Page 378 - 《软件学报》2026年第1期

P. 378

揭晚晴等: 智能合约与 DeFi 协议漏洞检测技术综述 375

[98] Wang DB, Feng H, Wu SW, Zhou YJ, Wu L, Yuan XL. Penny wise and pound foolish: Quantifying the risk of unlimited approval of
ERC20 tokens on Ethereum. In: Proc. of the 25th Int’l Symp. on Research in Attacks, Intrusions and Defenses. Limassol: ACM, 2022.
99–114. [doi: 10.1145/3545948.3545963]
[99] Lardinois F. Beanstalk lost $182 million in governance attack. The Verge. 2022. https://www.theverge.com/2022/4/22/23037325/
beanstalk-dismissed-governance-attacks-lost-182-million
[100] Dotan M, Yaish A, Yin HC, Tsytkin E, Zohar A. The vulnerable nature of decentralized governance in DeFi. In: Proc. of the 2023
Workshop on Decentralized Finance and Security. Copenhagen: ACM, 2023. 25–31. [doi: 10.1145/3605768.3623539]
[101] Zhu J, Hu K, Zhang BJ. Review on formal verification of smart contract. Acta Electronica Sinica, 2021, 49(4): 792–804 (in Chinese
with English abstract). [doi: 10.12263/DZXB.20200723]
[102] Bhargavan K, Delignat-Lavaud A, Fournet C, Gollamudi A, Gonthier G, Kobeissi N, Kulatova N, Rastogi A, Sibut-Pinote T, Swamy N,
Zanella-Béguelin S. Formal verification of smart contracts: Short paper. In: Proc. of the 2016 ACM Workshop on Programming
Languages and Analysis for Security. Vienna: ACM, 2016. 91–96. [doi: 10.1145/2993600.2993611]
[103] Kalra S, Goel S, Dhawan M, Sharma S. ZEUS: Analyzing safety of smart contracts. In: Proc. of the NDSS Symp. 2018. San Diego,
2018. 1–12. [doi: 10.14722/ndss.2018.23082]
[104] Hildenbrandt E, Saxena M, Rodrigues N, Zhu XR, Daian P, Guth D, Moore B, Park D, Zhang Y, Stefanescu A, Rosu G. KEVM: A
complete formal semantics of the Ethereum virtual machine. In: Proc. of the 31st Computer Security Foundations Symp. (CSF). Oxford:
IEEE, 2018. 204–217. [doi: 10.1109/CSF.2018.00022]
[105] Baldoni R, Coppa E, D’elia DC, Demetrescu C, Finocchi I. A survey of symbolic execution techniques. ACM Computing Surveys
(CSUR), 2018, 51(3): 50. [doi: 10.1145/3182657]
[106] Wang L, Li F, Li L, Feng XB. Principle and practice of taint analysis. Ruan Jian Xue Bao/Journal of Software, 2017, 28(4): 860–882 (in
Chinese with English abstract). http://www.jos.org.cn/1000-9825/5190.htm [doi: 10.13328/j.cnki.jos.005190]
[107] Torres CF, Schütte J, State R. Osiris: Hunting for integer bugs in Ethereum smart contracts. In: Proc. of the 34th Annual Computer
Security Applications Conf. San Juan: ACM, 2018. 664–676. [doi: 10.1145/3274694.3274737]
[108] Brent L, Grech N, Lagouvardos S, Scholz B, Smaragdakis Y. Ethainter: A smart contract security analyzer for composite vulnerabilities.
In: Proc. of the 41st ACM SIGPLAN Conf. on Programming Language Design and Implementation. London: ACM, 2020. 454–469.
[doi: 10.1145/3385412.3385990]
[109] Wesley S, Christakis M, Navas JA, Trefler R, Wüstholz V, Gurfinkel A. Verifying Solidity smart contracts via communication
abstraction in SmartACE. In: Proc. of the 23rd Int’l Conf. on Verification, Model Checking, and Abstract Interpretation. Philadelphia:
Springer, 2022. 425–449. [doi: 10.1007/978-3-030-94583-1_21]
[110] Albert E, Gordillo P, Livshits B, Rubio A, Sergey I. EthIR: A framework for high-level analysis of Ethereum bytecode. In: Proc. of the
16th Int’l Symp. on Automated Technology for Verification and Analysis. Los Angeles: Springer Int’l Publishing, 2018. 513–520. [doi:
10.1007/978-3-030-01090-4_30]
[111] Manès VJM, Han HS, Han C, Cha SK, Egele M, Schwartz EJ, Woo M. The art, science, and engineering of fuzzing: A survey. IEEE
Trans. on Software Engineering, 2021, 47(11): 2312–2331. [doi: 10.1109/TSE.2019.2946563]
[112] Olsthoorn M, Stallenberg D, Van Deursen A, Panichella A. SynTest-Solidity: Automated test case generation and fuzzing for smart
contracts. In: Proc. of the 44th Int’l Conf. on Software Engineering: Companion Proc. Pittsburgh: IEEE, 2022. 202–206. [doi: 10.1145/
3510454.3516869]
[113] Liu H, Liu C, Zhao WQ, Jiang Y, Sun JG. S-gram: Towards semantic-aware security auditing for Ethereum smart contracts. In: Proc. of
the 33rd ACM/IEEE Int’l Conf. on Automated Software Engineering. Montpellier: ACM, 2018. 814–819. [doi: 10.1145/3238147.
3240728]
[114] Zhuang Y, Liu ZG, Qian P, Liu Q, Wang X, He QM. Smart contract vulnerability detection using graph neural network. In: Proc. of the
29th Int’l Joint Conf. on Artificial Intelligence. Yokohama, 2021. 3283–3290. [doi: 10.24963/ijcai.2020/454]
[115] Tann WJW, Han XJ, Gupta SS, Ong YS. Towards safer smart contracts: A sequence learning approach to detecting security threats.
arXiv:1811.06632, 2019.
[116] Jie WQ, Chen Q, Wang JQ, Voundi Koe AS, Li J, Huang PF, Wu YQ, Wang Y. A novel extended multimodal AI framework towards
vulnerability detection in smart contracts. Information Sciences, 2023, 636: 118907. [doi: 10.1016/j.ins.2023.03.132]
[117] Ferreira JF, Cruz P, Durieux T, Abreu R. SmartBugs: A framework to analyze Solidity smart contracts. In: Proc. of the 35th IEEE/ACM
Int’l Conf. on Automated Software Engineering. ACM, 2020. 1349–1352. [doi: 10.1145/3324884.3415298]
[118] Hu SH, Huang TS, İlhan F, Tekin SF, Liu L. Large language model-powered smart contract vulnerability detection: New perspectives.
In: Proc. of the 5th IEEE Int’l Conf. on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). Atlanta: IEEE,

373 374 375 376 377 378 379 380 381 382 383