arxiv: 2604.18395 · v1 · submitted 2026-04-20 · 💻 cs.CR

Recognition: unknown

Capturing Monetarily Exploitable Vulnerability in Smart Contracts via Auditor Knowledge-Learning Fuzzing

Bowen Cai , Weiheng Bai , Hangyun Tang , Youshui Lu , Kangjie Lu

Authors on Pith no claims yet

Pith reviewed 2026-05-10 04:25 UTC · model grok-4.3

classification 💻 cs.CR

keywords smart contractsfuzz testingmonetarily exploitable vulnerabilitiesauditor reportsnatural language processingself-learningblockchain securityDeFi

0 comments

The pith

A fuzzer called FAUDITOR detects monetarily exploitable vulnerabilities in smart contracts by using NLP-extracted auditor insights and self-learning to target finance-related interfaces, finding 220 zero-day cases.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper seeks to address the difficulty current tools have in spotting vulnerabilities in smart contracts that enable financial theft or value manipulation. It first defines monetarily exploitable vulnerabilities by drawing from patterns in actual exploits. It then presents a fuzzer that prioritizes finance-related functions in the code, pulls exploitation patterns from auditor reports through natural language processing, and applies a self-learning loop to adjust its search based on earlier results. This matters to readers because smart contracts power much of decentralized finance, where missed bugs have led to large losses, while existing tools flood users with unhelpful alerts. If the method works as described, it would let developers find and fix these issues earlier and with fewer wasted efforts.

Core claim

By formalizing monetarily exploitable vulnerabilities from common real-world financial exploits, then building a fuzzer that directly uses finance-related interfaces together with NLP-derived insights from auditor reports and a self-learning mechanism that improves from prior runs, it becomes possible to locate these complex vulnerabilities more effectively than before, as shown by the detection of 220 previously unknown cases along with faster identification and higher instruction coverage than other fuzzers.

What carries the argument

FAUDITOR, a fuzzer that focuses search on finance-related interfaces, incorporates NLP-extracted exploitation patterns from auditor reports, and applies self-learning to refine its strategies from past fuzzing outcomes.

If this is right

Developers can scan smart contracts for financial risks with greater precision and fewer irrelevant warnings.
The self-learning component lets the tool adapt its detection over repeated uses on new contracts.
Existing fuzzers are outperformed in both the speed of vulnerability discovery and the breadth of code examined.
Smart contract projects gain a practical way to reduce exposure to price manipulation and inflation attacks before launch.
The overall number of successful financially motivated exploits in deployed blockchain applications can be lowered.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same combination of report-derived knowledge and self-learning could be adapted to find other categories of vulnerabilities in smart contracts or in traditional software.
Applying the method across contracts from multiple blockchain platforms would reveal whether the finance-interface focus holds up outside the tested environments.
Over time, accumulated learning from many audits might reduce reliance on manual auditor reports for new contracts.
Integrating additional data sources such as transaction histories could strengthen the targeting of search beyond what auditor text alone provides.

Load-bearing premise

Formalizing these vulnerabilities from known exploits and combining NLP auditor insights with self-learning will surface real exploitable issues without too many false positives or missing novel patterns.

What would settle it

Testing FAUDITOR on a collection of smart contracts that contain known monetarily exploitable vulnerabilities and observing that it misses many of them or reports many cases that do not actually allow monetary gains when run on the blockchain.

Figures

Figures reproduced from arXiv: 2604.18395 by Bowen Cai, Hangyun Tang, Kangjie Lu, Weiheng Bai, Youshui Lu.

