pith. machine review for the scientific record. sign in

arxiv: 2604.13611 · v2 · submitted 2026-04-15 · 💻 cs.SE

Recognition: unknown

V2E: Validating Smart Contract Vulnerabilities through Profit-driven Exploit Generation and Execution

Jingwen Zhang , Yuhong Nan , Kaiwen Ning , Mingxi Ye , Wei Li , Yuming Xiao , Yuming Feng , Weizhe Zhang
show 1 more author
Zibin Zheng
Authors on Pith no claims yet

Pith reviewed 2026-05-10 13:20 UTC · model grok-4.3

classification 💻 cs.SE
keywords smart contractvulnerability validationproof-of-concept exploitLLMblockchainexploit generationfalse positive reduction
0
0 comments X

The pith

V2E uses LLM-generated PoCs and execution feedback to validate whether smart contract vulnerabilities are truly exploitable and profitable.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper presents V2E as a way to move beyond pattern-based vulnerability reports in smart contracts by automatically creating and testing executable exploits. The system generates PoCs targeted at potential vulnerability paths, checks if they can be triggered and cause financial loss, and refines them using results from actual execution. This tackles the high rate of false positives that overwhelm auditors and developers. By focusing on triggerability and profitability, V2E provides a practical way to confirm real risks in blockchain code.

Core claim

V2E automates the generation of targeted Proof-of-Concept exploits by analyzing vulnerability paths, validates them through triggerability and profitability analysis, and iteratively refines the PoCs based on execution feedback to increase the likelihood of confirming actual vulnerabilities.

What carries the argument

The V2E pipeline combining LLM-based PoC generation, automated triggerability and profitability checks, and iterative refinement from execution results.

Load-bearing premise

LLMs can generate and iteratively update PoCs that reliably trigger the specific reported vulnerabilities, and the profitability analysis correctly distinguishes exploitable issues from non-issues.

What would settle it

Applying V2E to a benchmark of smart contracts with known non-exploitable vulnerabilities and observing if it incorrectly validates them as exploitable.

Figures

Figures reproduced from arXiv: 2604.13611 by Jingwen Zhang, Kaiwen Ning, Mingxi Ye, Wei Li, Weizhe Zhang, Yuhong Nan, Yuming Feng, Yuming Xiao, Zibin Zheng.

Figure 1
Figure 1. Figure 1: An example of vulnerability validating process in [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Motivating example. Even for the same vulnerability, different compile versions lead to different [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: The vulnerability validation process for motivating example in Fig. [PITH_FULL_IMAGE:figures/full_fig_p005_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: The detailed workflow of V2E. functions that affect the state reading in vulnerable functions, it is possible to build vulnerability exploit paths. Note that smart contracts often include access control mechanisms, such as restricting access to specific accounts or preventing direct external calls. Thus, access control analysis can reduce ineffective detections and false positives. Besides, V2E initializes… view at source ↗
Figure 5
Figure 5. Figure 5: The prompt template used for PoC synthesis. [PITH_FULL_IMAGE:figures/full_fig_p008_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: A False Negative caused by a lack of mathematical reasoning capabilities. [PITH_FULL_IMAGE:figures/full_fig_p014_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Case study. Two real on-chain contract code snippets, each flagged as vulnerable by detection tools. [PITH_FULL_IMAGE:figures/full_fig_p018_7.png] view at source ↗
read the original abstract

Smart contracts are a critical component of blockchain systems. Due to the large amount of digital assets carried by smart contracts, their security is of critical importance. Although numerous tools have been developed for detecting smart contract vulnerability, their effectiveness remains limited, particularly due to the high false positives included in the reported results. Therefore, developers and auditors are often overwhelmed with manually verifying the reported issues. A fundamental reason behind this is that while a reported vulnerability satisfies specific vulnerable patterns, it may not actually be exploitable, either because the vulnerable code cannot be triggered or it does not result in any financial loss. In this paper, we propose V2E, a new framework for validating whether a reported vulnerability is truly exploitable. The core idea of V2E is to automatically generate executable Proof-of-Concept Exploit (PoC for short), and then assess if the vulnerability could be triggered and incur any real damage (i.e., causing financial loss) by the PoC. While LLMs have shown proficiency in PoC generation, achieving our task is by no means trivial. In detail, it is difficult for LLM to: (1) generate and update PoC to trigger a specific vulnerability, (2) evaluate the PoC's effectiveness to validate exploitable vulnerability. To this end, V2E automates the whole process through a novel combination of PoC generation, validation, and refinement: (1) Firstly, V2E generates targeted PoCs by analyzing potential vulnerability paths. (2) Then, V2E verifies the validity of PoCs through triggerability and profitability analysis. (3) In addition, V2E iteratively refines the generated PoC based on PoC execution feedback, therefore, increasing the chance to confirm the vulnerability. Evaluation on 264 manually labeled contracts shows that V2E outperforms the baseline approach.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The paper introduces V2E, a framework designed to validate reported smart contract vulnerabilities by generating, validating, and refining Proof-of-Concept (PoC) exploits using large language models (LLMs). The approach involves analyzing vulnerability paths to create targeted PoCs, assessing their triggerability and profitability to confirm potential financial loss, and iteratively refining the PoCs based on execution feedback. An evaluation on 264 manually labeled contracts is presented, claiming superior performance compared to a baseline method.

