{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T09:10:13Z","timestamp":1780391413048,"version":"3.54.1"},"reference-count":104,"publisher":"Association for Computing Machinery (ACM)","issue":"FSE","license":[{"start":{"date-parts":[[2024,7,12]],"date-time":"2024-07-12T00:00:00Z","timestamp":1720742400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Proc. ACM Softw. Eng."],"published-print":{"date-parts":[[2024,7,12]]},"abstract":"<jats:p>\n                    Smart contract transactions associated with security attacks often exhibit distinct behavioral patterns compared with historical benign transactions before the attacking events. While many runtime monitoring and guarding mechanisms have been proposed to validate invariants and stop anomalous transactions on the fly, the empirical effectiveness of the invariants used remains largely unexplored. In this paper, we studied 23 prevalent invariants of 8 categories, which are either deployed in high-profile protocols or endorsed by leading auditing firms and security experts. Using these well-established invariants as templates, we developed a tool\n                    <jats:sc>Trace2Inv<\/jats:sc>\n                    which dynamically generates new invariants customized for a given contract based on its historical transaction data. We evaluated\n                    <jats:sc>Trace2Inv<\/jats:sc>\n                    on 42 smart contracts that fell victim to 27 distinct exploits on the Ethereum blockchain. Our findings reveal that the most effective invariant guard alone can successfully block 18 of the 27 identified exploits with minimal gas overhead. Our analysis also shows that most of the invariants remain effective even when the experienced attackers attempt to bypass them. Additionally, we studied the possibility of combining multiple invariant guards, resulting in blocking up to 23 of the 27 benchmark exploits and achieving false positive rates as low as 0.28%.\n                    <jats:sc>Trace2Inv<\/jats:sc>\n                    significantly outperforms state-of-the-art works on smart contract invariant mining and transaction attack detection in accuracy.\n                    <jats:sc>Trace2Inv<\/jats:sc>\n                    also surprisingly found two previously unreported exploit transactions.\n                  <\/jats:p>","DOI":"10.1145\/3660786","type":"journal-article","created":{"date-parts":[[2024,7,12]],"date-time":"2024-07-12T10:22:09Z","timestamp":1720779729000},"page":"1772-1795","source":"Crossref","is-referenced-by-count":19,"title":["Demystifying Invariant Effectiveness for Securing Smart Contracts"],"prefix":"10.1145","volume":"1","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2315-397X","authenticated-orcid":false,"given":"Zhiyang","family":"Chen","sequence":"first","affiliation":[{"name":"University of Toronto, Toronto, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6709-3721","authenticated-orcid":false,"given":"Ye","family":"Liu","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6526-9295","authenticated-orcid":false,"given":"Sidi Mohamed","family":"Beillahi","sequence":"additional","affiliation":[{"name":"University