**Figure 2.** Figure 2: The Overview of FAUDITOR. We use different arrow types to present different system workflows. (i) - -: dotted segment arrow represents the data/interface preparation process, (ii) –: full line arrow represents the main detection process, and (iii) Â˚uÂ˚u: dotted arrow represents the feedback process for self-learning. Having the rule t⃗r, and assuming ⃗t = (t1, t2, . . . , ti) is the sequence previously ge… view at source ↗

**Figure 3.** Figure 3: Vulnerability detection speed measured respectively with a fixed number of vulnerabilities or fixed amounts of time. [PITH_FULL_IMAGE:figures/full_fig_p011_3.png] view at source ↗

read the original abstract

Smart contracts extended blockchain functionality beyond simple transactions, powering complex applications like decentralized finance (DeFi). However, this complexity introduces serious security challenges, including price manipulation and inflation attacks. Despite the development of various security tools, the rapid rise in financially motivated exploits continues to pose a significant threat to the blockchain ecosystem. These financially motivated exploits often stem from Monetarily Exploitable Vulnerabilities (MEVuls), which refer to vulnerabilities arising from exploitable implementations in monetary transactions or value-transfer logic. Due to their complexity, intricate chains of function calls, multifaceted logic, and diverse manifestations across different smart contracts, MEVuls are particularly challenging for current security tools to identify. Instead of providing actionable insights, existing tools frequently generate excessive warnings that overwhelm developers without effectively mitigating risks. To address the challenge of recognizing MEVuls, we first formalize MEVuls based on common real-world financial exploits. Then, we introduce FAUDITOR, a specialized fuzzer designed to detect MEVuls in smart contracts. The key insight is that leveraging smart contracts' finance-related interfaces directly exposes critical vulnerabilities, making detection more targeted. We further integrate auditors' reports using NLP to extract valuable insights on exploitation patterns, enabling a more informed search strategy. Additionally, FAUDITOR employs a self-learning mechanism that refines its detection strategies over time, allowing it to improve based on prior fuzzing results. In our evaluation, FAUDITOR impressively reveals 220 zero-day MEVuls. Meanwhile, compared to existing fuzzers, FAUDITOR detects vulnerabilities faster and achieves better instruction coverage.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The manuscript presents FAUDITOR, a specialized fuzzer for detecting Monetarily Exploitable Vulnerabilities (MEVuls) in smart contracts. It first formalizes MEVuls based on common real-world financial exploits, then integrates NLP-extracted insights from auditor reports and a self-learning mechanism to guide fuzzing toward finance-related interfaces and exploitation patterns. The evaluation claims that FAUDITOR discovers 220 zero-day MEVuls while detecting vulnerabilities faster and achieving higher instruction coverage than existing fuzzers.

Significance. If the evaluation claims hold after proper validation, the work could meaningfully advance automated security analysis for DeFi smart contracts by providing a more targeted approach to financially motivated vulnerabilities than generic fuzzers. The use of auditor-derived knowledge and self-learning offers a promising direction for reducing false positives and improving detection relevance in complex value-transfer logic.

major comments (3)

[Abstract] Abstract: The claim that FAUDITOR 'impressively reveals 220 zero-day MEVuls' is load-bearing for the central contribution, yet the abstract (and by extension the evaluation) provides no information on verification procedures, such as how novelty was established against public vulnerability databases, how monetary exploitability was confirmed in practice, or how false-positive rates were measured and filtered.
[Evaluation] Evaluation section: The performance claims ('detects vulnerabilities faster and achieves better instruction coverage') lack specification of the exact baseline fuzzers, the experimental controls (e.g., contract corpus size, timeout settings, hardware), the precise metrics for 'faster detection,' and any statistical analysis or variance reporting to support the superiority assertion.
[Methodology] Methodology (formalization and self-learning): The formalization of MEVuls from 'common real-world exploits' and the self-learning mechanism risk circularity or bias toward rediscovery of known patterns; the manuscript must demonstrate with concrete examples or ablation studies that these components surface novel MEVuls rather than re-identifying patterns already captured in the NLP training data.

minor comments (2)

[Introduction] The term 'MEVuls' is introduced without a clear, standalone definition or comparison table against related concepts such as standard reentrancy or access-control vulnerabilities.
[Evaluation] Figure captions and table headers in the evaluation should explicitly state the number of contracts tested and the exact versions of baseline tools to enable reproducibility.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We appreciate the referee's detailed and constructive feedback, which highlights important areas for improving the clarity and rigor of our presentation. We address each major comment point by point below, indicating where revisions will be made to the manuscript.

read point-by-point responses

Referee: [Abstract] Abstract: The claim that FAUDITOR 'impressively reveals 220 zero-day MEVuls' is load-bearing for the central contribution, yet the abstract (and by extension the evaluation) provides no information on verification procedures, such as how novelty was established against public vulnerability databases, how monetary exploitability was confirmed in practice, or how false-positive rates were measured and filtered.

