pith. sign in

arxiv: 2509.10252 · v2 · submitted 2025-09-12 · 💻 cs.CR

ExDoS: Expert-Guided Dual-Focus Cross-Modal Distillation for Smart Contract Vulnerability Detection

Ye Tian , Yifan Jia , Yanbin Wang , Jianguo Sun , Haitao Xu , Xin Wang , Zhihua Fu This is my paper

Pith reviewed 2026-05-18 17:25 UTC · model grok-4.3

classification 💻 cs.CR
keywords smart contract vulnerability detectioncross-modal distillationbytecode analysisgraph neural networksknowledge transferdual attention mechanismpattern alignment
0
0 comments X p. Extension

The pith

ExDoS transfers fine-grained vulnerability knowledge from source code to bytecode using dual-focus distillation and attention graphs for better smart contract analysis.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper aims to improve vulnerability detection in smart contracts when only bytecode is available by distilling knowledge from source code. It builds semantic graphs from source and control-flow graphs from bytecode, then uses a Dual-Attention Graph Network to capture local patterns better than standard graph embeddings. By defining aligned vulnerability patterns for three common issues and using a dual-focus loss with global and local components, it provides fine-grained supervisory signals. Experiments show this leads to 3-6% F1 score gains on real contracts over baselines that lack such alignment.

Core claim

ExDoS establishes that expert-summarized source-code vulnerability patterns can be mapped to corresponding bytecode-level patterns, and that a dual-focus objective with global and local semantic distillation losses, combined with a node attention aggregation module in graph networks, allows effective transfer of discriminant features to enhance detection in the absence of source code.

What carries the argument

The aligned pattern framework for source-code and bytecode-level vulnerability patterns together with the dual-focus objective of Global Semantic Distillation Loss and Local Semantic Distillation Loss.

If this is right

  • Enhanced local pattern capture in graph embeddings through node attention aggregation.
  • Improved function-level vulnerability signal detection via fine-grained cross-modal alignment.
  • Consistent performance gains of 3% to 6% in F1-score on real-world smart contract datasets.
  • Practical supplementation of source code priors when analyzing closed-source contracts.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Applying similar pattern alignment could extend to detecting vulnerabilities in other low-level code representations beyond bytecode.
  • The dual-focus approach might improve model interpretability by highlighting specific vulnerability patterns during distillation.
  • Future work could test the framework on additional vulnerability types or integrate it with static analysis tools for hybrid detection.

Load-bearing premise

The summarized source-code vulnerability patterns and the corresponding bytecode-level patterns provide accurate, comprehensive, and unbiased supervisory signals that enable reliable fine-grained cross-modal alignment.

What would settle it

Evaluating the model on a new set of smart contracts containing vulnerabilities outside the three targeted patterns to check if the F1 improvements persist without the expert pattern guidance.

Figures

Figures reproduced from arXiv: 2509.10252 by Haitao Xu, Jianguo Sun, Xin Wang, Yanbin Wang, Ye Tian, Yifan Jia, Zhihua Fu.

Figure 1
Figure 1. Figure 1: The vulnerable contract VulnerableBank fails to follow [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: The framework of Proposed Expert-Guided ExDoS Framework. [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: An illustrative example of constructing a Code Semantic Graph (CSG) from Solidity source code. Nodes represent [PITH_FULL_IMAGE:figures/full_fig_p005_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: A simple illustrative example of constructing a Control Flow Graph (CFG) from Solidity source code. [PITH_FULL_IMAGE:figures/full_fig_p006_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Receiver Operating Characteristic (ROC) curves of different graph pooling strategies for reentrancy, timestamp [PITH_FULL_IMAGE:figures/full_fig_p012_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Performance comparison of the student models under different alignment losses during distillation. The left chart reports [PITH_FULL_IMAGE:figures/full_fig_p013_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Performance under various expert sub-pattern ablation settings. Each 3D bar chart reports Accuracy, Recall, Precision, [PITH_FULL_IMAGE:figures/full_fig_p013_7.png] view at source ↗
read the original abstract