Significance. Should the approach prove effective, V2E has the potential to significantly alleviate the burden of manual verification for smart contract auditors and developers by automatically distinguishing exploitable vulnerabilities from false positives. This is particularly valuable in blockchain ecosystems where vulnerabilities can lead to substantial financial losses, thereby enhancing the overall security and trustworthiness of smart contract deployments.

major comments (2)
  1. Abstract: The evaluation on 264 manually labeled contracts is said to show outperformance, but no specifics are provided regarding the baseline approach, performance metrics (e.g., accuracy, precision), statistical significance, data selection process, or the definition and measurement of profitability. This omission is load-bearing as it prevents verification of whether the results genuinely support the framework's ability to reduce false positives.
  2. V2E Framework Description (PoC generation, validation, and refinement): The iterative refinement process based on PoC execution feedback lacks details on how feedback (e.g., execution logs, balance deltas, revert reasons) is parsed and incorporated into LLM prompts without risking hallucinations or incorrect updates. Additionally, the exact criteria for triggerability and profitability analysis, especially handling complex interactions like reentrancy or external calls, are not elaborated, raising concerns about false positives in validation.
minor comments (1)
  1. Abstract: The term 'baseline approach' is mentioned without any description; a brief characterization in the abstract or a reference to the specific method would improve clarity.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive comments on our paper. We address the major comments point by point below, indicating planned revisions to enhance the manuscript.

read point-by-point responses

  1. Referee: Abstract: The evaluation on 264 manually labeled contracts is said to show outperformance, but no specifics are provided regarding the baseline approach, performance metrics (e.g., accuracy, precision), statistical significance, data selection process, or the definition and measurement of profitability. This omission is load-bearing as it prevents verification of whether the results genuinely support the framework's ability to reduce false positives.

    Authors: We acknowledge that the abstract provides only a high-level overview of the evaluation results. The detailed information on the baseline approach, performance metrics including precision, recall, and F1-score, the data selection from a set of 264 labeled contracts with ground truth, and the profitability measurement based on simulated balance changes are elaborated in the Evaluation section of the manuscript. To make the abstract more self-contained, we will revise it to include brief mentions of the key metrics, baseline, and profitability validation. We will also ensure statistical significance is reported in the evaluation section. revision: yes

  2. Referee: V2E Framework Description (PoC generation, validation, and refinement): The iterative refinement process based on PoC execution feedback lacks details on how feedback (e.g., execution logs, balance deltas, revert reasons) is parsed and incorporated into LLM prompts without risking hallucinations or incorrect updates. Additionally, the exact criteria for triggerability and profitability analysis, especially handling complex interactions like reentrancy or external calls, are not elaborated, raising concerns about false positives in validation.

    Authors: We appreciate this feedback on the framework description. The manuscript outlines the iterative refinement where PoC execution results are used to update the LLM prompts for better PoCs. To address the lack of details, we will expand this section with more precise descriptions of how feedback is processed (e.g., extracting revert reasons and balance deltas and including them in structured prompts) and measures to reduce hallucinations, such as using few-shot examples. For the criteria, triggerability is determined by whether the PoC executes the vulnerable function without reverting, and profitability by whether the attacker's balance increases. For complex cases like reentrancy, the framework supports multi-transaction PoCs to simulate such attacks. We will add explicit criteria and examples in the revision to clarify and reduce concerns about false positives. revision: yes

Circularity Check

0 steps flagged

No circularity; empirical validation stands on independent evaluation

full rationale

The paper describes an LLM-assisted framework (V2E) for generating, validating, and refining PoCs via vulnerability-path analysis, triggerability/profitability checks, and execution feedback. Its claims rest on an empirical evaluation over 264 manually labeled contracts that reports outperformance versus a baseline. No equations, fitted parameters renamed as predictions, self-definitional loops, or load-bearing self-citations appear in the derivation. The central argument is therefore self-contained against external benchmarks rather than reducing to its own inputs by construction.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The approach rests on the domain assumption that LLMs can be effectively prompted for exploit code and that profitability can be automatically assessed from execution. No free parameters or new invented entities are introduced in the abstract.

