<p>The increasing prevalence of cross-chain protocols such as Chainlink’s Cross-Chain Interoperability Protocol (CCIP) and Cosmos’s Inter-Blockchain Communication (IBC) has been transforming the blockchain landscape, enabling seamless interoperability across heterogeneous networks. However, this innovation has introduced critical security risks, as cross-chain bridges have emerged as a primary attack vector, responsible for over $2.8 billion in losses. Traditional smart contract vulnerability detection tools, whether rule-based analyzers or conventional machine learning models, are ill-equipped to capture the semantic complexity and protocol-specific logic of inter-chain interactions, especially under data-scarce conditions. To overcome this semantic blindness, defined here as the inability of single-chain analyzers to reason about inter-chain trust assumptions, asynchronous state transitions, and protocol-specific invariants, we introduce CrossGuard, a multi-modal framework that reasons about cross-chain vulnerabilities by explicitly modeling protocol-level interactions as a first-class semantic modality, capturing message relays, lock/mint–burn/release flows, and verification paths. CrossGuard fuses this novel interaction channel with deep structural (Code Property Graphs, CPGs) and textual (CodeBERT) representations, thereby unifying structural semantics from CPGs with textual semantics from CodeBERT, enabling it to comprehend protocol logic that is invisible to single-chain analyzers. This fused representation is processed through a Graph Neural Network and a Prototypical Network, enabling robust few-shot and one-shot detection of novel vulnerabilities. We also introduce CrossChain-VulnDB, a benchmark dataset comprising labeled contracts from real-world exploits and verified cross-chain protocols, including audited implementations. Extensive experiments demonstrate that CrossGuard attains a balanced F1 score of 0.86 with recall approaching 0.89, while maintaining strong few-shot generalization. Beyond aggregate scores, CrossGuard consistently surpasses competitive baselines under dApp-disjoint and leave-one-dApp-out splits; ablation studies confirm the complementary contributions of all three modalities, with the interaction channel yielding the largest recall gains for cross-chain failure modes. In one/few-shot regimes, macro-accuracy improves from 0.71 (1-shot) to 0.88 (10-shot), and results remain stable across compiler optimization levels (O0–O2), underscoring robustness and data efficiency. These results establish a data-efficient and semantically grounded paradigm for securing cross-chain ecosystems.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

CrossGuard: a multi-modal few-shot learning framework for detecting cross-chain smart contract vulnerabilities

  • Tuan-Dung Tran,
  • Khoi Le Quoc,
  • Van-Hau Pham

摘要

The increasing prevalence of cross-chain protocols such as Chainlink’s Cross-Chain Interoperability Protocol (CCIP) and Cosmos’s Inter-Blockchain Communication (IBC) has been transforming the blockchain landscape, enabling seamless interoperability across heterogeneous networks. However, this innovation has introduced critical security risks, as cross-chain bridges have emerged as a primary attack vector, responsible for over $2.8 billion in losses. Traditional smart contract vulnerability detection tools, whether rule-based analyzers or conventional machine learning models, are ill-equipped to capture the semantic complexity and protocol-specific logic of inter-chain interactions, especially under data-scarce conditions. To overcome this semantic blindness, defined here as the inability of single-chain analyzers to reason about inter-chain trust assumptions, asynchronous state transitions, and protocol-specific invariants, we introduce CrossGuard, a multi-modal framework that reasons about cross-chain vulnerabilities by explicitly modeling protocol-level interactions as a first-class semantic modality, capturing message relays, lock/mint–burn/release flows, and verification paths. CrossGuard fuses this novel interaction channel with deep structural (Code Property Graphs, CPGs) and textual (CodeBERT) representations, thereby unifying structural semantics from CPGs with textual semantics from CodeBERT, enabling it to comprehend protocol logic that is invisible to single-chain analyzers. This fused representation is processed through a Graph Neural Network and a Prototypical Network, enabling robust few-shot and one-shot detection of novel vulnerabilities. We also introduce CrossChain-VulnDB, a benchmark dataset comprising labeled contracts from real-world exploits and verified cross-chain protocols, including audited implementations. Extensive experiments demonstrate that CrossGuard attains a balanced F1 score of 0.86 with recall approaching 0.89, while maintaining strong few-shot generalization. Beyond aggregate scores, CrossGuard consistently surpasses competitive baselines under dApp-disjoint and leave-one-dApp-out splits; ablation studies confirm the complementary contributions of all three modalities, with the interaction channel yielding the largest recall gains for cross-chain failure modes. In one/few-shot regimes, macro-accuracy improves from 0.71 (1-shot) to 0.88 (10-shot), and results remain stable across compiler optimization levels (O0–O2), underscoring robustness and data efficiency. These results establish a data-efficient and semantically grounded paradigm for securing cross-chain ecosystems.