揭晚晴 等: 智能合约与      DeFi 协议漏洞检测技术综述                                                371


                  [7]   CoinDesk. Understanding the DAO attack. 2016. https://www.coindesk.com/learn/understanding-the-dao-attack
                  [8]   Hacking Distributed. Deep dive: The parity bug. 2017. http://hackingdistributed.com/2017/07/22/deep-dive-parity-bug/
                  [9]   PeckShield. BatchOverflow: Understanding the vulnerability. 2018. https://blog.peckshield.com/2018/04/22/batchOverflow/
                 [10]   Zhang Z, Zhang B, Xu W, Lin ZQ. Demystifying exploitable bugs in smart contracts. In: Proc. of the 45th Int’l Conf. on Software
                      Engineering (ICSE). Melbourne: IEEE, 2023. 615–627. [doi: 10.1109/ICSE48619.2023.00061]
                 [11]   CoinDesk. Binance chain DeFi exchange uranium finance loses $50M in exploit. 2021. https://www.coindesk.com/markets/2021/04/28/
                      binance-chain-defi-exchange-uranium-finance-loses-50m-in-exploit/
                 [12]   Kiran S. Did this hacker get away with a $3.8 million NFT hack? 2022. https://watcher.guru/news/did-this-hacker-get-away-with-a-3-8-
                      million-nft-hack
                 [13]   SlowMist. Blockchain Security Statistics. 2024. https://hacked.slowmist.io/statistics/?c=all&d=all
                 [14]   Coindesk. DeFi lender bZx loses $8M in third attack this year. 2020. https://www.coindesk.com/markets/2020/09/14/defi-lender-bzx-
                      loses-8m-in-third-attack-this-year/
                 [15]   Yahoo Finance. PancakeBunny attacked with massive $200M flash loan exploit. 2021. https://finance.yahoo.com/news/pancakebunny-
                      attacked-massive-200m-flash-050619340.html
                 [16]   Blockchain News. Ethereum foundation suffered from MEV Bot attack in ETH selling. 2023. https://blockchain.news/news/Ethereum-
                      foundation-suffered-from-mev-bot-attack-in-eth-selling
                 [17]   Chen C, Su JZ, Chen JC, Wang YL, Bi TT, Yu JX, Wang YL, Lin XW, Chen T, Zheng ZB. When ChatGPT meets smart contract
                      vulnerability detection: How far are we? arXiv:2309.05520, 2024.
                 [18]   Du YY, Tang XY. Evaluation of ChatGPT’s smart contract auditing capabilities based on chain of thought. arXiv:2402.12023, 2024.
                 [19]   He ZY, Li ZH, Yang S, Ye H, Qiao A, Zhang XS, Luo XP, Chen T. Large language models for blockchain security: A systematic
                      literature review. arXiv:2403.14280, 2025.
                 [20]   Qian P, Liu ZG, He QM, Huang BT, Tian DZ, Wang X. Smart contract vulnerability detection technique: A survey. Ruan Jian Xue
                      Bao/Journal of Software, 2022, 33(8): 3059–3085 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/6375.htm [doi:
                      10.13328/j.cnki.jos.006375]
                 [21]   Dong WL, Liu Z, Liu K, Li L, Ge CP, Huang ZQ. Survey on vulnerability detection technology of smart contracts. Ruan Jian Xue
                      Bao/Journal of Software, 2024, 35(1): 38–62 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/6810.htm [doi: 10.
                      13328/j.cnki.jos.006810]
                 [22]   Cui  ZQ,  Yang  HW,  Chen  X,  Wang  LZ.  Research  progress  of  security  vulnerability  detection  of  smart  contracts.  Ruan  Jian  Xue
                      Bao/Journal of Software, 2024, 35(5): 2235–2267 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/7046.htm [doi:
                      10.13328/j.cnki.jos.007046]
                 [23]   Liu ZX, Li LX, Liu DJ, Du JZ, Lin H, Shi JP. Review of smart contract vulnerability detection and repair research. Journal of Frontiers
                      of  Computer  Science  and  Technology,  2025,  19(4):  854–876  (in  Chinese  with  English  abstract).  [doi:  10.3778/j.issn.1673-9418.
                      2405019]
                 [24]   Zhao WX, Mi W, Zhang XD. The security paradox of smart contracts: Blind spots and prospects of current detection strategies. In: Proc.
                      of the 27th Int’l Conf. on Computer Supported Cooperative Work in Design (CSCWD). Tianjin: IEEE, 2024. 1546–1551. [doi: 10.1109/
                      CSCWD61410.2024.10580546]
                 [25]   Qian P, Cao R, Liu ZG, Li WQ, Li M, Zhang L, Xu YF, Chen JH, He QM. Empirical review of smart contract and DeFi security:
                      Vulnerability detection and automated repair. arXiv:2309.02391, 2023.
                 [26]   Chaliasos S, Charalambous MA, Zhou LY, Galanopoulou R, Gervais A, Mitropoulos D, Livshits B. Smart contract and DeFi security
                      tools: Do they meet the needs of practitioners? In: Proc. of the 46th IEEE/ACM Int’l Conf. on Software Engineering. Lisbon: ACM,
                      2024. 60. [doi: 10.1145/3597503.3623302]
                 [27]   Zhou LY, Xiong XH, Ernstberger J, Chaliasos S, Wang ZP, Wang Y, Qin KH, Wattenhofer R, Song D, Gervais A. SoK: Decentralized
                      finance (DeFi) attacks. In: Proc. of the 2023 IEEE Symp. on Security and Privacy (SP). IEEE, 2023. 2444–2461. [doi: 10.1109/SP46215.
                      2023.10179435]
                 [28]   Turner M, Kitchenham B, Brereton P, Charters S, Budgen D. Does the technology acceptance model predict actual use? A systematic
                      literature review. Information and Software Technology, 2010, 52(5): 463–479. [doi: 10.1016/j.infsof.2009.11.005]
                 [29]   Hwang S, Ryu S. Gap between theory and practice: An empirical study of security patches in Solidity. In: Proc. of the 42nd ACM/IEEE
                      Int’l Conf. on Software Engineering. Seoul: ACM, 2020. 542–553. [doi: 10.1145/3377811.3380424]
                 [30]   Nguyen TD, Pham LH, Sun J, Lin Y, Minh QT. sFuzz: An efficient adaptive fuzzer for Solidity smart contracts. In: Proc. of the 42nd Int’l
                      Conf. on Software Engineering. Seoul: ACM, 2020. 778–788. [doi: 10.1145/3377811.3380334]