{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T11:13:37Z","timestamp":1776770017096,"version":"3.51.2"},"reference-count":50,"publisher":"Association for Computing Machinery (ACM)","issue":"FSE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Proc. ACM Softw. Eng."],"published-print":{"date-parts":[[2025,6,19]]},"abstract":"Smart contracts, as Turing-complete programs managing billions of assets in decentralized finance, are prime targets for attackers. While fuzz testing seems effective for detecting vulnerabilities in these programs, we identify several significant challenges when targeting smart contracts: (i) the stateful nature of these contracts requires stateful exploration, but current fuzzers rely on transaction sequences to manipulate contract states, making the process inefficient; (ii) contract execution is influenced by the continuously changing blockchain environment, yet current fuzzers are limited to local deployments, failing to test contracts in real-world scenarios. These challenges hinder current fuzzers from uncovering hidden vulnerabilities, i.e., those concealed in deep contract states and specific blockchain environments. In this paper, we present SmartShot, a mutable snapshot-based fuzzer to hunt hidden vulnerabilities within smart contracts. We innovatively formulate contract states and blockchain environments as directly fuzzable elements and design mutable snapshots to quickly restore and mutate these elements. SmartShot features a symbolic taint analysis-based mutation strategy along with double validation to soundly guide the state mutation. SmartShot mutates blockchain environments using contract\u2019s historical on-chain states, providing real-world execution contexts. We propose a snapshot checkpoint mechanism to integrate mutable snapshots into SmartShot\u2019s fuzzing loops. These innovations enable SmartShot to effectively fuzz contract states, test contracts across varied and realistic blockchain environments, and support on-chain fuzzing. Experimental results show that SmartShot is effective to detect hidden vulnerabilities with the highest code coverage and lowest false positive rate. SmartShot is 4.8\u00d7 to 20.2\u00d7 faster than state-of-the-art tools, identifying 2,150 vulnerable contracts out of 42,738 real-world contracts which is 2.1\u00d7 to 13.7\u00d7 more than other tools. SmartShot has demonstrated its real-world impact by detecting vulnerabilities that are only discoverable on-chain and uncovering 24 0-day vulnerabilities in the latest 10,000 deployed contracts.<\/jats:p>","DOI":"10.1145\/3715714","type":"journal-article","created":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T15:16:02Z","timestamp":1750346162000},"page":"65-85","source":"Crossref","is-referenced-by-count":2,"title":["SmartShot: Hunt Hidden Vulnerabilities in Smart Contracts using Mutable Snapshots"],"prefix":"10.1145","volume":"2","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-0709-6420","authenticated-orcid":false,"given":"Ruichao","family":"Liang","sequence":"first","affiliation":[{"name":"Wuhan University, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7212-5297","authenticated-orcid":false,"given":"Jing","family":"Chen","sequence":"additional","affiliation":[{"name":"Wuhan University, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-2129-0282","authenticated-orcid":false,"given":"Ruochen","family":"Cao","sequence":"additional","affiliation":[{"name":"Wuhan University, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3472-419X","authenticated-orcid":false,"given":"Kun","family":"He","sequence":"additional","affiliation":[{"name":"Wuhan University, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3634-3385","authenticated-orcid":false,"given":"Ruiying","family":"Du","sequence":"additional","affiliation":[{"name":"Wuhan University, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-6865-0332","authenticated-orcid":false,"given":"Shuhua","family":"Li","sequence":"additional","affiliation":[{"name":"Wuhan University, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4463-5652","authenticated-orcid":false,"given":"Zheng","family":"Lin","sequence":"additional","affiliation":[{"name":"University of Hong Kong, HongKong, Hong Kong"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0930-0283","authenticated-orcid":false,"given":"Cong","family":"Wu","sequence":"additional","affiliation":[{"name":"Wuhan University, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,6,19]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Alchemy. 2024. alchemy. https:\/\/www.alchemy.com\/supernode"},{"key":"e_1_2_1_2_1","volume-title":"International Conference on Cloud Computing, Big Data and Blockchain (ICCBB). https:\/\/doi.org\/10","author":"Alharby Maher","year":"2018","unstructured":"Maher Alharby, Amjad Aldweesh, and Aad van Moorsel. 2018. Blockchain-based Smart Contracts: A Systematic Mapping Study of Academic Research (2018). In International Conference on Cloud Computing, Big Data and Blockchain (ICCBB). https:\/\/doi.org\/10.1109\/ICCBB.2018.8756390 10.1109\/ICCBB.2018.8756390"},{"key":"e_1_2_1_3_1","volume-title":"SAILFISH: Vetting Smart Contract State-Inconsistency Bugs in Seconds. In Symposium on Security and Privacy (SP). https:\/\/doi.org\/10","author":"Bose Priyanka","year":"2022","unstructured":"Priyanka Bose, Dipanjan Das, Yanju Chen, Yu Feng, Christopher Kruegel, and Giovanni Vigna. 2022. SAILFISH: Vetting Smart Contract State-Inconsistency Bugs in Seconds. In Symposium on Security and Privacy (SP). https:\/\/doi.org\/10.1109\/SP46214.2022.9833721 10.1109\/SP46214.2022.9833721"},{"key":"e_1_2_1_4_1","volume-title":"Verifying Declarative Smart Contracts. In IEEE\/ACM International Conference on Software Engineering (ICSE). https:\/\/doi.org\/10","author":"Chen Haoxian","year":"2024","unstructured":"Haoxian Chen, Lan Lu, Brendan Massey, Yuepeng Wang, and Boon Thau Loo. 2024. Verifying Declarative Smart Contracts. In IEEE\/ACM International Conference on Software Engineering (ICSE). https:\/\/doi.org\/10.1145\/3597503.3639203 10.1145\/3597503.3639203"},{"key":"e_1_2_1_5_1","volume-title":"IEEE Symposium on Security and Privacy (S&P). https:\/\/doi.org\/10","author":"Chen Peng","year":"2018","unstructured":"Peng Chen and Hao Chen. 2018. Angora: Efficient Fuzzing by Principled Search. In IEEE Symposium on Security and Privacy (S&P). https:\/\/doi.org\/10.1109\/SP.2018.00046 10.1109\/SP.2018.00046"},{"key":"e_1_2_1_6_1","volume-title":"SMARTIAN: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses. In International Conference on Automated Software Engineering (ASE). https:\/\/doi.org\/10","author":"Choi Jaeseung","year":"2021","unstructured":"Jaeseung Choi, Doyeon Kim, Soomin Kim, Gustavo Grieco, Alex Groce, and Sang Kil Cha. 2021. SMARTIAN: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses. In International Conference on Automated Software Engineering (ASE). https:\/\/doi.org\/10.1109\/SP.2018.00046 10.1109\/SP.2018.00046"},{"key":"e_1_2_1_7_1","volume-title":"PentestGPT: Evaluating and Harnessing Large Language Models for Automated Penetration Testing. In USENIX Security Symposium (USENIX Security).","author":"Deng Gelei","year":"2024","unstructured":"Gelei Deng, Yi Liu, V\u00edctor Mayoral Vilches, Peng Liu, Yuekang Li, Yuan Xu, Martin Pinzger, Stefan Rass, Tianwei Zhang, and Yang Liu. 2024. PentestGPT: Evaluating and Harnessing Large Language Models for Automated Penetration Testing. In USENIX Security Symposium (USENIX Security)."