pith. sign in

arxiv: 2504.05509 · v3 · submitted 2025-04-07 · 💻 cs.CR · cs.SE

Enforcing Control Flow Integrity on DeFi Smart Contracts

Zhiyang Chen , Sidi Mohamed Beillahi , Pasha Barahimi , Cyrus Minwalla , Han Du , Andreas Veneris , Fan Long This is my paper

Pith reviewed 2026-05-22 20:15 UTC · model grok-4.3

classification 💻 cs.CR cs.SE
keywords DeFi securitysmart contract securitycontrol flow integrityblockchain attacksruntime monitoringwhitelistingEthereum
0
0 comments X

The pith

DeFi contracts can be protected by recording benign control flows once at deployment and reverting any transaction that deviates from them.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes that attack transactions on DeFi protocols reliably use control flow sequences never seen in prior legitimate activity. Analysis of transactions across 37 previously hacked protocols showed that normal usage stays within a small set of observed flows while attacks introduce new ones. CrossGuard records those benign flows at deployment and enforces the whitelist onchain by reverting non-matching transactions. This blocks the attacks without needing advance knowledge of any specific exploit and adds only modest gas cost.

Core claim

Analysis of historical transactions from the 37 hacked protocols reveals that benign transactions use only a limited number of unique control flows, while attack transactions consistently introduce novel, previously unobserved control flows. CrossGuard enforces control flow integrity by configuring a whitelist of these benign flows once at contract deployment and applying simplification heuristics at runtime to revert any transaction that violates the policy.

What carries the argument

CrossGuard, an onchain framework that derives and enforces a control flow whitelist from historical benign transactions observed on the target contract.

If this is right

  • The large majority of attacks that rely on new control flows are prevented automatically.
  • No per-attack signatures or prior knowledge of vulnerabilities are required.
  • The policy is set once at deployment and needs no further updates for the tested protocols.
  • Additional gas consumption stays low while false positives remain under one percent.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • If legitimate DeFi usage later introduces previously unseen control flows, the whitelist would need periodic refresh to avoid blocking users.
  • The same observation of limited benign flows could be applied to other blockchain execution environments beyond Ethereum.
  • Combining the runtime whitelist with static analysis of the contract source might reduce the initial whitelist size.

Load-bearing premise

The set of control flows seen in past benign transactions will continue to cover every legitimate future interaction without new patterns appearing.

What would settle it

A single legitimate transaction on one of the studied protocols that executes a control flow sequence absent from the historical benign data, causing an erroneous revert.

Figures

Figures reproduced from arXiv: 2504.05509 by Andreas Veneris, Cyrus Minwalla, Fan Long, Han Du, Pasha Barahimi, Sidi Mohamed Beillahi, Zhiyang Chen.

Figure 1
Figure 1. Figure 1: Running example showing CrossGuard’s response to simple invocation (left) and re-entrancy attack (right) function calls to contracts of the victim protocol, ignoring deeper control flows within external calls. Results: Out of the 37 studied hack incidents, 32 demonstrated control flows that were distinct from any previously observed trans￾action patterns (marked as ✓in [PITH_FULL_IMAGE:figures/full_fig_p0… view at source ↗
read the original abstract

Smart contracts power decentralized financial (DeFi) services but are vulnerable to security exploits that can lead to significant financial losses. Existing security measures often fail to adequately protect these contracts due to the composability of DeFi protocols and the increasing sophistication of attacks. Through a large-scale empirical study of historical transactions from the 37 hacked DeFi protocols, we discovered that while benign transactions typically exhibit a limited number of unique control flows, in stark contrast, attack transactions consistently introduce novel, previously unobserved control flows. Building on these insights, we developed CrossGuard, a novel framework that enforces control flow integrity onchain to secure smart contracts. Crucially, CrossGuard does not require prior knowledge of specific hacks. Instead, configured only once at deployment, it enforces control flow whitelisting policies and applies simplification heuristics at runtime. This approach monitors and prevents potential attacks by reverting all transactions that do not adhere to the established control flow whitelisting rules. Our evaluation demonstrates that CrossGuard effectively blocks 35 of the 37 analyzed attacks when configured only once at contract deployment, maintaining a low false positive rate of 0.26% and minimal additional gas costs. These results underscore the efficacy of applying control flow integrity to smart contracts, significantly enhancing security beyond traditional methods and addressing the evolving threat landscape in the DeFi ecosystem.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The paper claims that an empirical study of historical transactions from 37 hacked DeFi protocols reveals that benign transactions exhibit a limited number of unique control flows, whereas attack transactions introduce novel control flows. Building on this, the authors propose CrossGuard, a framework that enforces control flow integrity by applying one-time whitelisting policies at contract deployment, using simplification heuristics at runtime to block non-compliant transactions. Evaluation shows it blocks 35 of 37 attacks with a 0.26% false positive rate and minimal gas overhead.