Authors: We agree that the abstract would benefit from a concise summary of the verification process to support the central claim. The evaluation section of the manuscript describes how novelty was checked against public vulnerability databases and recent reports, how monetary exploitability was validated through simulated profit extraction, and how false positives were filtered by requiring reproducible financial gains. We will revise the abstract to include a brief statement on these verification procedures and expand the evaluation section with an explicit subsection detailing the false-positive filtering criteria. revision: yes
Referee: [Evaluation] Evaluation section: The performance claims ('detects vulnerabilities faster and achieves better instruction coverage') lack specification of the exact baseline fuzzers, the experimental controls (e.g., contract corpus size, timeout settings, hardware), the precise metrics for 'faster detection,' and any statistical analysis or variance reporting to support the superiority assertion.

Authors: The referee is correct that greater specificity is needed to substantiate the performance claims. We will revise the evaluation section to explicitly name the baseline fuzzers used for comparison, report the contract corpus size and selection method, specify timeout settings and hardware configuration, define the 'faster detection' metric (time to first vulnerability discovery), and include statistical analysis such as means, standard deviations, and variance across repeated runs to support the comparisons. revision: yes
Referee: [Methodology] Methodology (formalization and self-learning): The formalization of MEVuls from 'common real-world exploits' and the self-learning mechanism risk circularity or bias toward rediscovery of known patterns; the manuscript must demonstrate with concrete examples or ablation studies that these components surface novel MEVuls rather than re-identifying patterns already captured in the NLP training data.

Authors: We acknowledge the risk of circularity and will strengthen the methodology section to address it. The formalization is derived from a broad collection of real-world incidents, and the NLP training data is drawn from auditor reports separate from the evaluated contracts. The self-learning component evolves from fuzzing feedback on unseen contracts. We will add concrete examples of discovered MEVuls whose exploitation patterns differ from those in the NLP data and include ablation studies comparing results with and without the self-learning mechanism to demonstrate its role in identifying novel vulnerabilities. revision: partial

Circularity Check

0 steps flagged

No significant circularity in empirical tool-building paper

full rationale

The paper describes an empirical fuzzer (FAUDITOR) that formalizes MEVuls from real-world exploits, extracts patterns via NLP from auditor reports, and uses self-learning during fuzzing. No equations, mathematical derivations, or fitted parameters are present. Evaluation claims (220 zero-day MEVuls, faster detection, better coverage) are experimental outcomes, not reductions by construction to inputs. No self-definitional steps, fitted predictions renamed as results, or load-bearing self-citations appear in the abstract or described methodology. The work is self-contained as tool development and benchmarking against baselines.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 1 invented entities

The central claim rests on domain assumptions about MEVul formalization and the utility of auditor-report NLP plus self-learning; no free parameters or invented entities with independent evidence are described.

axioms (2)

domain assumption MEVuls can be formalized based on common real-world financial exploits
Stated as the first step before introducing the fuzzer.
domain assumption NLP extraction from auditor reports yields valuable exploitation patterns for guiding fuzzing
Used to enable a more informed search strategy.

invented entities (1)

MEVuls (Monetarily Exploitable Vulnerabilities) no independent evidence
purpose: Categorize vulnerabilities arising from exploitable monetary transaction or value-transfer logic
Defined in the paper to focus detection efforts.

pith-pipeline@v0.9.0 · 5596 in / 1304 out tokens · 51062 ms · 2026-05-10T04:25:30.058838+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

61 extracted references · 20 canonical work pages

[1]

Ethereum Virtual Machine (EVM),

Ethereum, “Ethereum Virtual Machine (EVM),” 2023. [Online]. Available: https://ethereum.org

2023
[2]

