{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T02:35:31Z","timestamp":1769740531305,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":79,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100006374","name":"HORIZON EUROPE Framework Programme","doi-asserted-by":"publisher","award":["101096456"],"award-info":[{"award-number":["101096456"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"European Research Council","doi-asserted-by":"publisher","award":["101042266"],"award-info":[{"award-number":["101042266"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["EXC 2092 (CASA) 39078197, SFB 1119 (CROSSING) 236615297"],"award-info":[{"award-number":["EXC 2092 (CASA) 39078197, SFB 1119 (CROSSING) 236615297"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3670333","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"4226-4240","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Defying the Odds: Solana's Unexpected Resilience in Spite of the Security Challenges Faced by Developers"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7859-365X","authenticated-orcid":false,"given":"S\u00e9bastien","family":"Andreina","sequence":"first","affiliation":[{"name":"NEC Laboratories Europe, Heidelberg, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-3682-0197","authenticated-orcid":false,"given":"Tobias","family":"Cloosters","sequence":"additional","affiliation":[{"name":"University of Duisburg-Essen, Essen, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7322-2777","authenticated-orcid":false,"given":"Lucas","family":"Davi","sequence":"additional","affiliation":[{"name":"University of Duisburg-Essen, Essen, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-0685-6237","authenticated-orcid":false,"given":"Jens-Rene","family":"Giesen","sequence":"additional","affiliation":[{"name":"University of Duisburg-Essen, Essen, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1400-5825","authenticated-orcid":false,"given":"Marco","family":"Gutfleisch","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2828-4071","authenticated-orcid":false,"given":"Ghassan","family":"Karame","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-1843-2027","authenticated-orcid":false,"given":"Alena","family":"Naiakshina","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-0280-5536","authenticated-orcid":false,"given":"Houda","family":"Naji","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Vector 35. 2016. Binary ninja. https:\/\/binary.ninja\/."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.25"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2016.013"},{"key":"e_1_3_2_1_4_1","volume-title":"Developers need support, too: a survey of security advice for software developers. In 2017 IEEE Cybersecurity Development (SecDev)","author":"Acar Yasemin","unstructured":"Yasemin Acar, Christian Stransky, Dominik Wermke, Charles Weir, Michelle L Mazurek, and Sascha Fahl. 2017. Developers need support, too: a survey of security advice for software developers. In 2017 IEEE Cybersecurity Development (SecDev). IEEE, 22--26."},{"key":"e_1_3_2_1_5_1","volume-title":"Accessed","year":"2024","unstructured":"2024. Anchor documentation: security exploits. https:\/\/www.anchor-lang.com \/docs\/security-exploits. Accessed: April 24, 2024. (2024)."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"crossref","unstructured":"S\u00e9bastien Andreina Tobias Cloosters Lucas Davi Jens-Rene Giesen Marco Gutfleisch Ghassan Karame Alena Naiakshina and Houda Naji. 2024. Defying the odds: solana's unexpected resilience in spite of the security challenges faced by developers. (2024). arXiv: 2406.13599.","DOI":"10.1145\/3658644.3670333"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300519"},{"key":"e_1_3_2_1_8_1","unstructured":"Hala Assal and Sonia Chiasson. 2018. Security in the software development lifecycle. In SOUPS @ USENIX Security Symposium."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2009.163"},{"key":"e_1_3_2_1_10_1","unstructured":"Luca Borzacchiello. 2023. Seninja. https:\/\/github.com\/borzacchiello\/seninja\/."