Cause-to-Fix Learning: Causal Multi-Task Deep Learning for Smart Contract Vulnerability Detection and Repair

Smart contracts in blockchain have been reported to be more susceptible to security exploits by programming. The traditional techniques for vulnerability detection have been reported to be mainly focused on vulnerability identification, but not on the causes and actions. This paper proposes a framework based on the concept of causal-aware deep learning, where the classification of vulnerabilities, prediction of the probability of exploiting the vulnerabilities, and causal attribution are combined for smart contract vulnerabilities. The techniques of learning the latent representation of the smart contract code using Term Frequency-Inverse Document Frequency (TF-IDF) embeddings and a shared neural network have been incorporated in the proposed model. In the experiment, the dataset was made up of 2217 smart contracts, which were categorized into four classes of vulnerabilities. These classes included reentrancy, dangerous delegatecall, integer overflow, and timestamp dependency. The model was observed to achieve 0.95 in terms of overall accuracy and 0.899 in terms of macro F1 score. The F1 values were 0.99 for reentrancy, 0.93 for integer overflow, 0.91 for timestamp dependency, and 0.77 for delegatecall. The relatively lower performance for delegatecall reflects the inherent complexity of this vulnerability type, which depends on external execution context, storage alignment, and inter-contract interactions. On the other hand, the reduced performance of this type of vulnerability is considered normal due to the imbalance in the dataset, which contains only 97 nodes specific to this vulnerability. Causal analysis of the experiment showed unique relationships between the vulnerabilities and the learned causal factors. The experiment introduced the minimal fix optimization module for generating counterfactual causal modifications for reducing exploit risk while preserving the predictions made by the model. The experiment showed notable exploit probability reduction, for example, from 0.2596 to 0.0422 and from 0.1121 to 0.0272 for representative samples. Also, the casual analysis results show that delegatecall vulnerabilities are associated with multiple moderately activated causal factors rather than a single dominant cause, increasing classification difficulty. This illustrates the difficulty in detecting this vulnerability and justifies another reason for its low classification performance. Unlike traditional systems, our method offers a new "reason to fix" model for analyzing weaknesses.

Background:

Smart contracts in blockchain systems are increasingly vulnerable to security exploits caused by programming errors. Traditional vulnerability detection techniques primarily focus on identifying vulnerabilities without analyzing their underlying causes or providing actionable fixes. This limitation motivates the development of approaches that can both detect vulnerabilities and explain the reasons behind them.

Materials and Methods:

This study proposes a causal-aware deep learning framework for smart contract vulnerability analysis that integrates vulnerability classification, exploit probability prediction, and causal attribution. The model learns latent representations of smart contract code using Term Frequency–Inverse Document Frequency (TF-IDF) embeddings combined with a shared neural network architecture. The experimental dataset consisted of 2,217 smart contracts categorized into four vulnerability classes: reentrancy, dangerous delegatecall, integer overflow, and timestamp dependency.

Results:

The proposed model achieved an overall accuracy of 0.95 and a macro F1-score of 0.899. Class-level F1 scores were 0.99 for reentrancy, 0.93 for integer overflow, 0.91 for timestamp dependency, and 0.77 for delegatecall. The causal analysis revealed distinct relationships between vulnerabilities and the learned causal factors. In addition, the proposed minimal fix optimization module generated counterfactual causal modifications that significantly reduced exploit probabilities while preserving model predictions, for example reducing probabilities from 0.2596 to 0.0422 and from 0.1121 to 0.0272 in representative samples.

Conclusion:

The proposed framework extends traditional vulnerability detection by introducing causal reasoning and minimal counterfactual fixes. This approach not only identifies vulnerabilities but also explains their causes and suggests targeted modifications, offering a novel “reason-to-fix” paradigm for improving smart contract security.