Subcontract misuse vulnerability (SMV) in smart contracts introduces critical security risks, yet bytecode-level obfuscation severely degrades semantic information—including inheritance relationships, control flow, and data flow—hindering automated detection. To address this, we propose Satellite, the first framework to apply transfer learning for bytecode-level inheritance relationship recovery. Satellite introduces method-level fine-grained feature extraction and a dedicated SMV metric system, integrating reconstructed control- and data-flow graphs with pattern matching to enable precise SMV identification under obfuscation. Evaluated on a real-world dataset, Satellite achieves 84.68% precision and 92.11% recall, and uncovers 14 previously unknown vulnerabilities affecting over $200,000 in digital assets.

Developers of smart contracts pervasively reuse subcontracts to improve development efficiency. Like any program language, such subcontract reuse may unexpectedly include, or introduce vulnerabilities to the end-point smart contract. Unfortunately, automatically detecting such issues poses several unique challenges. Particularly, in most cases, smart contracts are compiled as bytecode, whose class-level information (e.g., inheritance, virtual function table), and even semantics (e.g., control flow and data flow) are fully obscured as a single smart contract after compilation. In this paper, we propose Satellite, a new bytecode-level static analysis framework for subcontract misuse vulnerability (SMV) detection in smart contracts. Satellite incorporates a series of novel designs to enhance its overall effectiveness.. Particularly, Satellite utilizes a transfer learning method to recover the inherited methods, which are critical for identifying subcontract reuse in smart contracts. Further, Satellite extracts a set of fine-grained method-level features and performs a method-level comparison, for identifying the reuse part of subcontract in smart contracts. Finally, Satellite summarizes a set of SMV indicators according to their types, and hence effectively identifies SMVs. To evaluate Satellite, we construct a dataset consisting of 58 SMVs derived from real-world attacks and collect additional 56 SMV patterns from SOTA studies. Experiment results indicate that Satellite exhibits good performance in identifying SMV, with a precision rate of 84.68% and a recall rate of 92.11%. In addition, Satellite successfully identifies 14 new/unknown SMV over 10,011 real-world smart contracts, affecting a total amount of digital assets worth 201,358 USD.