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635880"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635880"},{"key":"e_1_3_2_1_13_1","volume-title":"Vandal: a scalable security analysis framework for smart contracts, (Sept","author":"Brent Lexi","year":"2018","unstructured":"Lexi Brent, Anton Jurisevic, Michael Kong, Eric Liu, Francois Gauthier, Vincent Gramoli, Ralph Holz, and Bernhard Scholz. 2018. Vandal: a scalable security analysis framework for smart contracts, (Sept. 2018). arXiv: 1809 . 03981 [cs.PL]."},{"key":"e_1_3_2_1_14_1","unstructured":"Catalin Cimpanu. 2019. Microsoft: 70 percent of all security bugs are memory safety issues. https:\/\/www.zdnet.com\/article\/microsoft-70-percent-of-all-security-bugs-are-memory-safety-issues\/."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3239235.3240298"},{"key":"e_1_3_2_1_16_1","volume-title":"Proceedings of the 29th USENIX Conference on security symposium. USENIX, USA, 289--305","author":"Charles Weir Ben Hermann Sascha Fahl","year":"2020","unstructured":"Sascha Fahl Charles Weir Ben Hermann. 2020. From needs to actions to secure apps? the effect of requirements and developer practices on app security. In Proceedings of the 29th USENIX Conference on security symposium. USENIX, USA, 289--305. isbn: 978--1--931971--45--4."},{"key":"e_1_3_2_1_17_1","unstructured":"Chromium. 2019. The chromium project: 70% of serious security bugs are memory safety problems. https:\/\/www.chromium.org\/Home\/chromium-security\/memory-safety\/."},{"key":"e_1_3_2_1_18_1","unstructured":"2023. Coinmarketcap. Retrieved June 1 2023 from https:\/\/coinmarketcap.com\/."},{"key":"e_1_3_2_1_19_1","unstructured":"Neon Contributors. 2023. Neon: a high-level python and rust binding. (2023). https:\/\/neon-bindings.com\/."},{"key":"e_1_3_2_1_20_1","unstructured":"Will Crichton. 2020. The usability of ownership. arXiv preprint arXiv:2011.06171."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560552"},{"key":"e_1_3_2_1_22_1","volume-title":"Comparing network fees: ethereum vs. bsc vs. polygon vs. solana. Retrieved","year":"2023","unstructured":"Cwallet. 2023. Comparing network fees: ethereum vs. bsc vs. polygon vs. solana. Retrieved June 1, 2023 from https:\/\/blog.cwallet.com\/comparing-network-fees-ethereum-vs-bsc-vs-polygon-vs-solana\/."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"crossref","unstructured":"Anastasia Danilova Alena Naiakshina Stefan Horstmann and Matthew Smith. 2021. Do you really code? designing and evaluating screening questions for online surveys with programmers. (2021). arXiv: 2103.04429 [cs.HC].","DOI":"10.1109\/ICSE43902.2021.00057"},{"key":"e_1_3_2_1_24_1","unstructured":"Anastasia Danilova Alena Naiakshina Anna Rasgauski and Matthew Smith. 2021. Code reviewing as methodology for online security studies with developers-a case study with freelancers on password storage. In SOUPS@ USENIX Security Symposium 397--416."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"crossref","unstructured":"Leonardo de Moura and Nikolaj Bj\u00f8rner. 2008. Z3: an efficient smt solver. In Tools and Algorithms for the Construction and Analysis of Systems.","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"e_1_3_2_1_26_1","unstructured":"2015. Etherscan: verified contracts. https:\/\/etherscan.io\/contractsVerified. Accessed: 2023--6--4. (2015)."},{"key":"e_1_3_2_1_27_1","unstructured":"Kasra Ferdowsi. 2023. The usability of advanced type systems: rust as a case study. arXiv preprint arXiv:2301.02308."},{"key":"e_1_3_2_1_28_1","unstructured":"Armani Ferrante and Matthew Callens. 2020. Anchor framework. en. https:\/\/www.anchor-lang.com\/. Accessed: 2023--6--4. (2020)."},{"key":"e_1_3_2_1_29_1","volume-title":"Symposium on Usable Privacy and Security.","author":"Fulton Kelsey R","year":"2021","unstructured":"Kelsey R Fulton, Anna Chan, Daniel Votipka, Michael Hicks, and Michelle L Mazurek. 2021. Benefits and drawbacks of adopting a secure programming language: rust as a case study. In Symposium on Usable Privacy and Security."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2016.111"},{"key":"e_1_3_2_1_31_1","unstructured":"Gumshoe. 2022. Solana 2022 year end report. (2022). https:\/\/www.step.finance\/reports\/2022-year-end-report."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833756"},{"key":"e_1_3_2_1_33_1","article-title":"Zum verh\u00e4ltnis von innerfamilialen sozialen erfahrungen. pers\u00f6nlichkeitsentwicklung und politischen orientierungen: dokumentation und er\u00f6rterung des methodischen vorgehens in einer studie zu diesem thema","author":"Hopf Christel","year":"1993","unstructured":"Christel Hopf and Christian Schmidt. 