SoK: Decentralized Exchanges (DEX) with Automated Market Maker (AMM) Protocols,

J. Xu, K. Paruch, S. Cousaert, and Y . Feng, “SoK: Decentralized Exchanges (DEX) with Automated Market Maker (AMM) Protocols,” ACM Comput. Surv., vol. 55, no. 11, pp. 1–50, Nov. 2023, arXiv:2103.12732 [cs, q-fin]. [Online]. Available: http://arxiv.org/abs/21 03.12732

work page arXiv 2023
[3]

Balancer rounding error bugfix review

Immunefi. Balancer rounding error bugfix review. [Online]. Available: https://medium.com/immunefi/balancer-rounding-error-bugfix-review-c bf69482ee3d
[4]

On the just- in-time discovery of profit-generating transactions in DeFi Protocols,

L. Zhou, K. Qin, A. Cully, B. Livshits, and A. Gervais, “On the just- in-time discovery of profit-generating transactions in DeFi Protocols,” Proceedings - IEEE Symposium on Security and Privacy, vol. 2021- May, pp. 919–936, May 2021, arXiv: 2103.02228 Publisher: Institute of Electrical and Electronics Engineers Inc. ISBN: 9781728189345

work page arXiv 2021
[5]

A survey of DeFi security: Challenges and opportunities,

W. Li, J. Bu, X. Li, H. Peng, Y . Niu, and Y . Zhang, “A survey of DeFi security: Challenges and opportunities,”Journal of King Saud University - Computer and Information Sciences, vol. 34, no. 10, pp. 10 378–10 404, Nov. 2022, arXiv: 2206.11821 Publisher: King Saud bin Abdulaziz University

work page arXiv 2022
[6]

A traceable online insurance claims system based on blockchain and smart contract technology,

C.-L. Chen, Y .-Y . Deng, W.-J. Tsaur, C.-T. Li, C.-C. Lee, and C.-M. Wu, “A traceable online insurance claims system based on blockchain and smart contract technology,”Sustainability, vol. 13, no. 16, p. 9386, 2021

2021
[7]

Improving the efficiency of blockchain applications with smart contract based cyber-insurance,

J. Xu, Y . Wu, X. Luo, and D. Yang, “Improving the efficiency of blockchain applications with smart contract based cyber-insurance,” in ICC 2020-2020 IEEE International Conference on Communications (ICC). IEEE, 2020, pp. 1–7

2020
[8]

Stolen Crypto Falls in 2023, but Hacking Remains a Threat,

C. Team, “Stolen Crypto Falls in 2023, but Hacking Remains a Threat,” Jan. 2024. [Online]. Available: https://www.chainalysis.com/blog/crypt o-hacking-stolen-funds-2024/

2023
[9]

Making smart contracts smarter,

L. Luu, D. H. Chu, H. Olickel, P. Saxena, and A. Hobor, “Making smart contracts smarter,”Proceedings of the ACM Conference on Computer and Communications Security, vol. 24-28-October-2016, pp. 254–269, Oct. 2016, publisher: Association for Computing Machinery ISBN: 9781450341394

2016
[10]

Echidna-parade: A tool for diverse multicore smart contract fuzzing,

A. Groce and G. Grieco, “Echidna-parade: A tool for diverse multicore smart contract fuzzing,”ISSTA 2021 - Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 658–661, 2021, iSBN: 9781450384599

2021
[11]

Slither: A static analysis framework for smart contracts,

J. Feist, G. Grieco, and A. Groce, “Slither: A static analysis framework for smart contracts,”Proceedings - 2019 IEEE/ACM 2nd Interna- tional Workshop on Emerging Trends in Software Engineering for Blockchain, WETSEB 2019, pp. 8–15, 2019, arXiv: 1908.09878 ISBN: 9781728122571

work page arXiv 2019
[12]

Verifying Solidity Smart Contracts via Communication Abstraction in SmartACE,

S. Wesley, M. Christakis, J. A. Navas, R. Trefler, V . WÃijstholz, and A. Gurfinkel, “Verifying Solidity Smart Contracts via Communication Abstraction in SmartACE,”Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13182 LNCS, pp. 425–449, 2022, publisher: Springer Sci...

