pith. sign in

arxiv: 2304.10726 · v3 · pith:2EDAASSYnew · submitted 2023-04-21 · 💻 cs.CR · cs.ET· cs.LG· cs.SE

Usenix'23 Extended Version: Smart Learning to Find Dumb Contracts

Tamer Abdelaziz , Aquinas Hobor This is my paper

Pith reviewed 2026-05-24 09:38 UTC · model grok-4.3

classification 💻 cs.CR cs.ETcs.LGcs.SE
keywords smart contractsvulnerability detectiondeep learningethereumbytecode analysisneural networksstatic analysis
0
0 comments X

The pith

A neural network trained on source-code labels can detect 29 vulnerabilities in Ethereum smart contract bytecode without manual features or rules.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper presents DLVA, a deep learning system that judges smart contract bytecode for vulnerabilities even though its training labels come only from a source-code analyzer. The training process maps bytecode to vectors using neural networks, then classifies vulnerabilities either by proximity to known examples or by direct inference, all without predefined patterns or expert rules. It handles noisy labels from the source analyzer and still reaches 92.7 percent agreement with those labels at a 7.2 percent false-positive rate while running in 0.2 seconds per contract. If the approach holds, vulnerability scanning for deployed blockchain contracts becomes fast enough to run routinely at scale. The work also shows the learned model sometimes corrects the source analyzer on individual contracts.

Core claim

DLVA trains neural networks on bytecode to reproduce the vulnerability judgments of a source-code oracle across 29 vulnerability types. Its three components map bytecode to vectors, detect similar labeled contracts by Euclidean distance, and classify the remainder with a core neural classifier. The full system matches the oracle on 92.7 percent of test contracts with a 7.2 percent false-positive rate, finishes every query, and runs 10- to 1,000-fold faster than nine existing tools while achieving 99.7 percent average accuracy against their combined results.

What carries the argument

The Deep Learning Vulnerability Analyzer (DLVA) built from Smart Contract to Vector (SC2V) embedding, Sibling Detector (SD) nearest-neighbor classification, and Core Classifier (CC) neural inference.

If this is right

  • Vulnerability checks on deployed bytecode become feasible at the speed required for routine use.
  • Analysis no longer requires source code or hand-written detection rules for the covered vulnerability set.
  • The model can surface cases where the source analyzer itself is incorrect.
  • Bytecode-only detection scales to large collections of contracts without per-contract engineering.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Similar supervised translation from source oracles to bytecode classifiers could be tried on other compiled languages or virtual machines.
  • Retraining the same architecture on an improved oracle might raise accuracy further without new manual features.
  • The vector embedding itself could serve as a compact signature for duplicate or near-duplicate contract detection.

Load-bearing premise

Labels produced by the source-code analyzer remain accurate and unbiased enough to supervise a bytecode classifier even after the paper notes a 1.25 percent mislabel rate.

What would settle it

Independent manual review of contracts on which DLVA and the source analyzer disagree, measuring which label is correct more often.

Figures

Figures reproduced from arXiv: 2304.10726 by Aquinas Hobor, Tamer Abdelaziz.

Figure 1
Figure 1. Figure 1: benchmarks DLVA against nine competitors. DLVA is on the far right. We use bar-and-whiskers where star ⋆ represents the mean and plus + represents outliers. Our average Completion Rate (i.e., the percentage of contracts for which a tool produces an answer, the higher the better) is 100.0%. Our average accuracy is 99.7% (the higher the better), with a True Positive Rate (i.e., detection rate; the higher the… view at source ↗
Figure 2
Figure 2. Figure 2: Sample representation of a program in Solidity [PITH_FULL_IMAGE:figures/full_fig_p003_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: The Deep Learning Vulnerability Analyzer [PITH_FULL_IMAGE:figures/full_fig_p005_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: USE-generated vector embeddings els than Deep Averaging Networks (DAN) [40], at the cost of increased model complexity. We found the cost of TA too high: the 20-core/96-gb time-unlimited configuration ran out of memory, and the 12 hours available on the 24-core/180gb configuration were insufficient to finish training. DAN can be trained in linear time and was accurate enough for our purposes. To train DAN … view at source ↗
Figure 5
Figure 5. Figure 5: Evaluating SC2V vs. state-of-the-art GNNs [PITH_FULL_IMAGE:figures/full_fig_p009_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: DLVA-CC vs. ten “off-the-shelf” ML classi [PITH_FULL_IMAGE:figures/full_fig_p010_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Deep Learning Vulnerability Analysis Tool Score Summary for 29 Vulnerabilities of [PITH_FULL_IMAGE:figures/full_fig_p010_7.png] view at source ↗
read the original abstract

