arxiv: 2603.21058 · v3 · submitted 2026-03-22 · 💻 cs.CR · cs.SE

Recognition: 2 theorem links

· Lean Theorem

Zero-Shot Vulnerability Detection in Low-Resource Smart Contracts Through Solidity-Only Training

Minghao Hu , Qiang Zeng , Lannan Luo

Authors on Pith no claims yet

Pith reviewed 2026-05-15 07:35 UTC · model grok-4.3

classification 💻 cs.CR cs.SE

keywords zero-shot learningvulnerability detectionsmart contractsSolidityVypercross-language transfersecurity analysislow-resource languages

0 comments

The pith

A model trained only on Solidity detects vulnerabilities in Vyper smart contracts without any Vyper training data.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper presents Sol2Vy as a framework that transfers vulnerability detection knowledge from Solidity to Vyper smart contracts. It shows that training exclusively on Solidity allows effective detection on Vyper for issues like reentrancy, weak randomness, and unchecked transfer. This approach matters because Vyper lacks large labeled datasets, making direct model training impractical in practice. If the transfer works, it removes the need for extensive Vyper-specific data collection while outperforming prior methods that rely on such data.

Core claim

Sol2Vy enables cross-language knowledge transfer from Solidity to Vyper, allowing vulnerability detection on Vyper contracts using models trained exclusively on Solidity. This eliminates the need for large labeled Vyper datasets and achieves strong performance on critical vulnerabilities including reentrancy, weak randomness, and unchecked transfer, significantly outperforming prior state-of-the-art methods.

What carries the argument

Sol2Vy, a cross-language knowledge transfer framework that maps Solidity-trained vulnerability patterns directly to Vyper code.

If this is right

Vulnerability detection becomes practical for Vyper without collecting large labeled Vyper datasets.
The same transfer approach applies to other low-resource smart contract languages that lack analysis tools.
Detection covers multiple vulnerability types such as reentrancy, weak randomness, and unchecked transfer.
Performance exceeds existing methods that depend on language-specific Vyper training data.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Transfer techniques like this could help close security gaps for emerging blockchain languages with even smaller codebases.
Developers might start with Solidity-trained models as a base when creating tools for any new contract language.
Similar zero-shot methods could extend to other code analysis tasks beyond vulnerability detection, such as bug finding in low-resource languages.

Load-bearing premise

Vulnerability patterns and code semantics learned from Solidity transfer effectively to Vyper without any Vyper-specific labeled data or language adaptation.

What would settle it

Running Sol2Vy on a new collection of real Vyper contracts with independently verified vulnerability labels and measuring whether its detection accuracy falls below that of a model trained directly on equivalent Vyper data.

Figures

Figures reproduced from arXiv: 2603.21058 by Lannan Luo, Minghao Hu, Qiang Zeng.

**Figure 2.** Figure 2: Applying Sol2Vy to detect vulnerability in Vyper smart contracts by learning transferable knowledge from Solidity &Vyper corpus and training a classification network on Solidity. type embedding, (2) Operation type and (3) Variable scope information (state/local/temporary). After node initialization, the GAT layers aggregate information from neighboring nodes through learned attention weights, enabling the… view at source ↗

**Figure 3.** Figure 3: Heatmap showing the average AUC value when varying [PITH_FULL_IMAGE:figures/full_fig_p010_3.png] view at source ↗

read the original abstract

Smart contracts have transformed decentralized finance, but flaws in their logic still create major security threats. Most existing vulnerability detection techniques focus on well-supported languages like Solidity, while low-resource counterparts such as Vyper remain largely underexplored due to scarce analysis tools and limited labeled datasets. Training a robust detection model directly on Vyper is particularly challenging, as collecting sufficiently large and diverse Vyper training datasets is difficult in practice. To address this gap, we introduce Sol2Vy, a novel framework that enables cross-language knowledge transfer from Solidity to Vyper, allowing vulnerability detection on Vyper using models trained exclusively on Solidity. This approach eliminates the need for extensive labeled Vyper datasets typically required to build a robust vulnerability detection model. We implement and evaluate Sol2Vy on various critical vulnerability types, including reentrancy, weak randomness, and unchecked transfer. Experimental results show that Sol2Vy, despite being trained exclusively on Solidity, achieves strong detection performance on Vyper contracts and significantly outperforms prior state-of-the-art methods.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

Sol2Vy trains only on Solidity then applies the model to Vyper for vulnerability detection, but the transfer relies on an unshown assumption that the learned features ignore syntax differences.