Significance. If the results hold, this work provides a practical, generalizable approach to securing DeFi smart contracts against exploits by leveraging control flow differences, without needing prior knowledge of specific attacks. It could significantly enhance on-chain security in a composable ecosystem.

major comments (3)
  1. [§3 (Empirical Study)] §3 (Empirical Study): The observation that benign transactions use a limited set of control flows is directly supported by the study of the 37 protocols, but the section provides no analysis or evidence that these historically observed flows will remain stable and comprehensive for all future legitimate interactions (e.g., under protocol evolution, new composability patterns, or unseen user behaviors). This assumption is load-bearing for the central claim that a one-time deployment-time whitelist suffices with low false positives.
  2. [§4 (CrossGuard Design)] §4 (CrossGuard Design): The policy derivation process and runtime simplification heuristics are described at a high level, but the section lacks a precise specification of how the whitelist is extracted from the historical benign flows per protocol and how the heuristics are formally defined to avoid introducing new attack surfaces or missing novel attack flows. This is required to substantiate the reported 35/37 blocking rate.
  3. [§5 (Evaluation)] §5 (Evaluation): The reported 0.26% false positive rate and blocking results are computed on the same historical transaction set used to build the policies; the section does not include any forward-looking validation (e.g., hold-out benign transactions from later periods or simulated new composability) to test whether the one-time configuration remains effective.
minor comments (2)
  1. [Abstract] Abstract: The phrase 'simplification heuristics at runtime' is used without a one-sentence gloss, which would help readers unfamiliar with the technique.
  2. [§4] Notation: Control-flow identifiers and whitelist representation are introduced without an explicit table or figure summarizing their format across the 37 protocols.

Simulated Author's Rebuttal

3 responses · 1 unresolved

We thank the referee for the constructive feedback. We address each major comment below, indicating revisions where the manuscript will be updated and noting limitations that cannot be fully resolved with available data.

read point-by-point responses

  1. Referee: §3 (Empirical Study): The observation that benign transactions use a limited set of control flows is directly supported by the study of the 37 protocols, but the section provides no analysis or evidence that these historically observed flows will remain stable and comprehensive for all future legitimate interactions (e.g., under protocol evolution, new composability patterns, or unseen user behaviors). This assumption is load-bearing for the central claim that a one-time deployment-time whitelist suffices with low false positives.

    Authors: We agree this is a valid concern. The empirical study in §3 is limited to historical transactions from the 37 protocols and does not include analysis of future stability. We will revise §3 to explicitly discuss the assumption that control flows remain relatively stable post-deployment for a given protocol version, with a note that significant updates may require re-deriving the whitelist. This addresses the load-bearing nature of the claim while clarifying its scope. revision: partial

  2. Referee: §4 (CrossGuard Design): The policy derivation process and runtime simplification heuristics are described at a high level, but the section lacks a precise specification of how the whitelist is extracted from the historical benign flows per protocol and how the heuristics are formally defined to avoid introducing new attack surfaces or missing novel attack flows. This is required to substantiate the reported 35/37 blocking rate.

    Authors: We concur that greater precision is needed. In the revised manuscript, we will expand §4 to include detailed pseudocode for whitelist extraction from historical benign flows per protocol and formal definitions of the runtime simplification heuristics, including how they preserve security properties without creating new attack surfaces. revision: yes

  3. Referee: §5 (Evaluation): The reported 0.26% false positive rate and blocking results are computed on the same historical transaction set used to build the policies; the section does not include any forward-looking validation (e.g., hold-out benign transactions from later periods or simulated new composability) to test whether the one-time configuration remains effective.

