{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T15:53:31Z","timestamp":1776354811921,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":37,"publisher":"ACM","funder":[{"DOI":"10.13039\/501100000781","name":"European Research Council","doi-asserted-by":"publisher","award":["101042266"],"award-info":[{"award-number":["101042266"]}],"id":[{"id":"10.13039\/501100000781","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,4,27]]},"DOI":"10.1145\/3803525.3804980","type":"proceedings-article","created":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T14:54:47Z","timestamp":1776351287000},"page":"81-88","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Fuzzing Cross-Chain Vulnerabilities with BridgeFuzz"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-8324-4993","authenticated-orcid":false,"given":"Pascal","family":"Winkler","sequence":"first","affiliation":[{"name":"paluno - the Ruhr Institute for Software Technology, University of Duisburg-Essen, Essen, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-2601-2202","authenticated-orcid":false,"given":"Christian","family":"Scholz","sequence":"additional","affiliation":[{"name":"paluno - the Ruhr Institute for Software Technology, University of Duisburg-Essen, Essen, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-0685-6237","authenticated-orcid":false,"given":"Jens-Rene","family":"Giesen","sequence":"additional","affiliation":[{"name":"paluno - the Ruhr Institute for Software Technology, University of Duisburg-Essen, Essen, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-0166-1625","authenticated-orcid":false,"given":"Noah","family":"Kappert","sequence":"additional","affiliation":[{"name":"paluno - the Ruhr Institute for Software Technology, University of Duisburg-Essen, Essen, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7322-2777","authenticated-orcid":false,"given":"Lucas","family":"Davi","sequence":"additional","affiliation":[{"name":"paluno - the Ruhr Institute for Software Technology, University of Duisburg-Essen, Essen, Germany"}]}],"member":"320","published-online":{"date-parts":[[2026,4,26]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Bridge","year":"2025","unstructured":"DefiLlama. Bridge Volume in all bridges. 2025. url: defillama.com\/bridges (visited on Sept. 1, 2025)."},{"key":"e_1_3_2_1_2_1","volume-title":"Web3 is Going Just Great","author":"White Molly","year":"2022","unstructured":"Molly White. Web3 is Going Just Great. 2022. url: web3isgoinggreat.com\/?id=axie-infinity-suffers-625-million-exploit (visited on Sept. 1, 2025)."},{"key":"e_1_3_2_1_3_1","volume-title":"Web3 is Going Just Great","author":"White Molly","year":"2022","unstructured":"Molly White. Web3 is Going Just Great. 2022. url: web3isgoinggreat.com\/?id=binance-smart-chain-halts-after-bridge-exploit (visited on Sept. 1, 2025)."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3551349.3559520"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3643738"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3663529.3663809"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP57164.2023.00034"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623178"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598059"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3715714"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3650212.3680321"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3678890.3678894"},{"key":"e_1_3_2_1_14_1","volume-title":"Web3 is Going Just Great","author":"White Molly","year":"2022","unstructured":"Molly White. Web3 is Going Just Great. 2022. url: web3isgoinggreat.com\/?id=qubit-finance-exploited (visited on Sept. 1, 2025)."},{"key":"e_1_3_2_1_15_1","volume-title":"Web3 is Going Just Great","author":"White Molly","year":"2022","unstructured":"Molly White. Web3 is Going Just Great. 2022. url: web3isgoinggreat.com\/?id=meter-passport-bridge-exploited (visited on Sept. 1, 2025)."},{"key":"e_1_3_2_1_16_1","volume-title":"url: rekt.news\/multichain-rekt2\/ (visited on","author":"Bouteloup Julien","year":"2025","unstructured":"Julien Bouteloup. Multichain - REKT 2. 2023. url: rekt.news\/multichain-rekt2\/ (visited on Sept. 1, 2025)."