{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T15:33:55Z","timestamp":1777736035573,"version":"3.51.4"},"reference-count":44,"publisher":"Association for Computing Machinery (ACM)","issue":"ISSTA","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Proc. ACM Softw. Eng."],"published-print":{"date-parts":[[2025,6,22]]},"abstract":"<jats:p>Smart contract vulnerabilities have led to significant financial losses, with their increasing complexity rendering outright prevention of hacks increasingly challenging. This trend highlights the crucial need for advanced forensic analysis and real-time intrusion detection, where dynamic analysis plays a key role in dissecting smart contract executions. Therefore, there is a pressing need for a unified and generic representation of smart contract executions, complemented by an efficient methodology that enables the modeling and identification of a broad spectrum of emerging attacks.<\/jats:p>\n          <jats:p>We introduce Clue, a dynamic analysis framework specifically designed for the Ethereum virtual machine. Central to Clue is its ability to capture critical runtime information during contract executions, employing a novel graph-based representation, the Execution Property Graph. A key feature of Clue is its innovative graph traversal technique, which is adept at detecting complex attacks, including (read-only) reentrancy and price manipulation. Evaluation results reveal Clue's superior performance with high true positive rates and low false positive rates, outperforming state-of-the-art tools. Furthermore, Clue's efficiency positions it as a valuable tool for both forensic analysis and real-time intrusion detection.<\/jats:p>","DOI":"10.1145\/3728924","type":"journal-article","created":{"date-parts":[[2025,6,22]],"date-time":"2025-06-22T10:52:56Z","timestamp":1750589576000},"page":"1101-1122","source":"Crossref","is-referenced-by-count":1,"title":["Enhancing Smart Contract Security Analysis with Execution Property Graphs"],"prefix":"10.1145","volume":"2","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2190-3623","authenticated-orcid":false,"given":"Kaihua","family":"Qin","sequence":"first","affiliation":[{"name":"Yale University, New Haven, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6446-5072","authenticated-orcid":false,"given":"Zhe","family":"Ye","sequence":"additional","affiliation":[{"name":"University of California, Berkeley, Berkeley, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-8576-7337","authenticated-orcid":false,"given":"Zhun","family":"Wang","sequence":"additional","affiliation":[{"name":"University of California, Berkeley, Berkeley, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-2878-2314","authenticated-orcid":false,"given":"Weilin","family":"Li","sequence":"additional","affiliation":[{"name":"University College London, London, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2820-9872","authenticated-orcid":false,"given":"Liyi","family":"Zhou","sequence":"additional","affiliation":[{"name":"University of Sydney, Sydney, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7894-8828","authenticated-orcid":false,"given":"Chao","family":"Zhang","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9745-6802","authenticated-orcid":false,"given":"Dawn","family":"Song","sequence":"additional","affiliation":[{"name":"University of California, Berkeley, Berkeley, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3565-3410","authenticated-orcid":false,"given":"Arthur","family":"Gervais","sequence":"additional","affiliation":[{"name":"University College London, London, United Kingdom"}]}],"member":"320","published-online":{"date-parts":[[2025,6,22]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Alfred V Aho Monica S Lam Ravi Sethi and Jeffrey D Ullman. 2007. Compilers: principles techniques & tools. Pearson Education India."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/390013.808479"},{"key":"e_1_2_1_3_1","doi-asserted-by":"crossref","unstructured":"David Binkley. 2007. Source code analysis: A road map. Future of Software Engineering (FOSE\u201907) 104\u2013119.","DOI":"10.1109\/FOSE.2007.27"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833721"},{"key":"e_1_2_1_5_1","volume-title":"2021 IEEE Symposium on Security and Privacy (SP). 1249\u20131267","author":"Cecchetti Ethan","year":"2021","unstructured":"Ethan Cecchetti, Siqiu Yao, Haobin Ni, and Andrew C Myers. 