pith. sign in

arxiv: 2510.21272 · v2 · submitted 2025-10-24 · 💻 cs.CR · cs.SE

LLM-Powered Detection of Price Manipulation in DeFi

Lu Liu , Wuqi Zhang , Lili Wei , Hao Guan , Yongqiang Tian , Yepang Liu , Shing-Chi Cheung This is my paper

Pith reviewed 2026-05-18 05:04 UTC · model grok-4.3

classification 💻 cs.CR cs.SE
keywords price manipulationDeFismart contractsvulnerability detectionLLMstatic analysisflash loanssecurity auditing
0
0 comments X

The pith

A hybrid static analysis and LLM pipeline detects price manipulation vulnerabilities in DeFi smart contracts at 88 percent precision and 90 percent recall.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

DeFi smart contracts hold billions in value and are frequently targeted by price manipulation attacks that rely on flash loans and complex economic interactions. Existing reactive and static tools depend on known patterns and rigid rules, so they miss novel variants and fail to reason about financial logic. PMDetector first runs static taint analysis to surface candidate code paths, then applies a two-stage LLM process to check for missing defenses and to simulate whether an exploit would succeed. A final static checker retains only high-risk paths and produces detailed reports. On a dataset of 73 real vulnerable protocols and 288 benign ones the system outperforms prior static and LLM baselines while costing only a few cents and seconds per audit.

Core claim

PMDetector is a three-stage hybrid framework that combines static taint analysis to identify potentially vulnerable paths, a two-stage LLM process that first distinguishes defended from undefended paths and then simulates attack exploitability, and a final static checker that validates results and generates vulnerability reports, achieving 88 percent precision and 90 percent recall on real-world DeFi protocols.

What carries the argument

The three-stage pipeline that starts with static taint analysis, uses LLM reasoning for defense filtering and exploit simulation, and ends with static validation to retain only high-risk paths.

If this is right

  • Detects novel price manipulation variants that do not match predefined heuristics.
  • Produces comprehensive vulnerability reports at a cost of roughly three cents and four seconds per contract with GPT-4.1.
  • Outperforms both state-of-the-art static analysis tools and standalone LLM-based detectors on the evaluated dataset.
  • Enables proactive auditing of DeFi protocols before deployment rather than after losses occur.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same pipeline structure could be reused for other DeFi vulnerability classes that involve economic reasoning, such as oracle manipulation or liquidation attacks.
  • Further gains in accuracy are likely as more capable LLMs become available without requiring changes to the static stages.
  • Integration into developer toolchains could allow continuous checking of contract updates for new manipulation risks.

Load-bearing premise

The LLM can reliably judge whether a code path contains defenses and whether a price manipulation attack on that path would succeed when the contract contains complex economic logic.

What would settle it

Running the detector on an additional collection of DeFi contracts that contain known but previously unseen price manipulation vulnerabilities and measuring whether precision and recall remain near 88 and 90 percent.

Figures

Figures reproduced from arXiv: 2510.21272 by Hao Guan, Lili Wei, Lu Liu, Shing-Chi Cheung, Wuqi Zhang, Yepang Liu, Yongqiang Tian.

