{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T23:55:11Z","timestamp":1775346911031,"version":"3.50.1"},"reference-count":147,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2024,6,18]],"date-time":"2024-06-18T00:00:00Z","timestamp":1718668800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2024,6,18]],"date-time":"2024-06-18T00:00:00Z","timestamp":1718668800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100005727","name":"Universidade de Coimbra","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100005727","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Empir Software Eng"],"published-print":{"date-parts":[[2024,7]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Smart contracts are nowadays at the core of most blockchain systems. Like all computer programs, smart contracts are subject to the presence of residual faults, including severe security vulnerabilities. However, the key distinction lies in how these vulnerabilities are addressed. In smart contracts, when a vulnerability is identified, the affected contract must be terminated within the blockchain, as due to the immutable nature of blockchains, it is impossible to patch a contract once deployed. In this context, research efforts have been focused on proactively preventing the deployment of smart contracts containing vulnerabilities, mainly through the development of vulnerability detection tools. Along with these efforts, several heterogeneous vulnerability classification schemes appeared (e.g., most notably DASP and SWC). At the time of writing, these are mostly outdated initiatives, even though new smart contract vulnerabilities are consistently uncovered. In this paper, we propose OpenSCV, a new and Open hierarchical taxonomy for Smart Contract vulnerabilities, which is open to community contributions and matches the current state of the practice while being prepared to handle future modifications and evolution. The taxonomy was built based on the analysis of the existing research on vulnerability classification, community-maintained classification schemes, and research on smart contract vulnerability detection. We show how OpenSCV covers the announced detection ability of the current vulnerability detection tools and highlight its usefulness in smart contract vulnerability research. To validate OpenSCV, we performed an expert-based analysis wherein we invited multiple experts engaged in smart contract security research to participate in a questionnaire. The feedback from these experts indicated that the categories in OpenSCV are representative, clear, easily understandable, comprehensive, and highly useful. Regarding the vulnerabilities, the experts confirmed that they are easily understandable.<\/jats:p>","DOI":"10.1007\/s10664-024-10446-8","type":"journal-article","created":{"date-parts":[[2024,6,18]],"date-time":"2024-06-18T13:03:01Z","timestamp":1718715781000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":24,"title":["OpenSCV: an open hierarchical taxonomy for smart contract vulnerabilities"],"prefix":"10.1007","volume":"29","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4869-2336","authenticated-orcid":false,"given":"Fernando Richter","family":"Vidal","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8376-6711","authenticated-orcid":false,"given":"Naghmeh","family":"Ivaki","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0011-9901","authenticated-orcid":false,"given":"Nuno","family":"Laranjeiro","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,6,18]]},"reference":[{"key":"10446_CR1","doi-asserted-by":"publisher","unstructured":"Agbo C, Mahmoud Q, Eklund J (2019) Blockchain technology in healthcare: a systematic review. Healthcare 7(2):56. https:\/\/doi.org\/10.3390\/healthcare7020056. https:\/\/www.mdpi.com\/2227-9032\/","DOI":"10.3390\/healthcare7020056"},{"key":"10446_CR2","doi-asserted-by":"publisher","unstructured":"Akca S, Rajan A, Peng C (2019) SolAnalyser: a framework for analysing and testing smart contracts. In: 2019 26th Asia-Pacific software engineering conference (APSEC), IEEE, Putrajaya, Malaysia, pp 482\u2013489. https:\/\/doi.org\/10.1109\/APSEC48747.2019.00071. https:\/\/ieeexplore.ieee.org\/document\/8945725\/","DOI":"10.1109\/APSEC48747.2019.00071"},{"key":"10446_CR3","doi-asserted-by":"publisher","unstructured":"Amiet N (2021) Blockchain vulnerabilities in practice. Digital Threats: Research and Practice 2(2):1\u20137. https:\/\/doi.org\/10.1145\/3407230","DOI":"10.1145\/3407230"},{"key":"10446_CR4","volume-title":"Fundamentals of computer security technology","author":"EG Amoroso","year":"1994","unstructured":"Amoroso EG (1994) Fundamentals of computer security technology. Prentice-Hall Inc, USA"},{"key":"10446_CR5","unstructured":"Antonopoulos A, Wood G (2018) Mastering Ethereum: Building Smart Contracts and DApps. O\u2019Reilly Media, Inc"},{"key":"10446_CR6","doi-asserted-by":"publisher","unstructured":"Arga\u00f1araz MC, Ber\u00f3n MM, Pereira MJV, Henriques PR (2020) Detection of vulnerabilities in smart contracts specifications in ethereum platforms. In: 9th Symposium on languages, applications and technologies (SLATE 2020), Schloss Dagstuhl-Leibniz-Zentrum f\u00fcr Informatik, Barcelos, Portugal, OpenAccess Series in Informatics (OASIcs), p\u00a016. https:\/\/doi.org\/10.4230\/OASIcs.SLATE.2020.0","DOI":"10.4230\/OASIcs.SLATE.2020.0"},{"key":"10446_CR7","doi-asserted-by":"publisher","unstructured":"Ashizawa N, Yanai N, Cruz JP, Okamura S (2021) Eth2Vec: learning contract-wide code representations for vulnerability detection on ethereum smart contracts. In: Proceedings of the 3rd ACM international symposium on blockchain and secure critical infrastructure, ACM, New York, USA, pp 47\u201359. https:\/\/doi.org\/10.1145\/3457337.3457841","DOI":"10.1145\/3457337.3457841"},{"key":"10446_CR8","doi-asserted-by":"publisher","unstructured":"Ashouri M (2020) Etherolic. In: Proceedings of the 35th annual ACM symposium on applied computing, ACM, New York, USA, pp 353\u2013356. https:\/\/doi.org\/10.1145\/3341105.3374226","DOI":"10.1145\/3341105.3374226"},{"key":"10446_CR9","doi-asserted-by":"publisher","unstructured":"Ashraf I, Ma X, Jiang B, Chan WK (2020) GasFuzzer: fuzzing ethereum smart contract binaries to expose gas-oriented exception security vulnerabilities. IEEE Access 8:99552\u201399564. https:\/\/doi.org\/10.1109\/ACCESS.2020.2995183","DOI":"10.1109\/ACCESS.2020.2995183"},{"key":"10446_CR10","doi-asserted-by":"publisher","unstructured":"Atzei N, Bartoletti M, Cimoli T (2017) A survey of attacks on ethereum smart contracts (SoK) 