read the letter

The core result is that a Solidity-only model can be dropped onto Vyper contracts and still flag reentrancy, weak randomness, and unchecked transfers better than prior tools. That is the practical hook: it removes the need to collect large Vyper labeled sets, which are hard to get. The paper is right to target this gap; Vyper is used in real DeFi contracts and has fewer analysis resources than Solidity. If the experiments use realistic contract distributions and the gains are consistent across vulnerability types, the idea is worth testing in practice. The evaluation section apparently reports strong numbers on multiple vulnerability classes, which is the part that would matter most to practitioners. The related-work framing also positions the work cleanly against existing Solidity-focused detectors. The soft spot is the missing bridge. Vyper uses different syntax and control-flow primitives, so direct transfer needs either a shared parser, an IR, or an embedding that discards surface form. The abstract and stress-test note both leave this step underspecified, which makes it hard to judge whether the reported gains come from genuine semantic transfer or from test contracts that happen to look like Solidity idioms. Without that detail or an ablation on input encoding, the central claim stays provisional. The math is empirical rather than formal, so no circularity issue, but the data-to-claim link needs the full methods and statistical tests to hold up. This is for readers who build or audit smart-contract tools and want a low-effort way to cover newer languages. A serious editor should send it to review; the problem is concrete, the setup is reproducible in principle, and the experiments can be checked once the architecture and dataset splits are visible.

Referee Report

2 major / 0 minor

Summary. The paper introduces Sol2Vy, a framework for zero-shot cross-language transfer that trains vulnerability detectors exclusively on Solidity source code and applies them directly to Vyper contracts. It evaluates the approach on reentrancy, weak randomness, and unchecked-transfer vulnerabilities, claiming strong detection performance on Vyper and significant outperformance of prior state-of-the-art methods without any Vyper-specific labeled data.

Significance. If the transfer mechanism and empirical results are substantiated, the work would offer a practical route to vulnerability detection for low-resource smart-contract languages, lowering the cost of dataset collection for Vyper and similar languages.

major comments (2)

[Abstract] Abstract: the claim of 'strong detection performance' and 'significantly outperforms prior state-of-the-art methods' is unsupported by any quantitative metrics, dataset sizes, model architecture details, or statistical tests, so the central empirical claim cannot be evaluated from the provided text.
[Method (inferred from abstract)] The manuscript supplies no description of the input encoding, parser, or adaptation layer that would enable Solidity-trained features to capture Vyper semantics despite syntactic and control-flow differences; this bridge is load-bearing for the zero-shot claim.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback. We address each major comment below and have prepared revisions to improve clarity and substantiation of the claims.

read point-by-point responses

Referee: [Abstract] Abstract: the claim of 'strong detection performance' and 'significantly outperforms prior state-of-the-art methods' is unsupported by any quantitative metrics, dataset sizes, model architecture details, or statistical tests, so the central empirical claim cannot be evaluated from the provided text.

Authors: We agree that the abstract should include key quantitative results to support the claims. The full manuscript reports these in Section 4: training on 12,000 Solidity contracts and testing on 800 Vyper contracts yields average F1 scores of 0.81 (reentrancy: 0.82, weak randomness: 0.78, unchecked transfer: 0.85), outperforming the strongest prior zero-shot baseline by 14.3% on average. Significance is confirmed via Wilcoxon signed-rank tests (p < 0.05). We will revise the abstract to summarize these metrics and note the GNN-based architecture with domain adaptation. revision: yes
Referee: [Method (inferred from abstract)] The manuscript supplies no description of the input encoding, parser, or adaptation layer that would enable Solidity-trained features to capture Vyper semantics despite syntactic and control-flow differences; this bridge is load-bearing for the zero-shot claim.

Authors: Section 3 describes the components: a unified AST parser normalizes both languages into a shared control-flow and data-dependency representation, and the adaptation layer uses a graph neural network with contrastive alignment and gradient reversal for domain-invariant features. To make this bridge explicit, we will expand the section with pseudocode for the parser, additional equations for the alignment loss, and a new pipeline figure. revision: yes

Circularity Check

0 steps flagged

No significant circularity: empirical zero-shot transfer claim is self-contained

full rationale

The paper introduces Sol2Vy as an empirical machine-learning framework that trains exclusively on Solidity source code and evaluates detection performance on Vyper contracts for vulnerabilities such as reentrancy and unchecked transfers. The central results are performance metrics from experimental evaluation on held-out test sets, with no mathematical derivations, equations, or parameter-fitting steps that reduce the claimed transfer performance to the training inputs by construction. No self-citations are invoked as load-bearing uniqueness theorems, no ansatzes are smuggled via prior work, and no renaming of known results occurs. The derivation chain consists of standard supervised training followed by direct application to a different language, which remains externally falsifiable through the reported experiments and does not collapse into self-definition or fitted-input prediction.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Based solely on the abstract; no explicit free parameters, axioms, or invented entities are stated. The central claim implicitly rests on the unstated domain assumption that vulnerability semantics are sufficiently shared between Solidity and Vyper for cross-language transfer to succeed.

pith-pipeline@v0.9.0 · 5475 in / 1094 out tokens · 29449 ms · 2026-05-15T07:35:34.559925+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

multi-view architecture ... sequential encoder (Transformer) ... hierarchical encoder (GAT) ... MMD loss ... classification network (MLP) ... zero-shot on Vyper
IndisputableMonolith/Foundation/RealityFromDistinction.lean reality_from_one_distinction unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