Figure 1
Figure 1. Figure 1: Vulnerable logic in the ZZF protocol. 3 Motivation and Attack Model This section presents an example of real-world price manipulation vulnerabilities, followed by the definition of an attack model that captures the essential characteristics and attack vectors of this vulnerability class. 3.1 Illustrating Example [PITH_FULL_IMAGE:figures/full_fig_p005_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Demonstration of the Attack on the ZZF Protocol [PITH_FULL_IMAGE:figures/full_fig_p006_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: The workflow of PMDetector. 5) Phase 4: Cleanup. The final step cleans up positions and repays flash loans. The attacker unwinds positions, repays loans, restores oracles if necessary, and finalizes profit. In [PITH_FULL_IMAGE:figures/full_fig_p007_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Definition of taint sinks. Algorithm 1: Taint Analysis Algorithm Input :C, the smart contract to be analyze Output :TaintPaths, a set of taint paths 1 Function TaintAnalysis(C): 2 CFGs ← PreProcess (C) 3 TaintMap ← IdentifySources (C) 4 repeat 5 TaintMapold ← TaintMap 6 TaintMap ← Propagate (TaintMap, CFGs) 7 until TaintMap == TaintMapold 8 TaintPaths ← ∅ 9 foreach instruction Inst in C do 10 if IsSink (In… view at source ↗
Figure 5
Figure 5. Figure 5: Prompt Templates of the Path Filtering Stage (left) and the Attack Simulation Stage (right). [PITH_FULL_IMAGE:figures/full_fig_p011_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Ablation result of PMDetector. Overall Results [PITH_FULL_IMAGE:figures/full_fig_p015_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: A zero-day price manipulation vulnerability. [PITH_FULL_IMAGE:figures/full_fig_p017_7.png] view at source ↗
read the original abstract

Decentralized Finance (DeFi) smart contracts manage billions of dollars, making them a prime target for exploits. Price manipulation vulnerabilities, often via flash loans, are a devastating class of attacks causing significant financial losses. Existing detection methods are limited. Reactive approaches analyze attacks only after they occur, while proactive static analysis tools rely on rigid, predefined heuristics, limiting adaptability. Both depend on known attack patterns, failing to identify novel variants or comprehend complex economic logic. We propose PMDetector, a hybrid framework combining static analysis with Large Language Model (LLM)-based reasoning to proactively detect price manipulation vulnerabilities. Our approach uses a formal attack model and a three-stage pipeline. First, static taint analysis identifies potentially vulnerable code paths. Second, a two-stage LLM process filters paths by analyzing defenses and then simulates attacks to evaluate exploitability. Finally, a static analysis checker validates LLM results, retaining only high-risk paths and generating comprehensive vulnerability reports. To evaluate its effectiveness, we built a dataset of 73 real-world vulnerable and 288 benign DeFi protocols. Results show PMDetector achieves 88% precision and 90% recall with Gemini 2.5-flash, significantly outperforming state-of-the-art static analysis and LLM-based approaches. Auditing a vulnerability with PMDetector costs just $0.03 and takes 4.0 seconds with GPT-4.1, offering an efficient and cost-effective alternative to manual audits.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The paper proposes PMDetector, a hybrid detection framework for price manipulation vulnerabilities in DeFi smart contracts. It combines static taint analysis to identify candidate paths, a two-stage LLM process (first filtering defended vs. undefended paths, then simulating exploitability via attack reasoning), and a final static checker to retain only high-risk paths and produce reports. The approach is evaluated on a dataset of 73 real-world vulnerable protocols and 288 benign ones, reporting 88% precision and 90% recall with Gemini 2.5-flash, outperforming static analysis and LLM baselines, at a cost of $0.03 and 4 seconds per audit.

Significance. If the performance numbers hold under rigorous verification, the work would advance proactive DeFi security by showing how LLMs can augment static analysis to reason about novel economic attack patterns (flash loans, oracles, multi-contract state) that rigid heuristics miss. The independently assembled real-protocol dataset is a positive feature that avoids circularity with fitted parameters. The reported efficiency metrics also support practical deployment claims.

major comments (3)
  1. [Evaluation] Evaluation section: The headline claim of 88% precision and 90% recall on the 73 vulnerable cases is load-bearing for the central contribution, yet the manuscript provides no details on dataset construction criteria, selection process for the vulnerable protocols, or controls for selection bias. This prevents assessment of whether the test set adequately covers complex interactions (e.g., flash-loan sequencing with oracle dependencies) that the paper positions as its novelty.
  2. [Method] Method section (two-stage LLM pipeline): The description of the LLM filtering and exploit-simulation stages does not include the exact prompts, chain-of-thought examples, or error analysis on contracts with non-trivial economic invariants. Without these, it is impossible to verify that the subsequent static checker actually compensates for LLM misclassifications on defended paths rather than inheriting them, which directly affects the reliability of the reported recall.
  3. [Results] Results section: The comparison to state-of-the-art static analysis and LLM-based approaches lacks explicit descriptions of baseline implementations, hyperparameter settings, or how false-positive/negative cases were manually validated. This makes the claim of significant outperformance difficult to reproduce or falsify.
minor comments (2)
  1. [Abstract] The abstract states a 'three-stage pipeline' but then describes static analysis, a two-stage LLM process, and a final static checker; a numbered breakdown of the stages would improve clarity.
  2. [Evaluation] Table or figure reporting per-protocol results would help readers assess variance across different DeFi protocol types (e.g., lending vs. DEX).

