MANDO-LLM: Heterogeneous graph transformers with large language models for smart contract vulnerability detection

Author

Nhat Minh NGUYEN, Singapore Management UniversityFollow
Huu Hoang NGUYEN, Singapore Management UniversityFollow
Long LE THANH
Zahra AHMADI
Thanh Nam DOAN, Singapore Management UniversityFollow
Daoyuan WU, Singapore Management UniversityFollow
Lingxiao JIANG, Singapore Management UniversityFollow

Publication Type

Journal Article

Version

acceptedVersion

Publication Date

12-2025

Abstract

Detecting vulnerabilities in smart contracts is vital for the security and reliability of decentralized apps. To facilitate vulnerability detection, contract codes, including bug patterns, are represented as heterogeneous graphs with various nodes and edges, like control-flow and function-call graphs. However, existing graph learning techniques struggle with large, complex graphs. This paper presents MANDO-LLM, a novel framework that combines heterogeneous graph transformers (HGTs) with large language models (LLMs) for detecting vulnerabilities in smart contracts represented as heterogeneous contract graphs built upon control-flow and call graphs. MANDO-LLM uses LLMs to capture code features from control-flow and call data, customizes HGTs to learn embeddings with specific node-edge meta relations, and employs classifiers for vulnerability detection in Solidity code at both contract and line levels. Our evaluation shows that MANDO-LLM significantly outperforms existing methods on real-world large-scale imbalanced datasets, with F1-score improvements from 0.59% to 80.72% at the contract level. It is also one of the first effective methods for identifying line-level vulnerabilities, with performance boosts ranging from 3.09% to over 95% across different vulnerability types. MANDO-LLM’s versatility allows easy retraining for various vulnerabilities without needing manually defined patterns.

Keywords

vulnerability detection, smart contracts, source code, heterogeneous graph learning, graph transformer, graph embedding, large language model, code embedding

Discipline

Artificial Intelligence and Robotics | Software Engineering

Areas of Excellence

Digital transformation

Publication

ACM Transactions on Software Engineering and Methodology

First Page

1

Last Page

30

ISSN

1049-331X

Identifier

10.1145/3765751

Publisher

Association for Computing Machinery (ACM)

Citation

NGUYEN, Nhat Minh; NGUYEN, Huu Hoang; LE THANH, Long; AHMADI, Zahra; DOAN, Thanh Nam; WU, Daoyuan; and JIANG, Lingxiao. MANDO-LLM: Heterogeneous graph transformers with large language models for smart contract vulnerability detection. (2025). ACM Transactions on Software Engineering and Methodology. 1-30.
Available at: https://ink.library.smu.edu.sg/sis_research/10630

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1145/3765751