of Toronto, Toronto, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4562-8208","authenticated-orcid":false,"given":"Yi","family":"Li","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7973-1188","authenticated-orcid":false,"given":"Fan","family":"Long","sequence":"additional","affiliation":[{"name":"University of Toronto, Toronto, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,7,12]]},"reference":[{"key":"e_1_3_1_2_1","unstructured":"2018. Solidity. https:\/\/solidity.readthedocs.io\/en\/v0.5.1\/."},{"key":"e_1_3_1_3_1","unstructured":"2018. Vyper. https:\/\/docs.vyperlang.org\/en\/stable\/."},{"key":"e_1_3_1_4_1","unstructured":"2019. Manticore. https:\/\/github.com\/trailofbits\/manticore. Symbolic Execution Tool for Smart Contracts."},{"key":"e_1_3_1_5_1","unstructured":"2019. Mythril. https:\/\/github.com\/ConsenSys\/mythril. A Security Analysis Tool for EVM Bytecode."},{"key":"e_1_3_1_6_1","unstructured":"2020. Etherscan. https:\/\/etherscan.io."},{"key":"e_1_3_1_7_1","unstructured":"2020. TxSpector Artifact. https:\/\/github.com\/OSUSecLab\/TxSpector."},{"key":"e_1_3_1_8_1","unstructured":"2021. Slither. https:\/\/github.com\/crytic\/slither. The Solidity Source Analyzer."},{"key":"e_1_3_1_9_1","unstructured":"2023. Aave V3 Protocol Contract. https:\/\/github.com\/aave\/aave-v3-core\/blob\/27a6d5c83560694210849d4abf09a09dec8da388\/contracts\/protocol\/libraries\/logic\/ValidationLogic.sol#L83."},{"key":"e_1_3_1_10_1","unstructured":"2023. balancer Protocol Contract 1. https:\/\/github.com\/balancer\/balancer-core\/blob\/f4ed5d65362a8d6cec21662fb6eae233b0babc1f\/contracts\/BPool.sol."},{"key":"e_1_3_1_11_1","unstructured":"2023. BeanstalkFarms Attack Transaction. https:\/\/etherscan.io\/tx\/0xcd314668aaa9bbfebaf1a0bd2b6553d01dd58899c508d4729fa7311dc5d33ad7."},{"key":"e_1_3_1_12_1","unstructured":"2023. bZx Attack Transaction. https:\/\/etherscan.io\/tx\/0x762881b07feb63c436dee38edd4ff1f7a74c33091e534af56c9f7d49b5ecac15."},{"key":"e_1_3_1_13_1","unstructured":"2023. CheeseBank Attack Transaction. https:\/\/etherscan.io\/tx\/0x600a869aa3a259158310a233b815ff67ca41eab8961a49918c2031297a02f1cc."},{"key":"e_1_3_1_14_1","unstructured":"2023. Consensys Audits. https:\/\/consensys.io\/diligence\/audits\/."},{"key":"e_1_3_1_15_1","unstructured":"2023a. CreamFi Attack Transaction 1. https:\/\/etherscan.io\/tx\/0x0016745693d68d734faa408b94cdf2d6c95f511b50f47b03909dc599c1dd9ff6."},{"key":"e_1_3_1_16_1","unstructured":"2023b. CreamFi Attack Transaction 2. https:\/\/etherscan.io\/tx\/0xab486012f21be741c9e674ffda227e30518e8a1e37a5f1d58d0b0d41f6e76530."},{"key":"e_1_3_1_17_1","unstructured":"2023a. DeFiLlama. https:\/\/defillama.com\/. DeFi Overview."},{"key":"e_1_3_1_18_1","unstructured":"2023b. DeFiLlama. https:\/\/defillama.com\/hacks. Total Value Hacked in DeFi."},{"key":"e_1_3_1_19_1","unstructured":"2023a. dForce Protocol Controller Contract. https:\/\/github.com\/dforce-network\/LendingContractsV2\/blob\/55da73310d196849213da2e2357572afdb6d663a\/contracts\/Controller.sol."