XGBoost + Optuna on 117,091 Slither-labelled Ethereum contracts achieves F1=0.948 using 65 hand-crafted bytecode features in 15 SWC-mapped semantic categories. Binary classification: recall 0.950, MCC 0.832, PR-AUC 0.990.
Q. Can machine learning detect Ethereum smart-contract vulnerabilities from bytecode alone?
Yes. An XGBoost model tuned with Optuna on 117,091 Slither-labelled contracts reached F1 = 0.948 using 65 hand-crafted EVM-bytecode features across 15 SWC-mapped categories (recall 0.950, MCC 0.832, PR-AUC 0.990).
Q. Do you need verified source code to screen a contract for vulnerabilities?
No. These results rely on EVM-bytecode features only, so deployed contracts can be triaged without access to verified source code.
Keywords: smart contract security; EVM bytecode; XGBoost; Optuna; Slither labels; binary classification; SWC categories