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the constructive and detailed feedback. We address each major comment below and will revise the manuscript to enhance reproducibility, transparency, and rigor as outlined.

read point-by-point responses

  1. Referee: [Evaluation] Evaluation section: The headline claim of 88% precision and 90% recall on the 73 vulnerable cases is load-bearing for the central contribution, yet the manuscript provides no details on dataset construction criteria, selection process for the vulnerable protocols, or controls for selection bias. This prevents assessment of whether the test set adequately covers complex interactions (e.g., flash-loan sequencing with oracle dependencies) that the paper positions as its novelty.

    Authors: We agree that additional details on dataset construction are required to evaluate coverage and bias. In the revised manuscript, we will expand the Evaluation section with a new subsection describing: (1) sources for the 73 vulnerable protocols (public exploit reports, security audits, and blockchain analytics platforms), (2) inclusion criteria ensuring diversity across DeFi categories and attack vectors including flash-loan sequencing with oracle dependencies, and (3) bias controls such as cross-verification against independent vulnerability databases and broad protocol sampling. This will directly address coverage of the complex interactions highlighted as the paper's novelty. revision: yes

  2. Referee: [Method] Method section (two-stage LLM pipeline): The description of the LLM filtering and exploit-simulation stages does not include the exact prompts, chain-of-thought examples, or error analysis on contracts with non-trivial economic invariants. Without these, it is impossible to verify that the subsequent static checker actually compensates for LLM misclassifications on defended paths rather than inheriting them, which directly affects the reliability of the reported recall.

    Authors: We acknowledge that the current description lacks sufficient detail on the LLM stages. We will revise the Method section to include the exact prompts for both the defense filtering and exploit-simulation stages, plus representative chain-of-thought examples. We will also add an error analysis on contracts with non-trivial economic invariants, explicitly showing cases of potential LLM misclassification on defended paths and how the final static checker compensates to support the reported recall. These will appear in the main text or a dedicated appendix. revision: yes

  3. Referee: [Results] Results section: The comparison to state-of-the-art static analysis and LLM-based approaches lacks explicit descriptions of baseline implementations, hyperparameter settings, or how false-positive/negative cases were manually validated. This makes the claim of significant outperformance difficult to reproduce or falsify.

    Authors: We agree that more explicit baseline details are needed for reproducibility. In the revised Results section, we will add descriptions of the static analysis and LLM baseline implementations, including hyperparameter settings used, and the manual validation process for false positives and negatives (with the specific criteria applied). This will allow independent reproduction and falsification of the outperformance claims. revision: yes

Circularity Check

0 steps flagged

No significant circularity: performance metrics measured on independently assembled real-world dataset

full rationale

The paper presents an empirical evaluation of PMDetector on a dataset of 73 real-world vulnerable and 288 benign DeFi protocols that was assembled separately from the detection pipeline. Precision and recall are computed as standard metrics against these ground-truth labels. No equations, fitted parameters, or self-referential definitions appear in the provided text, and no load-bearing claims reduce to self-citation chains or ansatzes imported from prior author work. The derivation chain is therefore self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 1 invented entities

The approach rests on standard assumptions from static analysis and LLM reasoning capabilities; no new mathematical constants or fitted parameters are introduced in the abstract.