We introduce the Deep Learning Vulnerability Analyzer (DLVA) for Ethereum smart contracts based on neural networks. We train DLVA to judge bytecode even though the supervising oracle can only judge source. DLVA's training algorithm is general: we extend a source code analysis to bytecode without any manual feature engineering, predefined patterns, or expert rules. DLVA's training algorithm is also robust: it overcame a 1.25% error rate mislabeled contracts, and--the student surpassing the teacher--found vulnerable contracts that Slither mislabeled. DLVA is much faster than other smart contract vulnerability detectors: DLVA checks contracts for 29 vulnerabilities in 0.2 seconds, a 10-1,000x speedup. DLVA has three key components. First, Smart Contract to Vector (SC2V) uses neural networks to map smart contract bytecode to a high-dimensional floating-point vector. We benchmark SC2V against 4 state-of-the-art graph neural networks and show that it improves model differentiation by 2.2%. Second, Sibling Detector (SD) classifies contracts when a target contract's vector is Euclidian-close to a labeled contract's vector in a training set; although only able to judge 55.7% of the contracts in our test set, it has a Slither-predictive accuracy of 97.4% with a false positive rate of only 0.1%. Third, Core Classifier (CC) uses neural networks to infer vulnerable contracts regardless of vector distance. We benchmark DLVA's CC with 10 ML techniques and show that the CC improves accuracy by 11.3%. Overall, DLVA predicts Slither's labels with an overall accuracy of 92.7% and associated false positive rate of 7.2%. Lastly, we benchmark DLVA against nine well-known smart contract analysis tools. Despite using much less analysis time, DLVA completed every query, leading the pack with an average accuracy of 99.7%, pleasingly balancing high true positive rates with low false positive rates.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The paper introduces DLVA, a neural-network vulnerability detector for Ethereum smart-contract bytecode. It trains a model (SC2V + Sibling Detector + Core Classifier) on Slither source-code labels to classify bytecode, claims to tolerate 1.25% label noise and occasionally surpass the teacher oracle, reports 92.7% overall accuracy (7.2% FPR) against Slither, 99.7% average accuracy versus nine other tools, and a 10-1000x speedup while completing every query.

Significance. If the performance claims can be shown to rest on independent validation rather than fidelity to the training oracle, the work would demonstrate a practical route to fast, feature-free bytecode analysis that generalizes beyond source-level oracles; the SC2V embedding and sibling-detector components could also serve as reusable building blocks for other contract-analysis tasks.

major comments (3)
  1. [Abstract] Abstract and §4 (evaluation): the headline accuracy figures (92.7% vs. Slither, 99.7% vs. other tools) and the 'student surpassing teacher' claim are measured exclusively against Slither-derived labels; no independent oracle, manual audit protocol, or cross-validation against a second static analyzer is described for the disagreement cases that constitute the 1.25% error tolerance and the surpassing instances.
  2. [Abstract] Abstract and training description: dataset sizes, train-test split ratios, handling of class imbalance, and any independent label verification step are not reported, making it impossible to assess whether the reported accuracy and FPR figures are robust or merely reflect reproduction of the supervising oracle.
  3. [Sibling Detector] Sibling Detector and Core Classifier sections: the 97.4% accuracy and 0.1% FPR for SD (which covers only 55.7% of the test set) and the 11.3% improvement claimed for CC are both computed against the same Slither labels used for training; without an external ground truth for the held-out disagreements, these numbers cannot be interpreted as evidence of genuine vulnerability discovery.
minor comments (2)
  1. The paper should clarify whether the 29 vulnerabilities are exactly the Slither rule set or a superset, and whether any post-processing is applied to the neural-network outputs before the final accuracy numbers are computed.
  2. Figure and table captions should explicitly state the number of contracts and the exact train/test split used for each reported metric.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the detailed and constructive feedback. We address each major comment point by point below, with clarifications on the manuscript's intent and commitments to revisions where appropriate.

read point-by-point responses

  1. Referee: [Abstract] Abstract and §4 (evaluation): the headline accuracy figures (92.7% vs. Slither, 99.7% vs. other tools) and the 'student surpassing teacher' claim are measured exclusively against Slither-derived labels; no independent oracle, manual audit protocol, or cross-validation against a second static analyzer is described for the disagreement cases that constitute the 1.25% error tolerance and the surpassing instances.