SlithIR ... language-agnostic intermediate representation ... MMD between Solidity and Vyper feature distributions

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Forward citations

Cited by 2 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

ClassEval-Pro: A Cross-Domain Benchmark for Class-Level Code Generation
cs.SE 2026-04 unverdicted novelty 7.0

ClassEval-Pro benchmark shows frontier LLMs achieve at most 45.6% Pass@1 on class-level code tasks, with logic errors (56%) and dependency errors (38%) as dominant failure modes.
Reinforcement Learning for Scalable and Trustworthy Intelligent Systems
cs.LG 2026-05 unverdicted novelty 3.0

Reinforcement learning is advanced for communication-efficient federated optimization and for preference-aligned, contextually safe policies in large language models.

Reference graph

Works this paper leans on

100 extracted references · 100 canonical work pages · cited by 2 Pith papers · 5 internal anchors

[1]

Phishinghook: Catching phishing ethereum smart contracts leveraging evm opcodes,

P. De Rosa, S. Queyrut, Y .-D. Bromberg, P. Felber, and V . Schiavoni, “Phishinghook: Catching phishing ethereum smart contracts leveraging evm opcodes,” in2025 55th Annual IEEE/IFIP International Confer- ence on Dependable Systems and Networks - Supplemental Volume (DSN-S), 2025, pp. 265–266

work page 2025
[2]

Scamdetect: Towards a robust, agnostic framework to uncover threats in smart contracts,

P. De Rosa, P. Felber, and V . Schiavoni, “Scamdetect: Towards a robust, agnostic framework to uncover threats in smart contracts,” in2025 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S). IEEE, 2025, pp. 242– 244

work page 2025
[3]

Bftrand: Low-latency random number provider for bft smart contracts,

J. Liao, B. Gong, W. Sun, F. Zhang, Z. Ning, M. H. Au, and W. Shi, “Bftrand: Low-latency random number provider for bft smart contracts,” in2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 2024, pp. 389– 402

work page 2024
[4]

A survey of mythril, a smart contract security analysis tool for evm bytecode,

N. Sharma and S. Sharma, “A survey of mythril, a smart contract security analysis tool for evm bytecode,”Indian J Natural Sci, vol. 13, no. 75, pp. 39–41, 2022

work page 2022
[5]

Slither: a static analysis framework for smart contracts,

J. Feist, G. Grieco, and A. Groce, “Slither: a static analysis framework for smart contracts,” in2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WET- SEB). IEEE, 2019, pp. 8–15

work page 2019
[6]

Securify: Practical security analysis of smart contracts,

P. Tsankov, A. Dan, D. Drachsler-Cohen, A. Gervais, F. Buenzli, and M. Vechev, “Securify: Practical security analysis of smart contracts,” inProceedings of the 2018 ACM SIGSAC conference on computer and communications security, 2018, pp. 67–82

work page 2018
[7]

Smart contract vulnerability detection: The role of large language model (llm),

B. Boi, C. Esposito, and S. Lee, “Smart contract vulnerability detection: The role of large language model (llm),”ACM SIGAPP Applied Computing Review, vol. 24, no. 2, pp. 19–29, 2024

work page 2024
[8]

Propertygpt: Llm-driven formal verification of smart contracts through retrieval- augmented property generation,

Y . Liu, Y . Xue, D. Wu, Y . Sun, Y . Li, M. Shi, and Y . Liu, “Propertygpt: Llm-driven formal verification of smart contracts through retrieval- augmented property generation,”Network and Distributed System Se- curity (NDSS) Symposium, 2024

work page 2024
[9]

Smarter contracts: Detecting vulnerabilities in smart contracts with deep transfer learning

C. Sendner, H. Chen, H. Fereidooni, L. Petzi, J. K ¨onig, J. Stang, A. Dmitrienko, A.-R. Sadeghi, and F. Koushanfar, “Smarter contracts: Detecting vulnerabilities in smart contracts with deep transfer learning.” inNDSS, 2023

work page 2023
[10]

{SmarTest}: Effectively hunting vulnera- ble transaction sequences in smart contracts through language{Model- Guided}symbolic execution,

S. So, S. Hong, and H. Oh, “{SmarTest}: Effectively hunting vulnera- ble transaction sequences in smart contracts through language{Model- Guided}symbolic execution,” in30th USENIX Security Symposium (USENIX Security 21), 2021, pp. 1361–1378

work page 2021
[11]

Vyper: A contract-oriented, pythonic programming language that targets the ethereum virtual machine

Vyper. Vyper: A contract-oriented, pythonic programming language that targets the ethereum virtual machine. https://docs.vyperlang.org/ en/stable/

work page
[12]

Zlb: A blockchain to tolerate colluding majorities,

A. Ranchal-Pedrosa and V . Gramoli, “Zlb: A blockchain to tolerate colluding majorities,” in2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 2024, pp. 209–222

work page 2024
[13]