axioms (1)
  • domain assumption LLMs have sufficient proficiency in generating and updating PoC code for smart contract vulnerabilities when given vulnerability path analysis
    Stated directly in the abstract as the basis for the generation and refinement steps.

pith-pipeline@v0.9.0 · 5668 in / 1375 out tokens · 41361 ms · 2026-05-10T13:20:43.025829+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

69 extracted references · 10 canonical work pages · 2 internal anchors

  1. [1]

    anthropic. 2025. Introducing Claude 4. https://www.anthropic.com/news/claude-4. Proc. ACM Softw. Eng., Vol. 3, No. FSE, Article FSE101. Publication date: July 2026. V2E: Validating Smart Contract Vulnerabilities through Profit-driven Exploit Generation and Execution FSE101:21

    2025

  2. [2]

    Sam Blackshear, Evan Cheng, David L Dill, Victor Gao, Ben Maurer, Todd Nowacki, Alistair Pott, Shaz Qadeer, Dario Russi Rain, Stephane Sezer, et al. 2019. Move: A language with programmable resources.Libra Assoc1 (2019)

    2019

  3. [3]

    Priyanka Bose, Dipanjan Das, Yanju Chen, Yu Feng, Christopher Kruegel, and Giovanni Vigna. 2022. Sailfish: Vetting smart contract state-inconsistency bugs in seconds. In2022 IEEE Symposium on Security and Privacy (SP). IEEE, 161–178

    2022

  4. [4]

    c5huracan. 2025. Experimental exploration of AI-driven smart contract security analysis for educational and defensive research purposes. https://github.com/c5huracan/a1-agent-exploration

    2025

  5. [5]

    Stefanos Chaliasos, Marcos Antonios Charalambous, Liyi Zhou, Rafaila Galanopoulou, Arthur Gervais, Dimitris Mitropoulos, and Benjamin Livshits. 2024. Smart contract and defi security tools: Do they meet the needs of practition- ers?. InProceedings of the 46th IEEE/ACM International Conference on Software Engineering. 1–13

    2024

  6. [6]

    Zhiyang Chen, Sidi Mohamed Beillahi, and Fan Long. 2024. FlashSyn: Flash Loan Attack Synthesis via Counter Example Driven Approximation. InProceedings of the 46th IEEE/ACM International Conference on Software Engineering, ICSE 2024

    2024

  7. [7]

    2017.Introducing Ethereum and solidity

    Chris Dannen. 2017.Introducing Ethereum and solidity. Vol. 1. Springer

    2017

  8. [8]

    DeFiHackLabs. 2025. DeFi Hacks Reproduce - Foundry. Retrieved August 31, 2025 from https://github.com/ SunWeb3Sec/DeFiHackLabs

    2025

  9. [9]

    DefiLlama. 2025. Breakdown by Smart Contract Languages. Retrieved August 31, 2025 from https://defillama.com/ languages

    2025

  10. [10]

    Mojtaba Eshghie and Cyrille Artho. 2024. Oracle-guided vulnerability diversity and exploit synthesis of smart contracts using llms. InProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering. 2240–2248

    2024

  11. [11]

    Zhiyu Fan, Xiang Gao, Martin Mirchev, Abhik Roychoudhury, and Shin Hwei Tan. 2023. Automated repair of programs from large language models. In2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE). IEEE, 1469–1481

    2023

  12. [12]

    protected

    Yuzhou Fang, Daoyuan Wu, Xiao Yi, Shuai Wang, Yufan Chen, Mengjie Chen, Yang Liu, and Lingxiao Jiang. 2023. Beyond “protected” and “private”: An empirical security analysis of custom function modifiers in smart contracts. In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. 1157–1168

    2023

  13. [13]

    Josselin Feist, Gustavo Grieco, and Alex Groce. 2019. Slither: a static analysis framework for smart contracts. In2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). IEEE, 8–15

    2019

  14. [14]

    Ferreira, Pedro Cruz, Thomas Durieux, and Rui Abreu

    João F. Ferreira, Pedro Cruz, Thomas Durieux, and Rui Abreu. 2021. SmartBugs: a framework to analyze solidity smart contracts. InProceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering. 1349–1352

    2021

  15. [15]

    Foundry-rs. 2025. A blazing fast, portable and modular toolkit for Ethereum application. Retrieved September 10, 2025 from https://github.com/foundry-rs/foundry

    2025

  16. [16]