},{"key":"e_1_3_1_20_1","unstructured":"2023b. dForce Protocol PriceOracleExOpt Contract. https:\/\/github.com\/dforce-network\/xswap\/blob\/2f86672fc4e2b1b12d18fcbeb19aee4ee8173b4c\/contracts\/Mockup\/PriceOracleExOpt.sol."},{"key":"e_1_3_1_21_1","unstructured":"2023. DODO Attack Transaction. https:\/\/etherscan.io\/tx\/0x395675b56370a9f5fe8b32badfa80043f5291443bd6c8273900476880fb5221e."},{"key":"e_1_3_1_22_1","unstructured":"2023. Eminence Attack Transaction. https:\/\/etherscan.io\/tx\/0x3503253131644dd9f52802d071de74e456570374d586ddd640159cf6fb9b8ad8."},{"key":"e_1_3_1_23_1","unstructured":"2023a. Fei Protocol Audit. https:\/\/consensys.net\/diligence\/audits\/2021\/09\/fei-protocol-v2-phase-1\/."},{"key":"e_1_3_1_24_1","unstructured":"2023b. Fei Protocol Contract. https:\/\/github.com\/fei-protocol\/fei-protocol-core\/blob\/be704ad65a84edfafcc09e3e5fa78865f6a1de18\/contracts\/pcv\/balancer\/BalancerLBPSwapper.sol#L281."},{"key":"e_1_3_1_25_1","unstructured":"2023a. HarmonyBridge Attack Transaction. https:\/\/etherscan.io\/tx\/0x27981c7289c372e601c9475e5b5466310be18ed10b59d1ac840145f6e7804c97."},{"key":"e_1_3_1_26_1","unstructured":"2023b. Harvest Attack Transaction 1. https:\/\/etherscan.io\/tx\/0x0fc6d2ca064fc841bc9b1c1fad1fbb97bcea5c9a1b2b66ef837f1227e06519a6."},{"key":"e_1_3_1_27_1","unstructured":"2023c. Harvest Attack Transaction 2. https:\/\/etherscan.io\/tx\/0x35f8d2f572fceaac9288e5d462117850ef2694786992a8c3f6d02612277b0877."},{"key":"e_1_3_1_28_1","unstructured":"2023. idle Finance Contract. https:\/\/github.com\/Idle-Labs\/idle-tranches\/blob\/8740aa6847391a1ee1cb9ca222558643de37f556\/contracts\/IdleCDO.sol#L1014."},{"key":"e_1_3_1_29_1","unstructured":"2023. IndexFi Attack Transaction. https:\/\/etherscan.io\/tx\/0x44aad3b853866468161735496a5d9cc961ce5aa872924c5d78673076b1cd95aa."},{"key":"e_1_3_1_30_1","unstructured":"2023. InverseFi Attack Transaction. https:\/\/etherscan.io\/tx\/0x600373f67521324c8068cfd025f121a0843d57ec813411661b07edc5ff781842."},{"key":"e_1_3_1_31_1","unstructured":"2023. mStable Contract. https:\/\/github.com\/mstable\/mStable-contracts\/blob\/master\/contracts\/savings\/SavingsManager.sol#L232."},{"key":"e_1_3_1_32_1","unstructured":"2023. Nomad Attack Transaction. https:\/\/etherscan.io\/tx\/0x61497a1a8a8659a06358e130ea590e1eed8956edbd99dbb2048cfb46850a8f17."},{"key":"e_1_3_1_33_1","unstructured":"2023. Opyn Attack Transaction. https:\/\/etherscan.io\/tx\/0x56de6c4bd906ee0c067a332e64966db8b1e866c7965c044163a503de6ee6552a."},{"key":"e_1_3_1_34_1","unstructured":"2023. PickleFi Attack Transaction. https:\/\/etherscan.io\/tx\/0xe72d4e7ba9b5af0cf2a8cfb1e30fd9f388df0ab3da79790be842bfbed11087b0."},{"key":"e_1_3_1_35_1","unstructured":"2023. PolyNetwork Attack Transaction. https:\/\/etherscan.io\/tx\/0xad7a2c70c958fcd3effbf374d0acf3774a9257577625ae4c838e24b0de17602a."},{"key":"e_1_3_1_36_1","unstructured":"2023. Punk Attack Transaction. https:\/\/etherscan.io\/tx\/0x597d11c05563611cb4ad4ed4c57ca53bbe3b7d3fefc37d1ef0724ad58904742b."},{"key":"e_1_3_1_37_1","unstructured":"2023a. RariCapital Attack Transaction 1. https:\/\/etherscan.io\/tx\/0x4764dc6ff19a64fc1b0e57e735661f64d97bc1c44e026317be8765358d0a7392."