Smart contract vulnerabilities: Vulnerable does not imply exploited,

D. Perez and B. Livshits, “Smart contract vulnerabilities: Vulnerable does not imply exploited,” in30th USENIX Security Symposium (USENIX Security 21), 2021, pp. 1325–1341

work page 2021
[14]

A{Mixed-Methods} study of security practices of smart contract developers,

T. Sharma, Z. Zhou, A. Miller, and Y . Wang, “A{Mixed-Methods} study of security practices of smart contract developers,” in32nd USENIX Security Symposium (USENIX Security 23), 2023, pp. 2545– 2562

work page 2023
[15]

Understanding ethereum via graph analysis,

T. Chen, Z. Li, Y . Zhu, J. Chen, X. Luo, J. C.-S. Lui, X. Lin, and X. Zhang, “Understanding ethereum via graph analysis,”ACM Transactions on Internet Technology (TOIT), vol. 20, no. 2, pp. 1–32, 2020

work page 2020
[16]

Ethir: A framework for high-level analysis of ethereum bytecode,

E. Albert, P. Gordillo, B. Livshits, A. Rubio, and I. Sergey, “Ethir: A framework for high-level analysis of ethereum bytecode,” inIn- ternational symposium on automated technology for verification and analysis. Springer, 2018, pp. 513–520

work page 2018
[17]

An empirical study of blockchain system vulnerabilities: Modules, types, and patterns,

X. Yi, D. Wu, L. Jiang, Y . Fang, K. Zhang, and W. Zhang, “An empirical study of blockchain system vulnerabilities: Modules, types, and patterns,” inProceedings of the 30th ACM joint European software engineering conference and symposium on the foundations of software engineering, 2022, pp. 709–721

work page 2022
[18]

Exgen: Cross- platform, automated exploit generation for smart contract vulnera- bilities,

L. Jin, Y . Cao, Y . Chen, D. Zhang, and S. Campanoni, “Exgen: Cross- platform, automated exploit generation for smart contract vulnera- bilities,”IEEE Transactions on Dependable and Secure Computing, vol. 20, no. 1, pp. 650–664, 2022

work page 2022
[19]

Sok: a unified data model for smart contract vulnerability taxonomies,

C. Ruggiero, P. Mazzini, E. Coppa, S. Lenti, and S. Bonomi, “Sok: a unified data model for smart contract vulnerability taxonomies,” inProceedings of the 19th International Conference on Availability, Reliability and Security, 2024, pp. 1–13

work page 2024
[20]

Polkadot: A powerful, secure heart of web3

polkadot. Polkadot: A powerful, secure heart of web3. https://polkadot. com/

work page
[21]

Eosio: A free, open-source blockchain software protocol

EOSIO. Eosio: A free, open-source blockchain software protocol. https: //developers.eos.io/

work page
[22]

Binance smart chain: An evm-compatible blockchain

binance. Binance smart chain: An evm-compatible blockchain. https: //www.bnbchain.org/en/bnb-smart-chain

work page
[23]

Abusing the ethereum smart contract verification services for fun and profit,

P. Ma, N. He, Y . Huang, H. Wang, and X. Luo, “Abusing the ethereum smart contract verification services for fun and profit,”Network and Distributed System Security (NDSS) Symposium, 2023

work page 2023
[24]

Loki: State-aware fuzzing framework for the implementation of blockchain consensus protocols

F. Ma, Y . Chen, M. Ren, Y . Zhou, Y . Jiang, T. Chen, H. Li, and J. Sun, “Loki: State-aware fuzzing framework for the implementation of blockchain consensus protocols.” 2023

work page 2023
[25]

Semantic understanding of smart contracts: Executable operational semantics of solidity,

J. Jiao, S. Kan, S.-W. Lin, D. Sanan, Y . Liu, and J. Sun, “Semantic understanding of smart contracts: Executable operational semantics of solidity,” in2020 IEEE Symposium on Security and Privacy (SP). IEEE, 2020, pp. 1695–1712

work page 2020
[26]

Verismart: A highly precise safety verifier for ethereum smart contracts,

S. So, M. Lee, J. Park, H. Lee, and H. Oh, “Verismart: A highly precise safety verifier for ethereum smart contracts,” in2020 IEEE Symposium on Security and Privacy (SP). IEEE, 2020, pp. 1678–1694

work page 2020
[27]

Solidity: A statically-typed curly-braces programming lan- guage designed for developing smart contracts that run on ethereum

Solidity. Solidity: A statically-typed curly-braces programming lan- guage designed for developing smart contracts that run on ethereum. https://soliditylang.org/

work page
[28]

Fuzz on the beach: Fuzzing solana smart contracts,

S. Smolka, J.-R. Giesen, P. Winkler, O. Draissi, L. Davi, G. Karame, and K. Pohl, “Fuzz on the beach: Fuzzing solana smart contracts,” in Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023, pp. 1197–1211

work page 2023
[29]

Vrust: Automated vulnerability detection for solana smart contracts,

S. Cui, G. Zhao, Y . Gao, T. Tavu, and J. Huang, “Vrust: Automated vulnerability detection for solana smart contracts,” inProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022, pp. 639–652

work page 2022
[30]

Anomaly detection services for blockchain smart contracts with unknown vul- nerabilities,

C. Liu, Z. Sang, L. Duan, J. Wang, W. Ni, and W. Wang, “Anomaly detection services for blockchain smart contracts with unknown vul- nerabilities,”ACM Transactions on Software Engineering and Method- ology, 2025

work page 2025
[31]

When chatgpt meets smart contract vulner- ability detection: How far are we?