    Foundry-rs. 2025. Foundry support Solidity versions greater than 0.6. Retrieved August 31, 2025 from https: //github.com/foundry-rs/forge-std/blob/master/src/StdToml.sol#L2

    2025

  17. [17]

    Arthur Gervais and Liyi Zhou. 2025. Ai agent smart contract exploit generation.arXiv preprint arXiv:2507.05558 (2025)

    work page arXiv 2025

  18. [18]

    Asem Ghaleb and Karthik Pattabiraman. 2020. How effective are smart contract analysis tools? evaluating smart contract static analysis tools using bug injection. InProceedings of the 29th ACM SIGSOFT international symposium on software testing and analysis. 415–427

    2020

  19. [19]

    Asem Ghaleb, Julia Rubin, and Karthik Pattabiraman. 2022. eTainter: detecting gas-related vulnerabilities in smart contracts. InProceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis. 728–739

    2022

  20. [20]

    Asem Ghaleb, Julia Rubin, and Karthik Pattabiraman. 2023. AChecker: Statically Detecting Smart Contract Access Control Vulnerabilities.Proc. ACM ICSE(2023)

    2023

  21. [21]

    Neville Grech, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2019. Gigahorse: thorough, declarative de- compilation of smart contracts. In2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE). IEEE, 1176–1186

    2019

  22. [22]

    Daya Guo, Dejian Yang, Haowei Zhang, Junxiao Song, Ruoyu Zhang, Runxin Xu, Qihao Zhu, Shirong Ma, Peiyi Wang, Xiao Bi, et al. 2025. Deepseek-r1: Incentivizing reasoning capability in llms via reinforcement learning.arXiv preprint arXiv:2501.12948(2025)

    work page internal anchor Pith review Pith/arXiv arXiv 2025

  23. [23]

    Tianyuan Hu, Jingyue Li, Bixin Li, and Andre Storhaug. 2024. Why smart contracts reported as vulnerable were not exploited?IEEE Transactions on Dependable and Secure Computing(2024)

    2024

  24. [24]

    Jie Huang and Kevin Chen-Chuan Chang. 2023. Towards Reasoning in Large Language Models: A Survey. InThe 61st Annual Meeting Of The Association For Computational Linguistics

    2023

  25. [25]

    Ling Jin, Yinzhi Cao, Yan Chen, Di Zhang, and Simone Campanoni. 2023. ExGen: Cross-platform, Automated Exploit Generation for Smart Contract Vulnerabilities.IEEE Trans. Dependable Secur. Comput.(2023)

    2023

  26. [26]

    Queping Kong, Jiachi Chen, Yanlin Wang, Zigui Jiang, and Zibin Zheng. 2023. DeFiTainter: Detecting Price Manipulation Vulnerabilities in DeFi Protocols. InProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing Proc. ACM Softw. Eng., Vol. 3, No. FSE, Article FSE101. Publication date: July 2026. FSE101:22 Jingwen Zhang et al. and An...

    2023

  27. [27]

    Ziqiao Kong, Cen Zhang, Maoyi Xie, Ming Hu, Yue Xue, Ye Liu, Haijun Wang, and Yang Liu. 2025. Smart Contract Fuzzing Towards Profitable Vulnerabilities.Proceedings of the ACM on Software Engineering2, FSE (2025), 153–175

    2025

  28. [28]

    Johannes Krupp and Christian Rossow. 2018. {teEther}: Gnawing at ethereum to automatically exploit smart contracts. In27th USENIX security symposium (USENIX Security 18). 1317–1333

    2018

  29. [29]

    Junyi Li, Jie Chen, Ruiyang Ren, Xiaoxue Cheng, Wayne Xin Zhao, Jian-Yun Nie, and Ji-Rong Wen. 2024. The dawn after the dark: An empirical study on factuality hallucination in large language models.arXiv preprint arXiv:2401.03205 (2024)

    work page arXiv 2024

  30. [30]

    Wei Li, Yuhong Nan, Mingxi Ye, Jingwen Zhang, Peilin Zheng, and Zibin Zheng. 2025. ASTRO: Detecting Access Control Vulnerabilities in Smart Contracts via Graph Similarity Comparison.IEEE Transactions on Software Engineering (2025)

    2025

  31. [31]

    Zeqin Liao, Zibin Zheng, Xiao Chen, and Yuhong Nan. 2022. SmartDagger: a bytecode-based static analysis approach for detecting cross-contract vulnerability. InProceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis. 752–764

    2022

  32. [32]

    Ye Liu, Yue Xue, Daoyuan Wu, Yuqiang Sun, Yi Li, Miaolei Shi, and Yang Liu. 2024. PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property Generation.arXiv preprint arXiv:2405.02580 (2024)

    work page arXiv 2024

  33. [33]