2022
[13]

SMARTIAN: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses,

J. Choi, D. Kim, S. Kim, G. Grieco, A. Groce, and S. K. Cha, “SMARTIAN: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses,”Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021, pp. 227–239, 2021, publisher: IEEE ISBN: 9781665403375

2021
[14]

Rethinking Smart Contract Fuzzing: Fuzzing With Invocation Ordering and Important Branch Revisiting,

Z. Liu, P. Qian, J. Yang, L. Liu, X. Xu, Q. He, and X. Zhang, “Rethinking Smart Contract Fuzzing: Fuzzing With Invocation Ordering and Important Branch Revisiting,”IEEE Transactions on Information Forensics and Security, vol. 18, pp. 1237–1251, Jan. 2023, publisher: Institute of Electrical and Electronics Engineers (IEEE)

2023
[15]

Learning to fuzz from symbolic execution with application to smart contracts,

J. He, M. BalunoviÄ ˘G, N. Ambroladze, P. Tsankov, and M. Vechev, “Learning to fuzz from symbolic execution with application to smart contracts,”Proceedings of the ACM Conference on Computer and Communications Security, pp. 531–548, Nov. 2019, publisher: Association for Computing Machinery ISBN: 9781450367479. [Online]. Available: https://dl.acm.org/doi/1...

work page doi:10.1145/3319535.3363230 2019
[16]

Skyfire: Data-Driven Seed Generation for Fuzzing,

J. Wang, B. Chen, L. Wei, and Y . Liu, “Skyfire: Data-Driven Seed Generation for Fuzzing,”Proceedings - IEEE Symposium on Security and Privacy, pp. 579–594, Jun. 2017, publisher: Institute of Electrical and Electronics Engineers Inc. ISBN: 9781509055326

2017
[17]

A survey of attacks on ethereum smart contracts (sok),

N. Atzei, M. Bartoletti, and T. Cimoli, “A survey of attacks on ethereum smart contracts (sok),” inPrinciples of Security and Trust: 6th International Conference, POST 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings 6. Springer, 2017, pp. 164–186

2017
[18]

Solvent: 11 liquidity verification of smart contracts

M. Bartoletti, A. Ferrando, E. Lipparini, and V . Malvone, “Solvent: 11 liquidity verification of smart contracts.” [Online]. Available: http: //arxiv.org/abs/2404.17864

work page arXiv
[19]

Static application security testing (SAST) tools for smart contracts: How far are we?

K. Li, Y . Xue, S. Chen, H. Liu, K. Sun, M. Hu, H. Wang, Y . Liu, and Y . Chen, “Static application security testing (SAST) tools for smart contracts: How far are we?” [Online]. Available: http://arxiv.org/abs/2404.18186

work page arXiv
[20]

Uncover the premeditated attacks: Detecting exploitable reentrancy vulnerabilities by identifying attacker contracts

S. Yang, J. Chen, M. Huang, Z. Zheng, and Y . Huang, “Uncover the premeditated attacks: Detecting exploitable reentrancy vulnerabilities by identifying attacker contracts.” [Online]. Available: http://arxiv.org/abs/ 2403.19112

work page arXiv
[21]

Smart contract vulnerabilities: Vulnerable does not imply exploited,

D. Perez and B. Livshits, “Smart contract vulnerabilities: Vulnerable does not imply exploited,”Proceedings of the 30th USENIX Security Sympo- sium, pp. 1325–1341, 2021, arXiv: 1902.06710 ISBN: 9781939133243

work page arXiv 2021
[22]

InInternational Conference on Software Engineering (ICSE)

S. Chaliasos, M. A. Charalambous, L. Zhou, R. Galanopoulou, A. Gervais, D. Mitropoulos, and B. Livshits, “Smart Contract and DeFi Security Tools: Do They Meet the Needs of Practitioners?” inProceedings of the 46th IEEE/ACM International Conference on Software Engineering. Lisbon Portugal: ACM, Feb. 2024, pp. 1–13. [Online]. Available: https://dl.acm.org/d...

work page doi:10.1145/3597503.3623302 2024
[23]