The success of smart contracts has made them a target for attacks, but their closed-source nature often forces vulnerability detection to work on bytecode, which is inherently more challenging than source-code-based analysis. While recent studies try to align source and bytecode embeddings during training to transfer knowledge, current methods rely on graph-level alignment that obscures fine-grained structural and semantic correlations between the two modalities. Moreover, the absence of precise vulnerability patterns and granular annotations in bytecode leads to depriving the model of crucial supervisory signals for learning discriminant features. We propose ExDoS to transfer rich semantic knowledge from source code to bytecode, effectively supplementing the source code prior in practical settings. Specifically, we construct semantic graphs from source code and control-flow graphs from bytecode. To address obscured local signals in graph-level contract embeddings, we propose a Dual-Attention Graph Network introducing a novel node attention aggregation module to enhance local pattern capture in graph embeddings. Furthermore, by summarizing existing source-code vulnerability patterns and designing corresponding bytecode-level patterns for the three target vulnerabilities, we provide an aligned pattern framework that facilitates fine-grained cross-modal alignment and the capture of function-level vulnerability signals. Finally, we propose a dual-focus objective for our cross-modal distillation framework, comprising: a Global Semantic Distillation Loss for transferring graph-level knowledge and a Local Semantic Distillation Loss enabling expert-guided, fine-grained vulnerability-specific distillation. Experiments on real-world contracts demonstrate that our method achieves consistent F1-score improvements (3%--6%) over strong baselines.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The manuscript introduces ExDoS, an expert-guided dual-focus cross-modal distillation framework for smart contract vulnerability detection on bytecode. It constructs semantic graphs from source code and control-flow graphs from bytecode, proposes a Dual-Attention Graph Network with a novel node attention aggregation module, summarizes source-code vulnerability patterns and designs aligned bytecode-level patterns for three target vulnerabilities, and employs a dual-focus objective consisting of Global Semantic Distillation Loss and Local Semantic Distillation Loss. Experiments on real-world contracts report consistent F1-score improvements of 3%–6% over strong baselines.

Significance. If the empirical gains prove robust, the work addresses a practically important gap in blockchain security by enabling fine-grained knowledge transfer to bytecode models without requiring precise bytecode annotations. The explicit expert-guided pattern alignment and dual-attention mechanism target limitations of prior graph-level alignment approaches. The paper clearly motivates the problem and positions its contributions against existing methods.

major comments (3)
  1. [§3.3] §3.3 (Pattern Alignment Framework): The Local Semantic Distillation Loss relies on expert-summarized source-code patterns and corresponding designed bytecode-level patterns for the three target vulnerabilities; the manuscript provides no validation study, coverage analysis of edge cases, or inter-expert agreement metrics to confirm these patterns are comprehensive and unbiased, which is load-bearing because the paper identifies the absence of granular bytecode annotations as the core problem.
  2. [Experiments] Experiments section: The headline F1-score improvements (3%–6%) are reported without dataset sizes, number of contracts or functions per vulnerability class, exact baseline re-implementation details, or statistical significance tests; this omission prevents assessment of whether the gains are robust or sensitive to post-hoc choices.
  3. [§4.2] §4.2 (Dual-Attention Graph Network): The node attention aggregation module is presented as key to capturing local patterns, yet the ablation results do not isolate its contribution from the distillation losses, leaving unclear which component primarily drives the reported improvements.
minor comments (2)
  1. [Abstract] Abstract: The sentence beginning 'Moreover, the absence of precise vulnerability patterns...' contains a minor grammatical awkwardness ('leads to depriving') that could be rephrased for clarity.
  2. [Figure 1] Figure 1: The architecture diagram would benefit from explicit labels on the arrows showing the flow of the Local Semantic Distillation Loss between the source-code and bytecode branches.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the constructive and positive review. The comments highlight important areas for strengthening the presentation of our pattern alignment, experimental details, and ablation analysis. We address each major comment below and will incorporate revisions accordingly.

read point-by-point responses

  1. Referee: [§3.3] §3.3 (Pattern Alignment Framework): The Local Semantic Distillation Loss relies on expert-summarized source-code patterns and corresponding designed bytecode-level patterns for the three target vulnerabilities; the manuscript provides no validation study, coverage analysis of edge cases, or inter-expert agreement metrics to confirm these patterns are comprehensive and unbiased, which is load-bearing because the paper identifies the absence of granular bytecode annotations as the core problem.

