{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T17:10:32Z","timestamp":1773249032174,"version":"3.50.1"},"reference-count":32,"publisher":"MDPI AG","issue":"5","license":[{"start":{"date-parts":[[2025,5,14]],"date-time":"2025-05-14T00:00:00Z","timestamp":1747180800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>Existing smart contract honeypot detection approaches exhibit high false negatives and positives due to (i) their inability to generate transaction sequences triggering order-dependent traps and (ii) their limited code coverage from traditional fuzzing\u2019s random mutations. In this paper, we propose a hybrid fuzzing framework for smart contract honeypot detection based on taint analysis, SCH-Hunter. SCH-Hunter conducts source-code-level feature analysis of smart contracts and extracts data dependency relationships between variables from the generated Control Flow Graph to construct specific transaction sequences for fuzzing. A symbolic execution module is also introduced to resolve complex conditional branches that fuzzing alone fails to penetrate, enabling constraint solving. Furthermore, real-time dynamic taint propagation monitoring is implemented using taint analysis techniques, leveraging taint flow information to optimize seed mutation processes, thereby directing mutation resources toward high-value code regions. Finally, by integrating EVM (Ethereum Virtual Machine) code instrumentation with taint information flow analysis, the framework effectively identifies and detects security-sensitive operations, ultimately generating a comprehensive detection report. Empirical results are as follows. (i) For code coverage, SCH-Hunter performs better than the state-of-art tool, HoneyBadger, achieving higher average code coverage rates on both datasets, surpassing it by 4.79% and 17.41%, respectively. (ii) For detection capabilities, SCH-Hunter is not only roughly on par with HoneyBadger in terms of precision and recall rate but also capable of detecting a wider variety of smart contract honeypot techniques. (iii) For the evaluation of components, we conducted three ablation studies to demonstrate that the proposed modules in SCH-Hunter significantly improve the framework\u2019s detection capability, code coverage, and detection efficiency, respectively.<\/jats:p>","DOI":"10.3390\/info16050405","type":"journal-article","created":{"date-parts":[[2025,5,14]],"date-time":"2025-05-14T08:44:58Z","timestamp":1747212298000},"page":"405","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["SCH-Hunter: A Taint-Based Hybrid Fuzzing Framework for Smart Contract Honeypots"],"prefix":"10.3390","volume":"16","author":[{"given":"Haoyu","family":"Zhang","sequence":"first","affiliation":[{"name":"College of Computer Science and Technology, China University of Petroleum (East China), Qingdao 266580, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Baotong","family":"Wang","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, China University of Petroleum (East China), Qingdao 266580, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wenhao","family":"Fu","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, China University of Petroleum (East China), Qingdao 266580, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0460-1674","authenticated-orcid":false,"given":"Leyi","family":"Shi","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, China University of Petroleum (East China), Qingdao 266580, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2025,5,14]]},"reference":[{"key":"ref_1","unstructured":"Nakamoto, S. (2019, August 22). Bitcoin: A Peer-to-Peer Electronic Cash System. Available online: https:\/\/ssrn.com\/abstract=3440802."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"2084","DOI":"10.1109\/TSE.2019.2942301","article-title":"Smart contract development: Challenges and opportunities","volume":"47","author":"Zou","year":"2019","journal-title":"IEEE Trans. Softw. Eng."},{"key":"ref_3","first-page":"1","article-title":"Blockchain 2.0, smart contracts and challenges","volume":"1","year":"2016","journal-title":"Comput. Law SCL Mag."},{"key":"ref_4","unstructured":"Szabo, N. (2024, August 22). Smart Contracts. Available online: http:\/\/www.fon.hum.uva.nl\/rob\/Courses\/InformationInSpeech\/CDROM\/Literature\/LOTwinterschool2006\/szabo.best.vwh.net\/smart.contracts.html."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1109\/MC.2017.3571047","article-title":"Blockchain technology in finance","volume":"50","author":"Treleaven","year":"2017","journal-title":"Computer"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"635","DOI":"10.1007\/s11276-021-02874-x","article-title":"A survey of application research based on blockchain smart contract","volume":"28","author":"Lin","year":"2022","journal-title":"Wirel. Netw."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"19","DOI":"10.4018\/JCIT.2019010102","article-title":"Understanding a revolutionary and flawed grand experiment in blockchain: The DAO attack","volume":"21","author":"Mehar","year":"2019","journal-title":"J. Cases Inf. Technol. (JCIT)"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"He, Y., Dong, H., Wu, H., and Duan, Q. (2023). Formal analysis of reentrancy vulnerabilities in smart contract based on CPN. Electronics, 12.","DOI":"10.3390\/electronics12102152"},{"key":"ref_9","unstructured":"Torres, C.F., Steichen, M., and State, R. (2019, January 14\u201316). The art of the scam: Demystifying honeypots in ethereum smart contracts. Proceedings of the 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, USA."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"107221","DOI":"10.1016\/j.infsof.2023.107221","article-title":"A survey on smart contract vulnerabilities: Data sources, detection and repair","volume":"159","author":"Chu","year":"2023","journal-title":"Inf. Softw. Technol."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Camino, R., Torres, C.F., Baden, M., and State, R. (2019). A data science approach for honeypot detection in ethereum. arXiv.","DOI":"10.1109\/ICBC48266.2020.9169396"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Chen, W., Guo, X., Chen, Z., Zheng, Z., Lu, Y., and Li, Y. (2020, January 3\u20136). Honeypot contract risk warning on ethereum smart contracts. Proceedings of the 2020 IEEE International Conference on Joint Cloud Computing, Oxford, UK.","DOI":"10.1109\/JCC49151.2020.00009"},{"key":"ref_13","unstructured":"Manes, V.J., Han, H., Han, C., Cha, S.K., Egele, M., Schwartz, E.J., and Woo, M. (2018). Fuzzing: Art, science, and engineering. arXiv."