},{"key":"e_1_3_1_38_1","unstructured":"2023b. RariCapital Attack Transaction 2. https:\/\/etherscan.io\/tx\/0x0fe2542079644e107cbf13690eb9c2c65963ccb79089ff96bfaf8dced2331c92."},{"key":"e_1_3_1_39_1","unstructured":"2023. RevestFi Attack Transaction. https:\/\/etherscan.io\/tx\/0xe0b0c2672b760bef4e2851e91c69c8c0ad135c6987bbf1f43f5846d89e691428."},{"key":"e_1_3_1_40_1","unstructured":"2023. RoninNetwork Attack Transaction. https:\/\/etherscan.io\/tx\/0xc28fad5e8d5e0ce6a2eaf67b6687be5d58113e16be590824d6cfa1a94467d0b7."},{"key":"e_1_3_1_41_1","unstructured":"2023. UmbrellaNetwork Attack Transaction. https:\/\/etherscan.io\/tx\/0x33479bcfbc792aa0f8103ab0d7a3784788b5b0e1467c81ffbed1b7682660b4fa."},{"key":"e_1_3_1_42_1","unstructured":"2023. ValueDeFi Attack Transaction. https:\/\/etherscan.io\/tx\/0x46a03488247425f845e444b9c10b52ba3c14927c687d38287c0faddc7471150a."},{"key":"e_1_3_1_43_1","unstructured":"2023. VisorFi Attack Transactions. https:\/\/etherscan.io\/tx\/0x69272d8c84d67d1da2f6425b339192fa472898dce936f24818fda415c1c1ff3f and https:\/\/etherscan.io\/tx\/0x6eabef1bf310a1361041d97897c192581cd9870f6a39040cd24d7de2335b4546."},{"key":"e_1_3_1_44_1","unstructured":"2023. Warp Attack Transaction. https:\/\/etherscan.io\/tx\/0x8bb8dc5c7c830bac85fa48acad2505e9300a91c3ff239c9517d0cae33b595090."},{"key":"e_1_3_1_45_1","unstructured":"2023. XCarnival Attack Transaction. https:\/\/etherscan.io\/tx\/0x51cbfd46f21afb44da4fa971f220bd28a14530e1d5da5009cfbdfee012e57e35."},{"key":"e_1_3_1_46_1","unstructured":"2024a. EIP-1153: Transient storage opcodes. https:\/\/eips.ethereum.org\/EIPS\/eip-1153."},{"key":"e_1_3_1_47_1","unstructured":"2024b. EIP-3074: AUTH and AUTHCALL opcodes. https:\/\/eips.ethereum.org\/EIPS\/eip-3074."},{"key":"e_1_3_1_48_1","unstructured":"2024a. ERC-1167: Minimal Proxy Contract. https:\/\/eips.ethereum.org\/EIPS\/eip-1167."},{"key":"e_1_3_1_49_1","unstructured":"2024b. ERC-897: DelegateProxy. https:\/\/eips.ethereum.org\/EIPS\/eip-897."},{"key":"e_1_3_1_50_1","unstructured":"2024. EVM-Storage. https:\/\/evm.storage\/."},{"key":"e_1_3_1_51_1","unstructured":"2024. InvCon+ Artifact. https:\/\/github.com\/Franklinliu\/InvConPlus-Tool."},{"key":"e_1_3_1_52_1","unstructured":"2024. Yearn Attack Transaction. https:\/\/etherscan.io\/tx\/0x59faab5a1911618064f1ffa1e4649d85c99cfd9f0d64dcebbc1af7d7630da98b."},{"key":"e_1_3_1_53_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-54455-6_8"},{"key":"e_1_3_1_54_1","first-page":"250","volume-title":"International Conference on Financial Cryptography and Data Security","author":"Baum Carsten","year":"2022","unstructured":"Carsten Baum, James Hsin-yu Chiang, Bernardo David, Tore Kasper Frederiksen, and Lorenzo Gentile. 2022. Sok: Mitigation of front-running in decentralized finance. In International Conference on Financial Cryptography and Data Security. Springer, 250\u2013271."},{"key":"e_1_3_1_55_1","unstructured":"Blockchain-Projects. 2020. Overflow Attack in Ethereum Smart Contracts. https:\/\/blockchain-projects.readthedocs.io\/overflow.html."},{"key":"e_1_3_1_56_1","unstructured":"BlockSec. 2023. SlowMist Medium Articles. https:\/\/blocksecteam.medium.com\/."