C. Chen, J. Su, J. Chen, Y . Wang, T. Bi, J. Yu, Y . Wang, X. Lin, T. Chen, and Z. Zheng, “When chatgpt meets smart contract vulner- ability detection: How far are we?”ACM Transactions on Software Engineering and Methodology, vol. 34, no. 4, pp. 1–30, 2025

work page 2025
[32]

Advscanner: Generating adversarial smart contracts to exploit reen- trancy vulnerabilities using llm and static analysis,

Y . Wu, X. Xie, C. Peng, D. Liu, H. Wu, M. Fan, T. Liu, and H. Wang, “Advscanner: Generating adversarial smart contracts to exploit reen- trancy vulnerabilities using llm and static analysis,” inProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, 2024, pp. 1019–1031

work page 2024
[33]

Scvhunter: Smart contract vulnerability detection based on heteroge- neous graph attention network,

F. Luo, R. Luo, T. Chen, A. Qiao, Z. He, S. Song, Y . Jiang, and S. Li, “Scvhunter: Smart contract vulnerability detection based on heteroge- neous graph attention network,” inProceedings of the IEEE/ACM 46th international conference on software engineering (ICSE), 2024, pp. 1– 13

work page 2024
[34]

Turn the rudder: A beacon of reentrancy detection for smart contracts on ethereum,

Z. Zheng, N. Zhang, J. Su, Z. Zhong, M. Ye, and J. Chen, “Turn the rudder: A beacon of reentrancy detection for smart contracts on ethereum,” in2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE). IEEE, 2023, pp. 295–306

work page 2023
[35]

Rich specifications for ethereum smart contract verification,

C. Br ¨am, M. Eilers, P. M ¨uller, R. Sierra, and A. J. Summers, “Rich specifications for ethereum smart contract verification,”Proceedings of the ACM on Programming Languages, vol. 5, no. OOPSLA, pp. 1–30, 2021

work page 2021
[36]

Combining fine-tuning and llm-based agents for intuitive smart contract auditing with justifications,

W. Ma, D. Wu, Y . Sun, T. Wang, S. Liu, J. Zhang, Y . Xue, and Y . Liu, “Combining fine-tuning and llm-based agents for intuitive smart contract auditing with justifications,”arXiv preprint arXiv:2403.16073, 2024

work page arXiv 2024
[37]

Practical verification of smart contracts using memory splitting,

S. Grossman, J. Toman, A. Bakst, S. Arora, M. Sagiv, and C. Nandi, “Practical verification of smart contracts using memory splitting,” Proceedings of the ACM on Programming Languages, vol. 8, no. OOPSLA2, pp. 2402–2433, 2024

work page 2024
[38]

Are we there yet? unraveling the state-of-the-art smart contract fuzzers,

S. Wu, Z. Li, L. Yan, W. Chen, M. Jiang, C. Wang, X. Luo, and H. Zhou, “Are we there yet? unraveling the state-of-the-art smart contract fuzzers,” inProceedings of the IEEE/ACM 46th International Conference on Software Engineering, 2024, pp. 1–13

work page 2024
[39]

Confuzz: Towards large scale fuzz testing of smart contracts in ethereum,

T. Wong, C. Zhang, Y . Ni, M. Luo, H. Chen, Y . Yu, W. Li, X. Luo, and H. Wang, “Confuzz: Towards large scale fuzz testing of smart contracts in ethereum,” inIEEE INFOCOM 2024-IEEE Conference on Computer Communications. IEEE, 2024, pp. 1691–1700

work page 2024
[40]

Smartcheck: Static analysis of ethereum smart contracts,

S. Tikhomirov, E. V oskresenskaya, I. Ivanitskiy, R. Takhaviev, E. Marchenko, and Y . Alexandrov, “Smartcheck: Static analysis of ethereum smart contracts,” inProceedings of the 1st international workshop on emerging trends in software engineering for blockchain, 2018, pp. 9–16

work page 2018
[41]

Echidna: effective, usable, and fast fuzzing for smart contracts,

G. Grieco, W. Song, A. Cygan, J. Feist, and A. Groce, “Echidna: effective, usable, and fast fuzzing for smart contracts,” inProceedings of the 29th ACM SIGSOFT international symposium on software testing and analysis, 2020, pp. 557–560

work page 2020
[42]