axioms (2)
  • domain assumption Static taint analysis can identify code paths potentially vulnerable to price manipulation via flash loans
    Invoked as the first stage of the pipeline.
  • domain assumption Large language models can analyze smart-contract defenses and simulate attack exploitability with sufficient accuracy for filtering
    Central to the two-stage LLM component.
invented entities (1)
  • PMDetector no independent evidence
    purpose: Hybrid static-plus-LLM detection framework for price manipulation vulnerabilities
    The complete three-stage system is introduced by the paper.

pith-pipeline@v0.9.0 · 5797 in / 1537 out tokens · 91358 ms · 2026-05-18T05:04:59.095520+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

78 extracted references · 78 canonical work pages · 1 internal anchor

  1. [1]

    BonqDAO Protocol Attack Incident

    2023. BonqDAO Protocol Attack Incident. https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/past/2023/ README.md#20230202---bonqdao---price-oracle-manipulation

    work page 2023

  2. [2]

    The attack loss of the ZZF protocol

    2024. The attack loss of the ZZF protocol. https://immunebytes.com/blog/list-of-crypto-hacks-in-the-month-of- march/

    work page 2024

  3. [3]

    ZZF protocol

    2024. ZZF protocol. https://bscscan.com/address/0xb7a254237e05ccca0a756f75fb78ab2df222911b

    work page 2024

  4. [4]

    5 Common Smart Contract Vulnerabilities

    2025. 5 Common Smart Contract Vulnerabilities. https://www.hydnsec.com/blog-posts/5-common-smart-contract- vulnerabilities

    work page 2025

  5. [5]

    Binance Smart Chain (BSC)

    2025. Binance Smart Chain (BSC). https://www.bnbchain.org/en/bnb-smart-chain

    work page 2025

  6. [6]

    Central limit order book (CLOB)

    2025. Central limit order book (CLOB). https://en.wikipedia.org/wiki/Central_limit_order_book

    work page 2025

  7. [7]

    Checks Effects Interactions

    2025. Checks Effects Interactions. https://fravoll.github.io/solidity-patterns/checks_effects_interactions.html

    work page 2025

  8. [8]

    Constant function market maker

    2025. Constant function market maker. https://en.wikipedia.org/wiki/Constant_function_market_maker

    work page 2025

  9. [9]

    Decentralized Application (DApp)

    2025. Decentralized Application (DApp). https://en.wikipedia.org/wiki/Decentralized_application

    work page 2025

  10. [10]

    Decentralized Finance

    2025. Decentralized Finance. https://en.wikipedia.org/wiki/Decentralized_finance

    work page 2025

  11. [11]

    Defihacklabs

    2025. Defihacklabs. https://defihacklabs.io/

    work page 2025

  12. [12]

    2025. Ether. https://en.wikipedia.org/wiki/Ethereum

    work page 2025

  13. [13]

    Fee on Transfer Mechanism

    2025. Fee on Transfer Mechanism. https://help.1inch.io/en/articles/5651059-what-is-a-fee-on-transfer-token

    work page arXiv 2025

  14. [14]

    Gemini 2.5 Flash

    2025. Gemini 2.5 Flash. https://cloud.google.com/vertex-ai/generative-ai/docs/models/gemini/2-5-flash

    work page 2025

  15. [15]

    GoodCompound

    2025. GoodCompound. https://etherscan.io/address/0x3d9819210a31b4961b30ef54be2aed79b9c9cd3b

    work page 2025

  16. [16]

    2025. GPT-4.1. https://platform.openai.com/docs/models/gpt-4.1

    work page 2025

  17. [17]

    ImpermaxV3

    2025. ImpermaxV3. https://basescan.org/address/0x5d93f216f17c225a8B5fFA34e74B7133436281eE

    work page 2025

  18. [18]

    Inverse Finance FiRM

    2025. Inverse Finance FiRM. https://etherscan.io/address/0x41d5d79431a913c4ae7d69a668ecdfe5ff9dfb68

    work page 2025

  19. [19]

    Liquidity Provider

    2025. Liquidity Provider. https://en.wikipedia.org/wiki/Market_maker

    work page 2025

  20. [20]