    Authors: The current evaluation demonstrates results on the historical dataset used for policy construction. We will revise §5 to incorporate a temporal hold-out split of the available transactions for additional validation where feasible. Full forward-looking tests on post-study data or novel composability would require data beyond our current collection. revision: partial

standing simulated objections not resolved
  • Providing empirical evidence that control flows will remain stable under arbitrary future protocol evolutions, new composability patterns, or unseen user behaviors, as this would require transaction data from periods after the study that is not available.

Circularity Check

0 steps flagged

Empirical evaluation on historical transaction data shows no circular derivation

full rationale

The paper performs a large-scale empirical study of historical transactions from 37 protocols to observe that benign flows are limited while attacks introduce novel ones, then implements CrossGuard to whitelist the observed benign flows at deployment and evaluates it on the same historical attack set. This produces direct runtime results (35/37 blocks, 0.26% FP) without any equations, fitted parameters renamed as predictions, or self-citations that reduce the central claim to its own inputs by construction. The derivation chain is self-contained against external benchmarks of past data.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The approach assumes standard blockchain execution semantics and that historical transaction data provides a representative sample for policy configuration; no free parameters or invented entities are explicitly introduced in the abstract.

axioms (1)
  • domain assumption Blockchain smart contract execution follows deterministic control flow paths that can be observed and whitelisted from transaction history.
    Invoked in the empirical study and runtime enforcement design.

pith-pipeline@v0.9.0 · 5780 in / 1225 out tokens · 124874 ms · 2026-05-22T20:15:15.258620+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

83 extracted references · 83 canonical work pages · 1 internal anchor

  1. [1]

    [n. d.]. ERC-20: Token Standard. https://eips.ethereum.org/EIPS/eip-20

    work page

  2. [2]

    MonoXFi Attack Transaction

    2021. MonoXFi Attack Transaction. https://etherscan.io/tx/0x9f14d093a2349de0 8f02fc0fb018dadb449351d0cdb7d0738ff69cc6fef5f299

    work page 2021

  3. [3]

    NowSwap Attack Transaction

    2021. NowSwap Attack Transaction. https://etherscan.io/tx/0xf3158a7ea59586c5 570f5532c22e2582ee9adba2408eabe61622595197c50713

    work page 2021

  4. [4]

    PopsicleFi Attack Transaction

    2021. PopsicleFi Attack Transaction. https://etherscan.io/tx/0xcd7dae143a4c0223 349c16237ce4cd7696b1638d116a72755231ede872ab70fc

    work page 2021

  5. [5]

    Auctus Attack Transaction

    2022. Auctus Attack Transaction. https://etherscan.io/tx/0x2e7d7e7a6eb157b989 74c8687fbd848d0158d37edc1302ea08ee5ddb376befea

    work page 2022

  6. [6]

    Audius Attack Transaction

    2022. Audius Attack Transaction. https://etherscan.io/tx/0xfefd829e246002a8fd 061eede7501bccb6e244a9aacea0ebceaecef5d877a984

    work page 2022

  7. [7]

    BaconProtocol Attack Transaction

    2022. BaconProtocol Attack Transaction. https://etherscan.io/tx/0x7d2296bcb9 36aa5e2397ddf8ccba59f54a178c3901666b49291d880369dbcf31

    work page 2022

  8. [8]

    MetaSwap Attack Transaction

    2022. MetaSwap Attack Transaction. https://etherscan.io/tx/0x2b023d65485c4b b68d781960c2196588d03b871dc9eb1c054f596b7ca6f7da56

    work page 2022

  9. [9]

    OmniNFT Attack Transaction

    2022. OmniNFT Attack Transaction. https://etherscan.io/tx/0x264e16f4862d182a 6a0b74977df28a85747b6f237b5e229c9a5bbacdf499ccb4

    work page 2022

  10. [10]

    Etherscan

    2024. Etherscan. https://etherscan.io

    work page 2024

  11. [11]

    Yearn Attack Transaction

    2024. Yearn Attack Transaction. https://etherscan.io/tx/0x59faab5a1911618064f1 ffa1e4649d85c99cfd9f0d64dcebbc1af7d7630da98b

    work page 2024

  12. [12]

