Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2025 Aug 14;15(1):29810.
doi: 10.1038/s41598-025-14032-w.

A graph attention network-based multi-agent reinforcement learning framework for robust detection of smart contract vulnerabilities

Philip Kwaku Adjei  1 Qin Zhiguang  1 Isaac Amankona Obiri  2 Ansu Badjie  2 Christian Nii Aflah Cobblah  2 Ali Alqahtani  3 Yeong Hyeon Gu  4 Mugahed A Al-Antari  5
Affiliations

A graph attention network-based multi-agent reinforcement learning framework for robust detection of smart contract vulnerabilities

Philip Kwaku Adjei et al. Sci Rep. .

Abstract

Smart contracts have revolutionized decentralized applications by automating agreement enforcement on blockchain platforms. However, detecting vulnerabilities in smart contract interactions remains challenging due to complex state interdependencies. This paper presents a novel approach using multi-agent Reinforcement Learning (MARL) to identify smart contract vulnerabilities. We integrate a Hierarchical Graph Attention Network (HGAT) into a Multi-Agent Actor-Critic framework, decomposing vulnerability detection into complementary policies: a high-level policy encoding historical interactions and a low-level policy capturing structured actions within contract state spaces. By modeling interactions as multistep reasoning paths, our MARL framework effectively navigates complex transaction sequences and resolves semantic ambiguities across different contract states. Experimental evaluations on real-world blockchain datasets demonstrate significant improvements in detecting multiple vulnerability types. For reentrancy attacks, our model achieves 93.8% accuracy and an 89.8% F1 score. The framework also performs strongly in detecting front running (88.9% accuracy), denial-of-service attacks (91.2% accuracy), and unchecked low-level vulnerabilities (91.6% accuracy), outperforming existing approaches across all vulnerability categories.

Keywords: Blockchain vulnerability detection; Decentralized application; Graph attention networks; Hierarchical reinforcement learning; Predictive analytics; Smart contract security.

PubMed Disclaimer

Conflict of interest statement

Declarations. Competing interests: The authors declare no competing interests.

Figures

Fig. 1
Fig. 1
System architecture for smart contract vulnerability detection using hierarchical graph network.
Algorithm 1
Algorithm 1
GANS-MARL Training Procedure
Fig. 2
Fig. 2
Convergence performance.
Fig. 3
Fig. 3
Training convergence under different reward configurations, showing average episode reward progression over 2000 episodes. Precision-focused rewards suppress false positives while recall-focused rewards encourage detection of rare vulnerabilities.
Fig. 4
Fig. 4
ROC curves comparing the performance of different graph neural network architectures (GNNs, GCNs, DA-GNNs, DR-GCN, and GANs-MARL) across four smart contract vulnerability detection tasks.
Fig. 5
Fig. 5
Time to detect vs. false positive rate for smart contract vulnerability detection tasks per Vulnerability Type.
Fig. 6
Fig. 6
Detection performance with varying window sizes and detection-reward trade-offs.
See this image and copyright information in PMC

References

    1. Nakamoto, S. Bitcoin: A Peer-to-Peer Electronic Cash System. Bitcoin.org Whitepaper (2008). Available online: https://bitcoin.org/bitcoin.pdf.
    1. Wood, G. et al. Ethereum: A secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper151, 1–32 (2014).
    1. Buterin, V. Ethereum: A next-generation smart contract and decentralized application platform. Ethereum White Paper3, 2–1 (2013).
    1. FBI, Internet Crimes Complaint Center (IC3) Cyber criminals increasingly exploit vulnerabilities in decentralized finance platforms to obtain cryptocurrency, causing investors to lose money (2022). I-082922-PSA.
    1. Lai, E. & Luo, W. Static analysis of integer overflow of smart contracts in ethereum. In Proceedings of the 2020 4th International Conference on Cryptography, Security and Privacy, 110–115 (2020).

LinkOut - more resources