Immunefi,

Immunefi, “Immunefi,” 2024. [Online]. Available: https://immunefi.com/

2024
[24]

Immunefi,

——, “Immunefi,” 2024. [Online]. Available: https://immunefi.medium.c om

2024
[25]

Learn&Fuzz: Machine learning for input fuzzing,

P. Godefroid, H. Peleg, and R. Singh, “Learn&Fuzz: Machine learning for input fuzzing,”ASE 2017 - Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering, pp. 50– 59, Nov. 2017, arXiv: 1701.07232 Publisher: Institute of Electrical and Electronics Engineers Inc. ISBN: 9781538626849

work page arXiv 2017
[26]

Effectively generating vulnerable transaction sequences in smart contracts with reinforcement learning-guided fuzzing,

J. Su, H.-N. Dai, L. Zhao, Z. Zheng, and X. Luo, “Effectively generating vulnerable transaction sequences in smart contracts with reinforcement learning-guided fuzzing,” inProceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, ser. ASE ’22. New York, NY , USA: Association for Computing Machinery,
[27]

Available: https://doi-org.ezp1.lib.umn.edu/10.1145/3551 349.3560429

[Online]. Available: https://doi-org.ezp1.lib.umn.edu/10.1145/3551 349.3560429

work page doi:10.1145/3551
[28]

Pluto: Exposing Vulnerabilities in Inter-Contract Scenarios,

F. Ma, Z. Xu, M. Ren, Z. Yin, Y . Chen, L. Qiao, B. Gu, H. Li, Y . Jiang, and J. Sun, “Pluto: Exposing Vulnerabilities in Inter-Contract Scenarios,” IEEE Transactions on Software Engineering, vol. 48, no. 11, pp. 4380– 4396, Nov. 2022, publisher: Institute of Electrical and Electronics Engineers Inc

2022
[29]

Code4rena,

Code4rena, “Code4rena,” 2024. [Online]. Available: https://code4rena.co m/

2024
[30]

Analysis on the bZx attack, DeFi vulnerabilities, the state of debit cards in crypto,

CoinBase, “Analysis on the bZx attack, DeFi vulnerabilities, the state of debit cards in crypto,” 2020. [Online]. Available: https: //www.coinbase.com/learn/market-updates/around-the-block-issue-3

2020
[31]

SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns’ Detection,

A. Ali, Z. U. Abideen, and K. Ullah, “SESCon: Secure Ethereum Smart Contracts by Vulnerable Patterns’ Detection,”Security and Communication Networks, vol. 2021, 2021, publisher: Hindawi Limited

2021
[32]

Smarter Contracts: Detecting Vulnerabilities in Smart Contracts with Deep Transfer Learning,

C. Sendner, H. Chen, H. Fereidooni, L. Petzi, J. KÃ˝ unig, J. Stang, A. Dmitrienko, A.-R. Sadeghi, and F. Koushanfar, “Smarter Contracts: Detecting Vulnerabilities in Smart Contracts with Deep Transfer Learning,” inProceedings 2023 Network and Distributed System Security Symposium. San Diego, CA, USA: Internet Society, 2023. [Online]. Available: https://w...

2023
[33]

ContractFuzzer: Fuzzing smart contracts for vulnerability detection,

B. Jiang, Y . Liu, and W. K. Chan, “ContractFuzzer: Fuzzing smart contracts for vulnerability detection,”ASE 2018 - Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, pp. 259–269, Sep. 2018, publisher: Association for Computing Machinery, Inc ISBN: 9781450359375

2018
[34]

DeltaFuzz: Historical Version Information Guided Fuzz Testing,

J. M. Zhang, Z. Q. Cui, X. Chen, H. H. Wu, L. W. Zheng, and J. B. Liu, “DeltaFuzz: Historical Version Information Guided Fuzz Testing,” Journal of Computer Science and Technology, vol. 37, no. 1, pp. 29–49, Feb. 2022, publisher: Springer

2022
[35]

Smart learning to find dumb contracts,

T. Abdelaziz and A. Hobor, “Smart learning to find dumb contracts,” in32nd USENIX Security Symposium (USENIX Security 23), 2023, pp. 1775–1792