    Authors: DLVA is explicitly designed to learn Slither's source-level labels from bytecode, so the primary evaluation metric is agreement with Slither; this directly measures the success of the bytecode-to-label transfer. The 'student surpassing teacher' claim refers to specific disagreement cases where our analysis indicated Slither had mislabeled a contract as non-vulnerable. We agree that the manuscript does not sufficiently describe the process used to identify and examine these cases. In revision we will add a dedicated paragraph in §4 detailing the manual review protocol applied to a sample of the 1.25% disagreement set, including how contracts were selected and what evidence supported the claim that DLVA was correct. revision: yes

  2. Referee: [Abstract] Abstract and training description: dataset sizes, train-test split ratios, handling of class imbalance, and any independent label verification step are not reported, making it impossible to assess whether the reported accuracy and FPR figures are robust or merely reflect reproduction of the supervising oracle.

    Authors: These experimental details were inadvertently omitted. The revised manuscript will report the total number of contracts collected, the exact train-test split ratio used, the technique employed to address class imbalance (weighted cross-entropy loss), and the absence of any secondary label verification beyond Slither. These additions will make the evaluation protocol fully reproducible and allow readers to judge whether the results exceed simple oracle reproduction. revision: yes

  3. Referee: [Sibling Detector] Sibling Detector and Core Classifier sections: the 97.4% accuracy and 0.1% FPR for SD (which covers only 55.7% of the test set) and the 11.3% improvement claimed for CC are both computed against the same Slither labels used for training; without an external ground truth for the held-out disagreements, these numbers cannot be interpreted as evidence of genuine vulnerability discovery.

    Authors: Both SD and CC are trained to reproduce Slither labels; therefore their accuracy figures measure how well the bytecode embedding plus classifier approximates the oracle, which is the stated goal. The 11.3% improvement is the gain of the neural Core Classifier over ten alternative ML models on the identical label-prediction task. We will revise the relevant sections to state explicitly that these numbers quantify fidelity to Slither rather than independent vulnerability discovery. The handling of the surpassing cases is addressed in our response to the first comment. revision: partial

Circularity Check

2 steps flagged

DLVA accuracy and 'surpassing Slither' claims reduce to fidelity to the Slither training oracle by construction

specific steps
  1. fitted input called prediction [Abstract]
    "Overall, DLVA predicts Slither's labels with an overall accuracy of 92.7% and associated false positive rate of 7.2%."

    DLVA is trained to judge bytecode using Slither source labels as the supervising oracle; the reported accuracy is therefore the model's fidelity to the training labels on held-out data, not an independent measure of vulnerability detection.

  2. fitted input called prediction [Abstract]
    "DLVA's training algorithm is also robust: it overcame a 1.25% error rate mislabeled contracts, and--the student surpassing the teacher--found vulnerable contracts that Slither mislabeled."

    The assertion that DLVA found true vulnerabilities where Slither erred is made against the same label set; without a described external validation step for those specific disagreements, the surpassing claim reduces to the model's deviation from its training oracle.

full rationale

The paper trains a supervised model on Slither source-code labels and reports test accuracy against the same labels as its primary performance metric. The 'student surpassing the teacher' claim for mislabeled cases is asserted without an independent oracle or audit protocol described for disagreements. This matches the fitted_input_called_prediction pattern: the model is optimized to reproduce the oracle, so headline numbers (92.7% accuracy, 99.7% aggregate) largely quantify reproduction of the input labels rather than external discovery. No self-citation chain or ansatz is involved; the circularity is internal to the evaluation design.

Axiom & Free-Parameter Ledger

1 free parameters · 1 axioms · 0 invented entities

The central claim rests on supervised learning whose labels come from an external static analyzer and whose model contains a very large number of fitted parameters.

free parameters (1)
  • neural network weights and biases
    All parameters inside SC2V and the Core Classifier are fitted to the labeled training set.
axioms (1)
  • domain assumption Slither source analysis supplies usable ground-truth labels for bytecode training despite acknowledged noise
    The entire training procedure treats Slither output as the supervising oracle.

pith-pipeline@v0.9.0 · 5918 in / 1272 out tokens · 30767 ms · 2026-05-24T09:38:07.489948+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

96 extracted references · 96 canonical work pages · 11 internal anchors

  1. [1]