    List of Past DeFi Incidents

    2025. List of Past DeFi Incidents. https://github.com/SunWeb3Sec/DeFiHackLabs#list-of-past-defi-incidents

    work page 2025

  21. [21]

    Mahalend Protocol

    2025. Mahalend Protocol. https://etherscan.io/address/0xfd11aba71c06061f446ade4eec057179f19c23c4

    work page 2025

  22. [22]

    OWASP Smart Contract Top 10

    2025. OWASP Smart Contract Top 10. https://owasp.org/www-project-smart-contract-top-10/

    work page 2025

  23. [23]

    PancakeSwap

    2025. PancakeSwap. https://pancakeswap.finance/

    work page 2025

  24. [24]

    Qwen3-235B-A22B

    2025. Qwen3-235B-A22B. https://huggingface.co/Qwen/Qwen3-235B-A22B

    work page 2025

  25. [25]

    tiktoken

    2025. tiktoken. https://github.com/openai/tiktoken

    work page 2025

  26. [26]

    The Top 100 DeFi Hacks

    2025. The Top 100 DeFi Hacks. https://www.halborn.com/reports/top-100-defi-hacks-2025

    work page 2025

  27. [27]

    Total Value Locked in DeFi

    2025. Total Value Locked in DeFi. https://defillama.com/

    work page 2025

  28. [28]

    2025. USDC. https://en.wikipedia.org/wiki/USDC_(cryptocurrency)

    work page 2025

  29. [29]

    What is a flash loan? https://www.coinbase.com/learn/advanced-trading/what-is-a-flash-loan

    2025. What is a flash loan? https://www.coinbase.com/learn/advanced-trading/what-is-a-flash-loan

    work page 2025

  30. [30]

    What Is a Smart Contract Audit? https://hedera.com/learning/smart-contracts/smart-contract-audit#:~:text= How%20much%20does%20a%20smart,and%20complexity%20of%20the%20contract

    2025. What Is a Smart Contract Audit? https://hedera.com/learning/smart-contracts/smart-contract-audit#:~:text= How%20much%20does%20a%20smart,and%20complexity%20of%20the%20contract

    work page 2025

  31. [31]

    Barlett, J

    J.E. Barlett, J. Kotrlik, and C. Higgins. 2001. Organizational Research: Determining Appropriate Sample Size in Survey Research.Information Technology, Learning, and Performance Journal19 (01 2001)

    work page 2001

  32. [32]

    Biagio Boi, Christian Esposito, and Sokjoon Lee. 2024. Smart contract vulnerability detection: The role of large language model (llm).ACM SIGAPP applied computing review24, 2 (2024), 19–29

    work page 2024

  33. [33]

    Ningyu He Bosi Zhang, Xiaohui Hu, Kai Ma, and Haoyu Wang. 2025. Following Devils’ Footprint: Towards Real-time Detection of Price Manipulation Attacks. (2025)

    work page 2025

  34. [34]

    Jiuyang Bu, Wenkai Li, Zongwei Li, Zeng Zhang, and Xiaoqi Li. 2025. Enhancing smart contract vulnerability detection in dapps leveraging fine-tuned llm.arXiv preprint arXiv:2504.05006(2025)

    work page arXiv 2025

  35. [35]

    Jie Cai, Bin Li, Jiale Zhang, Xiaobing Sun, and Bing Chen. 2023. Combine sliced joint graph with graph neural networks for smart contract vulnerability detection.Journal of Systems and Software195 (2023), 111550

    work page 2023

  36. [36]

    Zhiyang Chen, Sidi Mohamed Beillahi, and Fan Long. 2024. Flashsyn: Flash loan attack synthesis via counter example driven approximation. InProceedings of the IEEE/ACM 46th International Conference on Software Engineering. 1–13

    work page 2024

  37. [37]

    Jaeseung Choi, Doyeon Kim, Soomin Kim, Gustavo Grieco, Alex Groce, and Sang Kil Cha. 2021. Smartian: Enhancing smart contract fuzzing with static and dynamic data-flow analyses. In2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 227–239

    work page 2021

  38. [38]