2023
[36]

Smart Contract Weakness Classification (SWC),

Ethereum Foundation, “Smart Contract Weakness Classification (SWC),”
[37]

Available: https://swcregistry.io/

[Online]. Available: https://swcregistry.io/
[38]

A survey on security in consensus and smart contracts,

X. Cao, J. Zhang, X. Wu, and B. Liu, “A survey on security in consensus and smart contracts,”Peer-to-Peer Networking and Applications, vol. 15, no. 2, pp. 1008–1028, Mar. 2022, publisher: Springer

2022
[39]

Zeus: analyzing safety of smart contracts

S. Kalra, S. Goel, M. Dhawan, and S. Sharma, “Zeus: analyzing safety of smart contracts.” inNdss, San Diego, CA, 2018, pp. 1–12

2018
[40]

Silo finance logic error bugfix review

Immunefi. Silo finance logic error bugfix review. [Online]. Available: https://medium.com/immunefi/silo-finance-logic-error-bugfix-review-3 5de29bd934a
[41]

Empowering convolutional networks for malware classification and analysis,

B. Kolosnjaji, G. Eraisha, G. Webster, A. Zarras, and C. Eckert, “Empowering convolutional networks for malware classification and analysis,”Proceedings of the International Joint Conference on Neural Networks, vol. 2017-May, pp. 3838–3845, Jun. 2017, publisher: Institute of Electrical and Electronics Engineers Inc. ISBN: 9781509061815

2017
[42]

NEUZZ: Efficient Fuzzing with Neural Program Smoothing,

D. She, K. Pei, D. Epstein, J. Yang, B. Ray, and S. Jana, “NEUZZ: Efficient Fuzzing with Neural Program Smoothing,” Jul. 2019, arXiv:1807.05620 [cs]. [Online]. Available: http://arxiv.org/abs/1807.056 20

work page arXiv 2019
[43]

Multi-Task Identification of Entities, Relations, and Coreference for Scientific Knowledge Graph Construction,

Y . Luan, L. He, M. Ostendorf, and H. Hajishirzi, “Multi-Task Identification of Entities, Relations, and Coreference for Scientific Knowledge Graph Construction,” Aug. 2018, arXiv:1808.09602 [cs]. [Online]. Available: http://arxiv.org/abs/1808.09602

work page arXiv 2018
[44]

G. Salzer. smartbugs/smartbugs-curated. Original-date: 2022-11- 21T21:40:37Z. [Online]. Available: https://github.com/smartbugs /smartbugs-curated

2022
[45]

Uniswap/Lendf.Me Hacks: Root Cause and Loss Analysis | by PeckShield | Medium,

PeckShield, “Uniswap/Lendf.Me Hacks: Root Cause and Loss Analysis | by PeckShield | Medium,” 2023. [Online]. Available: https://peckshield.medium.com/uniswap-lendf-me-hacks-root-cause-a nd-loss-analysis-50f3263dcc09

2023
[46]

C. S. Inc. Truffle | overview - truffle suite. [Online]. Available: https://archive.trufflesuite.com/docs/truffle/
[47]

Ganache - truffle suite

——. Ganache - truffle suite. [Online]. Available: https://archive.truffle suite.com/ganache/
[48]

go-ethereum Authors

T. go-ethereum Authors. Home. [Online]. Available: https://geth.ethereu m.org/
[49]

Smart Contract Vulnerability Analysis and Security Audit,

D. He, Z. Deng, Y . Zhang, S. Chan, Y . Cheng, and N. Guizani, “Smart Contract Vulnerability Analysis and Security Audit,”IEEE Network, vol. 34, no. 5, pp. 276–282, Sep. 2020, conference Name: IEEE Network. [Online]. Available: https://ieeexplore.ieee.org/abstract/docum ent/9143290

work page arXiv 2020
[50]