    Authors: We agree that the expert-guided patterns are central to the Local Semantic Distillation Loss and that additional justification would strengthen the manuscript. These patterns were derived from established vulnerability taxonomies in the smart contract literature (reentrancy, integer overflow/underflow, and timestamp dependence) and mapped to bytecode-level structures through analysis of opcode sequences and control-flow behaviors. In the revision, we will add a new subsection under §3.3 that details the pattern derivation process, provides concrete examples for each vulnerability, discusses coverage of common cases and potential edge cases, and explains the rationale for focusing on these three vulnerabilities as representative targets. revision: yes

  2. Referee: [Experiments] Experiments section: The headline F1-score improvements (3%–6%) are reported without dataset sizes, number of contracts or functions per vulnerability class, exact baseline re-implementation details, or statistical significance tests; this omission prevents assessment of whether the gains are robust or sensitive to post-hoc choices.

    Authors: We acknowledge that the current experimental reporting lacks sufficient detail for full reproducibility and robustness evaluation. In the revised manuscript, we will expand the Experiments section to report: the total number of contracts and functions in the dataset along with the breakdown per vulnerability class; precise descriptions of baseline re-implementations, including any adaptations made to the original papers for the bytecode setting; and results of statistical significance tests (e.g., paired t-tests over five random seeds) to support the reported F1 improvements. revision: yes

  3. Referee: [§4.2] §4.2 (Dual-Attention Graph Network): The node attention aggregation module is presented as key to capturing local patterns, yet the ablation results do not isolate its contribution from the distillation losses, leaving unclear which component primarily drives the reported improvements.

    Authors: We thank the referee for this precise observation. Our existing ablations compare the full ExDoS model against variants that remove the entire Dual-Attention Graph Network or the distillation losses, but they do not isolate the node attention aggregation module alone. We will add a targeted ablation experiment in §4.2 that keeps the dual-focus distillation losses fixed while disabling or replacing only the node attention aggregation module, thereby quantifying its specific contribution to local pattern capture and overall performance. revision: yes

Circularity Check

0 steps flagged

No circularity; empirical claims rest on independent experiments

full rationale

The paper's derivation introduces a Dual-Attention Graph Network, expert-summarized vulnerability patterns, and a dual-focus distillation objective (Global + Local Semantic Distillation Losses) as design choices grounded in the stated problem of missing fine-grained bytecode annotations. These components are not defined in terms of the model's fitted outputs or predictions; the patterns serve as fixed supervisory inputs rather than quantities derived from the training process itself. Performance claims are supported by external F1-score comparisons on real-world contracts against baselines, with no equations or results that reduce by construction to the method's own parameters or self-citations. The approach is self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The abstract provides insufficient detail to enumerate specific fitted hyperparameters or invented entities; the approach rests on standard graph-neural-network and knowledge-distillation assumptions.

axioms (2)
  • domain assumption Semantic graphs from source code and control-flow graphs from bytecode preserve the structural and semantic signals needed for vulnerability detection
    Invoked when the paper constructs the two graph modalities and aligns them.
  • domain assumption Expert-summarized vulnerability patterns can be reliably translated into bytecode-level patterns that supply useful supervisory signals
    Central to the local semantic distillation component.

pith-pipeline@v0.9.0 · 5820 in / 1280 out tokens · 49851 ms · 2026-05-18T17:25:51.882666+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

62 extracted references · 62 canonical work pages · 3 internal anchors

  1. [1]

    Maintenance-related concerns for post-deployed ethereum smart contract development: issues, techniques, and future challenges,

    J. Chen, X. Xia, D. Lo, J. Grundy, and X. Yang, “Maintenance-related concerns for post-deployed ethereum smart contract development: issues, techniques, and future challenges,”Empirical Software Engineering, vol. 26, no. 6, p. 117, 2021

    work page 2021

  2. [2]

    Smartoracle: Generating smart contract oracle via fine-grained invariant detection,

    J. Su, J. Chen, Z. Fang, X. Lin, Y . Tang, and Z. Zheng, “Smartoracle: Generating smart contract oracle via fine-grained invariant detection,” IEEE Transactions on Software Engineering, 2025

    work page 2025

  3. [3]

    Numscout: Unveiling numerical defects in smart contracts using llm-pruning symbolic execution,

    J. Chen, Z. Shao, S. Yang, Y . Shen, Y . Wang, T. Chen, Z. Shan, and Z. Zheng, “Numscout: Unveiling numerical defects in smart contracts using llm-pruning symbolic execution,”IEEE Transactions on Software Engineering, 2025

    work page 2025

  4. [4]

    When chatgpt meets smart contract vulnerability detec- tion: How far are we?