164\u2013186. https:\/\/doi.org\/10.1007\/978-3-662-54455-6_8","DOI":"10.1007\/978-3-662-54455-6_8"},{"key":"10446_CR11","doi-asserted-by":"publisher","unstructured":"Avizienis A, Laprie JC, Randell B, Landwehr C (2004) Basic concepts and taxonomy of dependable and secure computing. IEEE Trans Dependable Secure Comput 1(1):11\u201333. https:\/\/doi.org\/10.1109\/TDSC.2004.2. http:\/\/ieeexplore.ieee.org\/document\/1335465\/","DOI":"10.1109\/TDSC.2004.2"},{"key":"10446_CR12","doi-asserted-by":"publisher","unstructured":"Ayoade G, Bauman E, Khan L, Hamlen K (2019) Smart contract defense through bytecode rewriting. In: 2019 IEEE International conference on blockchain (Blockchain), IEEE, Atlanta, GA, USA, pp 384\u2013389. https:\/\/doi.org\/10.1109\/Blockchain.2019.00059. https:\/\/ieeexplore.ieee.org\/document\/8946210\/","DOI":"10.1109\/Blockchain.2019.00059"},{"key":"10446_CR13","doi-asserted-by":"crossref","unstructured":"Bishop M, Bailey D (1996) A Critical Analysis of Vulnerability Taxonomies. Tech. rep. https:\/\/apps.dtic.mil\/sti\/citations\/ADA453251","DOI":"10.21236\/ADA453251"},{"key":"10446_CR14","unstructured":"Blockstack A (2021) Clarity. https:\/\/github.com\/clarity-lang"},{"key":"10446_CR15","doi-asserted-by":"publisher","unstructured":"Bose P, Das D, Chen Y, Feng Y, Kruegel C, Vigna G (2022) SAILFISH: vetting smart contract state-inconsistency bugs in seconds. In: 2022 IEEE symposium on security and privacy (SP), IEEE, San Francisco, CA, USA, pp 161\u2013178. https:\/\/doi.org\/10.1109\/SP46214.2022.9833721. https:\/\/ieeexplore.ieee.org\/document\/9833721\/","DOI":"10.1109\/SP46214.2022.9833721"},{"key":"10446_CR16","doi-asserted-by":"publisher","unstructured":"Brent L, Grech N, Lagouvardos S, Scholz B, Smaragdakis Y (2020) Ethainter: a smart contract security analyzer for composite vulnerabilities. In: Proceedings of the 41st ACM SIGPLAN conference on programming language design and implementation, Association for Computing Machinery, New York, USA, PLDI 2020, pp 454\u2013469. https:\/\/doi.org\/10.1145\/3385412.3385990","DOI":"10.1145\/3385412.3385990"},{"key":"10446_CR17","unstructured":"Brent L, Jurisevic A, Kong M, Liu E, Gauthier F, Gramoli V, Holz R, Scholzm B (2018) Vandal: a scalable security analysis framework for smart contracts. https:\/\/arxiv.org\/pdf\/1809.03981v1.pdf"},{"key":"10446_CR18","doi-asserted-by":"publisher","first-page":"286","DOI":"10.1007\/978-3-030-32409-4_18","volume-title":"Formal Methods and Software Engineering","author":"J Chang","year":"2019","unstructured":"Chang J, Gao B, Xiao H, Sun J, Cai Y, Yang Z (2019) sCompile: critical path identification and analysis for smart contracts. In: Ait-Ameur Y, Qin S (eds) Formal Methods and Software Engineering. Springer International Publishing, Cham, pp 286\u2013304"},{"key":"10446_CR19","doi-asserted-by":"publisher","unstructured":"Chen T, Cao R, Li T, Luo X, Gu G, Zhang Y, Liao Z, Zhu H, Chen G, He Z, Tang Y, Lin X, Zhang X (2020b) SODA: a generic online detection framework for smart contracts. In: Proceedings 2020 network and distributed system security symposium, internet society, Reston, VA. https:\/\/doi.org\/10.14722\/ndss.2020.24449. https:\/\/www.ndss-symposium.org\/wp-content\/uploads\/2020\/02\/24449.pdf","DOI":"10.14722\/ndss.2020.24449"},{"key":"10446_CR20","doi-asserted-by":"publisher","unstructured":"Chen T, Feng Y, Li Z, Zhou H, Luo X, Li X, Xiao X, Chen J, Zhang X (2021) GasChecker: scalable analysis for discovering gas-inefficient smart contracts. IEEE Trans Emerg Topics Comput 9(3):1433\u20131448. https:\/\/doi.org\/10.1109\/TETC.2020.2979019","DOI":"10.1109\/TETC.2020.2979019"},{"key":"10446_CR21","doi-asserted-by":"publisher","unstructured":"Chen W, Sun Z, Wang H, Luo X, Cai H, Wu L (2022) WASAI: uncovering vulnerabilities in Wasm smart contracts. In: Proceedings of the 31st ACM SIGSOFT international symposium on software testing and analysis, ACM, New York, USA, pp 703\u2013715. https:\/\/doi.org\/10.1145\/3533767.3534218","DOI":"10.1145\/3533767.3534218"},{"key":"10446_CR22","doi-asserted-by":"publisher","unstructured":"Chen J, Xia X, Lo D, Grundy J, Luo DX, Chen T (2020) Defining smart contract defects on ethereum. IEEE Trans Softw Eng 1. https:\/\/doi.org\/10.1109\/TSE.2020.2989002","DOI":"10.1109\/TSE.2020.2989002"},{"key":"10446_CR23","doi-asserted-by":"publisher","unstructured":"Chinen Y, Yanai N, Cruz JP, Okamura S (2020) RA: hunting for re-entrancy attacks in ethereum smart contracts via static analysis. In: 2020 IEEE International conference on blockchain (Blockchain), IEEE, Rhodes, Greece, pp 327\u2013336. https:\/\/doi.org\/10.1109\/Blockchain50366.2020.00048. https:\/\/ieeexplore.ieee.org\/document\/9284679\/","DOI":"10.1109\/Blockchain50366.2020.00048"},{"key":"10446_CR24","doi-asserted-by":"publisher","unstructured":"Choi J, Kim D, Kim S, Grieco G, Groce A, Cha SK (2021) SMARTIAN: enhancing smart contract fuzzing with static and dynamic data-flow analyses. In: 2021 36th IEEE\/ACM international conference on automated software engineering (ASE), IEEE, pp 227\u2013239. https:\/\/doi.org\/10.1109\/ASE51524.2021.9678888","DOI":"10.1109\/ASE51524.2021.9678888"},{"key":"10446_CR25","unstructured":"Clarivate (2021) Journal Citation Reports (JCR). http:\/\/jcr.clarivate.com"},{"key":"10446_CR26","unstructured":"Coblenz M (2019) The Obsidian Smart Contract Language. https:\/\/obsidian.readthedocs.io\/en\/latest\/"},{"key":"10446_CR27","unstructured":"ConsenSys (2021) Mythril. https:\/\/github.com\/ConsenSys\/mythril"},{"key":"10446_CR28","doi-asserted-by":"publisher","unstructured":"Crincoli G, Iadarola G, La Rocca PE, Martinelli F, Mercaldo F, Santone A (2022) Vulnerable smart contract detection by means of model checking. In: Proceedings of the Fourth ACM international symposium on blockchain and secure critical infrastructure, ACM, New York, USA, pp 3\u201310. https:\/\/doi.org\/10.1145\/3494106.3528672","DOI":"10.1145\/3494106.3528672"},{"key":"10446_CR29","doi-asserted-by":"publisher","unstructured":"Cui S, Zhao G, Gao Y, Tavu T, Huang J (2022) VRust. In: Proceedings of the 2022 ACM SIGSAC conference on computer and communications security, ACM, New York, USA, pp 639\u2013652. https:\/\/doi.org\/10.1145\/3548606.3560552","DOI":"10.1145\/3548606.3560552"},{"key":"10446_CR30","unstructured":"CWE Community (2009) Common Weakness Enumeration. https:\/\/cwe.mitre.org\/about\/index.html"},{"key":"10446_CR31","doi-asserted-by":"publisher","unstructured":"di\u00a0Angelo M, Salzer G (2019) A Survey of tools for analyzing ethereum smart contracts. In: 2019 IEEE International conference on decentralized applications and infrastructures (DAPPCON), IEEE, Newark, CA, USA, pp 