Zero-Shot Vulnerability Detection in Low-Resource Smart Contracts Through Solidity-Only Training

TL;DR

This paper presents Sol2Vy, a framework for cross-language vulnerability detection in smart contracts that transfers knowledge from Solidity to Vyper without requiring extensive labeled datasets.

Contribution

Introducing Sol2Vy, a novel approach enabling vulnerability detection in low-resource languages like Vyper by leveraging models trained solely on Solidity.

Findings

Sol2Vy achieves high detection accuracy on Vyper contracts.

It significantly outperforms previous methods in vulnerability detection.

The framework effectively transfers knowledge across programming languages.

Abstract

Smart contracts have transformed decentralized finance, but flaws in their logic still create major security threats. Most existing vulnerability detection techniques focus on well-supported languages like Solidity, while low-resource counterparts such as Vyper remain largely underexplored due to scarce analysis tools and limited labeled datasets. Training a robust detection model directly on Vyper is particularly challenging, as collecting sufficiently large and diverse Vyper training datasets is difficult in practice. To address this gap, we introduce Sol2Vy, a novel framework that enables cross-language knowledge transfer from Solidity to Vyper, allowing vulnerability detection on Vyper using models trained exclusively on Solidity. This approach eliminates the need for extensive labeled Vyper datasets typically required to build a robust vulnerability detection model. We implement and evaluate Sol2Vy on various critical vulnerability types, including reentrancy, weak randomness, and unchecked transfer. Experimental results show that Sol2Vy, despite being trained exclusively on Solidity, achieves strong detection performance on Vyper contracts and significantly outperforms prior state-of-the-art methods.