    TensorFlow: Large-Scale Machine Learning on Heterogeneous Distributed Systems

    Martın Abadi et al. “Tensorflow: Large-scale machine learning on heterogeneous distributed systems”. In: arXiv preprint arXiv:1603.04467(2016)

    work page internal anchor Pith review Pith/arXiv arXiv 2016

  2. [2]

    https://bit.ly/Elysium_benchmark

    Tamer Abdelaziz and Aquinas Hobor.Elysium benchmark. https://bit.ly/Elysium_benchmark. [Online; accessed December-2022]

    work page 2022

  3. [3]

    https://bit.ly/EthereumSC_Dataset_ Large

    Tamer Abdelaziz and Aquinas Hobor.EthereumSC large dataset. https://bit.ly/EthereumSC_Dataset_ Large. [Online; accessed October-2022]

    work page 2022

  4. [4]

    https://bit.ly/EthereumSC_Dataset_ Small

    Tamer Abdelaziz and Aquinas Hobor.EthereumSCsmall dataset. https://bit.ly/EthereumSC_Dataset_ Small. [Online; accessed October-2022]

    work page 2022

  5. [5]

    eThorZeusbenchmark

    Tamer Abdelaziz and Aquinas Hobor. eThorZeusbenchmark. https : / / bit . ly / eThor _ Zeus_groundTruth1. [Online; accessed May-2023]

    work page 2023

  6. [6]

    Reentrancybenchmark

    Tamer Abdelaziz and Aquinas Hobor. Reentrancybenchmark. https://bit.ly/Reentrancy_ benchmark. [Online; accessed December-2022]

    work page 2022

  7. [7]

    Smart Learn- ing to Find Dumb Contracts

    Tamer Abdelaziz and Aquinas Hobor. “Smart Learn- ing to Find Dumb Contracts”. In:the 32nd USENIX Security Symposium (USENIX Security 23)(2023)

    work page 2023

  8. [8]

    https://bit.ly/SolidiFI_benchmark

    Tamer Abdelaziz and Aquinas Hobor.SolidiFIbenchmark. https://bit.ly/SolidiFI_benchmark. [Online; accessed December-2022]

    work page 2022

  9. [9]

    A survey of attacks on Ethereum smart contracts (sok)

    Nicola Atzei, Massimo Bartoletti, and Tiziana Cimoli. “A survey of attacks on Ethereum smart contracts (sok)”. In:International conference on principles of security and trust. Springer. 2017, pp. 164–186

    work page 2017

  10. [10]

    Responsible Vulnerability Disclo- sure in Cryptocurrencies

    Rainer Böhme et al. “Responsible Vulnerability Disclo- sure in Cryptocurrencies”. In:Commun. ACM63.10 (Sept. 2020), pp. 62–71. ISSN : 0001-0782

    work page 2020

  11. [12]

    Sailfish: V etting smart contract state-inconsistency bugs in seconds

    Priyanka Bose et al. “Sailfish: V etting smart contract state-inconsistency bugs in seconds”. In:2022 IEEE Symposium on Security and Privacy (SP). IEEE. 2022

    work page 2022

  12. [13]

    Leveraging Grammar and Reinforcement Learning for Neural Program Synthesis

    Rudy Bunel et al. “Leveraging grammar and reinforce- ment learning for neural program synthesis”. In:arXiv preprint arXiv:1805.04276(2018)

    work page internal anchor Pith review Pith/arXiv arXiv 2018

  13. [14]

    When deep learning met code search

    Jose Cambronero et al. “When deep learning met code search”. In:Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Confer- ence and Symposium on the F oundations of Software Engineering. 2019, pp. 964–974

    work page 2019

  14. [15]

    Electric Capital.Electric Capital Developer Report. Jan. 2023. URL : https://www.developerreport. com/developer-report

    work page 2023

  15. [16]

    Universal Sentence Encoder

    Daniel Cer et al. “Universal sentence encoder”. In: arXiv preprint arXiv:1803.11175(2018)

    work page internal anchor Pith review Pith/arXiv arXiv 2018

  16. [17]

    Evaluating Large Language Models Trained on Code

    Mark Chen et al. “Evaluating large language models trained on code”. In:arXiv:2107.03374(2021)

    work page internal anchor Pith review Pith/arXiv arXiv 2021

  17. [18]

    Ethereum address 0xaa3a2ae9f85a337070cc8895da292ac373c17851

    DEARReward Smart Contract. Ethereum address 0xaa3a2ae9f85a337070cc8895da292ac373c17851

    work page

  18. [19]

    Ethereum address 0xa8d8feeb169eeaa13957300a8c502d574bda2114

    KOBEReward Smart Contract. Ethereum address 0xa8d8feeb169eeaa13957300a8c502d574bda2114

    work page

  19. [21]

