Page 377 - 《软件学报》2026年第1期

P. 377

374 软件学报 2026 年第 37 卷第 1 期

Int’l Conf. on Software Engineering (ICSE). Montreal: IEEE, 2019. 1176–1186. [doi: 10.1109/ICSE.2019.00120]
[74] Chen T, Li XQ, Luo XP, Zhang XS. Under-optimized smart contracts devour your money. In: Proc. of the 24th Int’l Conf. on Software
Analysis, Evolution and Reengineering (SANER). Klagenfurt: IEEE, 2017. 442–446. [doi: 10.1109/SANER.2017.7884650]
[75] Grech N, Kong M, Jurisevic A, Brent L, Scholz B, Smaragdakis Y. MadMax: Surviving out-of-gas conditions in Ethereum smart
contracts. In: Proc. of the 2018 ACM on Programming Languages. New York: ACM, 2018. 116. [doi: 10.1145/3276486]
[76] Nguyen TD, Pham LH, Sun J. SGUARD: Towards fixing vulnerable smart contracts automatically. In: Proc. of the 2021 IEEE Symp. on
Security and Privacy (SP). San Francisco: IEEE, 2021. 1215–1229. [doi: 10.1109/SP40001.2021.00057]
[77] Krupp J, Rossow C. TEETHER: Gnawing at Ethereum to automatically exploit smart contracts. In: Proc. of the 27th USENIX Security
Symp. Baltimore: USENIX Association, 2018. 1317–1333.
[78] Ghaleb A, Rubin J, Pattabiraman K. AChecker: Statically detecting smart contract access control vulnerabilities. In: Proc. of the 45th Int’l
Conf. on Software Engineering (ICSE). Melbourne: IEEE, 2023. 945–956. [doi: 10.1109/ICSE48619.2023.00087]
[79] Sun JL, Huang S, Zheng CY, Wang TY, Zong C, Hui ZW. Mutation testing for integer overflow in Ethereum smart contracts. Tsinghua
Science and Technology, 2022, 27(1): 27–40. [doi: 10.26599/TST.2020.9010036]
[80] Zhang B. Towards finding accounting errors in smart contracts. In: Proc. of the 46th Int’l Conf. on Software Engineering. Lisbon:
Association for Computing Machinery, 2024. 138. [doi: 10.1145/3597503.3639128]
[81] Sun YQ, Wu DY, Xue Y, Liu H, Wang HJ, Xu ZZ, Xie XF, Liu Y. GPTScan: Detecting logic vulnerabilities in smart contracts by
combining GPT with program analysis. In: Proc. of the 46th Int’l Conf. on Software Engineering. Lisbon: ACM, 2024. 166. [doi: 10.
1145/3597503.3639117]
[82] Feist J, Grieco G, Groce A. Slither: A static analysis framework for smart contracts. In: Proc. of the 2nd Int’l Workshop on Emerging
Trends in Software Engineering for Blockchain (WETSEB). Montreal: IEEE, 2019. 8–15. [doi: 10.1109/WETSEB.2019.00008]
[83] Atzei N, Bartoletti M, Cimoli T. A survey of attacks on Ethereum smart contracts (SoK). In: Proc. of the 6th Int’l Conf. on Principles of
Security and Trust. Uppsala: Springer, 2017. 164–186. [doi: 10.1007/978-3-662-54455-6_8]
[84] Etherscan. Price Manipulation Attack. 2024. https://basescan.org/tx/0x6ab5b7b51f780e8c6c5ddaf65e9badb868811a95c1fd64e8643
5283074d3149e
[85] Torres CF, Camino R, State R. Frontrunner jones and the raiders of the dark forest: An empirical study of frontrunning on the Ethereum
blockchain. In: Proc. of the 30th USENIX Security Symp. USENIX Association, 2021. 1343–1359.
[86] Wang Y, Zuest P, Yao YX, Lu ZC, Wattenhofer R. Impact and user perception of sandwich attacks in the DeFi ecosystem. In: Proc. of
the 2022 CHI Conf. on Human Factors in Computing Systems. New Orleans: ACM, 2022. 591. [doi: 10.1145/3491102.3517585]
[87] Qin KH, Zhou LY, Livshits B, Gervais A. Attacking the DeFi ecosystem with flash loans for fun and profit. In: Proc. of the 25th Int’l
Conf. on Financial Cryptography and Data Security. Springer, 2021. 3–32. [doi: 10.1007/978-3-662-64322-8_1]
[88] Vakhmyanin I, Volkovich Y. Price arbitrage for DeFi derivatives. In: Proc. of the 2023 IEEE Int’l Conf. on Blockchain and
Cryptocurrency (ICBC). Dubai: IEEE, 2023. 1–4. [doi: 10.1109/ICBC56567.2023.10174884]
[89] Tjiam K, Wang R, Chen HH, Liang KT. Your smart contracts are not secure: Investigating arbitrageurs and oracle manipulators in
Ethereum. In: Proc. of the 3rd Workshop on Cyber-security Arms Race. ACM, 2021. 25–35. [doi: 10.1145/3474374.3486916]
[90] CoinEx Help Center. What’s Deflationary Token. 2024. https://support.coinex.com/hc/en-us/articles/4415202344345-What-s-
Deflationary-Token
[91] Gottsegen W. DeFi exploit siphons $45 million from PancakeBunny, crashes token price. Decrypt. 2021. https://decrypt.co/71585/
pancakebunny-defi-exploit
[92] Sam Kessler BB. Crypto bridge nomad drained of nearly $200m in exploit. 2022. https://www.coindesk.com/tech/2022/08/02/nomad-
bridge-drained-of-nearly-200-million-in-exploit/
[93] Zhang MY, Zhang XK, Zhang YQ, Lin ZQ. Security of cross-chain bridges: Attack surfaces, defenses, and open problems. In: Proc. of
the 27th Int’l Symp. on Research in Attacks, Intrusions and Defenses. Padua: ACM, 2024. 298–316. [doi: 10.1145/3678890.3678894]
[94] Len J, Grubbs P, Ristenpart T. Partitioning oracle attacks. In: Proc. of the 30th USENIX Security Symp. USENIX Association, 2021.
195–212.
[95] SlowMist. Blockchain Security and AML Annual Report, 2024. https://www.slowmist.com/report/2024-Blockchain-Security-and-AML-
Annual-Report(CN).pdf
[96] Lin ZW, Chen JC, Wu JJ, Zhang WZ, Wang YJ, Zheng ZB. CRPWarner: Warning the risk of contract-related rug pull in DeFi smart
contracts. IEEE Trans. on Software Engineering, 2024, 50(6): 1534–1547. [doi: 10.1109/TSE.2024.3392451]
[97] Li WK, Bu JY, Li XQ, Peng HL, Niu YZ, Zhang YQ. A survey of DeFi security: Challenges and opportunities. Journal of King Saud
University-computer and Information Sciences, 2022, 34(10): 10378–10404. [doi: 10.1016/j.jksuci.2022.10.028]

372 373 374 375 376 377 378 379 380 381 382