    C. Chen, J. Su, J. Chen, Y . Wang, T. Bi, J. Yu, Y . Wang, X. Lin, T. Chen, and Z. Zheng, “When chatgpt meets smart contract vulnerability detec- tion: How far are we?”ACM Transactions on Software Engineering and Methodology, vol. 34, no. 4, pp. 1–30, 2025

    work page 2025

  5. [6]

    Euler finance flash loan attack explained,

    Chainalysis, “Euler finance flash loan attack explained,”

    work page

  6. [7]

    Available: https://www.chainalysis.com/blog/ euler-finance-flash-loan-attack/

    [Online]. Available: https://www.chainalysis.com/blog/ euler-finance-flash-loan-attack/

    work page

  7. [8]

    Formal verification of smart contracts: Short paper,

    K. Bhargavan, A. Delignat-Lavaud, C. Fournet, A. Gollamudi, G. Gonthier, N. Kobeissi, N. Kulatova, A. Rastogi, T. Sibut-Pinote, N. Swamyet al., “Formal verification of smart contracts: Short paper,” inProceedings of the 2016 ACM workshop on programming languages and analysis for security, 2016, pp. 91–96

    work page 2016

  8. [9]

    Formal verification of smart contracts based on users and blockchain behaviors models,

    T. Abdellatif and K.-L. Brousmiche, “Formal verification of smart contracts based on users and blockchain behaviors models,” in2018 9th IFIP international conference on new technologies, mobility and security (NTMS). IEEE, 2018, pp. 1–5

    work page 2018

  9. [10]

    Verifying declarative smart contracts,

    H. Chen, L. Lu, B. Massey, Y . Wang, and B. T. Loo, “Verifying declarative smart contracts,” inProceedings of the IEEE/ACM 46th International Conference on Software Engineering, 2024, pp. 1–12

    work page 2024

  10. [11]

    {SmarTest}: Effectively hunting vulnerable transaction sequences in smart contracts through language{Model- Guided}symbolic execution,

    S. So, S. Hong, and H. Oh, “{SmarTest}: Effectively hunting vulnerable transaction sequences in smart contracts through language{Model- Guided}symbolic execution,” in30th USENIX Security Symposium (USENIX Security 21), 2021, pp. 1361–1378

    work page 2021

  11. [12]

    An improved vulnerability detection system of smart contracts based on symbolic execution,

    Y . Yao, H. Li, X. Yang, and Y . Le, “An improved vulnerability detection system of smart contracts based on symbolic execution,” in2022 IEEE International Conference on Big Data (Big Data). IEEE, 2022, pp. 3225–3234

    work page 2022

  12. [13]

    Learning to fuzz from symbolic execution with application to smart contracts,

    J. He, M. Balunovi ´c, N. Ambroladze, P. Tsankov, and M. Vechev, “Learning to fuzz from symbolic execution with application to smart contracts,” inProceedings of the 2019 ACM SIGSAC conference on computer and communications security, 2019, pp. 531–548

    work page 2019

  13. [14]

    sfuzz: An efficient adaptive fuzzer for solidity smart contracts,

    T. D. Nguyen, L. H. Pham, J. Sun, Y . Lin, and Q. T. Minh, “sfuzz: An efficient adaptive fuzzer for solidity smart contracts,” inProceedings of the ACM/IEEE 42nd International Conference on Software Engineering, 2020, pp. 778–788

    work page 2020

  14. [15]

    Funfuzz: A function-oriented fuzzer for smart contract vulnerability detection with high effectiveness and efficiency,

    M. Ye, Y . Nan, H.-N. Dai, S. Yang, X. Luo, and Z. Zheng, “Funfuzz: A function-oriented fuzzer for smart contract vulnerability detection with high effectiveness and efficiency,”ACM Transactions on Software Engineering and Methodology, vol. 33, no. 7, pp. 1–20, 2024

    work page 2024

  15. [16]