    Hoppity: Learning graph trans- formations to detect andfix bugs in programs

    Elizabeth Dinella et al. “Hoppity: Learning graph trans- formations to detect andfix bugs in programs”. In:In- ternational Conference on Learning Representations (ICLR). 2020

    work page 2020

  20. [22]

    Asm2vec: Boosting static representation robustness for binary clone search against code ob- fuscation and compiler optimization

    Steven HH Ding, Benjamin CM Fung, and Philippe Charland. “Asm2vec: Boosting static representation robustness for binary clone search against code ob- fuscation and compiler optimization”. In:2019 IEEE Symposium on Security and Privacy (SP). IEEE. 2019

    work page 2019

  21. [23]

    Empirical review of automated analysis tools on 47,587 Ethereum smart contracts

    Thomas Durieux et al. “Empirical review of automated analysis tools on 47,587 Ethereum smart contracts”. In:Proceedings of the ACM/IEEE 42nd International conference on software engineering. 2020

    work page 2020

  22. [24]

    https://etherscan.io/

    Ethereum.Etherscan: The Ethereum Blockchain Ex- plorer. https://etherscan.io/. 2021

    work page 2021

  23. [25]

    Slither: a static analysis framework for smart con- tracts

    Josselin Feist, Gustavo Grieco, and Alex Groce. “Slither: a static analysis framework for smart con- tracts”. In:2019 IEEE/ACM 2nd International Work- shop on Emerging Trends in Software Engineering for Blockchain (WETSEB). IEEE. 2019, pp. 8–15

    work page 2019

  24. [26]

    Smartbugs: A framework to analyze solidity smart contracts

    João F Ferreira et al. “Smartbugs: A framework to analyze solidity smart contracts”. In:Proceedings of the 35th IEEE/ACM International Conference on Auto- mated Software Engineering. 2020, pp. 1349–1352

    work page 2020

  25. [27]

    The eye of horus: Spotting and ana- lyzing attacks on Ethereum smart contracts

    Christof Ferreira Torres, Antonio Ken Iannillo, Arthur Gervais, et al. “The eye of horus: Spotting and ana- lyzing attacks on Ethereum smart contracts”. In:Inter- national Conference on Financial Cryptography and Data Security. Springer. 2021, pp. 33–52. 14

    work page 2021

  26. [28]

    Elysium: Context-Aware Bytecode-Level Patching to Automatically Heal Vulnerable Smart Contracts

    Christof Ferreira Torres, Hugo Jonker, and Radu State. “Elysium: Context-Aware Bytecode-Level Patching to Automatically Heal Vulnerable Smart Contracts”. In: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses. 2022

    work page 2022

  27. [29]

    Smartembed: A tool for clone and bug detection in smart contracts through structural code embedding

    Zhipeng Gao et al. “Smartembed: A tool for clone and bug detection in smart contracts through structural code embedding”. In:2019 IEEE International Confer- ence on Software Maintenance and Evolution (ICSME). IEEE. 2019, pp. 394–397

    work page 2019

  28. [31]

    Software vulnerability analysis and discovery us- ing machine-learning and data-mining techniques: A survey

    Seyed Mohammad Ghaffarian and Hamid Reza Shahri- ari. “Software vulnerability analysis and discovery us- ing machine-learning and data-mining techniques: A survey”. In:ACM Computing Surveys (CSUR)50.4 (2017), pp. 1–36

    work page 2017

  29. [33]

    https : / / console

    Google.BigQuery bigquery-public- data.ethereum_blockchain. https : / / console . cloud . google . com / bigquery. Retrieved on 25 October 2022

    work page 2022

  30. [34]

    Echidna: effective, usable, and fast fuzzing for smart contracts

    Gustavo Grieco et al. “Echidna: effective, usable, and fast fuzzing for smart contracts”. In:Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. 2020, pp. 557–560

    work page 2020

  31. [35]

    Deep code search

    Xiaodong Gu, Hongyu Zhang, and Sunghun Kim. “Deep code search”. In:Proceedings of the 40th Inter- national Conference on Software Engineering. 2018

    work page 2018

  32. [36]

    Aric Hagberg, Pieter Swart, and Daniel S Chult.Ex- ploring network structure, dynamics, and function using NetworkX. Tech. rep. Los Alamos National Lab.(LANL), Los Alamos, NM (United States), 2008

    work page 2008

  33. [37]

    The rise of software vulnerability: Taxonomy of software vulnerabilities detection and machine learning approaches