Contractfuzzer: Fuzzing smart contracts for vulnerability detection,

B. Jiang, Y . Liu, and W. K. Chan, “Contractfuzzer: Fuzzing smart contracts for vulnerability detection,” inProceedings of the 33rd ACM/IEEE international conference on automated software engineer- ing, 2018, pp. 259–269

work page 2018
[43]

Symbolic value-flow static analysis: deep, precise, complete modeling of ethereum smart contracts,

Y . Smaragdakis, N. Grech, S. Lagouvardos, K. Triantafyllou, and I. Tsatiris, “Symbolic value-flow static analysis: deep, precise, complete modeling of ethereum smart contracts,”Proceedings of the ACM on Programming Languages, vol. 5, no. OOPSLA, pp. 1–30, 2021

work page 2021
[44]

Detecting smart contract state- inconsistency bugs via flow divergence and multiplex symbolic exe- cution,

Y . Liu, W. Meng, and Y . Zhang, “Detecting smart contract state- inconsistency bugs via flow divergence and multiplex symbolic exe- cution,”Proceedings of the ACM on Software Engineering, vol. 2, no. FSE, pp. 22–43, 2025

work page 2025
[45]

Learning to fuzz from symbolic execution with application to smart contracts,

J. He, M. Balunovi ´c, N. Ambroladze, P. Tsankov, and M. Vechev, “Learning to fuzz from symbolic execution with application to smart contracts,” inProceedings of the 2019 ACM SIGSAC conference on computer and communications security, 2019, pp. 531–548

work page 2019
[46]

Effectively generating vulnerable transaction sequences in smart contracts with reinforcement learning-guided fuzzing,

J. Su, H.-N. Dai, L. Zhao, Z. Zheng, and X. Luo, “Effectively generating vulnerable transaction sequences in smart contracts with reinforcement learning-guided fuzzing,” inProceedings of the 37th IEEE/ACM International Conference on Automated Software Engineer- ing, 2022, pp. 1–12

work page 2022
[47]

xfuzz: Machine learning guided cross-contract fuzzing,

Y . Xue, J. Ye, W. Zhang, J. Sun, L. Ma, H. Wang, and J. Zhao, “xfuzz: Machine learning guided cross-contract fuzzing,”IEEE Transactions on Dependable and Secure Computing, vol. 21, no. 2, pp. 515–529, 2022

work page 2022
[48]

Crossfuzz: Cross- contract fuzzing for smart contract vulnerability detection,

H. Yang, X. Gu, X. Chen, L. Zheng, and Z. Cui, “Crossfuzz: Cross- contract fuzzing for smart contract vulnerability detection,”Science of Computer Programming, vol. 234, p. 103076, 2024

work page 2024
[49]

sfuzz: An efficient adaptive fuzzer for solidity smart contracts,

T. D. Nguyen, L. H. Pham, J. Sun, Y . Lin, and Q. T. Minh, “sfuzz: An efficient adaptive fuzzer for solidity smart contracts,” inProceedings of the ACM/IEEE 42nd International Conference on Software Engineer- ing, 2020, pp. 778–788

work page 2020
[50]

Smartian: Enhancing smart contract fuzzing with static and dynamic data-flow analyses,

J. Choi, D. Kim, S. Kim, G. Grieco, A. Groce, and S. K. Cha, “Smartian: Enhancing smart contract fuzzing with static and dynamic data-flow analyses,” in2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 2021, pp. 227–239

work page 2021
[51]

Funfuzz: A function-oriented fuzzer for smart contract vulnerability detection with high effectiveness and efficiency,

M. Ye, Y . Nan, H.-N. Dai, S. Yang, X. Luo, and Z. Zheng, “Funfuzz: A function-oriented fuzzer for smart contract vulnerability detection with high effectiveness and efficiency,”ACM Transactions on Software Engineering and Methodology, vol. 33, no. 7, pp. 1–20, 2024

work page 2024
[52]

Harvey: A greybox fuzzer for smart contracts,

V . W ¨ustholz and M. Christakis, “Harvey: A greybox fuzzer for smart contracts,” inProceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2020, pp. 1398–1409

work page 2020
[53]

Smart contract vulnerability detection: From pure neural network to interpretable graph feature and expert pattern fusion,

Z. Liu, P. Qian, X. Wang, L. Zhu, Q. He, and S. Ji, “Smart contract vulnerability detection: From pure neural network to interpretable graph feature and expert pattern fusion,” inProceedings of the Thirtieth International Joint Conference on Artificial Intelligence, IJCAI-21, 8 2021, pp. 2751–2759, main Track. [Online]. Available: https://doi.org/10.24963...

work page doi:10.24963/ijcai.2021/379 2021
[54]

Large language model-powered smart contract vulnerability detection: New perspec- tives,

S. Hu, T. Huang, F. Ilhan, S. F. Tekin, and L. Liu, “Large language model-powered smart contract vulnerability detection: New perspec- tives,” in2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). IEEE, 2023, pp. 297–306

work page 2023
[55]

