunction pooling to aggregate eight exploit preconditions.

In practice

• Identify shared mutable storage.
• Define reentrancy path predicates.
• Integrate mitigation checks into scoring.

Topics

• Smart Contract Security
• Graph Neural Networks
• Vulnerability Detection
• Solidity
• State Interference Graph
• Conjunction Pooling

Best for: AI Engineer, Research Scientist, CTO, AI Scientist, AI Security Engineer, Machine Learning Engineer

Related on AIssential

• AttackPathGNN: Cross-function vulnerability detection in smart contracts using state interference graphs and conjunction pooling — Cross-function smart contract vulnerabilities are detectable by GNNs modeling inter-function state interference and conditional exploit paths.
• Decoupled Smart Contract Audits: Lightweight LLM Framework via Distillation and Aggregation — Lightweight LLMs can achieve high accuracy in smart contract auditing by decoupling tasks and employing distillation and aggregation strategies.
• A formal framework for the economic security of DeFi compositions — A formal framework, MEV non-interference, and local MEV measure economic security risks in DeFi smart contract compositions.
• New benchmark shows AI agents can exploit most smart contract vulnerabilities on their own — AI agents demonstrate significant capability in exploiting and fixing smart contract vulnerabilities, especially with location hints.
• Trailmark turns code into graphs — Code analysis benefits significantly from graph-based reasoning over list-based approaches, especially for security and test quality.
• AI cybersecurity is not proof of work — AI cybersecurity success depends on model intelligence and understanding, not merely "proof of work" computational resources.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by cs.AI updates on arXiv.org.