    Are we there yet? unraveling the state-of-the-art smart contract fuzzers,

    S. Wu, Z. Li, L. Yan, W. Chen, M. Jiang, C. Wang, X. Luo, and H. Zhou, “Are we there yet? unraveling the state-of-the-art smart contract fuzzers,” inProceedings of the IEEE/ACM 46th International Conference on Software Engineering, 2024, pp. 1–13

    work page 2024

  16. [17]

    Smart contract vulnerability detection using wide and deep neural network,

    S. B. Osei, Z. Ma, and R. Huang, “Smart contract vulnerability detection using wide and deep neural network,”Science of Computer Program- ming, vol. 238, p. 103172, 2024

    work page 2024

  17. [18]

    Smart contract vulnerability detection technique: A survey,

    P. Qian, Z. Liu, Q. He, B. Huang, D. Tian, and X. Wang, “Smart contract vulnerability detection technique: A survey,”arXiv preprint arXiv:2209.05872, 2022

    work page arXiv 2022

  18. [19]

    Smartguard: An llm- enhanced framework for smart contract vulnerability detection,

    H. Ding, Y . Liu, X. Piao, H. Song, and Z. Ji, “Smartguard: An llm- enhanced framework for smart contract vulnerability detection,”Expert Systems with Applications, vol. 269, p. 126479, 2025

    work page 2025

  19. [20]

    Transaction-based classification and detection approach for ethereum smart contract,

    T. Hu, X. Liu, T. Chen, X. Zhang, X. Huang, W. Niu, J. Lu, K. Zhou, and Y . Liu, “Transaction-based classification and detection approach for ethereum smart contract,”Information Processing & Management, vol. 58, no. 2, p. 102462, 2021

    work page 2021

  20. [21]

    Blockchain- enabled fraud discovery through abnormal smart contract detection on ethereum,

    L. Liu, W.-T. Tsai, M. Z. A. Bhuiyan, H. Peng, and M. Liu, “Blockchain- enabled fraud discovery through abnormal smart contract detection on ethereum,”Future Generation Computer Systems, vol. 128, pp. 158–166, 2022

    work page 2022

  21. [22]

    A new smart contract anomaly detection method by fusing opcode and source code features for blockchain services,

    L. Duan, L. Yang, C. Liu, W. Ni, and W. Wang, “A new smart contract anomaly detection method by fusing opcode and source code features for blockchain services,”IEEE Transactions on Network and Service Management, vol. 20, no. 4, pp. 4354–4368, 2023

    work page 2023

  22. [23]

    A bytecode-based approach for smart contract classification,

    C. Shi, Y . Xiang, J. Yu, L. Gao, K. Sood, and R. R. M. Doss, “A bytecode-based approach for smart contract classification,” in2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER). IEEE, 2022, pp. 1046–1054

    work page 2022

  23. [24]

    Defectchecker: Automated smart contract defect detection by analyzing evm bytecode,

    J. Chen, X. Xia, D. Lo, J. Grundy, X. Luo, and T. Chen, “Defectchecker: Automated smart contract defect detection by analyzing evm bytecode,” IEEE Transactions on Software Engineering, vol. 48, no. 7, pp. 2189– 2207, 2021

    work page 2021

  24. [25]

    Smartbugbert: Bert-enhanced vulnerability detection for smart contract bytecode,

    J. Bu, W. Li, Z. Li, Z. Zhang, and X. Li, “Smartbugbert: Bert-enhanced vulnerability detection for smart contract bytecode,”arXiv preprint arXiv:2504.05002, 2025

    work page arXiv 2025

  25. [26]

    Mtvhunter: Smart contracts vulnerability detection based on multi- teacher knowledge translation,

    G. Sun, Y . Zhuang, S. Zhang, X. Feng, Z. Liu, and L. Zhang, “Mtvhunter: Smart contracts vulnerability detection based on multi- teacher knowledge translation,” inProceedings of the AAAI Conference on Artificial Intelligence, vol. 39, no. 14, 2025, pp. 15 169–15 176

    work page 2025

  26. [27]

    Cross-modality mutual learning for enhancing smart contract vulnerability detection on bytecode,