},{"key":"e_1_2_1_8_1","volume-title":"Time-travel Testing of Android Apps. In International Conference on Software Engineering (ICSE). https:\/\/doi.org\/10","author":"Dong Zhen","year":"2020","unstructured":"Zhen Dong, Marcel Bohme, Lucia Cojocaru, and Abhik Roychoudhury. 2020. Time-travel Testing of Android Apps. In International Conference on Software Engineering (ICSE). https:\/\/doi.org\/10.1145\/3377811.3380402 10.1145\/3377811.3380402"},{"key":"e_1_2_1_9_1","volume-title":"International conference on software engineering (ICSE). https:\/\/doi.org\/10","author":"Durieux Thomas","year":"2020","unstructured":"Thomas Durieux, Jo\u00e3o F Ferreira, Rui Abreu, and Pedro Cruz. 2020. Empirical review of automated analysis tools on 47,587 ethereum smart contracts. In International conference on software engineering (ICSE). https:\/\/doi.org\/10.1145\/3377811.3380364 10.1145\/3377811.3380364"},{"key":"e_1_2_1_10_1","unstructured":"ethereum. 2023. py-evm. https:\/\/github.com\/ethereum\/py-evm"},{"key":"e_1_2_1_11_1","volume-title":"IEEE\/ACM International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). https:\/\/doi.org\/10","author":"Feist Josselin","year":"2019","unstructured":"Josselin Feist, Gustavo Grieco, and Alex Groce. 2019. Slither: a static analysis framework for smart contracts. In IEEE\/ACM International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). https:\/\/doi.org\/10.1109\/WETSEB.2019.00008 10.1109\/WETSEB.2019.00008"},{"key":"e_1_2_1_12_1","volume-title":"Snappy: Efficient Fuzzing with Adaptive and Mutable Snapshots. In Annual Computer Security Applications Conference (ACSAC). https:\/\/doi.org\/10","author":"Geretto Elia","year":"2022","unstructured":"Elia Geretto, Cristiano Giuffrida, Herbert Bos, and Erik Van Der Kouwe. 2022. Snappy: Efficient Fuzzing with Adaptive and Mutable Snapshots. In Annual Computer Security Applications Conference (ACSAC). https:\/\/doi.org\/10.1145\/3564625.3564639 10.1145\/3564625.3564639"},{"key":"e_1_2_1_13_1","volume-title":"Network and Distributed System Security Symposium (NDSS).","author":"Godefroid Patrice","year":"2008","unstructured":"Patrice Godefroid, Michael Y Levin, and David A Molnar. 2008. Automated whitebox fuzz testing. In Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_2_1_14_1","volume-title":"International Symposium on Software Testing and Analysis (ISSTA). https:\/\/doi.org\/10","author":"Grieco Gustavo","year":"2020","unstructured":"Gustavo Grieco, Will Song, Artur Cygan, Josselin Feist, and Alex Groce. 2020. Echidna: Effective, Usable, and Fast Fuzzing for Smart Contracts. In International Symposium on Software Testing and Analysis (ISSTA). https:\/\/doi.org\/10.1145\/3395363.3404366 10.1145\/3395363.3404366"},{"key":"e_1_2_1_15_1","volume-title":"Confusum Contractum: Confused Deputy Vulnerabilities in Ethereum Smart Contracts. In USENIX Security Symposium (USENIX Security).","author":"Gritti Fabio","year":"2023","unstructured":"Fabio Gritti, Nicola Ruaro, Robert McLaughlin, Priyanka Bose, Dipanjan Das, Ilya Grishchenko, Christopher Kruegel, and Giovanni Vigna. 