    BeanstalkFarms Attack Transaction

    2025. BeanstalkFarms Attack Transaction. https://etherscan.io/tx/0xcd314668aa a9bbfebaf1a0bd2b6553d01dd58899c508d4729fa7311dc5d33ad7

    work page 2025

  13. [13]

    Bedrock DeFi Attack Transaction

    2025. Bedrock DeFi Attack Transaction. https://etherscan.io/tx/0x725f0d65340c 859e0f64e72ca8260220c526c3e0ccde530004160809f6177940

    work page 2025

  14. [14]

    BlueberryProtocol Attack Transaction

    2025. BlueberryProtocol Attack Transaction. https://etherscan.io/tx/0xf0464b01 d962f714eee9d4392b2494524d0e10ce3eb3723873afd1346b8b06e4

    work page 2025

  15. [15]

    bZx Attack Transaction

    2025. bZx Attack Transaction. https://etherscan.io/tx/0x762881b07feb63c436de e38edd4ff1f7a74c33091e534af56c9f7d49b5ecac15

    work page 2025

  16. [16]

    CheeseBank Attack Transaction

    2025. CheeseBank Attack Transaction. https://etherscan.io/tx/0x600a869aa3a259 158310a233b815ff67ca41eab8961a49918c2031297a02f1cc

    work page 2025

  17. [17]

    CreamFi Attack Transaction 1

    2025. CreamFi Attack Transaction 1. https://etherscan.io/tx/0x0016745693d68d 734faa408b94cdf2d6c95f511b50f47b03909dc599c1dd9ff6

    work page 2025

  18. [18]

    CreamFi Attack Transaction 2

    2025. CreamFi Attack Transaction 2. https://etherscan.io/tx/0xab486012f21be741 c9e674ffda227e30518e8a1e37a5f1d58d0b0d41f6e76530

    work page 2025

  19. [19]

    DODO Attack Transaction

    2025. DODO Attack Transaction. https://etherscan.io/tx/0x395675b56370a9f5fe 8b32badfa80043f5291443bd6c8273900476880fb5221e

    work page 2025

  20. [20]

    DoughFina Attack Transaction

    2025. DoughFina Attack Transaction. https://etherscan.io/tx/0x92cdcc732eebf4 7200ea56123716e337f6ef7d5ad714a2295794fdc6031ebb2e

    work page 2025

  21. [21]

    Eminence Attack Transaction

    2025. Eminence Attack Transaction. https://etherscan.io/tx/0x3503253131644dd9 f52802d071de74e456570374d586ddd640159cf6fb9b8ad8

    work page 2025

  22. [22]

    GFOX Attack Transaction

    2025. GFOX Attack Transaction. https://etherscan.io/tx/0x12fe79f1de8aed0ba947 cec4dce5d33368d649903cb45a5d3e915cc459e751fc

    work page 2025

  23. [23]

    Harvest Attack Transaction 1

    2025. Harvest Attack Transaction 1. https://etherscan.io/tx/0x0fc6d2ca064fc841 bc9b1c1fad1fbb97bcea5c9a1b2b66ef837f1227e06519a6

    work page 2025

  24. [24]

    Hyperithm — Digital Asset Gateway for Institutions

    2025. Hyperithm — Digital Asset Gateway for Institutions. https://www.hyperi thm.com/. Accessed: 2025-07-18

    work page 2025

  25. [25]

    IndexFi Attack Transaction

    2025. IndexFi Attack Transaction. https://etherscan.io/tx/0x44aad3b85386646816 1735496a5d9cc961ce5aa872924c5d78673076b1cd95aa

    work page 2025

  26. [26]

    InverseFi Attack Transaction

    2025. InverseFi Attack Transaction. https://etherscan.io/tx/0x600373f67521324c 8068cfd025f121a0843d57ec813411661b07edc5ff781842

    work page 2025

  27. [27]

    OnyxDAO Attack Transaction

    2025. OnyxDAO Attack Transaction. https://etherscan.io/tx/0x46567c731c4f4f7e 27c4ce591f0aebdeb2d9ae1038237a0134de7b13e63d8729

    work page 2025

  28. [28]

    Opyn Attack Transaction

    2025. Opyn Attack Transaction. https://etherscan.io/tx/0x56de6c4bd906ee0c067a 332e64966db8b1e866c7965c044163a503de6ee6552a

    work page 2025

  29. [29]

