Zero-Shot Vulnerability Detection in Low-Resource Smart Contracts Through Solidity-Only Training
This addresses security threats in decentralized finance for developers and auditors by enabling vulnerability detection in underexplored languages without extensive labeled data, though it is incremental as it builds on cross-language transfer concepts.
The paper tackles the problem of detecting vulnerabilities in low-resource smart contract languages like Vyper by introducing Sol2Vy, a framework that transfers knowledge from Solidity-trained models, achieving strong detection performance and outperforming prior state-of-the-art methods.
Smart contracts have transformed decentralized finance, but flaws in their logic still create major security threats. Most existing vulnerability detection techniques focus on well-supported languages like Solidity, while low-resource counterparts such as Vyper remain largely underexplored due to scarce analysis tools and limited labeled datasets. Training a robust detection model directly on Vyper is particularly challenging, as collecting sufficiently large and diverse Vyper training datasets is difficult in practice. To address this gap, we introduce Sol2Vy, a novel framework that enables cross-language knowledge transfer from Solidity to Vyper, allowing vulnerability detection on Vyper using models trained exclusively on Solidity. This approach eliminates the need for extensive labeled Vyper datasets typically required to build a robust vulnerability detection model. We implement and evaluate Sol2Vy on various critical vulnerability types, including reentrancy, weak randomness, and unchecked transfer. Experimental results show that Sol2Vy, despite being trained exclusively on Solidity, achieves strong detection performance on Vyper contracts and significantly outperforms prior state-of-the-art methods.