2023. Confusum Contractum: Confused Deputy Vulnerabilities in Ethereum Smart Contracts. In USENIX Security Symposium (USENIX Security)."},{"key":"e_1_2_1_16_1","volume-title":"Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10","author":"He Jingxuan","year":"2019","unstructured":"Jingxuan He, Mislav Balunovi\u0107, Nodar Ambroladze, Petar Tsankov, and Martin Vechev. 2019. Learning to Fuzz from Symbolic Execution with Application to Smart Contracts. In Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10.1145\/3319535.3363230 10.1145\/3319535.3363230"},{"key":"e_1_2_1_17_1","unstructured":"Infura. 2024. infura. https:\/\/www.infura.io\/zh\/networks\/ethereum"},{"key":"e_1_2_1_18_1","volume-title":"ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection. In International Conference on Automated Software Engineering (ASE). https:\/\/doi.org\/10","author":"Jiang Bo","unstructured":"Bo Jiang, Ye Liu, and W. K. Chan. 2018. ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection. In International Conference on Automated Software Engineering (ASE). https:\/\/doi.org\/10.1145\/3238147.3238177 10.1145\/3238147.3238177"},{"key":"e_1_2_1_19_1","volume-title":"ZEUS: Analyzing Safety of Smart Contracts. In Annual Network and Distributed System Security Symposium, NDSS.","author":"Kalra Sukrit","year":"2018","unstructured":"Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma. 2018. ZEUS: Analyzing Safety of Smart Contracts. In Annual Network and Distributed System Security Symposium, NDSS."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3192991"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2018.2834476"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3237370"},{"key":"e_1_2_1_23_1","volume-title":"Making Smart Contracts Smarter. In Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10","author":"Luu Loi","year":"2016","unstructured":"Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making Smart Contracts Smarter. In Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10.1145\/2976749.2978309 10.1145\/2976749.2978309"},{"key":"e_1_2_1_24_1","unstructured":"microsoft. 2024. Z3 SMT solver. https:\/\/www.microsoft.com\/en-us\/research\/project\/z3-3\/"},{"key":"e_1_2_1_25_1","volume-title":"SFuzz: An Efficient Adaptive Fuzzer for Solidity Smart Contracts. In International Conference on Software Engineering (ICSE). https:\/\/doi.org\/10","author":"Nguyen Tai D.","year":"2020","unstructured":"Tai D. Nguyen, Long H. Pham, Jun Sun, Yun Lin, and Quang Tran Minh. 2020. SFuzz: An Efficient Adaptive Fuzzer for Solidity Smart Contracts. In International Conference on Software Engineering (ICSE). https:\/\/doi.org\/10.1145\/3377811.3380334 10.1145\/3377811.3380334"},{"key":"e_1_2_1_26_1","volume-title":"VerX: Safety Verification of Smart Contracts. In IEEE Symposium on Security and Privacy, SP. https:\/\/doi.org\/10","author":"Permenev Anton","year":"2020","unstructured":"Anton Permenev, Dimitar K. Dimitrov, Petar Tsankov, Dana Drachsler-Cohen, and Martin T. Vechev. 2020. VerX: Safety Verification of Smart Contracts. In IEEE Symposium on Security and Privacy, SP. https:\/\/doi.org\/10.1109\/SP40000.2020.00024 10.1109\/SP40000.2020.00024"},{"key":"e_1_2_1_27_1","volume-title":"VUzzer: Application-aware Evolutionary Fuzzing. In USENIX Security Symposium (USENIX Security).","author":"Rawat Sanjay","year":"2017","unstructured":"Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, and Herbert Bos. 2017. VUzzer: Application-aware Evolutionary Fuzzing. In USENIX Security Symposium (USENIX Security)."