1993. Zum verh\u00e4ltnis von innerfamilialen sozialen erfahrungen. pers\u00f6nlichkeitsentwicklung und politischen orientierungen: dokumentation und er\u00f6rterung des methodischen vorgehens in einer studie zu diesem thema. Journal Name. https:\/\/nbnresolving.org\/urn:nbn:de:0168-ssoar-456148.","journal-title":"Journal Name. https:\/\/nbnresolving.org\/urn:nbn:de:0168-ssoar-456148."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23082"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Udo Kuckartz. 2013. Qualitative text analysis: a guide to methods practice and using software. Qualitative Text Analysis 46--47.","DOI":"10.4135\/9781446288719"},{"key":"e_1_3_2_1_36_1","unstructured":"OtterSec LLC. 2022. BN-eBPF-Solana. https:\/\/github.com\/otter-sec\/bn-ebpf-solana."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3563211"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978309"},{"key":"e_1_3_2_1_39_1","unstructured":"1989. MAXQDA. Qualitative data analysis software. (1989). https:\/\/www.maxqda.com."},{"key":"e_1_3_2_1_40_1","volume-title":"Solana co-founder sees potential for devs to lead its network","author":"Melinek Jacquelyn","year":"2023","unstructured":"Jacquelyn Melinek. 2023. Solana co-founder sees potential for devs to lead its network in 2023. (Jan. 2023). https:\/\/techcrunch.com\/2023\/01\/18\/solana-co-founder-sees-potential-for-devs-to-lead-its-network-in-2023\/."},{"key":"e_1_3_2_1_41_1","volume-title":"What is solana? how does it work? (Feb","author":"Michael Adams Benjamin Curry","year":"2023","unstructured":"Benjamin Curry Michael Adams. 2023. What is solana? how does it work? (Feb. 2023). https:\/\/www.forbes.com\/advisor\/investing\/cryptocurrency\/what-is-solana\/."},{"key":"e_1_3_2_1_42_1","volume-title":"Common weakness enumeration. Retrieved","author":"MITRE.","year":"2023","unstructured":"MITRE. 2023. Common weakness enumeration. Retrieved June 1, 2023 from https:\/\/cwe.mitre.org\/index.html."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2019.00133"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134082"},{"key":"e_1_3_2_1_45_1","volume-title":"Solana security workshop. Retrieved","year":"2023","unstructured":"Neodyme. 2023. Solana security workshop. Retrieved June 1, 2023 from https: \/\/workshop.neodyme.io\/index.html."},{"key":"e_1_3_2_1_46_1","volume-title":"Solana smart contracts: common pitfalls and howto avoid them. Retrieved","year":"2023","unstructured":"Neodyme. 2023. Solana smart contracts: common pitfalls and howto avoid them. Retrieved June 1, 2023 from https:\/\/neodyme.io\/blog\/solana_common_pitfalls\/."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664254"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664254"},{"key":"e_1_3_2_1_49_1","unstructured":"Martin Ortner and Shayan Eskandari. 2023. Smart contract sanctuary. https:\/\/github.com\/tintinweb\/smart-contract-sanctuary."},{"key":"e_1_3_2_1_50_1","volume-title":"A disastrous vulnerability found in smart contracts of BeautyChain (BEC). Retrieved","year":"2023","unstructured":"p0n1. 2018. A disastrous vulnerability found in smart contracts of BeautyChain (BEC). Retrieved Sept. 1, 2023 from https:\/\/medium.com\/secbit-media\/dbf24ddbc30e."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-94478-4_6"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00124"},{"key":"e_1_3_2_1_53_1","unstructured":"Qualtrics LLC. 2002. Qualtrics. https:\/\/www.qualtrics.com."},{"key":"e_1_3_2_1_54_1","unstructured":"Quarkslab. 2017. Lief -- library to instrument executable formats. https:\/\/github.com\/lief-project\/LIEF."},{"key":"e_1_3_2_1_55_1","volume-title":"USENIX Security Symposium, 1289--1306","author":"Rodler Michael","year":"2021","unstructured":"Michael Rodler, Wenting Li, Ghassan O Karame, and Lucas Davi. 2021. EVMPatch: timely and automated patching of ethereum smart contracts. In USENIX Security Symposium, 1289--1306."