Page 376 - 《软件学报》2026年第1期

P. 376

揭晚晴等: 智能合约与 DeFi 协议漏洞检测技术综述 373

contracts. In: Proc. of the 2024 ACM Software Engineering. New York: ACM, 2024. 161–181. [doi: 10.1145/3643734]
[52] Wang HJ, Liu Y, Li Y, Lin SW, Artho C, Ma L, Liu Y. Oracle-supported dynamic exploit generation for smart contracts. IEEE Trans.
on Dependable and Secure Computing, 2022, 19(3): 1795–1809. [doi: 10.1109/TDSC.2020.3037332]
[53] Rodler M, Paaßen D, Li WT, Bernhard L, Holz T, Karame G, Davi L. EF↯CF: High performance smart contract fuzzing for exploit
generation. In: Proc. of the 8th European Symp. on Security and Privacy (EuroS&P). Delft: IEEE, 2023. 449–471. [doi: 10.1109/
EuroSP57164.2023.00034]
[54] Wang SJ, Pei KX, Yang JF. SmartInv: Multimodal learning for smart contract invariant inference. In: Proc. of the 2024 IEEE Symp. on
Security and Privacy (SP). San Francisco: IEEE, 2024. 2217–2235. [doi: 10.1109/SP54263.2024.00126]
[55] Bose P, Das D, Chen YJ, Feng Y, Kruegel C, Vigna G. SAILFISH: Vetting smart contract state-inconsistency bugs in seconds. In: Proc.
of the 2022 IEEE Symp. on Security and Privacy (SP). San Francisco: IEEE, 2022. 161–178. [doi: 10.1109/SP46214.2022.9833721]
[56] Zhou SF, Yang ZM, Xiang J, Cao YZ, Yang M, Zhang Y. An ever-evolving game: Evaluation of real-world attacks and defenses in
Ethereum ecosystem. In: Proc. of the 29th USENIX Security Symp. USENIX Association, 2020. 2793–2809.
[57] He JX, Balunović M, Ambroladze N, Tsankov P, Vechev M. Learning to fuzz from symbolic execution with application to smart
contracts. In: Proc. of the 2019 ACM SIGSAC Conf. on Computer and Communications Security. London: ACM, 2019. 531–548. [doi:
10.1145/3319535.3363230]
[58] Feng Y, Torlak E, Bodik R. Summary-based symbolic evaluation for smart contracts. In: Proc. of the 35th IEEE/ACM Int’l Conf. on
Automated Software Engineering (ASE). ACM, 2020. 1141–1152. [doi: 10.1145/3324884.3416646]
[59] Kalra S, Goel S, Dhawan M, Sharma S. ZEUS: Analyzing safety of smart contracts. In: Proc. of the 2018 Network and Distributed
System Security Symp. San Diego, 2018. 1–12. [doi: 10.14722/ndss.2018.23082]
[60] Brent L, Jurisevic A, Kong M, Liu E, Gauthier F, Gramoli V, Holz R, Scholz B. Vandal: A scalable security analysis framework for
smart contracts. arXiv:1809.03981, 2018.
[61] Zhang XL, Sun WX, Xu ZC, Cheng HB, Cai CJ, Cui HL, Li Q. EVM-Shield: In-contract state access control for fast vulnerability
detection and prevention. IEEE Trans. on Information Forensics and Security, 2024, 19: 2517–2532. [doi: 10.1109/TIFS.2024.3349852]
[62] Gao B, Wei QS, Liu Y, Goh RSM. Unveiling the potential of ChatGPT in detecting machine unauditable bugs in smart contracts: A
preliminary evaluation and categorization. In: Proc. of the 2024 IEEE Conf. on Artificial Intelligence (CAI). Singapore: IEEE, 2024.
1481–1486. [doi: 10.1109/CAI59869.2024.00266]
[63] So S, Hong S, Oh H. SmarTest: Effectively hunting vulnerable transaction sequences in smart contracts through language model-guided
symbolic execution. In: Proc. of the 30th USENIX Security Symp. USENIX Association, 2021. 1361–1378.
[64] Zhang MY, Zhang XK, Zhang YQ, Lin ZQ. TXSPECTOR: Uncovering attacks in Ethereum from transactions. In: Proc. of the 29th
USENIX Security Symp. USENIX Association, 2020. 2775–2792.
[65] Permenev A, Dimitrov D, Tsankov P, Drachsler-Cohen D, Vechev M. VerX: Safety verification of smart contracts. In: Proc. of the 2020
IEEE Symp. on Security and Privacy (SP). San Francisco: IEEE, 2020. 1661–1677. [doi: 10.1109/SP40000.2020.00024]
[66] Choi J, Kim D, Kim S, Grieco G, Groce A, Cha SK. SMARTIAN: Enhancing smart contract fuzzing with static and dynamic data-flow
analyses. In: Proc. of the 36th Int’l Conf. on Automated Software Engineering (ASE). Melbourne: IEEE, 2021. 227–239. [doi: 10.1109/
ASE51524.2021.9678888]
[67] Torres CF, Iannillo AK, Gervais A, State R. ConFuzzius: A data dependency-aware hybrid fuzzer for smart contracts. In: Proc. of the
2021 IEEE European Symp. on Security and Privacy. Vienna: IEEE, 2021. 103–119. [doi: 10.1109/EuroSP51992.2021.00018]
[68] Tsankov P, Dan A, Drachsler-Cohen D, Gervais A, Bünzli F, Vechev M. Securify: Practical security analysis of smart contracts. In:
Proc. of the 2018 ACM SIGSAC Conf. on Computer and Communications Security. Toronto: ACM, 2018. 67–82. [doi: 10.1145/
3243734.3243780]
[69] Stephens J, Ferles K, Mariano B, Lahiri S, Dillig I. SmartPulse: Automated checking of temporal properties in smart contracts. In: Proc.
of the 2021 IEEE Symp. on Security and Privacy (SP). San Francisco: IEEE, 2021. 555–571. [doi: 10.1109/SP40001.2021.00085]
[70] Chen T, Cao R, Li T, Luo XP, Gu GF, Zhang YF, Liao Z, Zhu H, Chen G, He ZY, Tang YX, Lin XD, Zhang XS. SODA: A generic
online detection framework for smart contracts. In: Proc. of the NDSS Symp. 2020. San Diego, 2020. 1–17. [doi: 10.14722/ndss.2020.
24449]
[71] Durieux T, Ferreira JF, Abreu R, Cruz P. Empirical review of automated analysis tools on 47, 587 Ethereum smart contracts. In: Proc. of
the 42nd Int’l Conf. on Software Engineering. Seoul: ACM, 2020. 530–541. [doi: 10.1145/3377811.3380364]
[72] Grishchenko I, Maffei M, Schneidewind C. A semantic framework for the security analysis of Ethereum smart contracts. In: Proc. of the
7th Int’l Conf. on Principles of Security and Trust. Thessaloniki: Springer, 2018. 243–269. [doi: 10.1007/978-3-319-89722-6_10]
[73] Grech N, Brent L, Scholz B, Smaragdakis Y. Gigahorse: Thorough, declarative decompilation of smart contracts. In: Proc. of the 41st

371 372 373 374 375 376 377 378 379 380 381