    P. Qian, Z. Liu, Y . Yin, and Q. He, “Cross-modality mutual learning for enhancing smart contract vulnerability detection on bytecode,” in Proceedings of the ACM Web Conference 2023, 2023, pp. 2220–2229

    work page 2023

  27. [28]

    Bitcoin: A peer-to-peer electronic cash system,

    S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” 2008

    work page 2008

  28. [29]

    Ethereum white paper,

    V . Buterinet al., “Ethereum white paper,”GitHub repository, vol. 1, no. 22-23, pp. 5–7, 2013

    work page 2013

  29. [30]

    Crpwarner: Warning the risk of contract-related rug pull in defi smart contracts,

    Z. Lin, J. Chen, J. Wu, W. Zhang, Y . Wang, and Z. Zheng, “Crpwarner: Warning the risk of contract-related rug pull in defi smart contracts,” IEEE Transactions on Software Engineering, vol. 50, no. 6, pp. 1534– 1547, 2024

    work page 2024

  30. [31]

    Smart contract code repair recommendation based on reinforcement learning and multi- metric optimization,

    H. Guo, Y . Chen, X. Chen, Y . Huang, and Z. Zheng, “Smart contract code repair recommendation based on reinforcement learning and multi- metric optimization,”ACM Transactions on Software Engineering and Methodology, vol. 33, no. 4, pp. 1–31, 2024

    work page 2024

  31. [32]

    Foundations and tools for the static analysis of ethereum smart contracts,

    I. Grishchenko, M. Maffei, and C. Schneidewind, “Foundations and tools for the static analysis of ethereum smart contracts,” inComputer Aided Verification: 30th International Conference, CAV 2018, Held as Part of the Federated Logic Conference, FloC 2018, Oxford, UK, July 14-17, 2018, Proceedings, Part I 30. Springer, 2018, pp. 51–78

    work page 2018

  32. [33]

    Defining smart contract defects on ethereum,

    J. Chen, X. Xia, D. Lo, J. Grundy, X. Luo, and T. Chen, “Defining smart contract defects on ethereum,”IEEE Transactions on Software Engineering, vol. 48, no. 1, pp. 327–345, 2020

    work page 2020

  33. [34]

    Blockchain smart contracts formalization: Approaches and challenges to address vulnerabilities,

    A. Singh, R. M. Parizi, Q. Zhang, K.-K. R. Choo, and A. Dehghantanha, “Blockchain smart contracts formalization: Approaches and challenges to address vulnerabilities,”Computers & Security, vol. 88, p. 101654, 2020

    work page 2020

  34. [35]

    Security vulnerabilities in ethereum smart contracts,

    A. Mense and M. Flatscher, “Security vulnerabilities in ethereum smart contracts,” inProceedings of the 20th international conference on information integration and web-based applications & services, 2018, pp. 375–380

    work page 2018

  35. [36]

    Clep: A novel contrastive learning method for evolutionary reentrancy vulnerability detection,

    J. Chen, L. Wang, H. Zhu, and V . S. Sheng, “Clep: A novel contrastive learning method for evolutionary reentrancy vulnerability detection,” in Proceedings of the AAAI Conference on Artificial Intelligence, vol. 39, no. 1, 2025, pp. 67–74

    work page 2025

  36. [37]

    A review of deep learning- based vulnerability detection tools for ethernet smart contracts

    H. Wu, Y . Peng, Y . He, and J. Fan, “A review of deep learning- based vulnerability detection tools for ethernet smart contracts.”CMES- Computer Modeling in Engineering & Sciences, vol. 140, no. 1, 2024

    work page 2024

  37. [38]

    The dao attack paradoxes in propositional logic,

    X. Zhao, Z. Chen, X. Chen, Y . Wang, and C. Tang, “The dao attack paradoxes in propositional logic,” in2017 4th international conference on systems and informatics (ICSAI). IEEE, 2017, pp. 1743–1746

    work page 2017

  38. [39]

    Securify: Practical security analysis of smart contracts,

    P. Tsankov, A. Dan, D. Drachsler-Cohen, A. Gervais, F. Buenzli, and M. Vechev, “Securify: Practical security analysis of smart contracts,” inProceedings of the 2018 ACM SIGSAC conference on computer and communications security, 2018, pp. 67–82

    work page 2018

  39. [40]