2021. Compositional security for reentrant applications. In 2021 IEEE Symposium on Security and Privacy (SP). 1249\u20131267."},{"key":"e_1_2_1_6_1","unstructured":"CertiK. [n. d.]. Curve Conundrum: The dForce Attack via a Read-Only Reentrancy Vector Exploit. https:\/\/www.certik.com\/resources\/blog\/curve-conundrum-the-dforce-attack-via-a-read-only-reentrancy-vector-exploit Accessed on 10\/31\/2024"},{"key":"e_1_2_1_7_1","volume-title":"SODA: A Generic Online Detection Framework for Smart Contracts.. In NDSS.","author":"Chen Ting","year":"2020","unstructured":"Ting Chen, Rong Cao, Ting Li, Xiapu Luo, Guofei Gu, Yufei Zhang, Zhou Liao, Hang Zhu, Gang Chen, and Zheyuan He. 2020. SODA: A Generic Online Detection Framework for Smart Contracts.. In NDSS."},{"key":"e_1_2_1_8_1","volume-title":"Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering. 1\u201313","author":"Chen Zhiyang","year":"2024","unstructured":"Zhiyang Chen, Sidi Mohamed Beillahi, and Fan Long. 2024. Flashsyn: Flash loan attack synthesis via counter example driven approximation. In Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering. 1\u201313."},{"key":"e_1_2_1_9_1","volume-title":"2021 IEEE\/ACM 29th International Conference on Program Comprehension (ICPC). 127\u2013137","author":"Contro Filippo","year":"2021","unstructured":"Filippo Contro, Marco Crosara, Mariano Ceccato, and Mila Dalla Preda. 2021. Ethersolve: Computing an accurate control-flow graph from ethereum bytecode. In 2021 IEEE\/ACM 29th International Conference on Program Comprehension (ICPC). 127\u2013137."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3463274.3463348"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/WETSEB.2019.00008"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/24039.24041"},{"key":"e_1_2_1_13_1","volume-title":"Proceedings of the 15th ACM Asia Conference on Computer and Communications Security. 584\u2013597","author":"Torres Christof Ferreira","year":"2020","unstructured":"Christof Ferreira Torres, Mathis Baden, Robert Norvill, Beltran Borja Fiz Pontiveros, Hugo Jonker, and Sjouke Mauw. 2020. \u00c6 gis: Shielding vulnerable smart contracts against attacks. In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security. 584\u2013597."},{"key":"e_1_2_1_14_1","unstructured":"Jens-Rene Giesen Sebastien Andreina Michael Rodler Ghassan O Karame and Lucas Davi. 2022. Practical Mitigation of Smart Contract Bugs. arXiv preprint arXiv:2203.00364."},{"key":"e_1_2_1_15_1","volume-title":"Proceedings of the ACM on Programming Languages, 2, POPL","author":"Grossman Shelly","year":"2017","unstructured":"Shelly Grossman, Ittai Abraham, Guy Golan-Gueta, Yan Michalevsky, Noam Rinetzky, Mooly Sagiv, and Yoni Zohar. 2017. Online detection of effectively callback free objects with applications to smart contracts. Proceedings of the ACM on Programming Languages, 2, POPL (2017), 1\u201328."},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/143062.143156"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238177"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598124"},{"key":"e_1_2_1_19_1","unstructured":"Wenkai Li Jiuyang Bu Xiaoqi Li Hongli Peng Yuanzheng Niu and Xianyi Chen. 2022. A Survey of DeFi Security: Challenges and Opportunities. arXiv preprint arXiv:2206.11821."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978309"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2019.00133"},{"key":"e_1_2_1_22_1","volume-title":"Bitcoin: A peer-to-peer electronic cash system.  https:\/\/bitcoin.org\/bitcoin.pdf","author":"Nakamoto Satoshi","year":"2008","unstructured":"Satoshi Nakamoto. 2008. Bitcoin: A peer-to-peer electronic cash system. https:\/\/bitcoin.org\/bitcoin.pdf"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380334"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2023.111653"},{"key":"e_1_2_1_25_1","volume-title":"USENIX Security Symposium. 1325\u20131341","author":"Perez Daniel","year":"2021","unstructured":"Daniel Perez and Benjamin Livshits. 2021. Smart Contract Vulnerabilities: Vulnerable Does Not Imply Exploited.. In USENIX Security Symposium. 1325\u20131341."},{"key":"e_1_2_1_26_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Qin Kaihua","year":"2023","unstructured":"Kaihua Qin, Stefanos Chaliasos, Liyi Zhou, Benjamin Livshits, Dawn Song, and Arthur Gervais. 2023. The blockchain imitation game. In 32nd USENIX Security Symposium (USENIX Security 23). 3961\u20133978."