69\u201378. https:\/\/doi.org\/10.1109\/DAPPCON.2019.00018. https:\/\/ieeexplore.ieee.org\/document\/8782988\/","DOI":"10.1109\/DAPPCON.2019.00018"},{"key":"10446_CR32","doi-asserted-by":"publisher","unstructured":"Ding M, Li P, Li S, Zhang H (2021) HFContractFuzzer: fuzzing hyperledger fabric smart contracts for vulnerability detection. In: Evaluation and assessment in software engineering, ACM, New York, USA, pp 321\u2013328. https:\/\/doi.org\/10.1145\/3463274.3463351","DOI":"10.1145\/3463274.3463351"},{"key":"10446_CR33","doi-asserted-by":"publisher","unstructured":"Durieux T, Ferreira JF, Abreu R, Cruz P (2020) Empirical review of automated analysis tools on 47,587 ethereum smart contracts. In: Proceedings of the ACM\/IEEE 42nd international conference on software engineering, Association for Computing Machinery, New York, USA, ICSE \u201920, pp 530\u2013541. https:\/\/doi.org\/10.1145\/3377811.3380364","DOI":"10.1145\/3377811.3380364"},{"key":"10446_CR34","doi-asserted-by":"publisher","unstructured":"Eshghie M, Artho C, Gurov D (2021) Dynamic vulnerability detection on smart contracts using machine learning. In: Evaluation and assessment in software engineering, ACM, New York, USA, pp 305\u2013312. https:\/\/doi.org\/10.1145\/3463274.3463348","DOI":"10.1145\/3463274.3463348"},{"key":"10446_CR35","unstructured":"Ethereum\u2019s Github (2022) Pure Issue. https:\/\/github.com\/ethereum\/solidity\/issues\/13174"},{"key":"10446_CR36","doi-asserted-by":"publisher","unstructured":"Feist J, Grieco G, Groce A (2019) Slither: a static analysis framework for smart contracts. In: 2019 IEEE\/ACM 2nd International workshop on emerging trends in software engineering for blockchain (WETSEB), IEEE, Montreal, QC, Canada, WETSEB \u201919, pp 8\u201315. https:\/\/doi.org\/10.1109\/WETSEB.2019.00008. https:\/\/ieeexplore.ieee.org\/document\/8823898\/","DOI":"10.1109\/WETSEB.2019.00008"},{"key":"10446_CR37","doi-asserted-by":"publisher","unstructured":"Fu M, Wu L, Hong Z, Zhu F, Sun H, Feng W (2019) A critical-path-coverage-based vulnerability detection method for smart contracts. IEEE Access 7:147327\u2013147344. https:\/\/doi.org\/10.1109\/ACCESS.2019.2947146","DOI":"10.1109\/ACCESS.2019.2947146"},{"key":"10446_CR38","doi-asserted-by":"publisher","unstructured":"Gao J, Liu H, Liu C, Li Q, Guan Z, Chen Z (2019) EASYFLOW: keep ethereum away from overflow. In: 2019 IEEE\/ACM 41st International conference on software engineering: companion proceedings (ICSE-Companion), IEEE, Montreal, QC, Canada, pp 23\u201326. https:\/\/doi.org\/10.1109\/ICSE-Companion.2019.00029. https:\/\/ieeexplore.ieee.org\/document\/8802775\/","DOI":"10.1109\/ICSE-Companion.2019.00029"},{"key":"10446_CR39","doi-asserted-by":"publisher","unstructured":"Geneiatakis D, Soupionis Y, Steri G, Kounelis I, Neisse R, Nai-Fovino I (2020) Blockchain performance analysis for supporting cross-border e-government services. IEEE Trans Eng Manag 67(4):1310\u20131322. https:\/\/doi.org\/10.1109\/TEM.2020.2979325. https:\/\/ieeexplore.ieee.org\/document\/9102377\/","DOI":"10.1109\/TEM.2020.2979325"},{"key":"10446_CR40","doi-asserted-by":"publisher","unstructured":"Ghaleb A, Pattabiraman K (2020) How effective are smart contract analysis tools? evaluating smart contract static analysis tools using bug injection. In: Proceedings of the 29th ACM SIGSOFT international symposium on software testing and analysis, association for computing machinery, New York, USA, ISSTA 2020, pp 415\u2013427. https:\/\/doi.org\/10.1145\/3395363.3397385","DOI":"10.1145\/3395363.3397385"},{"key":"10446_CR41","doi-asserted-by":"crossref","unstructured":"Ghaleb A, Rubin J, Pattabiraman K (2023) AChecker: statically detecting smart contract access control vulnerabilities. In: Proc ACM ICSE","DOI":"10.1109\/ICSE48619.2023.00087"},{"key":"10446_CR42","unstructured":"government U (1999) National Vulnerability Database. https:\/\/nvd.nist.gov\/"},{"key":"10446_CR43","doi-asserted-by":"publisher","unstructured":"Grech A, Camilleri AF (2017) Blockchain in Education. Publications Office of the European Union. https:\/\/doi.org\/10.2760\/60649. https:\/\/ec.europa.eu\/jrc\/en\/open-education\/legal-notice","DOI":"10.2760\/60649"},{"key":"10446_CR44","doi-asserted-by":"publisher","unstructured":"Grech N, Kong M, Jurisevic A, Brent L, Scholz B, Smaragdakis Y (2020) MadMax: analyzing the out-of-gas world of smart contracts. Commun ACM 63(10):87\u201395. https:\/\/doi.org\/10.1145\/3416262","DOI":"10.1145\/3416262"},{"key":"10446_CR45","doi-asserted-by":"publisher","unstructured":"Grishchenko I, Maffei M, Schneidewind C (2018) A semantic framework for the security analysis of ethereum smart contracts. In: Bauer L, K\u00fcsters R (eds) principles of security and trust, vol 10804, Springer International Publishing, Uppsala, Sweden, pp 243\u2013269. https:\/\/doi.org\/10.1007\/978-3-319-89722-6_10","DOI":"10.1007\/978-3-319-89722-6_10"},{"key":"10446_CR46","doi-asserted-by":"publisher","unstructured":"Gupta R, Patel MM, Shukla A, Tanwar S (2022) Deep learning-based malicious smart contract detection scheme for internet of things environment. Comput Electr Eng 97:107583. https:\/\/doi.org\/10.1016\/j.compeleceng.2021.107583","DOI":"10.1016\/j.compeleceng.2021.107583"},{"key":"10446_CR47","doi-asserted-by":"publisher","unstructured":"Hajdu \u00c1, Jovanovi\u0107 D (2020) solc-verify: a modular verifier for solidity smart contracts. pp 161\u2013179. https:\/\/doi.org\/10.1007\/978-3-030-41600-3_11","DOI":"10.1007\/978-3-030-41600-3_11"},{"key":"10446_CR48","doi-asserted-by":"publisher","unstructured":"Hansman S, Hunt R (2005) A taxonomy of network and computer attacks. Computers & Security 24(1):31\u201343. https:\/\/doi.org\/10.1016\/j.cose.2004.06.011. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167404804001804","DOI":"10.1016\/j.cose.2004.06.011"},{"key":"10446_CR49","doi-asserted-by":"publisher","unstructured":"Hartel P, Schumi R (2020) Mutation testing of smart contracts at scale. In: Ahrendt W, Wehrheim H (eds) Tests and Proofs - 14th International Conference, TAP 2020, held as part of STAF 2020, Proceedings, Lecture Notes in Computer Science(including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer Open, Bergen, Norway, pp 23\u201342. https:\/\/doi.org\/10.1007\/978-3-030-50995-8_2. http:\/\/link.springer.com\/10.1007\/978-3-030-50995-8_2","DOI":"10.1007\/978-3-030-50995-8_2"},{"key":"10446_CR50","doi-asserted-by":"publisher","first-page":"102857","DOI":"10.1016\/j.jnca.2020.102857","volume":"177","author":"T Hewa","year":"2021","unstructured":"Hewa T, Ylianttila M, Liyanage M (2021) Survey on blockchain based smart contracts: applications, opportunities and challenges. J Netw Comput Appl 177:102857","journal-title":"J Netw Comput Appl"},{"key":"10446_CR51","unstructured":"He N, Zhang R, Wang H, Wu L, Luo X, Guo Y, Yu T, Jiang X (2021) $$\\{$$EOSAFE$$\\}$$: security analysis of $$\\{$$EOSIO$$\\}$$ smart contracts. In: 30th USENIX security symposium (USENIX Security 21), pp 1271\u20131288"},{"key":"10446_CR52","unstructured":"Howard JD (1997) An analysis of security incidents on the Internet 1989-1995. PhD thesis, Carnegie Mellon University, USA. https:\/\/www.proquest.com\/openview\/26b4425b41777ee9b6cac10b78da998a\/1?pq-origsite=gscholar &cbl=18750 &diss=y"},{"issue":"2","key":"10446_CR53","doi-asserted-by":"publisher","first-page":"100179","DOI":"10.1016\/j.patter.2020.100179","volume":"2","author":"B Hu","year":"2021","unstructured":"Hu B, Zhang Z, Liu J, Liu Y, Yin J, Lu R, Lin X (2021) A comprehensive survey on smart contract construction and execution: paradigms, tools, and systems. Patterns 2(2):100179. https:\/\/doi.org\/10.1016\/j.patter.2020.100179","journal-title":"Patterns"},{"key":"10446_CR54","doi-asserted-by":"publisher","unstructured":"Hu T, Li B, Pan Z, Qian C (2023) Detect defects of solidity smart contract based on the knowledge graph. IEEE Trans Reliab 1\u201317. https:\/\/doi.org\/10.1109\/TR.2023.3233999. https:\/\/ieeexplore.ieee.org\/document\/10025570\/","DOI":"10.1109\/TR.2023.3233999"},{"key":"10446_CR55","doi-asserted-by":"publisher","first-page":"32595","DOI":"10.1109\/ACCESS.2022.3162065","volume":"10","author":"SJ Hwang","year":"2022","unstructured":"Hwang SJ, Choi SH, Shin J, Choi YH (2022) CodeNet: code-targeted convolutional neural network architecture for smart contract vulnerability detection. IEEE Access 10:32595\u201332607. https:\/\/doi.org\/10.1109\/ACCESS.2022.3162065","journal-title":"IEEE Access"},{"key":"10446_CR56","doi-asserted-by":"publisher","unstructured":"I Group et al (2010) IEEE Standard Classification for Software Anomalies. IEEE Std 1044-2009 (Revision of IEEE Std 1044-1993, pp 1\u201323. https:\/\/doi.org\/10.1109\/IEEESTD.2010.5399061","DOI":"10.1109\/IEEESTD.2010.5399061"},{"key":"10446_CR57","unstructured":"IBM (2013a) Orthogonal Defect Classification v 5.2 Extensions for GUI, User Documentation, Build & NLS. https:\/\/s3.us.cloud-object-storage.appdomain.cloud\/res-files\/70-ODC-5-2-Extensions.pdf"},{"key":"10446_CR58","unstructured":"IBM (2013b) Orthogonal Defect Classification v 5.2 for Software Design and Code. https:\/\/s3.us.cloud-object-storage.appdomain.cloud\/res-files\/70-ODC-5-2.pdf"},{"key":"10446_CR59","doi-asserted-by":"publisher","unstructured":"Ivanov N, Li C, Yan Q, Sun Z, Cao Z, Luo X (2023) Security Threat Mitigation For Smart Contracts: A Comprehensive Survey. ACM Comput Surv. https:\/\/doi.org\/10.1145\/3593293","DOI":"10.1145\/3593293"},{"key":"10446_CR60","doi-asserted-by":"publisher","unstructured":"Jiang B, Liu Y, Chan WK (2018) ContractFuzzer: fuzzing smart contracts for vulnerability detection. In: Proceedings of the 33rd ACM\/IEEE international conference on automated software engineering, Association for Computing Machinery, New York, USA, ASE 2018, pp 259\u2013269. https:\/\/doi.org\/10.1145\/3238147.3238177","DOI":"10.1145\/3238147.3238177"},{"key":"10446_CR61","doi-asserted-by":"publisher","unstructured":"Ji R, He N, Wu L, Wang H, Bai G, Guo Y (2020) DEPOSafe: demystifying the fake deposit vulnerability in Ethereum smart contracts. In: 2020 25th international conference on engineering of complex computer systems (ICECCS), IEEE, pp 125\u2013134. https:\/\/doi.org\/10.1109\/ICECCS51672.2020.00022. https:\/\/ieeexplore.ieee.org\/document\/9376204\/","DOI":"10.1109\/ICECCS51672.2020.00022"},{"key":"10446_CR62","doi-asserted-by":"publisher","unstructured":"Jin L, Cao Y, Chen Y, Zhang D, Campanoni S (2023) ExGen: cross-platform, automated exploit generation for smart contract vulnerabilities. IEEE Trans Dependable Secure Comput 20(1):650\u2013664. https:\/\/doi.org\/10.1109\/TDSC.2022.3141396","DOI":"10.1109\/TDSC.2022.3141396"},{"key":"10446_CR63","doi-asserted-by":"publisher","unstructured":"Kaleem M, Mavridou A, Laszka A (2020) Vyper: a security comparison with solidity based on common Vulnerabilities. In: 2020 2nd conference on blockchain research & applications for innovative networks and services (BRAINS), IEEE, pp 107\u2013111. https:\/\/doi.org\/10.1109\/BRAINS49436.2020.9223278","DOI":"10.1109\/BRAINS49436.2020.9223278"},{"key":"10446_CR64","doi-asserted-by":"publisher","unstructured":"Kalra S, Goel S, Dhawan M, Sharma S (2018) ZEUS: analyzing safety of smart contracts. In: Proceedings 2018 network and distributed system security symposium, Internet Society, Reston, VA, pp 2018\u201302. https:\/\/doi.org\/10.14722\/ndss.2018.23082. https:\/\/www.ndss-symposium.org\/wp-content\/uploads\/2018\/02\/ndss2018_09-1_Kalra_paper.pdf","DOI":"10.14722\/ndss.2018.23082"},{"key":"10446_CR65","doi-asserted-by":"publisher","unstructured":"Khan S, Amin MB, Azar AT, Aslam S (2021) Towards interoperable blockchains: a survey on the role of smart contracts in blockchain interoperability. IEEE Access 9:116672\u2013116691. https:\/\/doi.org\/10.1109\/ACCESS.2021.3106384","DOI":"10.1109\/ACCESS.2021.3106384"},{"key":"10446_CR66","doi-asserted-by":"publisher","unstructured":"Kolluri A, Nikolic I, Sergey I, Hobor A, Saxena P (2019) Exploiting the laws of order in smart contracts. In: Proceedings of the 28th ACM SIGSOFT international symposium on software testing and analysis, Association for Computing Machinery, New York, USA, ISSTA 2019, pp 363\u2013373. https:\/\/doi.org\/10.1145\/3293882.3330560","DOI":"10.1145\/3293882.3330560"},{"key":"10446_CR67","unstructured":"Krsul IV (1998) Software vulnerability analysis. PhD thesis, Purdue University. https:\/\/www.proquest.com\/openview\/10fa0675998eeecf99bbc64ca3a46650\/1?pq-origsite=gscholar &cbl=18750 &diss=y"},{"key":"10446_CR68","unstructured":"Krupp J, Rossow C (2018) TEETHER: gnawing at ethereum to automatically exploit smart contracts. In: Proceedings of the 27th USENIX Conference on Security Symposium, USENIX Association, USA, SEC\u201918, pp 1317\u20131333"},{"key":"10446_CR69","doi-asserted-by":"publisher","unstructured":"Liao JW, Tsai TT, He CK, Tien CW (2019) SoliAudit: smart contract vulnerability assessment based on machine learning and fuzz testing. In: 2019 Sixth international conference on internet of things: systems, management and security (IOTSMS), IEEE, Granada, Spain, pp 458\u2013465. https:\/\/doi.org\/10.1109\/IOTSMS48152.2019.8939256. https:\/\/ieeexplore.ieee.org\/document\/8939256\/","DOI":"10.1109\/IOTSMS48152.2019.8939256"},{"key":"10446_CR70","doi-asserted-by":"publisher","unstructured":"Liao