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23413"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"crossref","unstructured":"Michael Rodler David Paa\u00dfen Wenting Li Lukas Bernhard Thorsten Holz Ghassan Karame and Lucas Davi. 2023. Ef\/cf: high performance smart contract fuzzing for exploit generation. (2023). arXiv: 2304.06341 [cs.CR].","DOI":"10.1109\/EuroSP57164.2023.00034"},{"key":"e_1_3_2_1_58_1","volume-title":"Rust documentation. Retrieved","year":"2023","unstructured":"2023. Rust documentation. Retrieved June 1, 2023 from https:\/\/doc.rust-lang.org\/cargo\/reference\/profiles.html."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417250"},{"key":"e_1_3_2_1_60_1","unstructured":"2023. Seahorse lang. https:\/\/seahorse-lang.org\/. (2023)."},{"key":"e_1_3_2_1_61_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Sharma Tanusree","year":"2023","unstructured":"Tanusree Sharma, Zhixuan Zhou, Andrew Miller, and Yang Wang. 2023. A Mixed-Methods study of security practices of smart contract developers. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX Association, Anaheim, CA, (Aug. 2023), 2545--2562. isbn: 978--1--939133--37--3. https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/sharma."},{"key":"e_1_3_2_1_62_1","volume-title":"IEEE Symposium on Security and Privacy.","author":"Yan","unstructured":"Yan Shoshitaishvili et al. 2016. SoK: (state of) the art of war: offensive techniques in binary analysis. In IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623178"},{"key":"e_1_3_2_1_64_1","volume-title":"Stack Overflow Developer Survey","year":"2022","unstructured":"2022. Stack Overflow Developer Survey 2022. (2022)."},{"key":"e_1_3_2_1_65_1","unstructured":"2023. SuperTeam. https:\/\/superteam.fun. (2023)."},{"key":"e_1_3_2_1_66_1","volume-title":"Swc-101: integer overflow and underflow. Retrieved","year":"2023","unstructured":"2023. Swc-101: integer overflow and underflow. Retrieved June 1, 2023 from https:\/\/swcregistry.io\/docs\/SWC-101."},{"key":"e_1_3_2_1_67_1","unstructured":"2015. The Rust Programming Language. https:\/\/www.rust-lang.org\/. (2015)."},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP51992.2021.00018"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274737"},{"key":"e_1_3_2_1_70_1","volume-title":"Arthur Gervais, Florian Buenzli, and Martin Vechev.","author":"Tsankov Petar","year":"2018","unstructured":"Petar Tsankov, Andrei Dan, Dana Drachsler Cohen, Arthur Gervais, Florian Buenzli, and Martin Vechev. 2018. Securify: practical security analysis of smart contracts. (June 2018)."},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663887.2663898"},{"key":"e_1_3_2_1_72_1","volume-title":"Wormhole hack. Retrieved","year":"2023","unstructured":"2023. Wormhole hack. Retrieved June 1, 2023 from https:\/\/blog.chainalysis.com\/reports\/wormhole-hack-february-2022\/."},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/1595676.1595691"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3417064"},{"key":"e_1_3_2_1_75_1","volume-title":"2011 IEEE symposium on visual languages and human-centric computing (VL\/HCC). IEEE, 161--164","author":"Xie Jing","year":"2011","unstructured":"Jing Xie, Heather Richter Lipford, and Bill Chu. 2011. Why do programmers make security errors? In 2011 IEEE symposium on visual languages and human-centric computing (VL\/HCC). IEEE, 161--164."},{"key":"e_1_3_2_1_76_1","volume-title":"Solana: a new architecture for a high performance blockchain. Retrieved","author":"Yakovenko Anatoly","year":"2023","unstructured":"Anatoly Yakovenko. 2018. Solana: a new architecture for a high performance blockchain. Retrieved June 1, 2023 from https:\/\/solana.com\/solana-whitepaper.pdf."},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510164"},{"key":"e_1_3_2_1_78_1","unstructured":"2011. Zoom. Video conferencing and communication software. (2011). https:\/\/zoom.us."},{"key":"e_1_3_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2942301"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3670333","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3670333","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T05:55:15Z","timestamp":1755842115000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3670333"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":79,"alternative-id":["10.1145\/3658644.3670333","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3670333","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}