},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3487552.3487811"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-64322-8_1"},{"key":"e_1_2_1_29_1","unstructured":"QuillAudits. [n. d.]. Decoding Sentiment Protocol\u2019s $1 Million Exploit | QuillAudits. https:\/\/quillaudits.medium.com\/decoding-sentiment-protocols-1-million-exploit-quillaudits-f36bee77d376 Accessed on 10\/31\/2024"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3473929"},{"key":"e_1_2_1_31_1","volume-title":"Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks. In NDSS.","author":"Rodler Michael","year":"2019","unstructured":"Michael Rodler, Wenting Li, Ghassan Karame, and Lucas Davi. 2019. Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks. In NDSS."},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815072.2815073"},{"key":"e_1_2_1_33_1","doi-asserted-by":"crossref","unstructured":"Marko A Rodriguez and Peter Neubauer. 2012. The graph traversal pattern. In Graph data management: Techniques and applications. IGI global 29\u201346.","DOI":"10.4018\/978-1-61350-053-8.ch002"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243780"},{"key":"e_1_2_1_35_1","article-title":"DeFiRanger: Detecting DeFi Price Manipulation Attacks","author":"Wu Siwei","year":"2023","unstructured":"Siwei Wu, Zhou Yu, Dabao Wang, Yajin Zhou, Lei Wu, Haoyu Wang, and Xingliang Yuan. 2023. DeFiRanger: Detecting DeFi Price Manipulation Attacks. IEEE Transactions on Dependable and Secure Computing.","journal-title":"IEEE Transactions on Dependable and Secure Computing."},{"key":"e_1_2_1_36_1","volume-title":"Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis. 402\u2013414","author":"Xie Maoyi","year":"2024","unstructured":"Maoyi Xie, Ming Hu, Ziqiao Kong, Cen Zhang, Yebo Feng, Haijun Wang, Yue Xue, Hao Zhang, Ye Liu, and Yang Liu. 2024. DeFort: Automatic Detection and Analysis of Price Manipulation Attacks in DeFi Applications. In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis. 402\u2013414."},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3570639"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.44"},{"key":"e_1_2_1_39_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Zhang Mengya","year":"2020","unstructured":"Mengya Zhang, Xiaokuan Zhang, Yinqian Zhang, and Zhiqiang Lin. 2020. $TXSPECTOR$: Uncovering attacks in ethereum from transactions. In 29th USENIX Security Symposium (USENIX Security 20). 2775\u20132792."},{"key":"e_1_2_1_40_1","volume-title":"2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE). 615\u2013627","author":"Zhang Zhuo","year":"2023","unstructured":"Zhuo Zhang, Brian Zhang, Wen Xu, and Zhiqiang Lin. 2023. Demystifying exploitable bugs in smart contracts. In 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE). 615\u2013627."},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534395"},{"key":"e_1_2_1_42_1","unstructured":"Liyi Zhou Kaihua Qin and Arthur Gervais. 2021. A2mm: Mitigating frontrunning transaction reordering and consensus instability in decentralized exchanges. arXiv preprint arXiv:2106.07371."},{"key":"e_1_2_1_43_1","doi-asserted-by":"crossref","unstructured":"Liyi Zhou Xihan Xiong Jens Ernstberger Stefanos Chaliasos Zhipeng Wang Ye Wang Kaihua Qin Roger Wattenhofer Dawn Song and Arthur Gervais. 2022. SoK: Decentralized Finance (DeFi) Attacks. Cryptology ePrint Archive.","DOI":"10.1109\/SP46215.2023.10179435"},{"key":"e_1_2_1_44_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Zhou Shunfan","year":"2020","unstructured":"Shunfan Zhou, Malte M\u00f6ser, Zhemin Yang, Ben Adida, Thorsten Holz, Jie Xiang, Steven Goldfeder, Yinzhi Cao, Martin Plattner, and Xiaojun Qin. 2020. An ever-evolving game: Evaluation of real-world attacks and defenses in ethereum ecosystem. In 29th USENIX Security Symposium (USENIX Security 20). 2793\u20132810."}],"container-title":["Proceedings of the ACM on Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3728924","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,16]],"date-time":"2025-07-16T16:53:30Z","timestamp":1752684810000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3728924"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,22]]},"references-count":44,"journal-issue":{"issue":"ISSTA","published-print":{"date-parts":[[2025,6,22]]}},"alternative-id":["10.1145\/3728924"],"URL":"https:\/\/doi.org\/10.1145\/3728924","relation":{},"ISSN":["2994-970X"],"issn-type":[{"value":"2994-970X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,6,22]]}}}