{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,17]],"date-time":"2026-04-17T04:09:08Z","timestamp":1776398948232,"version":"3.51.2"},"reference-count":44,"publisher":"Association for Computing Machinery (ACM)","issue":"FSE","license":[{"start":{"date-parts":[[2024,7,12]],"date-time":"2024-07-12T00:00:00Z","timestamp":1720742400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Proc. ACM Softw. Eng."],"published-print":{"date-parts":[[2024,7,12]]},"abstract":"With the increasing popularity of blockchain, different blockchain platforms coexist in the ecosystem (e.g., Ethereum, BNB, EOSIO, etc.), which prompts the high demand for cross-chain communication. Cross-chain bridge is a specific type of decentralized application for asset exchange across different blockchain platforms. Securing the smart contracts of cross-chain bridges is in urgent need, as there are a number of recent security incidents with heavy financial losses caused by vulnerabilities in bridge smart contracts, as we call them Cross-Chain Vulnerabilities (CCVs). However, automatically identifying CCVs in smart contracts poses several unique challenges. Particularly, it is non-trivial to (1) identify application-specific access control constraints needed for cross-bridge asset exchange, and (2) identify inconsistent cross-chain semantics between the two sides of the bridge.<\/jats:p>\n \n In this paper, we propose SmartAxe, a new framework to identify vulnerabilities in cross-chain bridge smart contracts. Particularly, to locate vulnerable functions that have access control incompleteness, SmartAxe models the heterogeneous implementations of access control and finds necessary security checks in smart contracts through probabilistic pattern inference. Besides, SmartAxe constructs cross-chain control-flow graph (xCFG) and data-flow graph (xDFG), which help to find semantic inconsistency during cross-chain data communication. To evaluate SmartAxe, we collect and label a dataset of 88 CCVs from real-attacks cross-chain bridge contracts. Evaluation results show that SmartAxe achieves a precision of\n \n \n 84.95<\/mml:mn>\n %<\/mml:mo>\n <\/mml:math>\n <\/jats:inline-formula>\n and a recall of\n \n \n 89.77<\/mml:mn>\n %<\/mml:mo>\n <\/mml:math>\n <\/jats:inline-formula>\n . In addition, SmartAxe successfully identifies 232 new\/unknown CCVs from 129 real-world cross-chain bridge applications (i.e., from 1,703 smart contracts). These identified CCVs affect a total amount of digital assets worth 1,885,250 USD.\n <\/jats:p>","DOI":"10.1145\/3643738","type":"journal-article","created":{"date-parts":[[2024,7,12]],"date-time":"2024-07-12T10:22:09Z","timestamp":1720779729000},"page":"249-270","source":"Crossref","is-referenced-by-count":18,"title":["SmartAxe: Detecting Cross-Chain Vulnerabilities in Bridge Smart Contracts via Fine-Grained Static Analysis"],"prefix":"10.1145","volume":"1","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0306-7465","authenticated-orcid":false,"given":"Zeqin","family":"Liao","sequence":"first","affiliation":[{"name":"Sun Yat-sen University, Zhuhai, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9597-9888","authenticated-orcid":false,"given":"Yuhong","family":"Nan","sequence":"additional","affiliation":[{"name":"Sun Yat-sen University, Zhuhai, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-9570-1067","authenticated-orcid":false,"given":"Henglong","family":"Liang","sequence":"additional","affiliation":[{"name":"Sun Yat-sen University, Guangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-5747-1093","authenticated-orcid":false,"given":"Sicheng","family":"Hao","sequence":"additional","affiliation":[{"name":"Sun Yat-sen University, Zhuhai, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5017-8016","authenticated-orcid":false,"given":"Juan","family":"Zhai","sequence":"additional","affiliation":[{"name":"University of Massachusetts, Amherst, Amherst, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5155-8547","authenticated-orcid":false,"given":"Jiajing","family":"Wu","sequence":"additional","affiliation":[{"name":"Sun Yat-sen University, Zhuhai, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7878-4330","authenticated-orcid":false,"given":"Zibin","family":"Zheng","sequence":"additional","affiliation":[{"name":"Sun Yat-sen University, Zhuhai, China"},{"name":"GuangDong Engineering Technology Research Center of Blockchain, Zhuhai, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,7,12]]},"reference":[{"key":"e_1_3_1_2_1","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2018.23121","article-title":"AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection","author":"Aafer Yousra","year":"2018","unstructured":"Yousra Aafer, Jianjun Huang, Yi Sun, Xiangyu Zhang, Ninghui Li, and Chen Tian. 2018. AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18-21, 2018.","journal-title":"In 25th Annual Network and Distributed System Security Symposium"},{"key":"e_1_3_1_3_1","unstructured":"Rob Behnke. 