    Isaac David, Liyi Zhou, Kaihua Qin, Dawn Song, Lorenzo Cavallaro, and Arthur Gervais. 2023. Do you still need a manual smart contract audit? arXiv:2306.12338 [cs.CR] https://arxiv.org/abs/2306.12338

    work page arXiv 2023

  39. [39]

    Josselin Feist, Gustavo Grieco, and Alex Groce. 2019. Slither: a static analysis framework for smart contracts. In2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). IEEE, 8–15

    work page 2019

  40. [40]

    Bo Gao, Yuan Wang, Qingsong Wei, Yong Liu, Rick Siow Mong Goh, and David Lo. 2025. AiRacleX: Automated Detection of Price Oracle Manipulations via LLM-Driven Knowledge Mining and Prompt Generation. arXiv:2502.06348 [cs.CR] , Vol. 1, No. 1, Article . Publication date: October 2025. 20 Lu Liu, Wuqi Zhang, Lili Wei, Hao Guan, Yongqiang Tian, and Yepang Liu h...

    work page arXiv 2025

  41. [41]

    Bo Gao, Qingsong Wei, Yong Liu, and Rick Siow Mong Goh. 2024. Unveiling the potential of chatgpt in detecting machine unauditable bugs in smart contracts: A preliminary evaluation and categorization. In2024 IEEE Conference on Artificial Intelligence (CAI). IEEE, 1481–1486

    work page 2024

  42. [42]

    Zhipeng Gao, Vinoj Jayasundara, Lingxiao Jiang, Xin Xia, David Lo, and John Grundy. 2019. Smartembed: A tool for clone and bug detection in smart contracts through structural code embedding. In2019 IEEE International Conference on Software Maintenance and Evolution (ICSME). IEEE, 394–397

    work page 2019

  43. [43]

    Sihao Hu, Tiansheng Huang, Fatih İlhan, Selim Furkan Tekin, and Ling Liu. 2023. Large language model-powered smart contract vulnerability detection: New perspectives. In2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). IEEE, 297–306

    work page 2023

  44. [44]

    Johannes Rude Jensen, Victor von Wachter, and Omri Ross. 2021. An introduction to decentralized finance (defi). Complex Systems Informatics and Modeling Quarterly26 (2021), 46–54

    work page 2021

  45. [45]

    Bo Jiang, Ye Liu, and Wing Kwong Chan. 2018. Contractfuzzer: Fuzzing smart contracts for vulnerability detection. In Proceedings of the 33rd ACM/IEEE international conference on automated software engineering. 259–269

    work page 2018

  46. [46]

    Juyong Jiang, Fan Wang, Jiasi Shen, Sungju Kim, and Sunghun Kim. 2024. A survey on large language models for code generation.arXiv preprint arXiv:2406.00515(2024)

    work page internal anchor Pith review Pith/arXiv arXiv 2024

  47. [47]

    Haolin Jin, Linghan Huang, Haipeng Cai, Jun Yan, Bo Li, and Huaming Chen. 2024. From llms to llm-based agents for software engineering: A survey of current, challenges and future.arXiv preprint arXiv:2408.02479(2024)

    work page arXiv 2024

  48. [48]

    Queping Kong, Jiachi Chen, Yanlin Wang, Zigui Jiang, and Zibin Zheng. 2023. Defitainter: Detecting price manipulation vulnerabilities in defi protocols. InProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. 1144–1156

    work page 2023

  49. [49]

    Haonan Li, Yu Hao, Yizhuo Zhai, and Zhiyun Qian. 2024. Enhancing static analysis for practical bug detection: An llm-integrated approach.Proceedings of the ACM on Programming Languages8, OOPSLA1 (2024), 474–499

    work page 2024

  50. [50]

    Zhenguang Liu, Peng Qian, Xiaoyang Wang, Yuan Zhuang, Lin Qiu, and Xun Wang. 2021. Combining graph neural networks with expert knowledge for smart contract vulnerability detection.IEEE Transactions on Knowledge and Data Engineering35, 2 (2021), 1296–1310

    work page 2021

  51. [51]

    Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making smart contracts smarter. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. 254–269

    work page 2016

  52. [52]

    Wei Ma, Shangqing Liu, Zhihao Lin, Wenhan Wang, Qiang Hu, Ye Liu, Cen Zhang, Liming Nie, Li Li, and Yang Liu

    work page

  53. [53]

    Lms: Understanding code syntax and semantics for code analysis.arXiv preprint arXiv:2305.12138

    work page arXiv

  54. [54]

    Wei Ma, Daoyuan Wu, Yuqiang Sun, Tianwen Wang, Shangqing Liu, Jian Zhang, Yue Xue, and Yang Liu. 2024. Combining fine-tuning and llm-based agents for intuitive smart contract auditing with justifications.arXiv preprint arXiv:2403.16073(2024)

    work page arXiv 2024

  55. [55]

    Mark Mossberg, Felipe Manzano, Eric Hennenfent, Alex Groce, Gustavo Grieco, Josselin Feist, Trent Brunson, and Artem Dinaburg. 2019. Manticore: A user-friendly symbolic execution framework for binaries and smart contracts. In 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 1186–1189

    work page 2019

  56. [56]

    Daye Nam, Andrew Macvean, Vincent Hellendoorn, Bogdan Vasilescu, and Brad Myers. 2024. Using an llm to help with code understanding. InProceedings of the IEEE/ACM 46th International Conference on Software Engineering. 1–13

    work page 2024

  57. [57]

    Tai D Nguyen, Long H Pham, Jun Sun, Yun Lin, and Quang Tran Minh. 2020. sfuzz: An efficient adaptive fuzzer for solidity smart contracts. InProceedings of the ACM/IEEE 42nd international conference on software engineering. 778–788

    work page 2020

  58. [58]

    Sunbeom So, Myungho Lee, Jisu Park, Heejo Lee, and Hakjoo Oh. 2020. Verismart: A highly precise safety verifier for ethereum smart contracts. In2020 IEEE Symposium on Security and Privacy (SP). IEEE, 1678–1694

    work page 2020

  59. [59]

    Gaurang Sriramanan, Siddhant Bharti, Vinu Sankar Sadasivan, Shoumik Saha, Priyatham Kattakinda, and Soheil Feizi

    work page

  60. [60]

    Llm-check: Investigating detection of hallucinations in large language models.Advances in Neural Information Processing Systems37 (2024), 34188–34216

    work page 2024

  61. [61]

    Yuqiang Sun, Daoyuan Wu, Yue Xue, Han Liu, Haijun Wang, Zhengzi Xu, Xiaofei Xie, and Yang Liu. 2024. Gptscan: Detecting logic vulnerabilities in smart contracts by combining gpt with program analysis. InProceedings of the IEEE/ACM 46th International Conference on Software Engineering. 1–13

    work page 2024

  62. [62]

    Sergei Tikhomirov, Ekaterina Voskresenskaya, Ivan Ivanitskiy, Ramil Takhaviev, Evgeny Marchenko, and Yaroslav Alexandrov. 2018. Smartcheck: Static analysis of ethereum smart contracts. InProceedings of the 1st international workshop on emerging trends in software engineering for blockchain. 9–16

    work page 2018

  63. [63]

    Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N Gomez, Łukasz Kaiser, and Illia Polosukhin. 2017. Attention is all you need.Advances in neural information processing systems30 (2017)

    work page 2017

  64. [64]

    Dabao Wang, Bang Wu, Xingliang Yuan, Lei Wu, Yajin Zhou, and Helei Cui. 2024. Defiguard: A price manipulation detection service in defi using graph neural networks.IEEE Transactions on Services Computing(2024)

    work page 2024

  65. [65]

    Sally Junsong Wang, Kexin Pei, and Junfeng Yang. 2024. Smartinv: Multimodal learning for smart contract invariant inference. In2024 IEEE Symposium on Security and Privacy (SP). IEEE, 2217–2235. , Vol. 1, No. 1, Article . Publication date: October 2025. LLM-Powered Detection of Price Manipulation in DeFi 21

    work page 2024

  66. [66]