},{"key":"e_1_3_1_57_1","first-page":"1","article-title":"Chainlink 2.0: Next steps in the evolution of decentralized oracle networks","volume":"1","author":"Breidenbach Lorenz","year":"2021","unstructured":"Lorenz Breidenbach, Christian Cachin, Benedict Chan, Alex Coventry, Steve Ellis, Ari Juels, Farinaz Koushanfar, Andrew Miller, Brendan Magauran, Daniel Moroz, et al. 2021. Chainlink 2.0: Next steps in the evolution of decentralized oracle networks. Chainlink Labs 1 (2021), 1\u2013136.","journal-title":"Chainlink Labs"},{"key":"e_1_3_1_58_1","doi-asserted-by":"crossref","unstructured":"Lexi Brent Neville Grech Sifis Lagouvardos Bernhard Scholz and Yannis Smaragdakis. 2020. Ethainter: a smart contract security analyzer for composite vulnerabilities. In Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation. 454\u2013469.","DOI":"10.1145\/3385412.3385990"},{"key":"e_1_3_1_59_1","unstructured":"Zhiyang Chen Sidi Mohamed Beillahi and Fan Long. 2022. FlashSyn: Flash Loan Attack Synthesis via Counter Example Driven Approximation. arXiv preprint arXiv:2206.10708 (2022)."},{"key":"e_1_3_1_60_1","doi-asserted-by":"crossref","unstructured":"Zhiyang Chen Ye Liu Sidi Mohamed Beillahi Yi Li and Fan Long. 2024a. Demystifying Invariant Effectiveness for Securing Smart Contracts. arXiv preprint arXiv:2404.14580 (2024).","DOI":"10.1145\/3660786"},{"key":"e_1_3_1_61_1","unstructured":"Zhiyang Chen Ye Liu Sidi Mohamed Beillahi Yi Li and Fan Long. 2024b. Trace2Inv Artifact. https:\/\/github.com\/Trace2Inv-Artifact\/Trace2Inv-Artifact-FSE24."},{"key":"e_1_3_1_62_1","doi-asserted-by":"publisher","unstructured":"Zhiyang Chen Ye Liu Sidi Mohamed Beillahi Yi Li and Fan Long. 2024c. Trace2Inv Artifact (Archived). https:\/\/doi.org\/10.5281\/zenodo.11194557 10.5281\/zenodo.11194557. https:\/\/doi.org\/10.5281\/zenodo.11194557 10.5281\/zenodo.11194557","DOI":"10.5281\/zenodo.11194557"},{"key":"e_1_3_1_63_1","unstructured":"Zhiyang Chen Ye Liu Sidi Mohamed Beillahi Yi Li and Fan Long. 2024d. Trace2Inv Benchmarks. https:\/\/github.com\/Trace2Inv-Artifact\/Trace2Inv-Benchmarks."},{"key":"e_1_3_1_64_1","unstructured":"Zhiyang Chen Ye Liu Sidi Mohamed Beillahi Yi Li and Fan Long. 2024e. Trace2Inv Empirical Study. https:\/\/github.com\/Trace2Inv-Artifact\/Trace2Inv-Invariant-Study-FSE24."},{"key":"e_1_3_1_65_1","unstructured":"Zhiyang Chen Ye Liu Sidi Mohamed Beillahi Yi Li and Fan Long. 2024f. Trace2Inv Website. https:\/\/sites.google.com\/view\/trace2inv\/home."},{"key":"e_1_3_1_66_1","doi-asserted-by":"crossref","first-page":"227","DOI":"10.1109\/ASE51524.2021.9678888","volume-title":"2021 36th IEEE\/ACM International Conference on Automated Software Engineering (ASE).","author":"Choi Jaeseung","year":"2021","unstructured":"Jaeseung Choi, Doyeon Kim, Soomin Kim, Gustavo Grieco, Alex Groce, and Sang Kil Cha. 2021. Smartian: Enhancing smart contract fuzzing with static and dynamic data-flow analyses. In 2021 36th IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE, 227\u2013239."},{"key":"e_1_3_1_67_1","unstructured":"Many Contributors. 2023a. DeFi Hacks Reproduce - Foundry. https:\/\/github.com\/SunWeb3Sec\/DeFiHackLabs."