    Hazim Hanif et al. “The rise of software vulnerability: Taxonomy of software vulnerabilities detection and machine learning approaches”. In:Journal of Network and Computer Applications179 (2021), p. 103009

    work page 2021

  34. [40]

    Deep unordered composition rivals syntactic methods for text classification

    Mohit Iyyer et al. “Deep unordered composition rivals syntactic methods for text classification”. In:Proceed- ings of the 53rd annual meeting of the association for computational linguistics and the 7th international joint conference on natural language processing (vol- ume 1: Long papers). 2015, pp. 1681–1691

    work page 2015

  35. [41]

    Contractfuzzer: Fuzzing smart contracts for vulnerability detection

    Bo Jiang, Y e Liu, and WK Chan. “Contractfuzzer: Fuzzing smart contracts for vulnerability detection”. In:2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE. 2018

    work page 2018

  36. [43]

    Semi-Supervised Classification with Graph Convolutional Networks

    Thomas N Kipf and Max Welling. “Semi-supervised classification with graph convolutional networks”. In: arXiv preprint arXiv:1609.02907(2016)

    work page internal anchor Pith review Pith/arXiv arXiv 2016

  37. [44]

    Code review analysis of software system using machine learning techniques

    Harsh Lal and Gaurav Pahwa. “Code review analysis of software system using machine learning techniques”. In:2017 11th International Conference on Intelligent Systems and Control (ISCO). IEEE. 2017, pp. 8–13

    work page 2017

  38. [45]

    Improved code summariza- tion via a graph neural network

    Alexander LeClair et al. “Improved code summariza- tion via a graph neural network”. In:Proceedings of the 28th international conference on program compre- hension. 2020, pp. 184–195

    work page 2020

  39. [46]

    Gated Graph Sequence Neural Networks

    Y ujia Li et al. “Gated graph sequence neural networks”. In:arXiv preprint arXiv:1511.05493(2015)

    work page internal anchor Pith review Pith/arXiv arXiv 2015

  40. [47]

    Soliaudit: Smart contract vulner- ability assessment based on machine learning and fuzz testing

    Jian-Wei Liao et al. “Soliaudit: Smart contract vulner- ability assessment based on machine learning and fuzz testing”. In:2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS). IEEE. 2019, pp. 458–465

    work page 2019

  41. [49]

    Investigating graph embedding neural networks with unsupervised features extraction for binary analysis

    Luca Massarelli et al. “Investigating graph embedding neural networks with unsupervised features extraction for binary analysis”. In:Proceedings of the 2nd Work- shop on Binary Analysis Research (BAR). 2019

    work page 2019

  42. [50]

    Understanding a revo- lutionary andflawed grand experiment in blockchain: the DAO attack

    Muhammad Izhar Mehar et al. “Understanding a revo- lutionary andflawed grand experiment in blockchain: the DAO attack”. In:Journal of Cases on Information Technology (JCIT)21.1 (2019), pp. 19–32

    work page 2019

  43. [52]

    Ma- chine learning model for smart contracts security anal- ysis

    Pouyan Momeni, Y u Wang, and Reza Samavi. “Ma- chine learning model for smart contracts security anal- ysis”. In:2019 17th International Conference on Pri- vacy, Security and Trust (PST). IEEE. 2019, pp. 1–6. 15

    work page 2019

  44. [53]

    Manticore: A user-friendly sym- bolic execution framework for binaries and smart con- tracts

    Mark Mossberg et al. “Manticore: A user-friendly sym- bolic execution framework for binaries and smart con- tracts”. In:2019 34th IEEE/ACM International Confer- ence on Automated Software Engineering (ASE). IEEE. 2019, pp. 1186–1189

    work page 2019

  45. [55]

    https://swcregistry.io/docs/SWC-107

    MythX. https://swcregistry.io/docs/SWC-107. Retrieved on 11 June 2023

    work page 2023

  46. [57]

    Finding the greedy, prodigal, and suicidal contracts at scale

    Ivica Nikoli´c et al. “Finding the greedy, prodigal, and suicidal contracts at scale”. In:Proceedings of the 34th Annual Computer Security Applications Conference. 2018, pp. 653–663

    work page 2018

  47. [58]

    SWC Registry.Smart Contract Weakness Classifica- tion and Test Cases. Feb. 2022. URL : https : / / swcregistry.io/

    work page 2022

  48. [59]

    Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks

    Michael Rodler et al. “Sereum: Protecting existing smart contracts against re-entrancy attacks”. In:arXiv preprint arXiv:1812.05934(2018)

    work page internal anchor Pith review Pith/arXiv arXiv 2018

  49. [60]