2022. The nomad bridge hack: a deeper dive. https:\/\/www.halborn.com\/blog\/post\/the-nomad-bridge-hack-a-deeper-dive. [Accessed 20-Sep-2023]."},{"key":"e_1_3_1_4_1","unstructured":"Binance. 2022. BNB Chain. https:\/\/www.bnbchain.org\/. [Accessed 20-Sep-2023]."},{"key":"e_1_3_1_5_1","unstructured":"Bitcoin. 2009. Bitcoin. https:\/\/bitcoin.org\/. [Accessed 20-Sep-2023]."},{"key":"e_1_3_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833721"},{"key":"e_1_3_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3385412.3385990"},{"key":"e_1_3_1_8_1","unstructured":"CelerNetwork. 2022. A DNS cache poisoning attack on cBridge. https:\/\/twitter.com\/CelerNetwork\/status\/1560123830844411904. [Accessed 20-Sep-2023]."},{"key":"e_1_3_1_9_1","unstructured":"Chainspot. 2023. Chainspot. https:\/\/chainspot.io\/. [Accessed 20-Sep-2023]."},{"key":"e_1_3_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE51524.2021"},{"key":"e_1_3_1_11_1","unstructured":"Consensys. 2017. Mythril. https:\/\/github.com\/Consensys\/mythril. [Accessed 20-Sep-2023]."},{"key":"e_1_3_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/JAS.2023.123642"},{"key":"e_1_3_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560710"},{"key":"e_1_3_1_14_1","unstructured":"Ethereum. 2015. Ethereum. https:\/\/www.ethereum.org\/. [Accessed 20-Sep-2023]."},{"key":"e_1_3_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/WETSEB.2019.00008"},{"key":"e_1_3_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534378"},{"key":"e_1_3_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00087"},{"key":"e_1_3_1_18_1","first-page":"1","article-title":"Madmax: Surviving out-of-Gas Conditions in Ethereum Smart Contracts","author":"Grech Neville","year":"2018","unstructured":"Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2018. Madmax: Surviving out-of-Gas Conditions in Ethereum Smart Contracts. Proceedings of the ACM on Programming Languages 2, OOPSLA (2018), 1-27.","journal-title":"Proceedings of the ACM on Programming Languages 2"},{"key":"e_1_3_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3395363.3404366"},{"key":"e_1_3_1_20_1","doi-asserted-by":"publisher","unstructured":"Bo Jiang Ye Liu and W. K. Chan. 2018. ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection. In Proceedings of the 33rd ACM\/IEEE International Conference on Automated Software Engineering. ACM Montpellier France 259-269. https:\/\/doi.org\/10.1145\/3238147.3238177 10.1145\/3238147.3238177","DOI":"10.1145\/3238147.3238177"},{"key":"e_1_3_1_21_1","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2018.23082","article-title":"ZEUS: Analyzing Safety of Smart Contracts","author":"Kalra Sukrit","year":"2018","unstructured":"Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma. 2018. ZEUS: Analyzing Safety of Smart Contracts. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18-21, 2018.","journal-title":"In 25th Annual Network and Distributed System Security Symposium, NDSS 2018"},{"key":"e_1_3_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICBC56567.2023.10174993"},{"key":"e_1_3_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598111"},{"key":"e_1_3_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534222"},{"key":"e_1_3_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534372"},{"key":"e_1_3_1_26_1","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2021\/379"},{"key":"e_1_3_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978309"},{"key":"e_1_3_1_28_1","unstructured":"Poly Network. 2020. PolyNetwork. https:\/\/www.poly.network\/. [Accessed 20-Sep-2023]."