},{"key":"e_1_3_1_68_1","unstructured":"Many Contributors. 2023b. Learn EVM Attacks. https:\/\/github.com\/coinspect\/learn-evm-attacks."},{"key":"e_1_3_1_69_1","doi-asserted-by":"crossref","unstructured":"Xun Deng Sidi Mohamed Beillahi Cyrus Minwalla Han Du Andreas Veneris and Fan Long. 2024. Safeguarding DeFi Smart Contracts against Oracle Deviations. arXiv preprint arXiv:2401.06044 (2024).","DOI":"10.1145\/3597503.3639225"},{"key":"e_1_3_1_70_1","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1109\/DAPPS57946.2023.00015","volume-title":"2023 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS)","author":"Deng Xun","year":"2023","unstructured":"Xun Deng, Zihan Zhao, Sidi Mohamed Beillahi, Han Du, Cyrus Minwalla, Keerthi Nelaturu, Andreas Veneris, and Fan Long. 2023. A Robust Front-Running Methodology for Malicious Flash-Loan DeFi Attacks. In 2023 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS). IEEE, 38\u201347."},{"key":"e_1_3_1_71_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2007.01.015"},{"key":"e_1_3_1_72_1","doi-asserted-by":"crossref","unstructured":"Asem Ghaleb Julia Rubin and Karthik Pattabiraman. 2022. eTainter: detecting gas-related vulnerabilities in smart contracts. In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis. 728\u2013739.","DOI":"10.1145\/3533767.3534378"},{"key":"e_1_3_1_73_1","doi-asserted-by":"crossref","unstructured":"Asem Ghaleb Julia Rubin and Karthik Pattabiraman. 2023. AChecker: Statically Detecting Smart Contract Access Control Vulnerabilities. Proc. ACM ICSE (2023).","DOI":"10.1109\/ICSE48619.2023.00087"},{"key":"e_1_3_1_74_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVCBT50464.2020.00005"},{"key":"e_1_3_1_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238177"},{"key":"e_1_3_1_76_1","doi-asserted-by":"crossref","unstructured":"Queping Kong Jiachi Chen Yanlin Wang Zigui Jiang and Zibin Zheng. 2023. DeFiTainter: Detecting Price Manipulation Vulnerabilities in DeFi Protocols. In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. 1144\u20131156.","DOI":"10.1145\/3597926.3598124"},{"key":"e_1_3_1_77_1","doi-asserted-by":"crossref","unstructured":"Ao Li Jemin Andrew Choi and Fan Long. 2020. Securing smart contract with runtime validation. In Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation. 438\u2013453.","DOI":"10.1145\/3385412.3385982"},{"key":"e_1_3_1_78_1","doi-asserted-by":"crossref","unstructured":"Junrui Liu Yanju Chen Bryan Tan Isil Dillig and Yu Feng. 2022a. Learning Contract Invariants Using Reinforcement Learning. In Proceedings of the 37th IEEE\/ACM International Conference on Automated Software Engineering. 1\u201311.","DOI":"10.1145\/3551349.3556962"},{"key":"e_1_3_1_79_1","doi-asserted-by":"crossref","unstructured":"Ye Liu and Yi Li. 2022. InvCon: A Dynamic Invariant Detector for Ethereum Smart Contracts. In Proceedings of the 37th IEEE\/ACM International Conference on Automated Software Engineering. 1\u20134.","DOI":"10.1145\/3551349.3559539"},{"key":"e_1_3_1_80_1","doi-asserted-by":"crossref","unstructured":"Ye Liu Yi Li Shang-Wei Lin and Cyrille Artho. 