COCA is a framework designed to improve and explain GNN-based vulnerability detection systems. It addresses two key challenges: enhancing the robustness of existing GNN-based models to avoid spurious explanations and providing concise and effective explanations for detected vulnerabilities. COCA consists of two core components: Trainer (COCATra) and Explainer (COCAExp). The Trainer uses combinatorial contrastive learning to train a robust detection model by generating functionally equivalent variants of code samples and minimizing contrastive loss. The Explainer employs dual-view causal inference to derive crucial code statements that are most decisive to the detected vulnerability. COCA is applied to three GNN-based vulnerability detectors (Devign, ReVeal, and DeepWuKong), and experimental results show that it effectively mitigates spurious correlation issues and provides high-quality explanations. The framework improves detection performance and enhances explainability by leveraging robust feature representations and causal inference. COCA demonstrates superior effectiveness and conciseness in explanations compared to existing methods, making it a valuable tool for security practitioners.COCA is a framework designed to improve and explain GNN-based vulnerability detection systems. It addresses two key challenges: enhancing the robustness of existing GNN-based models to avoid spurious explanations and providing concise and effective explanations for detected vulnerabilities. COCA consists of two core components: Trainer (COCATra) and Explainer (COCAExp). The Trainer uses combinatorial contrastive learning to train a robust detection model by generating functionally equivalent variants of code samples and minimizing contrastive loss. The Explainer employs dual-view causal inference to derive crucial code statements that are most decisive to the detected vulnerability. COCA is applied to three GNN-based vulnerability detectors (Devign, ReVeal, and DeepWuKong), and experimental results show that it effectively mitigates spurious correlation issues and provides high-quality explanations. The framework improves detection performance and enhances explainability by leveraging robust feature representations and causal inference. COCA demonstrates superior effectiveness and conciseness in explanations compared to existing methods, making it a valuable tool for security practitioners.