Z, Zheng Z, Chen X, Nan Y (2022) SmartDagger: a bytecode-based static analysis approach for detecting cross-contract vulnerability. In: Proceedings of the 31st ACM SIGSOFT international symposium on software testing and analysis, ACM, New York, USA, pp 752\u2013764. https:\/\/doi.org\/10.1145\/3533767.3534222","DOI":"10.1145\/3533767.3534222"},{"key":"10446_CR71","doi-asserted-by":"publisher","unstructured":"Li W, He J, Zhao G, Yang J, Li S, Lai R, Li P, Tang H, Luo H, Zhou Z (2022c) EOSIOAnalyzer: an effective static analysis vulnerability detection framework for EOSIO smart contracts. In: 2022 IEEE 46th annual computers, software, and applications conference (COMPSAC), IEEE, Los Alamitos, CA, USA, pp 746\u2013756. https:\/\/doi.org\/10.1109\/COMPSAC54236.2022.00124. https:\/\/ieeexplore.ieee.org\/document\/9842620\/","DOI":"10.1109\/COMPSAC54236.2022.00124"},{"key":"10446_CR72","doi-asserted-by":"publisher","unstructured":"Li P, Li S, Ding M, Yu J, Zhang H, Zhou X, Li J (2022b) A vulnerability detection framework for hyperledger fabric smart contracts based on dynamic and static analysis. In: The International Conference on Evaluation and Assessment in Software Engineering 2022, ACM, New York, USA, pp 366\u2013374. https:\/\/doi.org\/10.1145\/3530019.3531342","DOI":"10.1145\/3530019.3531342"},{"key":"10446_CR73","doi-asserted-by":"publisher","unstructured":"Li Z, Lu S, Zhang R, Xue R, Ma W, Liang R, Zhao Z, Gao S (2022) SmartFast: an accurate and robust formal analysis tool for Ethereum smart contracts. Empir Softw Eng 27(7):197. https:\/\/doi.org\/10.1007\/s10664-022-10218-2","DOI":"10.1007\/s10664-022-10218-2"},{"key":"10446_CR74","doi-asserted-by":"crossref","unstructured":"Lindqvist U, Jonsson E (1997) How to systematically classify computer security intrusions. pp 154\u2013163","DOI":"10.1109\/SECPRI.1997.601330"},{"key":"10446_CR75","doi-asserted-by":"publisher","unstructured":"Li B, Pan Z, Hu T (2022) ReDefender: detecting Reentrancy Vulnerabilities in Smart Contracts Automatically. IEEE Trans Reliab 71(2):984\u2013999. https:\/\/doi.org\/10.1109\/TR.2022.3161634","DOI":"10.1109\/TR.2022.3161634"},{"key":"10446_CR76","doi-asserted-by":"publisher","unstructured":"Liu C, Liu H, Cao Z, Chen Z, Chen B, Roscoe B (2018) ReGuard: finding reentrancy Bugs in smart Contracts. In: Proceedings of the 40th international conference on software engineering: companion proceeedings, ACM, New York, USA, pp 65\u201368. https:\/\/doi.org\/10.1145\/3183440.3183495","DOI":"10.1145\/3183440.3183495"},{"key":"10446_CR77","doi-asserted-by":"publisher","unstructured":"Liu Z, Qian P, Wang X, Zhuang Y, Qiu L, Wang X (2021) Combining graph neural networks with expert knowledge for smart contract vulnerability detection. IEEE Trans Knowl Data Eng 35(2):1\u20131. https:\/\/doi.org\/10.1109\/TKDE.2021.3095196. https:\/\/ieeexplore.ieee.org\/document\/9477066\/","DOI":"10.1109\/TKDE.2021.3095196"},{"key":"10446_CR78","unstructured":"Lough DL (2001) A taxonomy of computer attacks with applications to wireless networks. PhD thesis, Virginia Polytechnic Institute and State University"},{"key":"10446_CR79","doi-asserted-by":"publisher","unstructured":"Luu L, Chu DH, Olickel H, Saxena P, Hobor A (2016) Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, Association for Computing Machinery, New York, USA, CCS \u201916, pp 254\u2013269. https:\/\/doi.org\/10.1145\/2976749.2978309","DOI":"10.1145\/2976749.2978309"},{"key":"10446_CR80","doi-asserted-by":"publisher","unstructured":"Lu N, Wang B, Zhang Y, Shi W, Esposito C (2019) NeuCheck: a more practical Ethereum smart contract security analysis tool. Software: Practice and Experience n\/a(n\/a):1\u201320. https:\/\/doi.org\/10.1002\/spe.2745","DOI":"10.1002\/spe.2745"},{"key":"10446_CR81","unstructured":"Mann DE, Christey SM (1999) Towards a common enumeration of vulnerabilities. In: 2nd Workshop on research with security vulnerability databases, Purdue University in West Lafayette, Indiana, pp 1\u201313"},{"key":"10446_CR82","unstructured":"Manning A (2018) Solidity security: comprehensive list of known attack vectors and common anti-patterns. https:\/\/github.com\/sigp\/solidity-security-blog"},{"key":"10446_CR83","doi-asserted-by":"publisher","unstructured":"Ma F, Ren M, Ouyang L, Chen Y, Zhu J, Chen T, Zheng Y, Dai X, Jiang Y, Sun J (2023) Pied-Piper: revealing the backdoor threats in ethereum ERC token contracts. ACM Trans Softw Eng Methodol 32(3):1\u201324. https:\/\/doi.org\/10.1145\/3560264","DOI":"10.1145\/3560264"},{"key":"10446_CR84","doi-asserted-by":"publisher","first-page":"446","DOI":"10.1007\/978-3-030-32101-7_27","volume-title":"financial cryptography and data security","author":"A Mavridou","year":"2019","unstructured":"Mavridou A, Laszka A, Stachtiari E, Dubey A (2019) VeriSolid: correct-by-design smart contracts for Ethereum. In: Goldberg I, Moore T (eds) financial cryptography and data security. Springer International Publishing, Cham, pp 446\u2013465"},{"key":"10446_CR85","doi-asserted-by":"crossref","unstructured":"Mavridou A, Laszka A (2018) Designing secure Ethereum smart contracts: a finite State machine based approach. In: Meiklejohn S, Sako K (eds) financial cryptography and data security, Springer Berlin Heidelberg, pp 523\u2013540. https:\/\/www.springerprofessional.de\/en\/designing-secure-ethereum-smart-contracts-a-finite-state-machine\/17118720","DOI":"10.1007\/978-3-662-58387-6_28"},{"key":"10446_CR86","doi-asserted-by":"publisher","unstructured":"Ma F, Xu Z, Ren M, Yin Z, Chen Y, Qiao L, Gu B, Li H, Jiang Y, Sun J (2022) Pluto: exposing vulnerabilities in inter-contract scenarios. IEEE Trans Softw Eng 48(11):4380\u20134396. https:\/\/doi.org\/10.1109\/TSE.2021.3117966. https:\/\/ieeexplore.ieee.org\/document\/9562567\/","DOI":"10.1109\/TSE.2021.3117966"},{"key":"10446_CR87","unstructured":"MITRE Corporation (1999) Common Vulnerabilities and Exposures. https:\/\/www.cve.org\/"},{"key":"10446_CR88","doi-asserted-by":"publisher","unstructured":"Mi F, Wang Z, Zhao C, Guo J, Ahmed F, Khan L (2021) VSCL: automating vulnerability detection in smart contracts with deep learning. In: 2021 IEEE international conference on blockchain and cryptocurrency (ICBC), IEEE, Sydney, Australia, pp 1\u20139. https:\/\/doi.org\/10.1109\/ICBC51069.2021.9461050. https:\/\/ieeexplore.ieee.org\/document\/9461050\/","DOI":"10.1109\/ICBC51069.2021.9461050"},{"key":"10446_CR89","doi-asserted-by":"publisher","unstructured":"Momeni P, Wang Y, Samavi R (2019) Machine learning model for smart contracts security analysis. In: 2019 17th international conference on privacy, security and trust (PST), IEEE, Fredericton, NB, Canada, pp 1\u20136. https:\/\/doi.org\/10.1109\/PST47121.2019.8949045. https:\/\/ieeexplore.ieee.org\/document\/8949045\/","DOI":"10.1109\/PST47121.2019.8949045"},{"key":"10446_CR90","doi-asserted-by":"crossref","unstructured":"Nassirzadeh B, Sun H, Banescu S, Ganesh V (2023) Gas Gauge: a security analysis tool for smart contract out-of-gas vulnerabilities. In: Mathematical Research for Blockchain Economy. Springer International Publishing, Cham, pp 143\u2013167","DOI":"10.1007\/978-3-031-18679-0_9"},{"key":"10446_CR91","unstructured":"NCC Group (2019) DASP. https:\/\/dasp.co\/"},{"key":"10446_CR92","unstructured":"NCCGroup (2021) Decentralized Application Security Project (DASP) Top10. https:\/\/dasp.co\/"},{"key":"10446_CR93","doi-asserted-by":"publisher","unstructured":"Nguyen TD, Pham LH, Sun J, Lin Y, Minh QT (2020) SFuzz: an efficient adaptive fuzzer for solidity smart contracts. In: Proceedings of the ACM\/IEEE 42nd international conference on software engineering, Association for Computing Machinery, New York, USA, ICSE \u201920, pp 778\u2013788. https:\/\/doi.org\/10.1145\/3377811.3380334","DOI":"10.1145\/3377811.3380334"},{"key":"10446_CR94","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1007\/978-3-030-72013-1_14","volume-title":"tools and algorithms for the construction and analysis of systems","author":"Y Nishida","year":"2021","unstructured":"Nishida Y, Saito H, Ran C, Akira K, Jun F, Kohei S, Atsushi I (2021) Helmholtz: A verifier for Tezos smart contracts cased on refinement types. In: Groote JF, Larsen KG (eds) tools and algorithms for the construction and analysis of systems. Springer International Publishing, Cham, pp 262\u2013280"},{"key":"10446_CR95","unstructured":"OWASP Foundation (2001) OWASP. https:\/\/owasp.org\/www-community\/vulnerabilities\/#"},{"key":"10446_CR96","doi-asserted-by":"publisher","unstructured":"Pani S, Nallagonda HV, Vigneswaran, Medicherla RK, Rajan M (2023) SmartFuzzDriverGen: smart contract fuzzing automation for Golang. In: 16th innovations in software engineering conference, ACM, New York, USA, pp 1\u201311. https:\/\/doi.org\/10.1145\/3578527.3578538","DOI":"10.1145\/3578527.3578538"},{"key":"10446_CR97","doi-asserted-by":"publisher","unstructured":"Qian P, Liu ZG, He QM, Huang BT, Tian DZ, Wang X (2022) Smart contract vulnerability detection technique: a survey. Ruan Jian Xue Bao\/Journal of Software 33(8):3059\u20133085. https:\/\/doi.org\/10.13328\/j.cnki.jos.006375. arXiv:2209.05872","DOI":"10.13328\/j.cnki.jos.006375"},{"key":"10446_CR98","doi-asserted-by":"publisher","unstructured":"Rameder H, di Angelo M, Salzer G (2022) Review of automated vulnerability analysis of smart contracts on Ethereum. Frontiers in Blockchain 5. https:\/\/doi.org\/10.3389\/fbloc.2022.814977","DOI":"10.3389\/fbloc.2022.814977"},{"key":"10446_CR99","doi-asserted-by":"publisher","unstructured":"Rodler M, Li W, Karame GO, Davi L (2019) Sereum: protecting existing smart contracts against re-entrancy attacks. In: Proceedings 2019 network and distributed system security symposium, internet society, Reston, VA. https:\/\/doi.org\/10.14722\/ndss.2019.23413. https:\/\/www.ndss-symposium.org\/wp-content\/uploads\/2019\/02\/ndss2019_09-3_Rodler_paper.pdf","DOI":"10.14722\/ndss.2019.23413"},{"key":"10446_CR100","doi-asserted-by":"publisher","unstructured":"Shakya S, Mukherjee A, Halder R, Maiti A, Chaturvedi A (2022) SmartMixModel: machine learning-based vulnerability detection of solidity smart contracts. In: 2022 IEEE international conference on blockchain (blockchain), IEEE, Espoo, Finland, pp 37\u201344. https:\/\/doi.org\/10.1109\/Blockchain55522.2022.00016. https:\/\/ieeexplore.ieee.org\/document\/9881798\/","DOI":"10.1109\/Blockchain55522.2022.00016"},{"key":"10446_CR101","unstructured":"Siegel D (2016) Understanding The DAO Attack. https:\/\/www.coindesk.com\/understanding-dao-hack-journalists"},{"key":"10446_CR102","unstructured":"Slither\u2019s Github (2019) Slither Vulnerabilities Detection. https:\/\/github.com\/crytic\/slither"},{"key":"10446_CR103","unstructured":"SmartContractSecurity (2020) Smart Contract Weakness Classification (SWC) and Test Cases. http:\/\/swcregistry.io\/"},{"key":"10446_CR104","unstructured":"SmartDec Corporation (2018) SmartDec - Classification of smart contract vulnerabilities. https:\/\/github.com\/smartdec\/classification"},{"key":"10446_CR105","doi-asserted-by":"publisher","unstructured":"So S, Lee M, Park J, Lee H, Oh H (2020) VERISMART: a highly precise safety verifier for Ethereum smart contracts. In: 2020 IEEE symposium on Security and Privacy (SP), IEEE, San Francisco, CA, USA, pp 1678\u20131694. https:\/\/doi.org\/10.1109\/SP40000.2020.00032. https:\/\/ieeexplore.ieee.org\/document\/9152689\/","DOI":"10.1109\/SP40000.2020.00032"},{"key":"10446_CR106","unstructured":"Solidity (2023) Solidity Documentation 0.8.17. https:\/\/docs.soliditylang.org\/en\/v0.8.17\/contracts.html"},{"key":"10446_CR107","doi-asserted-by":"publisher","unstructured":"Song J, He H, Lv Z, Su C, Xu G, Wang W (2019) An efficient vulnerability detection model for Ethereum smart contracts. In: Liu JK, Huang X (ed) network and system security, Springer International Publishing, Cham, pp 433\u2013442. https:\/\/doi.org\/10.1007\/978-3-030-36938-5_26","DOI":"10.1007\/978-3-030-36938-5_26"},{"key":"10446_CR108","doi-asserted-by":"publisher","unstructured":"Staderini M, Palli C, Bondavalli A (2020) Classification of Ethereum vulnerabilities and their propagations. In: 2020 second international conference on blockchain computing and applications (BCCA), IEEE, pp 44\u201351. https:\/\/doi.org\/10.1109\/BCCA50787.2020.9274458. https:\/\/ieeexplore.ieee.org\/document\/9274458\/","DOI":"10.1109\/BCCA50787.2020.9274458"},{"key":"10446_CR109","doi-asserted-by":"publisher","unstructured":"Staderini M, Pataricza A, Bondavalli A (2022) Security evaluation and improvement of solidity smart contracts. SSRN Electron J. https:\/\/doi.org\/10.2139\/ssrn.4038087","DOI":"10.2139\/ssrn.4038087"},{"key":"10446_CR110","doi-asserted-by":"publisher","unstructured":"Stephens J, Ferles K, Mariano B, Lahiri S, Dillig I (2021) SmartPulse: automated checking of temporal properties in smart contracts. In: 2021 IEEE symposium on security and privacy (SP), IEEE, San Francisco, CA, USA, pp 555\u2013571. https:\/\/doi.org\/10.1109\/SP40001.2021.00085. https:\/\/ieeexplore.ieee.org\/document\/9519387\/","DOI":"10.1109\/SP40001.2021.00085"},{"key":"10446_CR111","unstructured":"Sunbeom S, Seongjoon H, Hakjoo O (2021) Smartest: effectively hunting vulnerable transaction sequences in smart contracts through language modelguided symbolic