2022b. Finding permission bugs in smart contracts with role mining. In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis. 716\u2013727.","DOI":"10.1145\/3533767.3534372"},{"key":"e_1_3_1_81_1","doi-asserted-by":"crossref","unstructured":"Ye Liu Yi Li Shang-Wei Lin and Qiang Yan. 2020. ModCon: A Model-Based Testing Platform for Smart Contracts. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 1601\u20131605.","DOI":"10.1145\/3368089.3417939"},{"key":"e_1_3_1_82_1","unstructured":"Ye Liu Chengxuan Zhang et al. 2024. Automated Invariant Generation for Solidity Smart Contracts. arXiv preprint arXiv:2401.00650 (2024)."},{"key":"e_1_3_1_83_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978309"},{"key":"e_1_3_1_84_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2017.3571045"},{"key":"e_1_3_1_85_1","unstructured":"Forta Network. 2023. Forta Network. https:\/\/forta.org\/."},{"key":"e_1_3_1_86_1","doi-asserted-by":"crossref","unstructured":"Tai D Nguyen Long H Pham Jun Sun Yun Lin and Quang Tran Minh. 2020. sfuzz: An efficient adaptive fuzzer for solidity smart contracts. In Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering. 778\u2013788.","DOI":"10.1145\/3377811.3380334"},{"key":"e_1_3_1_87_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274743"},{"key":"e_1_3_1_88_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-64322-8_1"},{"key":"e_1_3_1_89_1","doi-asserted-by":"crossref","unstructured":"Michael Rodler Wenting Li Ghassan O Karame and Lucas Davi. 2018. Sereum: Protecting Existing Smart Contracts against Re-Entrancy Attacks. arXiv preprint arXiv:1812.05934 (2018).","DOI":"10.14722\/ndss.2019.23413"},{"key":"e_1_3_1_90_1","unstructured":"Palladino Santiago. 2017. The Parity Wallet Hack Explained. https:\/\/blog.openzeppelin.com\/on-the-parity-wallet-multisig-hack-405a8c12e8f7\/"},{"key":"e_1_3_1_91_1","unstructured":"David Siegel. 2016. Understanding The DAO Attack. https:\/\/www.coindesk.com\/understanding-dao-hack-journalists"},{"key":"e_1_3_1_92_1","unstructured":"SlowMist. 2023. SlowMist Hacked Database. https:\/\/hacked.slowmist.io\/."},{"key":"e_1_3_1_93_1","volume-title":"Securify","author":"Sofware Reliability Lab","year":"2019","unstructured":"Sofware Reliability Lab 2019. Securify. Sofware Reliability Lab. https:\/\/securify.ch\/"},{"key":"e_1_3_1_94_1","doi-asserted-by":"crossref","unstructured":"Sergei Tikhomirov Ekaterina Voskresenskaya Ivan Ivanitskiy Ramil Takhaviev Evgeny Marchenko and Yaroslav Alexandrov. 2018. Smartcheck: Static Analysis of Ethereum Smart Contracts. In Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain. 9\u201316.","DOI":"10.1145\/3194113.3194115"},{"key":"e_1_3_1_95_1","doi-asserted-by":"crossref","first-page":"149","DOI":"10.1007\/978-3-662-63958-0_13","volume-title":"Financial Cryptography and Data Security. FC 2021 International Workshops: CoDecFin, DeFi, VOTING, and WTSC, Virtual Event, March 5, 2021, Revised Selected Papers 25","author":"Tolmach Palina","year":"2021","unstructured":"Palina Tolmach, Yi Li, Shang-Wei Lin, and Yang Liu. 2021. Formal analysis of composable DeFi protocols. In Financial Cryptography and Data Security. FC 2021 International Workshops: CoDecFin, DeFi, VOTING, and WTSC, Virtual Event, March 5, 2021, Revised Selected Papers 25. Springer, 149\u2013161."