    {teEther}: Gnawing at ethereum to auto- matically exploit smart contracts,

    J. Krupp and C. Rossow, “{teEther}: Gnawing at ethereum to auto- matically exploit smart contracts,” in27th USENIX security symposium (USENIX Security 18), 2018, pp. 1317–1333

    work page 2018

  40. [41]

    Making smart contracts smarter,

    L. Luu, D.-H. Chu, H. Olickel, P. Saxena, and A. Hobor, “Making smart contracts smarter,” inProceedings of the 2016 ACM SIGSAC conference on computer and communications security, 2016, pp. 254–269

    work page 2016

  41. [42]

    A framework for bug hunting on the ethereum blockchain,

    B. Mueller, “A framework for bug hunting on the ethereum blockchain,” https://github.com/ConsenSys/mythril, 2017

    work page 2017

  42. [43]

    Rethinking smart contract fuzzing: Fuzzing with invocation ordering and important branch revisiting,

    Z. Liu, P. Qian, J. Yang, L. Liu, X. Xu, Q. He, and X. Zhang, “Rethinking smart contract fuzzing: Fuzzing with invocation ordering and important branch revisiting,”IEEE Transactions on Information Forensics and Security, vol. 18, pp. 1237–1251, 2023

    work page 2023

  43. [44]

    Machine learning model for smart contracts security analysis,

    P. Momeni, Y . Wang, and R. Samavi, “Machine learning model for smart contracts security analysis,” in2019 17th international conference on privacy, security and trust (PST). IEEE, 2019, pp. 1–6

    work page 2019

  44. [46]

    Smart contract vulnerability detection using graph neural networks,

    Y . Zhuang, Z. Liu, P. Qian, Q. Liu, X. Wang, and Q. He, “Smart contract vulnerability detection using graph neural networks,” inProceedings of the Twenty-Ninth International Conference on International Joint Conferences on Artificial Intelligence, 2021, pp. 3283–3290

    work page 2021

  45. [47]

    Scvhunter: Smart contract vulnerability detection based on heteroge- neous graph attention network,

    F. Luo, R. Luo, T. Chen, A. Qiao, Z. He, S. Song, Y . Jiang, and S. Li, “Scvhunter: Smart contract vulnerability detection based on heteroge- neous graph attention network,” inProceedings of the IEEE/ACM 46th International Conference on Software Engineering, 2024, pp. 1–13

    work page 2024

  46. [48]

    Com- bining graph neural networks with expert knowledge for smart contract vulnerability detection,

    Z. Liu, P. Qian, X. Wang, Y . Zhuang, L. Qiu, and X. Wang, “Com- bining graph neural networks with expert knowledge for smart contract vulnerability detection,”IEEE Transactions on Knowledge and Data Engineering, vol. 35, no. 2, pp. 1296–1310, 2021

    work page 2021

  47. [49]

    Smart contract vulnerability detection: from pure neural network to interpretable graph feature and expert pattern fusion,

    Z. Liu, P. Qian, X. Wang, L. Zhu, Q. He, and S. Ji, “Smart contract vulnerability detection: from pure neural network to interpretable graph feature and expert pattern fusion,”arXiv preprint arXiv:2106.09282, 2021

    work page arXiv 2021

  48. [50]

    Improving smart contract security with contrastive learning-based vulnerability detection,

    Y . Chen, Z. Sun, Z. Gong, and D. Hao, “Improving smart contract security with contrastive learning-based vulnerability detection,” inPro- ceedings of the IEEE/ACM 46th International Conference on Software Engineering, 2024, pp. 1–11

    work page 2024

  49. [51]

    Attention is all you need,

    A. Vaswani, N. Shazeer, N. Parmar, J. Uszkoreit, L. Jones, A. N. Gomez, Ł. Kaiser, and I. Polosukhin, “Attention is all you need,”Advances in neural information processing systems, vol. 30, 2017

    work page 2017

  50. [52]

    Zeus: analyzing safety of smart contracts

    S. Kalra, S. Goel, M. Dhawan, and S. Sharma, “Zeus: analyzing safety of smart contracts.” inNdss, 2018, pp. 1–12

    work page 2018

  51. [53]

