Smart contract and DApp users are taking great risks, as they do not
obtain necessary knowledge that can help them avoid using vulnera-
ble and malicious contract code. In this paper, we develop a novel
system Tx2TXT that can automatically create security-centric textual
descriptions directly from smart contract bytecode. To capture the
security aspect of financial applications, we formally define a funds
transfer graph to model critical funds flows in smart contracts. To
ensure the expressiveness and conciseness of the descriptions de-
rived from these graphs, we employ a GCN-based model to identify
security-related condition statements and selectively add them to our
graph models. To convert low-level bytecode instructions to human-
readable textual scripts, we leverage robust API signatures to recover
bytecode semantics. We have evaluated Tx2TXT on 890 well-labeled
vulnerable, malicious and safe contracts where developer-crafted
descriptions are available. Our results have shown that Tx2TXT out-
performs state-of-the-art solutions and can effectively help end users
avoid risky contracts