execution. In: in 30th USENIX Security Symposium, USENIX Association. https:\/\/www.usenix.org\/system\/files\/sec21-so.pdf"},{"key":"10446_CR112","doi-asserted-by":"publisher","unstructured":"Sun X, Tu L, Zhang J, Cai J, Li B, Wang Y (2023) ASSBert: active and semi-supervised bert for smart contract vulnerability detection. J Inf Secur Appl 73:103423. https:\/\/doi.org\/10.1016\/j.jisa.2023.103423","DOI":"10.1016\/j.jisa.2023.103423"},{"key":"10446_CR113","unstructured":"The Computing Research and Education Association of Australasia (2021) CORE Conference Ranking. http:\/\/portal.core.edu.au\/conf-ranks\/"},{"key":"10446_CR114","doi-asserted-by":"publisher","unstructured":"Tikhomirov S, Voskresenskaya E, Ivanitskiy I, Takhaviev R, Marchenko E, Alexandrov Y (2018) SmartCheck: static analysis of Ethereum smart contracts. In: Proceedings of the 1st international workshop on emerging trends in software engineering for blockchain, ACM, New York, USA, pp 9\u201316. https:\/\/doi.org\/10.1145\/3194113.3194115","DOI":"10.1145\/3194113.3194115"},{"key":"10446_CR115","doi-asserted-by":"publisher","unstructured":"Torres CF, Iannillo AK, Gervais A, State R (2021) ConFuzzius: a data dependency-aware hybrid fuzzer for smart contracts. In: 2021 IEEE European symposium on security and privacy (EuroS &P), IEEE, Vienna, Austria, pp 103\u2013119. https:\/\/doi.org\/10.1109\/EuroSP51992.2021.00018. https:\/\/ieeexplore.ieee.org\/document\/9581164\/","DOI":"10.1109\/EuroSP51992.2021.00018"},{"key":"10446_CR116","doi-asserted-by":"publisher","unstructured":"Torres CF, Sch\u00fctte J, State R (2018) Osiris: hunting for integer bugs in Ethereum smart contracts. In: Proceedings of the 34th annual computer security applications conference, association for computing machinery, New York, USA, ACSAC \u201918, pp 664\u2013676. https:\/\/doi.org\/10.1145\/3274694.3274737","DOI":"10.1145\/3274694.3274737"},{"key":"10446_CR117","unstructured":"Tsankov P (2018) Securify2. https:\/\/github.com\/eth-sri\/securify2"},{"key":"10446_CR118","doi-asserted-by":"publisher","unstructured":"Tsankov P, Dan A, Drachsler-Cohen D, Gervais A, B\u00fcnzli F, Vechev M (2018) Securify: practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC conference on computer and communications security, Association for Computing Machinery, New York, USA, CCS \u201918, pp 67\u201382. https:\/\/doi.org\/10.1145\/3243734.3243780","DOI":"10.1145\/3243734.3243780"},{"key":"10446_CR119","doi-asserted-by":"publisher","unstructured":"Vidal F, Ivaki N, Laranjeiro N (2024a) OpenSCV: an open hierachical taxonomy for smart contract vulnerabilities - supplemental material. https:\/\/doi.org\/10.5281\/zenodo.7763982","DOI":"10.5281\/zenodo.7763982"},{"key":"10446_CR120","unstructured":"Vidal F, Ivaki N, Laranjeiro N (2024b) OpenSCV Github Repository. https:\/\/github.com\/blockchain-dei\/openscv"},{"key":"10446_CR121","unstructured":"Vidal F, Ivaki N, Laranjeiro N (2024c) OpenSCV Website. https:\/\/openscv.dei.uc.pt"},{"key":"10446_CR122","unstructured":"Vogelsteller F, Buterin V (2015) ERC20 standard. https:\/\/github.com\/ethereum\/eips\/issues\/20"},{"key":"10446_CR123","unstructured":"Wagner G (2018) EIP-1470: Smart Contract Weakness Classification (SWC), https:\/\/github.com\/ethereum\/EIPs\/issues\/1469"},{"key":"10446_CR124","doi-asserted-by":"publisher","first-page":"418","DOI":"10.1007\/978-981-16-7993-3_32","volume-title":"blockchain and trustworthy systems","author":"Z Wang","year":"2021","unstructured":"Wang Z, Wen B, Ziqiang L, Shaojie L (2021) M-A-R: a dynamic symbol execution detection method for smart contract reentry vulnerability. In: Dai H-N, Liu X, Xiapu LD, Jiang X, Xiangping C (eds) blockchain and trustworthy systems. Springer, Singapore, pp 418\u2013429"},{"key":"10446_CR125","doi-asserted-by":"publisher","unstructured":"Wang H, Li Y, Lin SW, Ma L, Liu Y (2019) VULTRON: catching vulnerable smart contracts once and for all. In: 2019 IEEE\/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER), IEEE, Montreal, QC, Canada, pp 1\u20134. https:\/\/doi.org\/10.1109\/ICSE-NIER.2019.00009. https:\/\/ieeexplore.ieee.org\/document\/8805696\/","DOI":"10.1109\/ICSE-NIER.2019.00009"},{"key":"10446_CR126","doi-asserted-by":"publisher","unstructured":"Wang W, Song J, Xu G, Li Y, Wang H, Su C (2021) ContractWard: automated vulnerability detection models for Ethereum smart contracts. IEEE Trans Network Sci Eng 8(2):1133\u20131144. https:\/\/doi.org\/10.1109\/TNSE.2020.2968505. https:\/\/ieeexplore.ieee.org\/document\/8967006\/","DOI":"10.1109\/TNSE.2020.2968505"},{"key":"10446_CR127","doi-asserted-by":"publisher","unstructured":"Wu H, Zhang Z, Wang S, Lei Y, Lin B, Qin Y, Zhang H, Mao X (2021) Peculiar: smart contract vulnerability detection based on crucial data flow graph and pre-training techniques. In: 2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE), IEEE, Wuhan, China, pp 378\u2013389. https:\/\/doi.org\/10.1109\/ISSRE52982.2021.00047. https:\/\/ieeexplore.ieee.org\/document\/9700296\/","DOI":"10.1109\/ISSRE52982.2021.00047"},{"key":"10446_CR128","doi-asserted-by":"publisher","unstructured":"Xing C, Chen Z, Chen L, Guo X, Zheng Z, Li J (2020) A new scheme of vulnerability analysis in smart contract with machine learning. Wireless Networks. https:\/\/doi.org\/10.1007\/s11276-020-02379-z. https:\/\/doi.org\/10.1007\/s11276-020-02379-z","DOI":"10.1007\/s11276-020-02379-z"},{"key":"10446_CR129","doi-asserted-by":"publisher","unstructured":"Xi R, Pattabiraman K (2023) A large-scale empirical study of low-level function use in Ethereum smart contracts and automated replacement. Software: Practice and Experience 53(3):631\u2013664. https:\/\/doi.org\/10.1002\/spe.3163","DOI":"10.1002\/spe.3163"},{"key":"10446_CR130","doi-asserted-by":"crossref","unstructured":"Xue Y, Ma M, Lin Y, Sui Y, Ye J, Peng T (2020) Cross-contract static analysis for detecting practical reentrancy vulnerabilities in smart contracts. In: 2020 35th IEEE\/ACM international conference on automated software engineering (ASE), pp 1029\u20131040","DOI":"10.1145\/3324884.3416553"},{"key":"10446_CR131","doi-asserted-by":"publisher","unstructured":"Xue Y, Ye J, Zhang W, Sun J, Ma L, Wang H, Zhao J (2022) xFuzz: machine learning guided cross-contract fuzzing. IEEE Transactions on Dependable and Secure Computing pp 1\u201314. https:\/\/doi.org\/10.1109\/TDSC.2022.3182373. https:\/\/ieeexplore.ieee.org\/document\/9795233\/","DOI":"10.1109\/TDSC.2022.3182373"},{"key":"10446_CR132","doi-asserted-by":"publisher","unstructured":"Yaga D, Mell P, Roby N, Scarfone K (2018) Blockchain technology overview. Tech. rep., National Institute of Standards and