    Contractfuzzer: Fuzzing smart con- tracts for vulnerability detection,

    B. Jiang, Y . Liu, and W. K. Chan, “Contractfuzzer: Fuzzing smart con- tracts for vulnerability detection,” inProceedings of the 33rd ACM/IEEE international conference on automated software engineering, 2018, pp. 259–269

    work page 2018

  52. [54]

    Multi-modal learning with missing modality via shared-specific feature modelling,

    H. Wang, Y . Chen, C. Ma, J. Avery, L. Hull, and G. Carneiro, “Multi-modal learning with missing modality via shared-specific feature modelling,” inProceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2023, pp. 15 878–15 887

    work page 2023

  53. [55]

    Refine myself by teaching myself: Feature refinement via self-knowledge distillation,

    M. Ji, S. Shin, S. Hwang, G. Park, and I.-C. Moon, “Refine myself by teaching myself: Feature refinement via self-knowledge distillation,” inProceedings of the IEEE/CVF conference on computer vision and pattern recognition, 2021, pp. 10 664–10 673

    work page 2021

  54. [56]

    Learning to distill graph neural networks,

    C. Yang, Y . Guo, Y . Xu, C. Shi, J. Liu, C. Wang, X. Li, N. Guo, and H. Yin, “Learning to distill graph neural networks,” inProceedings of the sixteenth ACM international conference on web search and data mining, 2023, pp. 123–131

    work page 2023

  55. [57]

    Smartcheck: Static analysis of ethereum smart contracts,

    S. Tikhomirov, E. V oskresenskaya, I. Ivanitskiy, R. Takhaviev, E. Marchenko, and Y . Alexandrov, “Smartcheck: Static analysis of ethereum smart contracts,” inProceedings of the 1st international workshop on emerging trends in software engineering for blockchain, 2018, pp. 9–16

    work page 2018

  56. [58]

    Slither: a static analysis framework for smart contracts,

    J. Feist, G. Grieco, and A. Groce, “Slither: a static analysis framework for smart contracts,” in2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). IEEE, 2019, pp. 8–15

    work page 2019

  57. [59]

    A fixed-point algorithm for automated static detection of infinite loops,

    A. Ibing and A. Mai, “A fixed-point algorithm for automated static detection of infinite loops,” in2015 IEEE 16th International Symposium on High Assurance Systems Engineering. IEEE, 2015, pp. 44–51

    work page 2015

  58. [60]

    Looper: Lightweight detection of infinite loops at runtime,

    J. Burnim, N. Jalbert, C. Stergiou, and K. Sen, “Looper: Lightweight detection of infinite loops at runtime,” in2009 IEEE/ACM International Conference on Automated Software Engineering. IEEE, 2009, pp. 161– 169

    work page 2009

  59. [61]

    Towards Safer Smart Contracts: A Sequence Learning Approach to Detecting Security Threats

    W. J.-W. Tann, X. J. Han, S. S. Gupta, and Y .-S. Ong, “Towards safer smart contracts: A sequence learning approach to detecting security threats,”arXiv preprint arXiv:1811.06632, 2018

    work page internal anchor Pith review Pith/arXiv arXiv 2018

  60. [62]

    Long short-term memory recurrent neural network architectures for large scale acoustic modeling

    H. Sak, A. W. Senior, F. Beaufayset al., “Long short-term memory recurrent neural network architectures for large scale acoustic modeling.” inInterspeech, vol. 2014, 2014, pp. 338–342

    work page 2014

  61. [63]

    Empirical Evaluation of Gated Recurrent Neural Networks on Sequence Modeling

    J. Chung, C. Gulcehre, K. Cho, and Y . Bengio, “Empirical evaluation of gated recurrent neural networks on sequence modeling,”arXiv preprint arXiv:1412.3555, 2014

    work page internal anchor Pith review Pith/arXiv arXiv 2014

  62. [64]

    Semi-Supervised Classification with Graph Convolutional Networks

    T. N. Kipf and M. Welling, “Semi-supervised classification with graph convolutional networks,”arXiv preprint arXiv:1609.02907, 2016

    work page internal anchor Pith review Pith/arXiv arXiv 2016