},{"key":"e_1_2_1_28_1","volume-title":"USENIX Security Symposium (USENIX Security).","author":"Schumilo Sergej","year":"2021","unstructured":"Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon W\u00f6r-ner, and Thorsten Holz. 2021. Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types. In USENIX Security Symposium (USENIX Security)."},{"key":"e_1_2_1_29_1","volume-title":"USENIX Security Symposium (USENIX Security).","author":"Schumilo Sergej","year":"2017","unstructured":"Sergej Schumilo, Cornelius Aschermann, Robert Gawlik, Sebastian Schinzel, and Thorsten Holz. 2017. kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels. In USENIX Security Symposium (USENIX Security)."},{"key":"e_1_2_1_30_1","volume-title":"European Conference on Computer Systems (EuroSys). https:\/\/doi.org\/10","author":"Schumilo Sergej","year":"2022","unstructured":"Sergej Schumilo, Cornelius Aschermann, Andrea Jemmett, Ali Abbasi, and Thorsten Holz. 2022. Nyx-net: network fuzzing with incremental snapshots. In European Conference on Computer Systems (EuroSys). https:\/\/doi.org\/10.1145\/3492321.3519591 10.1145\/3492321.3519591"},{"key":"e_1_2_1_31_1","volume-title":"Large-Scale Study of Vulnerability Scanners for Ethereum Smart Contracts. In IEEE Symposium on Security and Privacy (SP). https:\/\/doi.org\/10","author":"Sendner C.","year":"2024","unstructured":"C. Sendner, L. Petzi, J. Stang, and A. Dmitrienko. 2024. Large-Scale Study of Vulnerability Scanners for Ethereum Smart Contracts. In IEEE Symposium on Security and Privacy (SP). https:\/\/doi.org\/10.1109\/SP54263.2024.00230 10.1109\/SP54263.2024.00230"},{"key":"e_1_2_1_32_1","volume-title":"ItyFuzz: Snapshot-Based Fuzzer for Smart Contract. In International Symposium on Software Testing and Analysis (ISSTA). https:\/\/doi.org\/10","author":"Shou Chaofan","year":"2023","unstructured":"Chaofan Shou, Shangyin Tan, and Koushik Sen. 2023. ItyFuzz: Snapshot-Based Fuzzer for Smart Contract. In International Symposium on Software Testing and Analysis (ISSTA). https:\/\/doi.org\/10.1145\/3597926.3598059 10.1145\/3597926.3598059"},{"key":"e_1_2_1_33_1","unstructured":"SmartContractSecurity. 2020. Smart Contract Weakness Classification. https:\/\/swcregistry.io\/"},{"key":"e_1_2_1_34_1","volume-title":"USENIX Security Symposium (USENIX Security).","author":"So Sunbeom","year":"2021","unstructured":"Sunbeom So, Seongjoon Hong, and Hakjoo Oh. 2021. SmarTest: Effectively Hunting Vulnerable Transaction Sequences in Smart Contracts through Language Model-Guided Symbolic Execution. In USENIX Security Symposium (USENIX Security)."},{"key":"e_1_2_1_35_1","volume-title":"2020 IEEE Symposium on Security and Privacy (SP). https:\/\/doi.org\/10","author":"So Sunbeom","year":"2020","unstructured":"Sunbeom So, Myungho Lee, Jisu Park, Heejo Lee, and Hakjoo Oh. 2020. Verismart: A highly precise safety verifier for ethereum smart contracts. In 2020 IEEE Symposium on Security and Privacy (SP). https:\/\/doi.org\/10.1109\/SP40000.2020.00032 10.1109\/SP40000.2020.00032"},{"key":"e_1_2_1_36_1","volume-title":"USENIX Security Symposium (USENIX Security).","author":"Stone Leo","year":"2023","unstructured":"Leo Stone, Rishi Ranjan, Stefan Nagy, and Matthew Hicks. 2023. No Linux, No Problem: Fast and Correct Windows Binary Fuzzing via Target-embedded Snapshotting. In USENIX Security Symposium (USENIX Security)."