},{"key":"e_1_3_1_29_1","doi-asserted-by":"publisher","unstructured":"Tai D. Nguyen Long H. Pham Jun Sun Yun Lin and Quang Tran Minh. 2020. sFuzz: An Efficient Adaptive Fuzzer for Solidity Smart Contracts. In Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering. ACM Seoul South Korea 778-788. https:\/\/doi.org\/10.1145\/3377811.3380334 10.1145\/3377811.3380334","DOI":"10.1145\/3377811.3380334"},{"key":"e_1_3_1_30_1","unstructured":"Polygon. 2023. Polygon Bridge. https:\/\/chainspot.io\/bridge\/polygon-bridge. [Accessed 20-Sep-2023]."},{"key":"e_1_3_1_31_1","unstructured":"Rubic. 2022. Rubic admin wallet addresses was compromised. https:\/\/twitter.com\/CryptoRubic\/status\/1587704548688367619. [Accessed 20-Sep-2023]."},{"key":"e_1_3_1_32_1","unstructured":"Sam Cooling. 2021. ChainSwap hackers steal $8m and crash token prices. https:\/\/finance.yahoo.com\/news\/chainswap-hackers-steal-8m-crash-121056965.html. [Accessed 20-Sep-2023]."},{"key":"e_1_3_1_33_1","unstructured":"Sebastian Sinclair. 2021. Blockchain Protocol Thorchain Suffers $8M Hack. https:\/\/www.coindesk.com\/markets\/2021\/07\/23\/blockchain-protocol-thorchain-suffers-8m-hack\/. [Accessed 20-Sep-2023]."},{"key":"e_1_3_1_34_1","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2016.23046","article-title":"Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework","author":"Shao Yuru","year":"2016","unstructured":"Yuru Shao, Qi Alfred Chen, Zhuoqing Morley Mao, Jason Ott, and Zhiyun Qian. 2016. Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework. In 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21-24, 2016.","journal-title":"In 23rd Annual Network and Distributed System Security Symposium, NDSS 2016"},{"key":"e_1_3_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598059"},{"key":"e_1_3_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243780"},{"key":"e_1_3_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/CCGrid57682.2023.00059"},{"key":"e_1_3_1_38_1","unstructured":"Wikipedia. 2023. Non fungible token. https:\/\/en.wikipedia.org\/wiki\/Non-fungible_token. [Accessed 20-Sep-2023]."},{"key":"e_1_3_1_39_1","unstructured":"Wikipedia contributors. 2022. Poly Network exploit. https:\/\/en.wikipedia.org\/wiki\/Poly_Network_exploit. [Accessed 20-Sep-2023]."},{"key":"e_1_3_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3417064"},{"key":"e_1_3_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560652"},{"key":"e_1_3_1_42_1","doi-asserted-by":"publisher","unstructured":"Yinxing Xue Mingliang Ma Yun Lin Yulei Sui Jiaming Ye and Tianyong Peng. 2020. Cross-Contract Static Analysis for Detecting Practical Reentrancy Vulnerabilities in Smart Contracts. In Proceedings of the 35th IEEE\/ACM International Conference on Automated Software Engineering. ACM Virtual Event Australia 1029-1040. https:\/\/doi.org\/10.1145\/3324884.3416553 10.1145\/3324884.3416553","DOI":"10.1145\/3324884.3416553"},{"key":"e_1_3_1_43_1","doi-asserted-by":"publisher","unstructured":"Jiashuo Zhang Jianbo Gao Yue Li Ziming Chen Zhi Guan and Zhong Chen. 2022. Xscope: Hunting for Cross-Chain Bridge Attacks. In Proceedings of the 37th IEEE\/ACM International Conference on Automated Software Engineering. ACM Rochester MI USA 1-4. https:\/\/doi.org\/10.1145\/3551349.3559520 10.1145\/3551349.3559520","DOI":"10.1145\/3551349.3559520"},{"key":"e_1_3_1_44_1","doi-asserted-by":"publisher","unstructured":"Zibin Zheng Kaiwen Ning Yanlin Wang Jingwen Zhang Dewu Zheng Mingxi Ye and Jiachi Chen. 2023. A Survey of Large Language Models for Code: Evolution Benchmarking and Future Trends. CoRR abs\/2311.10372. https:\/\/doi.org\/10.48550\/ARXIV.2311.10372 10.48550\/ARXIV.2311.10372","DOI":"10.48550\/ARXIV.2311.10372"},{"key":"e_1_3_1_45_1","doi-asserted-by":"publisher","DOI":"10.1016\/J.FUTURE.2019.12.019"}],"container-title":["Proceedings of the ACM on Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3643738","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3643738","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T07:52:38Z","timestamp":1770191558000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3643738"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,12]]},"references-count":44,"journal-issue":{"issue":"FSE","published-print":{"date-parts":[[2024,7,12]]}},"alternative-id":["10.1145\/3643738"],"URL":"https:\/\/doi.org\/10.1145\/3643738","relation":{},"ISSN":["2994-970X"],"issn-type":[{"value":"2994-970X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,7,12]]}}}