    PickleFi Attack Transaction

    2025. PickleFi Attack Transaction. https://etherscan.io/tx/0xe72d4e7ba9b5af0cf2 a8cfb1e30fd9f388df0ab3da79790be842bfbed11087b0

    work page 2025

  30. [30]

    PikeFinance Attack Transaction

    2025. PikeFinance Attack Transaction. https://etherscan.io/tx/0xe2912b8bf34d56 1983f2ae95f34e33ecc7792a2905a3e317fcc98052bce66431

    work page 2025

  31. [31]

    PrismaFi Attack Transaction

    2025. PrismaFi Attack Transaction. https://etherscan.io/tx/0x00c503b595946bcc aea3d58025b5f9b3726177bbdc9674e634244135282116c7

    work page 2025

  32. [32]

    Punk Attack Transaction

    2025. Punk Attack Transaction. https://etherscan.io/tx/0x597d11c05563611cb4ad 4ed4c57ca53bbe3b7d3fefc37d1ef0724ad58904742b

    work page 2025

  33. [33]

    RariCapital Attack Transaction 1

    2025. RariCapital Attack Transaction 1. https://etherscan.io/tx/0x4764dc6ff19a 64fc1b0e57e735661f64d97bc1c44e026317be8765358d0a7392

    work page 2025

  34. [34]

    RariCapital Attack Transaction 2

    2025. RariCapital Attack Transaction 2. https://etherscan.io/tx/0x0fe254207964 4e107cbf13690eb9c2c65963ccb79089ff96bfaf8dced2331c92

    work page 2025

  35. [35]

    RevestFi Attack Transaction

    2025. RevestFi Attack Transaction. https://etherscan.io/tx/0xe0b0c2672b760bef 4e2851e91c69c8c0ad135c6987bbf1f43f5846d89e691428

    work page 2025

  36. [36]

    UwULend Attack Transaction

    2025. UwULend Attack Transaction. https://etherscan.io/tx/0x242a0fb4fde9de0d c2fd42e8db743cbc197ffa2bf6a036ba0bba303df296408b

    work page 2025

  37. [37]

    ValueDeFi Attack Transaction

    2025. ValueDeFi Attack Transaction. https://etherscan.io/tx/0x46a03488247425f8 45e444b9c10b52ba3c14927c687d38287c0faddc7471150a

    work page 2025

  38. [38]

    VisorFi Attack Transactions

    2025. VisorFi Attack Transactions. https://etherscan.io/tx/0x69272d8c84d67d1d a2f6425b339192fa472898dce936f24818fda415c1c1ff3f and https://etherscan.io/tx/ 0x6eabef1bf310a1361041d97897c192581cd9870f6a39040cd24d7de2335b4546

    work page 2025

  39. [39]

    Warp Attack Transaction

    2025. Warp Attack Transaction. https://etherscan.io/tx/0x8bb8dc5c7c830bac85fa 48acad2505e9300a91c3ff239c9517d0cae33b595090

    work page 2025

  40. [40]

    XCarnival Attack Transaction

    2025. XCarnival Attack Transaction. https://etherscan.io/tx/0x51cbfd46f21afb44 da4fa971f220bd28a14530e1d5da5009cfbdfee012e57e35

    work page 2025

  41. [41]

    Aave. 2024. Aave Protocol. https://aave.com/. Accessed: 2024-12-18

    work page 2024

  42. [42]

    Elvira Albert, Shelly Grossman, Noam Rinetzky, Clara Rodríguez-Núñez, Albert Rubio, and Mooly Sagiv. 2020. Taming callbacks for smart contract modularity. Proceedings of the ACM on Programming Languages4, OOPSLA (2020), 1–30

    work page 2020

  43. [43]

    Hendrik Amler, Lisa Eckey, Sebastian Faust, Marcel Kaiser, Philipp Sandner, and Benjamin Schlosser. 2021. Defi-ning defi: Challenges & pathway. In2021 3rd Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS). IEEE, 181–184

    work page 2021

  44. [44]

    Anonymous Authors. 2024. CrossGuard Website. https://sites.google.com/view/ crossguard/home

    work page 2024

  45. [45]

