English
Related papers

Related papers: Detecting Buggy Contracts via Smart Testing

200 papers

Smart contracts underpin high-value ecosystems such as decentralized finance (DeFi), yet recurring vulnerabilities continue to cause losses worth billions of dollars. Although numerous security analyzers that detect such flaws exist,…

Cryptography and Security · Computer Science 2026-03-03 Tamer Abdelaziz , Salma Alsaghir , Karim Ali

Smart contracts are critical financial instruments, and their security is of utmost importance. However, smart contract programs are difficult to fuzz due to the persistent blockchain state behind all transactions. Mutating sequences of…

Cryptography and Security · Computer Science 2023-06-30 Chaofan Shou , Shangyin Tan , Koushik Sen

Decentralized cryptocurrencies feature the use of blockchain to transfer values among peers on networks without central agency. Smart contracts are programs running on top of the blockchain consensus protocol to enable people make…

Software Engineering · Computer Science 2018-08-06 Bo Jiang , Ye Liu , W. K. Chan

Smart contracts have been increasingly used together with blockchains to automate financial and business transactions. However, many bugs and vulnerabilities have been identified in many contracts which raises serious concerns about smart…

Software Engineering · Computer Science 2020-05-21 Zhipeng Gao , Lingxiao Jiang , Xin Xia , David Lo , John Grundy

We present Harvey, an industrial greybox fuzzer for smart contracts, which are programs managing accounts on a blockchain. Greybox fuzzing is a lightweight test-generation approach that effectively detects bugs and security vulnerabilities.…

Software Engineering · Computer Science 2019-05-17 Valentin Wüstholz , Maria Christakis

This paper presents SAILFISH, a scalable system for automatically finding state-inconsistency bugs in smart contracts. To make the analysis tractable, we introduce a hybrid approach that includes (i) a light-weight exploration phase that…

Cryptography and Security · Computer Science 2021-12-14 Priyanka Bose , Dipanjan Das , Yanju Chen , Yu Feng , Christopher Kruegel , Giovanni Vigna

Smart contracts hold digital coins worth billions of dollars, their security issues have drawn extensive attention in the past years. Towards smart contract vulnerability detection, conventional methods heavily rely on fixed expert rules,…

Machine Learning · Computer Science 2021-06-18 Zhenguang Liu , Peng Qian , Xiang Wang , Lei Zhu , Qinming He , Shouling Ji

This paper serves as a progress report on our research, specifically focusing on utilizing interval analysis, an existing static analysis method, for detecting vulnerabilities in smart contracts. We present a selection of motivating…

Software Engineering · Computer Science 2023-09-26 Ştefan-Claudiu Susan , Andrei Arusoaie

Solidity compiler plays a key role in enabling the development of smart contract applications on Ethereum by governing the syntax of a domain-specific language called Solidity and performing compilation and optimization of Solidity code.…

Software Engineering · Computer Science 2024-08-12 Haoyang Ma , Wuqi Zhang , Qingchao Shen , Yongqiang Tian , Junjie Chen , Shing-Chi Cheung

Ethereum is the largest blockchain platform that supports smart contracts. Users deploy smart contracts by publishing the smart contract's bytecode to the blockchain. Since the data in the blockchain cannot be modified, even if these…

Software Engineering · Computer Science 2020-09-07 Pengcheng Zhang , Feng Xiao , Xiapu Luo

The rapid growth of Ethereum has made it more important to quickly and accurately detect smart contract vulnerabilities. While machine-learning-based methods have shown some promise, many still rely on rule-based preprocessing designed by…

Cryptography and Security · Computer Science 2025-12-15 Uisang Lee , Changhoon Chung , Junmo Lee , Soo-Mook Moon

As blockchain platforms grow exponentially, millions of lines of smart contract code are being deployed to manage extensive digital assets. However, vulnerabilities in this mission-critical code have led to significant exploitations and…

Cryptography and Security · Computer Science 2024-01-23 Chaofan Shou , Jing Liu , Doudou Lu , Koushik Sen

Smart contracts are blockchain programs that often handle valuable assets. Writing secure smart contracts is far from trivial, and any vulnerability may lead to significant financial losses. To support developers in identifying and…

Cryptography and Security · Computer Science 2023-06-09 Monika di Angelo , Thomas Durieux , João F. Ferreira , Gernot Salzer

In the growing field of blockchain technology, smart contracts exist as transformative digital agreements that execute transactions autonomously in decentralised networks. However, these contracts face challenges in the form of security…

Cryptography and Security · Computer Science 2024-07-12 Christopher De Baets , Basem Suleiman , Armin Chitizadeh , Imran Razzak

Over the last few years, there has been substantial research on automated analysis, testing, and debugging of Ethereum smart contracts. However, it is not trivial to compare and reproduce that research. To address this, we present…

Software Engineering · Computer Science 2020-07-13 João F. Ferreira , Pedro Cruz , Thomas Durieux , Rui Abreu

Context: Smart contract vulnerabilities pose significant security risks for the Ethereum ecosystem, driving the development of automated tools for detection and mitigation. Smart contracts are written in Solidity, a programming language…

Software Engineering · Computer Science 2025-04-09 Gerardo Iuliano , Davide Corradini , Michele Pasqua , Mariano Ceccato , Dario Di Nucci

Smart contracts are small programs on the blockchain that often handle valuable assets. Vulnerabilities in smart contracts can be costly, as time has shown over and over again. Countermeasures are high in demand and include best practice…

Software Engineering · Computer Science 2023-05-03 Monika di Angelo , Gernot Salzer

Continuous fuzzing is an increasingly popular technique for automated quality and security assurance. Google maintains OSS-Fuzz: a continuous fuzzing service for open source software. We conduct the first empirical study of OSS-Fuzz,…

Software Engineering · Computer Science 2021-03-23 Zhen Yu Ding , Claire Le Goues

This paper introduces a method for detecting vulnerabilities in smart contracts using static analysis and a multi-objective optimization algorithm. We focus on four types of vulnerabilities: reentrancy, call stack overflow, integer…

Software Engineering · Computer Science 2024-10-02 Dongcheng Li , W. Eric Wong , Xiaodan Wang , Sean Pan , Liang-Seng Koh

Softwarization and virtualization in 5G and beyond necessitate thorough testing to ensure the security of critical infrastructure and networks, requiring the identification of vulnerabilities and unintended emergent behaviors from protocol…

Cryptography and Security · Computer Science 2023-07-24 Jingda Yang , Sudhanshu Arya , Ying Wang