Code vulnerability detection is crucial for software security. Recent advancements, particularly with the emergence of code pre-trained models (CodePTMs) and code large language models (CodeLLMs), have led to significant progress in this area. However, these models are easily susceptible to adversarial attacks, where even slight input modifications can lead the models to generate opposite results. Existing adversarial approaches, such as identifier replacement, code transformation, and dead code insertion, demonstrate promising performance but still face several limitations. First, the perturbations applied to the target code are relatively constrained ( e.g., identifier replacement affects only a small subset of tokens within the entire codebase). Second, the design of perturbed tokens lacks specificity in forcing the model to make incorrect predictions ( e.g., they are generated by random selection or context-based prediction). Such limitations lead to the inefficiency and ineffectiveness of existing attacks. To address these issues, we propose SLODA (Statementlevel OOD Features driven Adversarial Attack), which introduces two types of out-of-distribution (OOD) features: universal features via code deoptimization and label-specific features extracted from mispredicted and adversarial examples. These statement-level OOD features not only expand the perturbation scope but also can significantly reduce the search space due to their inherently adversarial nature. Moreover, since OOD features are extracted from existing code and the attack considers the context of the target code, they are more difficult to be detected. Our extensive experiments across 12 models demonstrate that SLODA surpasses existing four state-of-the-art approaches in terms of the effectiveness, efficiency, and detection resistance.