    Jon Becker. 2023. heimdall-rs. https://github.com/Jon-Becker/heimdall-rs GitHub repository

    work page 2023

  46. [46]

    William E Bodell III, Sajad Meisami, and Yue Duan. 2023. Proxy hunting: un- derstanding and characterizing proxy-based upgradeable smart contracts in blockchains. In32nd USENIX Security Symposium (USENIX Security 23). 1829– 1846

    work page 2023

  47. [47]

    Priyanka Bose, Dipanjan Das, Yanju Chen, Yu Feng, Christopher Kruegel, and Giovanni Vigna. 2022. Sailfish: Vetting smart contract state-inconsistency bugs in seconds. In2022 IEEE Symposium on Security and Privacy (SP). IEEE, 161–178

    work page 2022

  48. [48]

    Valerian Callens, Zeeshan Meghji, and Jan Gorzny. 2024. Temporarily Restricting Solidity Smart Contract Interactions.arXiv preprint arXiv:2405.09084(2024)

    work page arXiv 2024

  49. [49]

    Ethan Cecchetti, Siqiu Yao, Haobin Ni, and Andrew C Myers. 2020. Securing smart contracts with information flow. InInternational Symposium on Foundations and Applications of Blockchain

    work page 2020

  50. [50]

    Ethan Cecchetti, Siqiu Yao, Haobin Ni, and Andrew C Myers. 2021. Compositional security for reentrant applications. In2021 IEEE Symposium on Security and Privacy (SP). IEEE, 1249–1267

    work page 2021

  51. [51]

    Zhiyang Chen, Ye Liu, Sidi Mohamed Beillahi, Yi Li, and Fan Long. 2024. Demys- tifying Invariant Effectiveness for Securing Smart Contracts.Proceedings of the ACM on Software Engineering1, FSE (2024), 1772–1795

    work page 2024

  52. [52]

    Many Contributors. 2025. DeFi Hacks Reproduce - Foundry. https://github.com /SunWeb3Sec/DeFiHackLabs

    work page 2025

  53. [53]

    DefiLlama. 2025. DefiLlama. https://defillama.com/. Accessed: 2025-03-13

    work page 2025

  54. [54]

    DefiLlama. 2025. DefiLlama Hacks. https://defillama.com/hacks. Accessed: 2025-03-13

    work page 2025

  55. [55]

    Ethereum Improvement Proposals. 2023. EIP-1153: Transient Storage Opcodes. https://eips.ethereum.org/EIPS/eip-1153. Accessed: 2024-08-30

    work page 2023

  56. [56]

    Etherscan. 2025. Ethereum Address 0x6231a192089fb636e704d2c7807d7a79c2457b07. https://etherscan.io/address/0x6231a192089fb636e704d2c7807d7a79c2457b07. Accessed: 2025-07-18

    work page 2025

  57. [57]

    Etherscan. 2025. Ethereum Address 0xc92b021ff09ae005cb3fccb66af8db01fc4cdf90. https://etherscan.io/address/0xc92b021ff09ae005cb3fccb66af8db01fc4cdf90. Accessed: 2025-07-18

    work page 2025

  58. [58]

    Etherscan. 2025. Ethereum Address 0xf5d35b9e95f6842a2064a2dd24f8deede9d58f97. https://etherscan.io/address/0xf5d35b9e95f6842a2064a2dd24f8deede9d58f97. Accessed: 2025-07-18

    work page 2025

  59. [59]

    Josselin Feist, Gustavo Grieco, and Alex Groce. 2019. Slither: a static analysis framework for smart contracts. In2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). IEEE, 8–15

    work page 2019

  60. [60]

    Foundry Contributors. 2023. Foundry. https://github.com/foundry-rs/foundry/. Accessed: 2024-08-31

    work page 2023

  61. [61]

    Shelly Grossman, Ittai Abraham, Guy Golan-Gueta, Yan Michalevsky, Noam Rinetzky, Mooly Sagiv, and Yoni Zohar. 2017. Online detection of effectively callback free objects with applications to smart contracts.Proceedings of the ACM on Programming Languages2, POPL (2017), 1–28

    work page 2017

  62. [62]

    Kraken Exchange. 2024. Everything You Need to Know About the Ethereum Cancun Upgrade. https://blog.kraken.com/news/everything-you-need-to-know- about-the-ethereum-cancun-upgrade. Accessed: 2024-08-30

    work page 2024

  63. [63]