    Wei Wang, Jingjing Song, Guangquan Xu, Yidong Li, Hao Wang, and Chunhua Su. 2020. Contractward: Automated vulnerability detection models for ethereum smart contracts.IEEE Transactions on Network Science and Engineering8, 2 (2020), 1133–1144

    work page 2020

  67. [67]

    Zhiyuan Wei, Jing Sun, Yuqiang Sun, Ye Liu, Daoyuan Wu, Zijian Zhang, Xianhao Zhang, Meng Li, Yang Liu, Chunmiao Li, et al . 2025. Advanced Smart Contract Vulnerability Detection via LLM-Powered Multi-Agent Systems.IEEE Transactions on Software Engineering

    work page 2025

  68. [68]

    Zhiyuan Wei, Jing Sun, Zijiang Zhang, Xianhao Zhang, Meng Li, and Zhe Hou. 2024. Llm-smartaudit: Advanced smart contract vulnerability detection.arXiv preprint arXiv:2410.09381(2024)

    work page arXiv 2024

  69. [69]

    Hongbo Wen, Hanzhi Liu, Jiaxin Song, Yanju Chen, Wenbo Guo, and Yu Feng. 2024. FORAY: Towards Effective Attack Synthesis against Deep Logical Vulnerabilities in DeFi Protocols. InProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. 1001–1015

    work page 2024

  70. [70]

    Ka Wai Wu. 2024. Strengthening DeFi Security: A Static Analysis Approach to Flash Loan Vulnerabilities.arXiv preprint arXiv:2411.01230(2024)

    work page arXiv 2024

  71. [71]

    Siwei Wu, Zhou Yu, Dabao Wang, Yajin Zhou, Lei Wu, Haoyu Wang, and Xingliang Yuan. 2023. Defiranger: detecting DeFI price manipulation attacks.IEEE Transactions on Dependable and Secure Computing21, 4 (2023), 4147–4161

    work page 2023

  72. [72]

    Yin Wu, Xiaofei Xie, Chenyang Peng, Dijun Liu, Hao Wu, Ming Fan, Ting Liu, and Haijun Wang. 2024. Advscanner: Generating adversarial smart contracts to exploit reentrancy vulnerabilities using llm and static analysis. InProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering. 1019–1031

    work page 2024

  73. [73]

    Maoyi Xie, Ming Hu, Ziqiao Kong, Cen Zhang, Yebo Feng, Haijun Wang, Yue Xue, Hao Zhang, Ye Liu, and Yang Liu

    work page

  74. [74]

    InProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis

    DeFort: Automatic Detection and Analysis of Price Manipulation Attacks in DeFi Applications. InProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis. 402–414

    work page

  75. [75]

    Yingjie Xu, Gengran Hu, Lin You, and Chengtang Cao. 2021. A novel machine learning-based analysis model for smart contract vulnerability.Security and Communication Networks2021, 1 (2021), 5798033

    work page 2021

  76. [76]

    Yinxing Xue, Mingliang Ma, Yun Lin, Yulei Sui, Jiaming Ye, and Tianyong Peng. 2020. Cross-contract static analysis for detecting practical reentrancy vulnerabilities in smart contracts. InProceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering. 1029–1040

    work page 2020

  77. [77]

    Zhuo Zhang, Brian Zhang, Wen Xu, and Zhiqiang Lin. 2023. Demystifying exploitable bugs in smart contracts. In2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE). IEEE, 615–627

    work page 2023

  78. [78]

    Juantao Zhong, Daoyuan Wu, Ye Liu, Maoyi Xie, Yang Liu, Yi Li, and Ning Liu. 2025. DeFiScope: Detecting Various DeFi Price Manipulations with LLM Reasoning.arXiv preprint arXiv:2502.11521(2025). , Vol. 1, No. 1, Article . Publication date: October 2025

    work page arXiv 2025