Machine Learning-Based Vulnerability Detection in Ethereum Smart Contracts via EVM Bytecode Feature Engineering

Sergei Solovev

2026-02-26 · Preprint, Figshare · DOI: 10.6084/m9.figshare.31429971

Download PDF View on Figshare

Abstract

XGBoost + Optuna on 117,091 Slither-labelled Ethereum contracts achieves F1=0.948 using 65 hand-crafted bytecode features in 15 SWC-mapped semantic categories. Binary classification: recall 0.950, MCC 0.832, PR-AUC 0.990.

Key questions

Q. Can machine learning detect Ethereum smart-contract vulnerabilities from bytecode alone?
Yes. An XGBoost model tuned with Optuna on 117,091 Slither-labelled contracts reached F1 = 0.948 using 65 hand-crafted EVM-bytecode features across 15 SWC-mapped categories (recall 0.950, MCC 0.832, PR-AUC 0.990).

Q. Do you need verified source code to screen a contract for vulnerabilities?
No. These results rely on EVM-bytecode features only, so deployed contracts can be triaged without access to verified source code.

Keywords: smart contract security; EVM bytecode; XGBoost; Optuna; Slither labels; binary classification; SWC categories