},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","unstructured":"Jianzhong Su Hong-Ning Dai Lingjun Zhao Zibin Zheng and Xiapu Luo. 2023. Effectively Generating Vulnerable Transaction Sequences in Smart Contracts with Reinforcement Learning-Guided Fuzzing. In International Conference on Automated Software Engineering (ASE). https:\/\/doi.org\/10.1145\/3551349.3560429 10.1145\/3551349.3560429","DOI":"10.1145\/3551349.3560429"},{"key":"e_1_2_1_38_1","unstructured":"SunWeb3Sec. 2022. DeFiHackLabs. https:\/\/github.com\/SunWeb3Sec\/DeFiHackLabs"},{"key":"e_1_2_1_39_1","volume-title":"TaintSE: Dynamic Taint Analysis Combined with Symbolic Execution and Constraint Association. In IEEE International Conference on Software Engineering and Service Science (ICSESS). https:\/\/doi.org\/10","author":"Tang Chenghua","year":"2023","unstructured":"Chenghua Tang, Xiaolong Guan, Mengmeng Yang, and Baohua Qiang. 2023. TaintSE: Dynamic Taint Analysis Combined with Symbolic Execution and Constraint Association. In IEEE International Conference on Software Engineering and Service Science (ICSESS). https:\/\/doi.org\/10.1109\/ICSESS58500.2023.10293040 10.1109\/ICSESS58500.2023.10293040"},{"key":"e_1_2_1_40_1","volume-title":"ConFuzzius: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts. In European Symposium on Security and Privacy (EuroS&P). https:\/\/doi.org\/10","author":"Torres Christof Ferreira","year":"2021","unstructured":"Christof Ferreira Torres, Antonio Ken Iannillo, Arthur Gervais, and Radu State. 2021. ConFuzzius: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts. In European Symposium on Security and Privacy (EuroS&P). https:\/\/doi.org\/10.1109\/EuroSP51992.2021.00018 10.1109\/EuroSP51992.2021.00018"},{"key":"e_1_2_1_41_1","volume-title":"Securify: Practical Security Analysis of Smart Contracts. In ACM SIGSAC Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10","author":"Tsankov Petar","unstructured":"Petar Tsankov, Andrei Marian Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian B\u00fcnzli, and Martin T. Vechev. 2018. Securify: Practical Security Analysis of Smart Contracts. In ACM SIGSAC Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10.1145\/3243734.3243780 10.1145\/3243734.3243780"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","unstructured":"H. Wang Y. Liu Y. Li S. Lin C. Artho L. Ma and Y. Liu. 2022. Oracle-Supported Dynamic Exploit Generation for Smart Contracts. IEEE Transactions on Dependable and Secure Computing 19 (2022) https:\/\/doi.org\/10.1109\/TDSC.2020.3037332 10.1109\/TDSC.2020.3037332","DOI":"10.1109\/TDSC.2020.3037332"},{"key":"e_1_2_1_43_1","volume-title":"SMARTINV: Multimodal Learning for Smart Contract Invariant Inference. In IEEE Symposium on Security and Privacy (SP). https:\/\/doi.org\/10","author":"Wang S.","year":"2024","unstructured":"S. Wang, K. Pei, and J. Yang. 2024. SMARTINV: Multimodal Learning for Smart Contract Invariant Inference. In IEEE Symposium on Security and Privacy (SP). https:\/\/doi.org\/10.1109\/SP54263.2024.00126 10.1109\/SP54263.2024.00126"},{"key":"e_1_2_1_44_1","volume-title":"Targeted Greybox Fuzzing with Static Lookahead Analysis. In International Conference on Software Engineering (ICSE). https:\/\/doi.org\/10","author":"Wustholz Valentin","year":"2020","unstructured":"Valentin Wustholz and Maria Christakis. 2020. Targeted Greybox Fuzzing with Static Lookahead Analysis. In International Conference on Software Engineering (ICSE). https:\/\/doi.org\/10.1145\/3377811.3380388 10.1145\/3377811.3380388"},{"key":"e_1_2_1_45_1","volume-title":"Pulling Off The Mask: Forensic Analysis of the Deceptive Creator Wallets Behind Smart Contract Fraud. In IEEE Symposium on Security and Privacy (SP). https:\/\/doi.org\/10","author":"Yao M.","year":"2024","unstructured":"M. Yao, R. Zhang, H. Xu, S. Chou, V. Paturi, A. Sikder, and B. Saltaformaggio. 