},{"key":"e_1_3_1_96_1","unstructured":"Trail of Bits 2019. Echidna. Trail of Bits. https:\/\/github.com\/trailofbits\/echidna"},{"key":"e_1_3_1_97_1","unstructured":"Haijun Wang Ye Liu Yi Li Shang-Wei Lin Cyrille Artho Lei Ma and Yang Liu. 2020. Oracle-Supported Dynamic Exploit Generation for Smart Contracts. IEEE Transactions on Dependable and Secure Computing (2020)."},{"key":"e_1_3_1_98_1","unstructured":"Siwei Wu Dabao Wang Jianting He Yajin Zhou Lei Wu Xingliang Yuan Qinming He and Kui Ren. 2021. Defiranger: Detecting price manipulation attacks on defi applications. arXiv preprint arXiv:2104.15068 (2021)."},{"key":"e_1_3_1_99_1","doi-asserted-by":"crossref","unstructured":"Valentin W\u00fcstholz and Maria Christakis. 2020. Harvey: A Greybox Fuzzer for Smart Contracts. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 1398\u20131409.","DOI":"10.1145\/3368089.3417064"},{"key":"e_1_3_1_100_1","first-page":"309","volume-title":"International Conference on Artificial Intelligence and Security","author":"Xue Yue","year":"2022","unstructured":"Yue Xue, Jialu Fu, Shen Su, Zakirul Alam Bhuiyan, Jing Qiu, Hui Lu, Ning Hu, and Zhihong Tian. 2022. Preventing Price Manipulation Attack by Front-Running. In International Conference on Artificial Intelligence and Security. Springer, 309\u2013322."},{"key":"e_1_3_1_101_1","unstructured":"Mengya Zhang Xiaokuan Zhang Yinqian Zhang and Zhiqiang Lin. 2020. {TXSPECTOR}: Uncovering attacks in ethereum from transactions. In 29th USENIX Security Symposium (USENIX Security 20). 2775\u20132792."},{"key":"e_1_3_1_102_1","unstructured":"Zhuo Zhang Zhiqiang Lin Marcelo Morales Xiangyu Zhang and Kaiyuan Zhang. 2023. Your Exploit is Mine: Instantly Synthesizing Counterattack Smart Contract. In 32nd USENIX Security Symposium (USENIX Security 23). 1757\u20131774."},{"key":"e_1_3_1_103_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00113"},{"key":"e_1_3_1_104_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179435"},{"key":"e_1_3_1_105_1","unstructured":"Shunfan Zhou Malte M\u00f6ser Zhemin Yang Ben Adida Thorsten Holz Jie Xiang Steven Goldfeder Yinzhi Cao Martin Plattner Xiaojun Qin et al. 2020. An ever-evolving game: Evaluation of real-world attacks and defenses in ethereum ecosystem. In 29th USENIX Security Symposium (USENIX Security 20). 2793\u20132810."}],"container-title":["Proceedings of the ACM on Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3660786","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3660786","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T07:59:05Z","timestamp":1770191945000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3660786"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,12]]},"references-count":104,"journal-issue":{"issue":"FSE","published-print":{"date-parts":[[2024,7,12]]}},"alternative-id":["10.1145\/3660786"],"URL":"https:\/\/doi.org\/10.1145\/3660786","relation":{},"ISSN":["2994-970X"],"issn-type":[{"value":"2994-970X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,7,12]]}}}