Page 396 - 《软件学报》2025年第12期

P. 396

杨慧文等: 基于目标制导符号执行的智能合约安全漏洞检测 5777

[7] Tikhomirov S, Voskresenskaya E, Ivanitskiy I, Takhaviev R, Marchenko E, Alexandrov Y. SmartCheck: Static analysis of ethereum
smart contracts. In: Proc. of the 1st Int’l Workshop on Emerging Trends in Software Engineering for Blockchain. Gothenburg: ACM,
2018. 9–16. [doi: 10.1145/3194113.3194115]
[8] Xue YX, Ma ML, Yun L, Sui YL, Ye JM, Peng TY. Cross-contract static analysis for detecting practical reentrancy vulnerabilities in
smart contracts. In: Proc. of the 35th IEEE/ACM Int’l Conf. on Automated Software Engineering. Melbourne: IEEE, 2020. 1029–1040.
[9] Feist J, Grieco G, Groce A. Slither: A static analysis framework for smart contracts. In: Proc. of the 2nd IEEE/ACM Int’l Workshop on
Emerging Trends in Software Engineering for Blockchain. Montreal: IEEE, 2019. 8–15. [doi: 10.1109/WETSEB.2019.00008]
[10] Jiang B, Liu Y, Chan WK. ContractFuzzer: Fuzzing smart contracts for vulnerability detection. In: Proc. of the 33rd IEEE/ACM Int’l
Conf. on Automated Software Engineering. Montpellier: IEEE, 2018. 259–269. [doi: 10.1145/3238147.3238177]
[11] Torres CF, Iannillo AK, Gervais A, State R. ConFuzzius: A data dependency-aware hybrid fuzzer for smart contracts. In: Proc. of the
2021 IEEE European Symp. on Security and Privacy. Vienna: IEEE, 2021. 103–119. [doi: 10.1109/EuroSP51992.2021.00018]
[12] Zhuang Y, Liu ZG, Qian P, Liu Q, Wang X, He QM. Smart contract vulnerability detection using graph neural network. In: Proc. of the
29th Int’l Conf. on Int’l Joint Conf. on Artificial Intelligence. Yokohama: ijcai.org, 2021. 454.
[13] Yang HW, Cui ZQ, Chen X, Jia MH, Zheng LW, Liu JB. Defect prediction for Solidity smart contracts based on software measurement.
Ruan Jian Xue Bao/Journal of Software, 2022, 33(5): 1587–1611 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/
6550.htm [doi: 10.13328/j.cnki.jos.006550]
[14] Permenev A, Dimitrov D, Tsankov P, Drachsler-Cohen D, Vechev M. VerX: Safety verification of smart contracts. In: Proc. of the 2020
IEEE Symp. on Security and Privacy. San Francisco: IEEE, 2020. 1661–1677. [doi: 10.1109/SP40000.2020.00024]
[15] So S, Hong S, Oh H. SmarTest: Effectively hunting vulnerable transaction sequences in smart contracts through language model-guided
symbolic execution. In: Proc. of the 30th USENIX Security Symp. USENIX Association, 2021. 1361–1378.
[16] Mossberg M, Manzano F, Hennenfent E, Groce A, Grieco G, Feist J, Brunson T, Dinaburg A. Manticore: A user-friendly symbolic
execution framework for Binaries and smart contracts. In: Proc. of the 34th IEEE/ACM Int’l Conf. on Automated Software Engineering.
San Diego: IEEE, 2019. 1186–1189. [doi: 10.1109/ASE.2019.00133]
[17] Luu L, Chu DH, Olickel H, Saxena P, Hobor A. Making smart contracts smarter. In: Proc. of the 2016 ACM SIGSAC Conf. on Computer
and Communications Security. Vienna: ACM, 2016. 254–269. [doi: 10.1145/2976749.2978309]
[18] Chen JC, Xia X, Lo D, Grundy J, Luo XP, Chen T. DefectChecker: Automated smart contract defect detection by analyzing EVM
bytecode. IEEE Trans. on Software Engineering, 2022, 48(7): 2189–2207. [doi: 10.1109/TSE.2021.3054928]
[19] Tsankov P, Dan A, Drachsler-Cohen D, Gervais A, Bünzli F, Vechev M. Securify: Practical security analysis of smart contracts. In: Proc.
of the 2018 ACM SIGSAC Conf. on Computer and Communications Security. Toronto: ACM, 2018. 67–82. [doi: 10.1145/3243734.
3243780]
[20] Durieux T, Ferreira JF, Abreu R, Cruz P. Empirical review of automated analysis tools on 47,587 Ethereum smart contracts. In: Proc. of
the 42nd ACM/IEEE Int’l Conf. on Software Engineering. Seoul: ACM, 2020. 530–541. [doi: 10.1145/3377811.3380364]
[21] Ren M, Yin ZJ, Ma FC, Xu ZY, Jiang Y, Sun CN, Li HG, Cai Y. Empirical evaluation of smart contract testing: What is the best choice?
In: Proc. of the 30th ACM SIGSOFT Int’l Symp. on Software Testing and Analysis. New York: ACM, 2021. 566–579. [doi: 10.1145/
3460319.3464837]
[22] Ghaleb A, Pattabiraman K. How effective are smart contract analysis tools? Evaluating smart contract static analysis tools using bug
injection. In: Proc. of the 29th ACM SIGSOFT Int’l Symp. on Software Testing and Analysis. New York: ACM, 2020. 415–427. [doi: 10.
1145/3395363.3397385]
[23] Qian P, Liu ZG, He QM, Huang BT, Tian DZ, Wang X. Smart contract vulnerability detection technique: A survey. Ruan Jian Xue
Bao/Journal of Software, 2022, 33(8): 3059–3085 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/6375.htm [doi: 10.
13328/j.cnki.jos.006375]
[24] Fu ML, Wu LF, Hong Z, Feng WB. Research on vulnerability mining technique for smart contracts. Journal of Computer Applications,
2019, 39(7): 1959–1966 (in Chinese with English abstract). [doi: 10.11772/j.issn.1001-9081.2019010082]
[25] Ni YD, Zhang C, Yin TT. A survey of smart contract vulnerability research. Journal of Cyber Security, 2020, 5(3): 78–99 (in Chinese
with English abstract). [doi: 10.19363/J.cnki.cn10-1380/tn.2020.05.07]
[26] Zheng ZB, Wang CD, Cai JH. Analysis of the current status of smart contract security research and detection methods. Information
Security and Communications Privacy, 2020(7): 93–105 (in Chinese with English abstract). [doi: 10.3969/j.issn.1009-8054.2020.07.012]
[27] Tu LQ, Sun XB, Zhang JL, Cai J, Li B, Bo LL. Survey of vulnerability detection tools for smart contracts. Computer Science, 2021,
48(11): 79–88 (in Chinese with English abstract). [doi: 10.11896/jsjkx.210600117]
[28] Gan ST, Wang LZ, Xie XH, Qin XJ, Zhou L, Chen ZN. Guiding symbolic execution analysis by leveraging program function label slice.

391 392 393 394 395 396 397 398 399 400 401