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"6","DOI":"10.1186\/s42400-018-0002-y","article-title":"Fuzzing: A survey","volume":"1","author":"Li","year":"2018","journal-title":"Cybersecurity"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"B\u00f6hme, M., Pham, V.T., Nguyen, M.D., and Roychoudhury, A. (November, January 30). Directed greybox fuzzing. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, Dallas, TX, USA.","DOI":"10.1145\/3133956.3134020"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Aschermann, C., Schumilo, S., Blazytko, T., Gawlik, R., and Holz, T. (2019, January 24\u201327). REDQUEEN: Fuzzing with Input-to-State Correspondence. Proceedings of the NDSS Symposium 2019, San Diego, CA, USA.","DOI":"10.14722\/ndss.2019.23371"},{"key":"ref_17","unstructured":"Hirai, Y. (2024, August 22). Formal Verification of Deed Contract in Ethereum Name Service. November 2016. Available online: https:\/\/yoichihirai.com\/deed.pdf."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Gollamudi, A., Gonthier, G., Kobeissi, N., Kulatova, N., Rastogi, A., Sibut-Pinote, T., and Swamy, N. (2016, January 24). Formal verification of smart contracts: Short paper. Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, Vienna, Austria.","DOI":"10.1145\/2993600.2993611"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Hildenbrandt, E., Saxena, M., Rodrigues, N., Zhu, X., Daian, P., Guth, D., Moore, B., Park, D., Zhang, Y., and Stefanescu, A. (2018, January 9\u201312). Kevm: A complete formal semantics of the ethereum virtual machine. Proceedings of the 2018 IEEE 31st Computer Security Foundations Symposium (CSF), Oxford, UK.","DOI":"10.1109\/CSF.2018.00022"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Luu, L., Chu, D.H., Olickel, H., Saxena, P., and Hobor, A. (2016, January 24\u201328). Making smart contracts smarter. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria.","DOI":"10.1145\/2976749.2978309"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Feist, J., Grieco, G., and Groce, A. (2019, January 27). Slither: A static analysis framework for smart contracts. Proceedings of the 2019 IEEE\/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), Montreal, QC, Canada.","DOI":"10.1109\/WETSEB.2019.00008"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Jiang, B., Liu, Y., and Chan, W.K. (2018, January 3\u20137). Contractfuzzer: Fuzzing smart contracts for vulnerability detection. Proceedings of the 33rd ACM\/IEEE International Conference on Automated Software Engineering, Montpellier, France.","DOI":"10.1145\/3238147.3238177"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"W\u00fcstholz, V., and Christakis, M. (2020, January 8\u201313). Harvey: A greybox fuzzer for smart contracts. Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Virtual Event, USA.","DOI":"10.1145\/3368089.3417064"},{"key":"ref_24","unstructured":"Liu, C., Liu, H., Cao, Z., Chen, Z., Chen, B., and Roscoe, B. (June, January 27). Reguard: Finding reentrancy bugs in smart contracts. Proceedings of the 40th International Conference on Software Engineering: Companion, Gothenburg, Sweden."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"He, J., Balunovi\u0107, M., Ambroladze, N., Tsankov, P., and Vechev, M. (2019, January 11\u201315). Learning to fuzz from symbolic execution with application to smart contracts. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK.","DOI":"10.1145\/3319535.3363230"},{"key":"ref_26","unstructured":"Nguyen, T.D., Pham, L.H., Sun, J., Lin, Y., and Minh, Q.T. (July, January 27). sfuzz: An efficient adaptive fuzzer for solidity smart contracts. Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering, Seoul, Republic of Korea."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Shou, C., Tan, S., and Sen, K. (2023, January 17\u201321). Ityfuzz: Snapshot-based fuzzer for smart contract. Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, Seattle, WA, USA.","DOI":"10.1145\/3597926.3598059"},{"key":"ref_28","first-page":"877","article-title":"CADetector: Cross-family anisotropic contract honeypot detection method","volume":"45","author":"Ji","year":"2022","journal-title":"Chin. J. Comput."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Hu, H., Bai, Q., and Xu, Y. (2022, January 2\u20135). Scsguard: Deep scam detection for ethereum smart contracts. Proceedings of the IEEE INFOCOM 2022-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), New York, NY, USA.","DOI":"10.1109\/INFOCOMWKSHPS54753.2022.9798296"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1109\/JSAC.2002.806121","article-title":"Language-based information-flow security","volume":"21","author":"Sabelfeld","year":"2003","journal-title":"IEEE J. Sel. Areas Commun."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Ghaleb, A., Rubin, J., and Pattabiraman, K. (2022, January 18\u201322). eTainter: Detecting gas-related vulnerabilities in smart contracts. Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, Virtual, Republic of Korea.","DOI":"10.1145\/3533767.3534378"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Qin, S.J., Liu, Z., Ren, F., and Tan, C. (2022, January 1\u20133). Smart contract vulnerability detection based on critical combination path and deep learning. Proceedings of the 2022 12th International Conference on Communication and Network Security, Beijing, China.","DOI":"10.1145\/3586102.3586135"}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/16\/5\/405\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T17:32:37Z","timestamp":1760031157000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/16\/5\/405"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,14]]},"references-count":32,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2025,5]]}},"alternative-id":["info16050405"],"URL":"https:\/\/doi.org\/10.3390\/info16050405","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,5,14]]}}}