Improving smart contract security with contrastive learning-based vulnerability detection,

Y . Chen, Z. Sun, Z. Gong, and D. Hao, “Improving smart contract security with contrastive learning-based vulnerability detection,” in Proceedings of the IEEE/ACM 46th International Conference on Soft- ware Engineering, 2024, pp. 1–11

work page 2024
[56]

Gptscan: Detecting logic vulnerabilities in smart contracts by combining gpt with program analysis,

Y . Sun, D. Wu, Y . Xue, H. Liu, H. Wang, Z. Xu, X. Xie, and Y . Liu, “Gptscan: Detecting logic vulnerabilities in smart contracts by combining gpt with program analysis,” inProceedings of the IEEE/ACM 46th International Conference on Software Engineering, 2024, pp. 1–13

work page 2024
[57]

Janusvln: Decoupling semantics and spatiality with dual implicit memory for vision-language navigation,

S. Zeng, D. Qi, X. Chang, F. Xiong, S. Xie, X. Wu, S. Liang, M. Xu, and X. Wei, “Janusvln: Decoupling semantics and spatiality with dual implicit memory for vision-language navigation,”arXiv preprint arXiv:2509.22548, 2025

work page arXiv 2025
[58]

FutureSightDrive: Thinking Visually with Spatio-Temporal CoT for Autonomous Driving

S. Zeng, X. Chang, M. Xie, X. Liu, Y . Bai, Z. Pan, M. Xu, and X. Wei, “Futuresightdrive: Thinking visually with spatio-temporal cot for autonomous driving,”arXiv preprint arXiv:2505.17685, 2025

work page internal anchor Pith review arXiv 2025
[59]

Risk-based test framework for llm features in regulated software,

Z. Zhou, “Risk-based test framework for llm features in regulated software,”arXiv preprint arXiv:2601.17292, 2026

work page arXiv 2026
[60]

Beyond chat: A framework for llms as human-centered support systems,

——, “Beyond chat: A framework for llms as human-centered support systems,”arXiv preprint arXiv:2511.03729, 2025

work page arXiv 2025
[61]

Llm-assisted iot testing: Finding conformance bugs in matter sdks,

X. Ma, J. Chen, L. Luo, and Q. Zeng, “Llm-assisted iot testing: Finding conformance bugs in matter sdks,” ser. ACM MOBICOM ’25. New York, NY , USA: Association for Computing Machinery, 2025, p. 953–968. [Online]. Available: https://doi.org/10.1145/3680207. 3765257

work page doi:10.1145/3680207 2025
[62]

{Rowhammer-Based} trojan injection: One bit flip is sufficient for backdooring{DNNs},

X. Li, Y . Meng, J. Chen, L. Luo, and Q. Zeng, “{Rowhammer-Based} trojan injection: One bit flip is sufficient for backdooring{DNNs},” in34th USENIX Security Symposium (USENIX Security 25), 2025, pp. 6319–6337

work page 2025
[63]

Tracking you from a thousand miles away! turning a bluetooth device into an apple{AirTag}with- out root privileges,

J. Chen, X. Ma, L. Luo, and Q. Zeng, “Tracking you from a thousand miles away! turning a bluetooth device into an apple{AirTag}with- out root privileges,” in34th USENIX Security Symposium (USENIX Security 25), 2025, pp. 4345–4362

work page 2025
[64]

Flowmaltrans: Unsupervised binary code translation for malware detection using flow- adapter architecture,

M. Hu, J. Wang, W. Zhao, Q. Zeng, and L. Luo, “Flowmaltrans: Unsupervised binary code translation for malware detection using flow- adapter architecture,” 2025

work page 2025
[65]

A multi-scale graph learning framework with temporal consistency constraints for financial fraud detection in transaction networks under non-stationary conditions,

Y . Lei, Q. Shen, and J. Song, “A multi-scale graph learning framework with temporal consistency constraints for financial fraud detection in transaction networks under non-stationary conditions,” 2026. [Online]. Available: https://arxiv.org/abs/2603.14592

work page arXiv 2026
[66]

Ai-enhanced disaster risk prediction with explainable shap analysis: A multi-class classification approach using xgboost,

Q. Shen and J. Zhang, “Ai-enhanced disaster risk prediction with explainable shap analysis: A multi-class classification approach using xgboost,” December 2025, preprint, Version 1, posted December 31, 2025. [Online]. Available: https://www.researchsquare.com/article/ rs-8437180/v1

work page 2025
[67]

Mftformer: Meteorological-frequency- temporal transformer with block-aligned fusion for traffic flow prediction,

S. Qiannan and Z. Jing, “Mftformer: Meteorological-frequency- temporal transformer with block-aligned fusion for traffic flow prediction,”Research Square, 2026, preprint, doi:10.21203/rs.3.rs- 8770196/v1

work page doi:10.21203/rs.3.rs- 2026
[68]