Ityfuzz: Snapshot-based fuzzer for smart contract,

C. Shou, S. Tan, and K. Sen, “Ityfuzz: Snapshot-based fuzzer for smart contract,” inProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, ser. ISSTA 2023. New York, NY , USA: Association for Computing Machinery, 2023, pp. 322–333. [Online]. Available: https://doi-org.ezp1.lib.umn.edu/10.1145/ 3597926.3598059

work page arXiv 2023
[51]

Cross-modality mutual learning for enhancing smart contract vulnerability detection on bytecode,

P. Qian, Z. Liu, Y . Yin, and Q. He, “Cross-modality mutual learning for enhancing smart contract vulnerability detection on bytecode,” in Proceedings of the ACM Web Conference 2023, ser. WWW ’23. New York, NY , USA: Association for Computing Machinery, 2023, pp. 2220–2229. [Online]. Available: https://doi-org.ezp1.lib.umn.edu/10.114 5/3543507.3583367

work page arXiv 2023
[52]

silo-finance/silo-core-v1

Silo. silo-finance/silo-core-v1. [Online]. Available: https://github.com/sil o-finance/silo-core-v1
[53]

sfuzz2. 0: Storage-access pattern guided smart contract fuzzing,

H. Wang, Z. Wang, S. Liu, J. Sun, Y . Zhao, Y . Wan, and T. D. Nguyen, “sfuzz2. 0: Storage-access pattern guided smart contract fuzzing,”Journal of Software: Evolution and Process, vol. 36, no. 4, p. e2557, 2024

2024
[54]

Echidna: Effective, usable, and fast fuzzing for smart contracts,

G. Grieco, W. Song, A. Cygan, J. Feist, and A. Groce, “Echidna: Effective, usable, and fast fuzzing for smart contracts,”ISSTA 2020 - Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 557–560, 2020, iSBN: 9781450380089

2020
[55]

{ACTOR}:{Action-Guided} kernel fuzzing,

M. Fleischer, D. Das, P. Bose, W. Bai, K. Lu, M. Payer, C. Kruegel, and G. Vigna, “ {ACTOR}:{Action-Guided} kernel fuzzing,” in32nd USENIX Security Symposium (USENIX Security 23), 2023, pp. 5003– 5020

2023
[56]

ConFuzzius: A data dependency-aware hybrid fuzzer for smart contracts,

C. F. Torres, A. K. Iannillo, A. Gervais, and R. State, “ConFuzzius: A data dependency-aware hybrid fuzzer for smart contracts,”Proceedings - 2021 IEEE European Symposium on Security and Privacy, Euro S and P 2021, pp. 103–119, Sep. 2021, arXiv: 2005.12156 Publisher: Institute of Electrical and Electronics Engineers Inc. ISBN: 9781665414913

work page arXiv 2021
[57]

enzymefinance/oyente: An Analysis Tool for Smart Contracts

X. L. Yu, “enzymefinance/oyente: An Analysis Tool for Smart Contracts.” [Online]. Available: https://github.com/enzymefinance/oyente
[58]

Modules – Mythril v0.23.25 documentation

Mythril, “Modules – Mythril v0.23.25 documentation.” [Online]. Available: https://mythril-classic.readthedocs.io/en/develop/module-list.ht ml
[59]

Guiding directed fuzzing with feasibility,

W. Bai, K. Wu, Q. Wu, and K. Lu, “Guiding directed fuzzing with feasibility,” in2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 2023, pp. 42–49

2023
[60]

Combining fine-tuning and llm-based agents for intuitive smart contract auditing with justifications,

W. Ma, D. Wu, Y . Sun, T. Wang, S. Liu, J. Zhang, Y . Xue, and Y . Liu, “Combining Fine-Tuning and LLM-based Agents for Intuitive Smart Contract Auditing with Justifications,” Mar. 2024, arXiv:2403.16073 [cs]. [Online]. Available: http://arxiv.org/abs/2403.16073

work page arXiv 2024
[61]

Llm4fuzz: Guided fuzzing of smart contracts with large language models,

C. Shou, J. Liu, D. Lu, and K. Sen, “Llm4fuzz: Guided fuzzing of smart contracts with large language models,”arXiv preprint arXiv:2401.11108, 2024. 12

work page arXiv 2024