2024. Pulling Off The Mask: Forensic Analysis of the Deceptive Creator Wallets Behind Smart Contract Fraud. In IEEE Symposium on Security and Privacy (SP). https:\/\/doi.org\/10.1109\/SP54263.2024.00228 10.1109\/SP54263.2024.00228"},{"key":"e_1_2_1_46_1","volume-title":"Scrawld: A dataset of real world ethereum smart contracts labelled with vulnerabilities. arXiv preprint arXiv:2202.11409.","author":"Yashavant Chavhan Sujeet","year":"2022","unstructured":"Chavhan Sujeet Yashavant, Saurabh Kumar, and Amey Karkare. 2022. Scrawld: A dataset of real world ethereum smart contracts labelled with vulnerabilities. arXiv preprint arXiv:2202.11409."},{"key":"e_1_2_1_47_1","volume-title":"International Symposium on Software Testing and Analysis (ISSTA). https:\/\/doi.org\/10","author":"Ye Mingxi","year":"2023","unstructured":"Mingxi Ye, Yuhong Nan, Zibin Zheng, Dongpeng Wu, and Huizhong Li. 2023. Detecting State Inconsistency Bugs in DApps via On-Chain Transaction Replay and Fuzzing. In International Symposium on Software Testing and Analysis (ISSTA). https:\/\/doi.org\/10.1145\/3597926.3598057 10.1145\/3597926.3598057"},{"key":"e_1_2_1_48_1","volume-title":"Nyx: Detecting Exploitable Front-Running Vulnerabilities in Smart Contracts. In IEEE Symposium on Security and Privacy (SP). https:\/\/doi.org\/10","author":"Zhang W.","year":"2024","unstructured":"W. Zhang, Z. Zhang, Q. Shi, L. Liu, L. Wei, Y. Liu, X. Zhang, and S. Cheung. 2024. Nyx: Detecting Exploitable Front-Running Vulnerabilities in Smart Contracts. In IEEE Symposium on Security and Privacy (SP). https:\/\/doi.org\/10.1109\/SP54263.2024.00146 10.1109\/SP54263.2024.00146"},{"key":"e_1_2_1_49_1","volume-title":"Demystifying Exploitable Bugs in Smart Contracts. In International Conference on Software Engineering (ICSE). https:\/\/doi.org\/10","author":"Zhang Zhuo","year":"2023","unstructured":"Zhuo Zhang, Brian Zhang, Wen Xu, and Zhiqiang Lin. 2023. Demystifying Exploitable Bugs in Smart Contracts. In International Conference on Software Engineering (ICSE). https:\/\/doi.org\/10.1109\/ICSE48619.2023.00061 10.1109\/ICSE48619.2023.00061"},{"key":"e_1_2_1_50_1","volume-title":"PrettySmart: Detecting Permission Re-delegation Vulnerability for Token Behaviors in Smart Contracts. In IEEE\/ACM International Conference on Software Engineering (ICSE). https:\/\/doi.org\/10","author":"Zhong Zhijie","year":"2024","unstructured":"Zhijie Zhong, Zibin Zheng, Hong-Ning Dai, Qing Xue, Junjia Chen, and Yuhong Nan. 2024. PrettySmart: Detecting Permission Re-delegation Vulnerability for Token Behaviors in Smart Contracts. In IEEE\/ACM International Conference on Software Engineering (ICSE). https:\/\/doi.org\/10.1145\/3597503.3639140 10.1145\/3597503.3639140"}],"container-title":["Proceedings of the ACM on Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3715714","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T15:16:49Z","timestamp":1750346209000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3715714"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,19]]},"references-count":50,"journal-issue":{"issue":"FSE","published-print":{"date-parts":[[2025,6,19]]}},"alternative-id":["10.1145\/3715714"],"URL":"https:\/\/doi.org\/10.1145\/3715714","relation":{},"ISSN":["2994-970X"],"issn-type":[{"value":"2994-970X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,6,19]]}}}