    Deep learning in neural net- works: An overview

    Jürgen Schmidhuber. “Deep learning in neural net- works: An overview”. In:Neural networks61 (2015)

    work page 2015

  50. [64]

    A concurrent per- spective on smart contracts

    Ilya Sergey and Aquinas Hobor. “A concurrent per- spective on smart contracts”. In:International Confer- ence on Financial Cryptography and Data Security. Springer. 2017, pp. 478–493

    work page 2017

  51. [65]

    A survey on machine learning techniques for source code analysis

    Tushar Sharma et al. “A survey on machine learning techniques for source code analysis”. In:arXiv preprint arXiv:2110.09610(2021)

    work page arXiv 2021

  52. [66]

    June 2016

    David Siegel.Understanding the dao attack. June 2016. URL : https://www.coindesk.com/learn/2016/ 06/25/understanding-the-dao-attack/

    work page 2016

  53. [67]

    https://docs

    Solidity.Security Considerations. https://docs. soliditylang . org / en / v0 . 8 . 20 / security - considerations.html#reentrancy. 2023

    work page 2023

  54. [68]

    Attention-based Machine Learning Model for Smart Contract Vulnerability De- tection

    Y uhang Sun and Lize Gu. “Attention-based Machine Learning Model for Smart Contract Vulnerability De- tection”. In:Journal of Physics: Conference Series. V ol. 1820. 1. IOP Publishing. 2021, p. 012004

    work page 2021

  55. [70]

    Parity Technologies.A postmortem on the parity Multi- Sig Library Self-destruct. Nov. 2017. URL : https: //www.parity.io/blog/a-postmortem-on-the- parity-multi-sig-library-self-destruct/

    work page 2017

  56. [71]

    Smartcheck: Static analy- sis of Ethereum smart contracts

    Sergei Tikhomirov et al. “Smartcheck: Static analy- sis of Ethereum smart contracts”. In:Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain. 2018, pp. 9–16

    work page 2018

  57. [73]

    Confuzzius: A data dependency-aware hybrid fuzzer for smart contracts

    Christof Ferreira Torres et al. “Confuzzius: A data dependency-aware hybrid fuzzer for smart contracts”. In:2021 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE. 2021, pp. 103–119

    work page 2021

  58. [74]

    Securify: Practical security anal- ysis of smart contracts

    Petar Tsankov et al. “Securify: Practical security anal- ysis of smart contracts”. In:Proceedings of the 2018 ACM SIGSAC Conference on Computer and Commu- nications Security. 2018, pp. 67–82

    work page 2018

  59. [75]

    Survey of machine learning techniques for malware analysis

    Daniele Ucci, Leonardo Aniello, and Roberto Baldoni. “Survey of machine learning techniques for malware analysis”. In:Computers & Security81 (2019)

    work page 2019

  60. [76]

    Attention is all you need

    Ashish V aswani et al. “Attention is all you need”. In: Advances in neural information processing systems30 (2017)

    work page 2017

  61. [77]

    Reinforcement-learning-guided source code summarization using hierarchical atten- tion

    Wenhua Wang et al. “Reinforcement-learning-guided source code summarization using hierarchical atten- tion”. In:IEEE Transactions on software Engineering 48.1 (2020), pp. 102–119

    work page 2020

  62. [78]

    Deep learning code fragments for code clone detection

    Martin White et al. “Deep learning code fragments for code clone detection”. In:Proceedings of the 31st IEEE/ACM international conference on automated soft- ware engineering. 2016, pp. 87–98

    work page 2016

  63. [79]

    Ethereum: A secure decentralised generalised transaction ledger

    Gavin Wood et al. “Ethereum: A secure decentralised generalised transaction ledger”. In:Ethereum project yellow paper151.2014 (2014), pp. 1–32

    work page 2014

  64. [80]

    How Powerful are Graph Neural Networks?