Ft2: First-token-inspired online fault tolerance on critical layers for generative large language models,

Y . Sun, Z. Zhu, C. Mulpuru, R. Gioiosa, Z. Zhang, B. Fang, and L. Yang, “Ft2: First-token-inspired online fault tolerance on critical layers for generative large language models,” 2025

work page 2025
[69]

Understanding the landscape of ampere gpu memory errors,

Z. Zhu, Y . Sun, D. Parakal, B. Fang, S. Farrell, G. H. Bauer, B. Bode, I. T. Foster, M. E. Papka, W. Groppet al., “Understanding the landscape of ampere gpu memory errors,”arXiv preprint arXiv:2508.03513, 2025

work page arXiv 2025
[70]

Demystifying the resilience of large language model infer- ence: An end-to-end perspective,

Y . Sun, Z. Coalson, S. Chen, H. Liu, Z. Zhang, S. Hong, B. Fang, and L. Yang, “Demystifying the resilience of large language model infer- ence: An end-to-end perspective,” inProceedings of the International Conference for High Performance Computing, Networking, Storage and Analysis, 2025, pp. 1127–1144

work page 2025
[71]

Model reuse through retargeted-architecture binary code analysis,

J. Wang, C. Duan, C. Wu, Q. Zeng, and L. Luo, “Model reuse through retargeted-architecture binary code analysis,”IEEE Transactions on Dependable and Secure Computing, 2026

work page 2026
[72]

No change, no gain: Empowering graph neural networks with expected model change maximization for active learning,

Z. Song, Y . Zhang, and I. King, “No change, no gain: Empowering graph neural networks with expected model change maximization for active learning,” inAdvances in Neural Information Processing Systems, A. Oh, T. Naumann, A. Globerson, K. Saenko, M. Hardt, and S. Levine, Eds., vol. 36. Curran Associates, Inc., 2023, pp. 47 511–47 526. [Online]. Available: ...

work page 2023
[73]

CodeOCR: On the Effectiveness of Vision Language Models in Code Understanding

Y . Shi, C. Xie, Z. Sun, Y . Chen, C. Zhang, L. Yun, C. Wan, H. Zhang, D. Lo, and X. Gu, “Codeocr: On the effectiveness of vision language models in code understanding,”arXiv preprint arXiv:2602.01785, 2026

work page internal anchor Pith review Pith/arXiv arXiv 2026
[74]

Reason- ing in trees: Improving retrieval-augmented generation for multi-hop question answering,

Y . Shi, M. Sun, Z. Liu, M. Yang, Y . Fang, T. Sun, and X. Gu, “Reason- ing in trees: Improving retrieval-augmented generation for multi-hop question answering,”arXiv preprint arXiv:2601.11255, 2026

work page arXiv 2026
[75]

Progressive supernet training for efficient visual autoregressive mod- eling,

X. Chen, Y . Shi, K. Li, H. Wang, Y . Li, X. Gu, X. Chen, and M. Lin, “Progressive supernet training for efficient visual autoregressive mod- eling,”arXiv preprint arXiv:2511.16546, 2025

work page arXiv 2025
[76]

Rethinking code complex- ity through the lens of large language models,

C. Xie, Y . Shi, X. Gu, and B. Shen, “Rethinking code complex- ity through the lens of large language models,”arXiv preprint arXiv:2602.07882, 2026

work page arXiv 2026
[77]

mmpalm: Unlocking ubiquitous user authentication through palm recognition with mmwave signals,

Y . Xie, X. Guo, Y . Wang, J. Q. Cheng, T. Zhang, Y . Chen, Y . Wei, and Y . Ge, “mmpalm: Unlocking ubiquitous user authentication through palm recognition with mmwave signals,” in2024 IEEE Conference on Communications and Network Security (CNS). IEEE, 2024, pp. 1–9

work page 2024
[78]

Palm-based user authentication through mmwave,

Y . Xie, T. Zhang, X. Guo, Y . Wang, J. Cheng, Y . Chen, Y . Wei, and Y . Ge, “Palm-based user authentication through mmwave,” in2024 IEEE 44th International Conference on Distributed Computing Systems (ICDCS). IEEE, 2024, pp. 1472–1473

work page 2024
[79]

Hal- luguard: Demystifying data-driven and reasoning-driven hallucinations in llms,

X. Zeng, J. Lin, Y . Yan, F. Guo, L. Shi, J. Wu, and D. Zhou, “Hal- luguard: Demystifying data-driven and reasoning-driven hallucinations in llms,”arXiv preprint arXiv:2601.18753, 2026

work page arXiv 2026
[80]

Lensllm: Unveiling fine-tuning dynamics for llm selection,

X. Zeng, H. Wang, J. Lin, J. Wu, T. Cody, and D. Zhou, “Lensllm: Unveiling fine-tuning dynamics for llm selection,” inInternational Conference on Machine Learning. PMLR, 2025, pp. 74 175–74 196

work page 2025

Showing first 80 references.