UEChecker: Detecting Unchecked External Call Vulnerabilities in DApps via Graph Analysis
Dechao Kong, Xiaoqi Li, Wenkai Li
TL;DR
UEChecker is a deep learning tool that uses graph analysis and advanced neural network modules to detect unchecked external call vulnerabilities in DApps, significantly improving detection accuracy over existing methods.
Contribution
This paper introduces UEChecker, a novel deep learning-based approach combining call graph analysis and advanced neural modules for vulnerability detection in smart contracts.
Findings
Achieves 87.59% accuracy in detecting vulnerabilities
Outperforms GAT, LSTM, and GCN baselines
Effectively captures multi-scale dependencies in call graphs
Abstract
The increasing number of attacks on the contract layer of DApps has resulted in economic losses amounting to $66 billion. Vulnerabilities arise when contracts interact with external protocols without verifying the results of the calls, leading to exploit entry points such as flash loan attacks and reentrancy attacks. In this paper, we propose UEChecker, a deep learning-based tool that utilizes a call graph and a Graph Convolutional Network to detect unchecked external call vulnerabilities. We design the following components: An edge prediction module that reconstructs the feature representation of nodes and edges in the call graph; A node aggregation module that captures structural information from both the node itself and its neighbors, thereby enhancing feature representation between nodes and improving the model's understanding of the global graph structure; A Conformer Block module…
Peer Reviews
Decision·Submitted to ICLR 2026
1. The unchecked external call vulnerability is a critical issue in DApp security, and the paper provides strong motivation through real-world examples (e.g., Uniswap flash loan attacks). 2. The design of UEChecker’s modular architecture (edge prediction, clustering, Conformer integration) is clearly articulated and logically justified. The integration of GCN and Conformer blocks is an interesting approach to modeling multi-scale dependencies in call graphs. 3. The paper includes comparative exp
1. The framework primarily extends standard GCN architectures with additional processing modules; the conceptual innovation is incremental. 2. Evaluation is restricted to 608 DApps, which may not be sufficient to demonstrate generalization to diverse contract ecosystems. 3. The contribution of each module (edge prediction, clustering, Conformer) is not quantitatively isolated or validated. 4. While accuracy is reported, there is little analysis of specific error cases or robustness across contra
1. **Significance of the Topic** The paper addresses an important problem in the field of blockchain security—detecting unchecked external call vulnerabilities in DApp smart contracts.
1. **Limited Novelty:** While the paper proposes a framework based on graph neural networks and convolutional modules, the approach of encoding program structure using graph-based convolution has been extensively explored in prior work (see, for example, Flow2vec [1]). The main novelty appears to lie in the edge prediction module, but the manuscript does not compare this component against relevant baselines, making it difficult to assess its effectiveness and actual contribution. 2. **Baselin
1. The paper focuses on a critical and common vulnerability type in smart contract security. These vulnerabilities are frequently exploited to launch attacks like Reentrancy and Flash Loan attacks, bearing significant practical relevance and economic impact. 2. The paper presents a novel and well-structured approach by combining call graph analysis with a GCN architecture to target the specific problem of unchecked external calls. The integration of edge prediction, node clustering, and the con
1.The paper's primary contribution is one of application and engineering (building a tool for a specific security task) rather than methodological innovation in machine learning. The UEChecker model itself is a "kitchen-sink" combination of existing components (GCN, clustering, Conformer). The paper fails to provide a strong theoretical or empirical justification for this specific, and rather unusual, combination. 2. The description of the model's core components is severely underspecified. Mos
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Blockchain Technology Applications and Security · Advanced Graph Neural Networks