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.5281\/zenodo.17093557"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3573896"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3228535"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2403.00405"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2312.12573"},{"key":"e_1_3_2_1_22_1","first-page":"14","volume-title":"2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). IEEE","author":"Lee Sung-Shine","year":"2023","unstructured":"Sung-Shine Lee, Alexandr Murashkin, Martin Derka, and Jan Gorzny. \u201cSoK: Not Quite Water Under the Bridge: Review of Cross-Chain Bridge Hacks\u201d. In: 2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). IEEE, 2023, pp. 1\u201314. dot: 10.1109\/ICBC56567.2023.10174993."},{"key":"e_1_3_2_1_23_1","volume-title":"Web3 is Going Just Great","author":"White Molly","year":"2024","unstructured":"Molly White. Web3 is Going Just Great. 2024. url: web3isgoinggreat.com\/?id=lifi-exploit (visited on Sept. 1, 2025)."},{"key":"e_1_3_2_1_24_1","volume-title":"SCWE-087: Missing Payload Size Validation in Cross-Chain Messaging. Denial of Service\/Stuck Funds","author":"Smart Contract Security OWASP","year":"2025","unstructured":"OWASP Smart Contract Security. SCWE-087: Missing Payload Size Validation in Cross-Chain Messaging. Denial of Service\/Stuck Funds. 2025. url: https:\/\/scs.owasp.org\/SCWE\/SCSVS-BRIDGE\/SCWE-087\/ (visited on Dec. 2, 2025)."},{"key":"e_1_3_2_1_25_1","volume-title":"SCWE-094: Insufficient Gas Limit Validation in LayerZero Message Sending","author":"Smart Contract Security OWASP","year":"2025","unstructured":"OWASP Smart Contract Security. SCWE-094: Insufficient Gas Limit Validation in LayerZero Message Sending. 2025. url: https:\/\/scs.owasp.org\/SCWE\/SCSVS-BRIDGE\/SCWE-094\/ (visited on Dec. 2, 2025)."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2023.3336246"},{"key":"e_1_3_2_1_27_1","volume-title":"GitHub repository, archived","year":"2022","unstructured":"ChainSafe. ChainBridge. GitHub repository, archived July 13, 2022. 2020. url: https:\/\/github.com\/ChainSafe\/ChainBridge (visited on Dec. 3, 2025)."},{"key":"e_1_3_2_1_28_1","volume-title":"Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust","author":"Contributors Foundry","year":"2025","unstructured":"Foundry Contributors. Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust. 2025. url: github.com\/foundry-rs\/foundry (visited on Sept. 3, 2025)."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN-S65789.2025.00025"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.48550\/ARXIV.2511.01393"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.48550\/ARXIV.2508.20517"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2025.3588249"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560652"},{"key":"e_1_3_2_1_34_1","volume-title":"Charan Nomula, Raghavendra Ramesh, Athina Terzoglou, and Joshua Tobkin. HyperLoop: Rationally secure efficient cross-chain bridge. Publication info: Preprint.","author":"Kate Aniket","year":"2025","unstructured":"Aniket Kate, Easwar Vivek Mangipudi, Charan Nomula, Raghavendra Ramesh, Athina Terzoglou, and Joshua Tobkin. HyperLoop: Rationally secure efficient cross-chain bridge. Publication info: Preprint. 2025. url: https:\/\/eprint.iacr.org\/2025\/176 (visited on Feb. 10, 2026)."},{"key":"e_1_3_2_1_35_1","volume-title":"EVM vs. SVM: Smart Contracts","author":"Foundation Solana","year":"2025","unstructured":"Solana Foundation. EVM vs. SVM: Smart Contracts. 2025. url: solana.com\/de\/developers\/evm-to-svm\/smart-contracts (visited on Apr. 11, 2025)."},{"key":"e_1_3_2_1_36_1","volume-title":"url: https:\/\/hardhat.org\/ (visited on","author":"Foundation Nomic","year":"2025","unstructured":"Nomic Foundation. Hardhat. 2025. url: https:\/\/hardhat.org\/ (visited on Dec. 3, 2025)."},{"key":"e_1_3_2_1_37_1","volume-title":"url: https:\/\/github.com\/bluealloy\/revm (visited on","author":"Alloy Blue","year":"2025","unstructured":"Blue Alloy. Revm. 2021. url: https:\/\/github.com\/bluealloy\/revm (visited on Dec. 3, 2025)."}],"event":{"name":"EuroSys '26: 21st European Conference on Computer Systems","location":"Edinburgh Scotland Uk","acronym":"EuroSec '26","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the 19th European Workshop on Systems Security"],"original-title":[],"deposited":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T14:55:34Z","timestamp":1776351334000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3803525.3804980"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,26]]},"references-count":37,"alternative-id":["10.1145\/3803525.3804980","10.1145\/3803525"],"URL":"https:\/\/doi.org\/10.1145\/3803525.3804980","relation":{},"subject":[],"published":{"date-parts":[[2026,4,26]]},"assertion":[{"value":"2026-04-26","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}