    Lido DAO. 2024. Lido - Liquid Staking for Ethereum 2.0. https://lido.fi/. Accessed: 2024-12-18

    work page 2024

  64. [64]

    Chao Liu, Han Liu, Zhao Cao, Zhong Chen, Bangdao Chen, and Bill Roscoe

    work page

  65. [65]

    InProceedings of the 40th International Conference on Software Engineering: Companion Proceeedings

    Reguard: finding reentrancy bugs in smart contracts. InProceedings of the 40th International Conference on Software Engineering: Companion Proceeedings. 65–68

    work page

  66. [66]

    Junrui Liu, Yanju Chen, Bryan Tan, Isil Dillig, and Yu Feng. 2022. Learning Contract Invariants Using Reinforcement Learning. InProceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering. 1–11

    work page 2022

  67. [67]

    Ye Liu and Yi Li. 2022. Invcon: A dynamic invariant detector for ethereum smart contracts. InProceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering. 1–4

    work page 2022

  68. [68]

    Ye Liu, Chengxuan Zhang, et al . 2024. Automated Invariant Generation for Solidity Smart Contracts.arXiv preprint arXiv:2401.00650(2024)

    work page arXiv 2024

  69. [69]

    Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor

    work page

  70. [70]

    Making smart contracts smarter. InProceedings of the 2016 ACM SIGSAC Enforcing Control Flow Integrity on DeFi Smart Contracts ICSE ’26, April 12–18, 2026, Rio de Janeiro, Brazil conference on computer and communications security. 254–269

    work page 2016

  71. [71]

    Fuchen Ma, Zhenyang Xu, Meng Ren, Zijing Yin, Yuanliang Chen, Lei Qiao, Bin Gu, Huizhong Li, Yu Jiang, and Jiaguang Sun. 2021. Pluto: Exposing vulnerabilities in inter-contract scenarios.IEEE Transactions on Software Engineering48, 11 (2021), 4380–4396

    work page 2021

  72. [72]

    Andrei-Dragoş Popescu. 2020. Decentralized finance (defi)–the lego of finance. Social Sciences and Education Research Review7, 1 (2020), 321–349

    work page 2020

  73. [73]

    QuillAudits Team. 2025. Decoding What Went Wrong with Bedrock: $2M Exploit. https://www.quillaudits.com/blog/hack-analysis/bedrock-2million-exploit Accessed: 2025-12-06

    work page 2025

  74. [74]

    Michael Rodler, Wenting Li, Ghassan O Karame, and Lucas Davi. 2018. Sereum: Protecting Existing Smart Contracts against Re-Entrancy Attacks.arXiv preprint arXiv:1812.05934(2018)

    work page internal anchor Pith review Pith/arXiv arXiv 2018

  75. [75]

    Fabian Schär. 2021. Decentralized finance: On blockchain-and smart contract- based financial markets.FRB of St. Louis Review(2021)

    work page 2021

  76. [76]

    Spherex. 2024. About Spherex. https://www.spherex.xyz/about Accessed: 2024-11-12

    work page 2024

  77. [77]

    Christof Ferreira Torres, Julian Schütte, and Radu State. 2018. Osiris: Hunting for integer bugs in ethereum smart contracts. InProceedings of the 34th annual computer security applications conference. 664–676

    work page 2018

  78. [78]

    Uniswap Labs. 2024. Uniswap Protocol. https://uniswap.org/. Accessed: 2024-12-18

    work page 2024

  79. [79]

    Zexu Wang, Jiachi Chen, Yanlin Wang, Yu Zhang, Weizhe Zhang, and Zibin Zheng. 2024. Efficiently detecting reentrancy vulnerabilities in complex smart contracts.Proceedings of the ACM on Software Engineering1, FSE (2024), 161–181

    work page 2024

  80. [80]

    William Zhang, Sebastian Banescu, Leonardo Pasos, Steven Stewart, and Vijay Ganesh. 2019. Mpro: Combining static and symbolic analysis for scalable test- ing of smart contract. In2019 IEEE 30th International Symposium on Software Reliability Engineering (ISSRE). IEEE, 456–462

    work page 2019

Showing first 80 references.