    Keyulu Xu et al. “How powerful are graph neural net- works?” In:arXiv preprint arXiv:1810.00826(2018)

    work page internal anchor Pith review Pith/arXiv arXiv 2018

  65. [81]

    A novel machine learning-based analysis model for smart contract vulnerability

    Yingjie Xu et al. “A novel machine learning-based analysis model for smart contract vulnerability”. In: Security and Communication Networks2021 (2021). 16

    work page 2021

  66. [82]

    Vulnerability Detection for Smart Contract via Backward Bayesian Active Learning

    Jiale Zhang et al. “Vulnerability Detection for Smart Contract via Backward Bayesian Active Learning”. In:Applied Cryptography and Network Security Work- shops, Rome, Italy, 2022, Proceedings. Springer

    work page 2022

  67. [83]

    An end-to-end deep learning ar- chitecture for graph classification

    Muhan Zhang et al. “An end-to-end deep learning ar- chitecture for graph classification”. In:Thirty-Second AAAI Conference on Artificial Intelligence. 2018

    work page 2018

  68. [84]

    Smart contract development: Chal- lenges and opportunities

    Weiqin Zou et al. “Smart contract development: Chal- lenges and opportunities”. In:IEEE Transactions on Software Engineering(2019). A Appendix Overview Appendix B, in both this paper and the conference version [ 7], details the comparison in § 4.4. The other appendices (§ C–L) are unique to this extended version and organized as follows. Appendices §C and...

    work page 2019

  69. [85]

    are obvious in source, but must be inferred indirectly in bytecode,i.e., when all variables “happen” to be initialized to

    work page

  70. [86]

    compiled away

    DL V A ’s relatively poor performance on these two vulnera- bilities (cf. Table Appx.12) is exactly due to some information at source code being “compiled away” in bytecode. D Evaluation Metrics (extending § 2) The binary classification has four possible outcomes: true positives (TP), true negatives (TN), false positives (FP), and false negatives (FN). We ...

    work page 2023

  71. [87]

    eThorZeusbenchmark

    Tamer Abdelaziz and Aquinas Hobor. eThorZeusbenchmark. https : / / bit . ly / eThor _ Zeus_groundTruth1. [Online; accessed May-2023]. 25 Table Appx.8: Best of the ten commonly used machine learning supervised binary classifiers results Vulnerability Classifier Test size TP FP TN FN Accuracy TPR TNR FPR FNR AUC shadowing-state MLP 10037 290 1525 8038 184 72....

    work page 2023

  72. [88]

    Enriching Word Vectors with Subword Information

    Piotr Bojanowski et al. “Enriching Word V ec- tors with Subword Information”. In:arXiv preprint arXiv:1607.04606(2016)

    work page internal anchor Pith review Pith/arXiv arXiv 2016

  73. [89]

    EtherSolve: Computing an Ac- curate Control-Flow Graph from Ethereum Bytecode

    Filippo Contro et al. “EtherSolve: Computing an Ac- curate Control-Flow Graph from Ethereum Bytecode”. In:arXiv preprint arXiv:2103.09113(2021)

    work page arXiv 2021

  74. [90]

    https://secpriv.wien/ethor

    eThor: source code, build, and evaluation artifacts. https://secpriv.wien/ethor

    work page

  75. [91]

    Learning to forget: Continual prediction with LSTM

    Felix A Gers, Jürgen Schmidhuber, and Fred Cummins. “Learning to forget: Continual prediction with LSTM”. In:Neural computation12.10 (2000), pp. 2451–2471

    work page 2000

  76. [92]

    How effec- tive are smart contract analysis tools? evaluating smart contract static analysis tools using bug injection

    Asem Ghaleb and Karthik Pattabiraman. “How effec- tive are smart contract analysis tools? evaluating smart contract static analysis tools using bug injection”. In: Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. 2020

    work page 2020

  77. [93]

    Madmax: Surviving out-of-gas conditions in Ethereum smart contracts

    Neville Grech et al. “Madmax: Surviving out-of-gas conditions in Ethereum smart contracts”. In:Proceed- ings of the ACM on Programming Languages2.OOP- SLA (2018), pp. 1–27

    work page 2018

  78. [94]

    A semantic framework for the security analy- sis of Ethereum smart contracts

    Ilya Grishchenko, Matteo Maffei, and Clara Schnei- dewind. “A semantic framework for the security analy- sis of Ethereum smart contracts”. In:Principles of Se- curity and Trust: 7th International Conference, POST 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thes- saloniki, Greece, April 14-20, 2018, ...

    work page 2018

  79. [95]

    Ethertrust: Sound static analysis of Ethereum bytecode

    Ilya Grishchenko, Matteo Maffei, and Clara Schnei- dewind. “Ethertrust: Sound static analysis of Ethereum bytecode”. In:Technische Universität Wien, Tech. Rep (2018), pp. 1–41

    work page 2018

  80. [96]

    May 2023

    Aquinas Hobor.Personal emails to Subodh Sharma and Sukrit Kalra. May 2023

    work page 2023

Showing first 80 references.