Technology, Gaithersburg, MD. https:\/\/doi.org\/10.6028\/NIST.IR.8202. https:\/\/nvlpubs.nist.gov\/nistpubs\/ir\/2018\/NIST.IR.8202.pdf","DOI":"10.6028\/NIST.IR.8202"},{"key":"10446_CR133","doi-asserted-by":"publisher","unstructured":"Ye J, Ma M, Lin Y, Ma L, Xue Y, Zhao J (2022) Vulpedia: detecting vulnerable ethereum smart contracts via abstracted vulnerability signatures. J Syst Software 192:111410. https:\/\/doi.org\/10.1016\/j.jss.2022.111410","DOI":"10.1016\/j.jss.2022.111410"},{"key":"10446_CR134","doi-asserted-by":"publisher","unstructured":"Yosifova VK, Bontchev VV (2021) Possible instant messaging malware attack using unicode right-to-left override. pp 179\u2013191. https:\/\/doi.org\/10.1007\/978-3-030-65722-2_11","DOI":"10.1007\/978-3-030-65722-2_11"},{"key":"10446_CR135","doi-asserted-by":"publisher","unstructured":"Yu X, Zhao H, Hou B, Ying Z, Wu B (2021) DeeSCVHunter: a deep learning-based framework for smart contract vulnerability detection. In: 2021 International Joint Conference on Neural Networks (IJCNN), IEEE, Shenzhen, China, pp 1\u20138. https:\/\/doi.org\/10.1109\/IJCNN52387.2021.9534324. https:\/\/ieeexplore.ieee.org\/document\/9534324\/","DOI":"10.1109\/IJCNN52387.2021.9534324"},{"key":"10446_CR136","doi-asserted-by":"publisher","unstructured":"Zeng Q, He J, Zhao G, Li S, Yang J, Tang H, Luo H (2022) EtherGIS: a vulnerability detection framework for Ethereum smart contracts based on graph learning features. In: 2022 IEEE 46th annual computers, software, and applications conference (COMPSAC), IEEE, Los Alamitos, CA, USA, pp 1742\u20131749. https:\/\/doi.org\/10.1109\/COMPSAC54236.2022.00277. https:\/\/ieeexplore.ieee.org\/document\/9842713\/","DOI":"10.1109\/COMPSAC54236.2022.00277"},{"key":"10446_CR137","doi-asserted-by":"publisher","unstructured":"Zhang Z, Lei Y, Yan M, Yu Y, Chen J, Wang S, Mao X (2022c) Reentrancy vulnerability detection and localization: a deep learning based two-phase approach. In: Proceedings of the 37th IEEE\/ACM international conference on automated software engineering, ACM, New York, USA, pp 1\u201313. https:\/\/doi.org\/10.1145\/3551349.3560428","DOI":"10.1145\/3551349.3560428"},{"key":"10446_CR138","doi-asserted-by":"publisher","unstructured":"Zhang Q, Wang Y, Li J, Ma S (2020b) EthPloit: from fuzzing to efficient exploit generation against smart contracts. In: 2020 IEEE 27th International conference on software analysis, evolution and reengineering (SANER), IEEE, London, ON, Canada, pp 116\u2013126. https:\/\/doi.org\/10.1109\/SANER48275.2020.9054822. https:\/\/ieeexplore.ieee.org\/document\/9054822\/","DOI":"10.1109\/SANER48275.2020.9054822"},{"key":"10446_CR139","doi-asserted-by":"publisher","unstructured":"Zhang S, Wang M, Liu Y, Zhang Y, Yu B (2022b) Multi-transaction sequence vulnerability detection for smart contracts based on inter-path data dependency. In: 2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS), IEEE, Guangzhou, China, pp 616\u2013627. https:\/\/doi.org\/10.1109\/QRS57517.2022.00068. https:\/\/ieeexplore.ieee.org\/document\/10062352\/","DOI":"10.1109\/QRS57517.2022.00068"},{"key":"10446_CR140","doi-asserted-by":"publisher","unstructured":"Zhang L, Wang J, Wang W, Jin Z, Su Y, Chen H (2022a) Smart contract vulnerability detection combined with multi-objective detection. Computer Networks 217:109289. https:\/\/doi.org\/10.1016\/j.comnet.2022.109289","DOI":"10.1016\/j.comnet.2022.109289"},{"key":"10446_CR141","unstructured":"Zhang P, Xiao F, Luo X (2019) SolidityCheck : quickly detecting smart contract problems through regular expressions. arXiv:1911.09425"},{"key":"10446_CR142","doi-asserted-by":"publisher","unstructured":"Zhang P, Xiao F, Luo X (2020a) A framework and dataset for bugs in Ethereum smart contracts. In: 2020 IEEE International conference on software maintenance and evolution (ICSME), IEEE, pp 139\u2013150. https:\/\/doi.org\/10.1109\/ICSME46990.2020.00023","DOI":"10.1109\/ICSME46990.2020.00023"},{"key":"10446_CR143","doi-asserted-by":"publisher","unstructured":"Zheng G, Gao L, Huang L, Guan J (2021) Ethereum Smart Contract Development in Solidity. Springer, Singapore. https:\/\/doi.org\/10.1007\/978-981-15-6218-1","DOI":"10.1007\/978-981-15-6218-1"},{"key":"10446_CR144","doi-asserted-by":"publisher","unstructured":"Zhou H, Milani Fard A, Makanju A (2022) The State of Ethereum smart contracts security: vulnerabilities, Countermeasures, and Tool Support. J Cybersec Priv 2(2):358\u2013378. https:\/\/doi.org\/10.3390\/jcp2020019","DOI":"10.3390\/jcp2020019"},{"key":"10446_CR145","doi-asserted-by":"publisher","unstructured":"Zhou Q, Zheng K, Zhang K, Hou L, Wang X (2022b) Vulnerability Analysis of Smart Contract for Blockchain-Based IoT Applications: A Machine Learning Approach. IEEE Int Things J 9(24):24695\u201324707. https:\/\/doi.org\/10.1109\/JIOT.2022.3196269","DOI":"10.1109\/JIOT.2022.3196269"},{"key":"10446_CR146","doi-asserted-by":"publisher","unstructured":"Zhuang Y, Liu Z, Qian P, Liu Q, Wang X, He Q (2020) Smart Contract Vulnerability Detection using Graph Neural Network. In: Proceedings of the twenty-ninth international joint conference on artificial intelligence, international joint conferences on artificial intelligence organization, California, pp 3283\u20133290. https:\/\/doi.org\/10.24963\/ijcai.2020\/454","DOI":"10.24963\/ijcai.2020\/454"},{"key":"10446_CR147","doi-asserted-by":"publisher","unstructured":"Zou W, Lo D, Kochhar PS, Le XBD, Xia X, Feng Y, Chen Z, Xu B (2019) Smart Contract Development: Challenges and Opportunities. IEEE Trans Softw Eng p\u00a01. https:\/\/doi.org\/10.1109\/TSE.2019.2942301","DOI":"10.1109\/TSE.2019.2942301"}],"container-title":["Empirical Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-024-10446-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10664-024-10446-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-024-10446-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,5]],"date-time":"2024-07-05T15:25:47Z","timestamp":1720193147000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10664-024-10446-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,18]]},"references-count":147,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2024,7]]}},"alternative-id":["10446"],"URL":"https:\/\/doi.org\/10.1007\/s10664-024-10446-8","relation":{},"ISSN":["1382-3256","1573-7616"],"issn-type":[{"value":"1382-3256","type":"print"},{"value":"1573-7616","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,6,18]]},"assertion":[{"value":"8 January 2024","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"18 June 2024","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflicts of interest"}}],"article-number":"101"}}