    Zhenguang Liu, Peng Qian, Jiaxu Yang, Lingfeng Liu, Xiaojun Xu, Qinming He, and Xiaosong Zhang. 2023. Rethinking smart contract fuzzing: Fuzzing with invocation ordering and important branch revisiting.IEEE Transactions on Information Forensics and Security18 (2023), 1237–1251

    2023

  34. [34]

    Wei Ma, Daoyuan Wu, Yuqiang Sun, Tianwen Wang, Shangqing Liu, Jian Zhang, Yue Xue, and Yang Liu. 2024. Combining fine-tuning and llm-based agents for intuitive smart contract auditing with justifications.arXiv preprint arXiv:2403.16073(2024)

    work page arXiv 2024

  35. [35]

    Muhammad Izhar Mehar, Charles Louis Shier, Alana Giambattista, Elgar Gong, Gabrielle Fletcher, Ryan Sanayhie, Henry M Kim, and Marek Laskowski. 2019. Understanding a revolutionary and flawed grand experiment in blockchain: The DAO attack.Journal of Cases on Information Technology (JCIT)21, 1 (2019), 19–32

    2019

  36. [36]

    William Metcalfe et al. 2020. Ethereum, smart contracts, DApps.Blockchain and Crypt Currency77 (2020), 77–93

    2020

  37. [37]

    Bernhard Mueller. 2018. Smashing ethereum smart contracts for fun and real profit.HITB SECCONF Amsterdam9, 54 (2018), 4–17

    2018

  38. [38]

    Tai D Nguyen, Long H Pham, Jun Sun, Yun Lin, and Quang Tran Minh. 2020. sfuzz: An efficient adaptive fuzzer for solidity smart contracts. InProceedings of the ACM/IEEE 42nd International Conference on Software Engineering. 778–788

    2020

  39. [39]

    Vikram Nitin, Baishakhi Ray, and Roshanak Zilouchian Moghaddam. 2025. FaultLine: Automated Proof-of-Vulnerability Generation Using LLM Agents.arXiv preprint arXiv:2507.15241(2025)

    work page arXiv 2025

  40. [40]

    OpenAI. 2025. OpenAI Platform. Retrieved August 31, 2025 from https://platform.openai.com/docs/models/gpt-4o

    2025

  41. [41]

    OpenAI. 2025. OpenAI Price. Retrieved August 31, 2025 from https://openai.com/api/pricing/

    2025

  42. [42]

    Daniel Perez and Benjamin Livshits. 2021. Smart contract vulnerabilities: Vulnerable does not imply exploited. In30th USENIX Security Symposium (USENIX Security 21). 1325–1341

    2021

  43. [43]

    Han Qiu, Jiaxing Huang, Peng Gao, Qin Qi, Xiaoqin Zhang, Ling Shao, and Shijian Lu. 2024. LongHalQA: Long-Context Hallucination Evaluation for MultiModal Large Language Models.arXiv preprint arXiv:2410.09962(2024)

    work page arXiv 2024

  44. [44]

    Chaofan Shou, Jing Liu, Doudou Lu, and Koushik Sen. 2024. Llm4fuzz: Guided fuzzing of smart contracts with large language models.arXiv preprint arXiv:2401.11108(2024)

    work page arXiv 2024

  45. [45]

    Chaofan Shou, Shangyin Tan, and Koushik Sen. 2023. Ityfuzz: Snapshot-based fuzzer for smart contract. InProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. 322–333

    2023

  46. [46]

    Deniz Simsek, Aryaz Eghbali, and Michael Pradel. 2025. PoCGen: Generating Proof-of-Concept Exploits for Vulnera- bilities in Npm Packages.arXiv preprint arXiv:2506.04962(2025)

    work page arXiv 2025

  47. [47]

    SmartContractSecurity. 2025. Smart Contract Weakness Classification and Test Cases. Retrieved August 31, 2025 from https://github.com/SmartContractSecurity/SWC-registry

    2025

  48. [48]

    Solidity. 2025. Solidity Source Mappings - Documentation. Retrieved August 31, 2025 from https://docs.soliditylang. org/en/latest/internals/source_mappings.html

    2025

  49. [49]

    soliditylang. 2025. Solidity v0.8.0 Breaking Changes. Retrieved September 10, 2025 from https://docs.soliditylang.org/ en/latest/080-breaking-changes.html

    2025

  50. [50]

    Yuqiang Sun, Daoyuan Wu, Yue Xue, Han Liu, Haijun Wang, Zhengzi Xu, Xiaofei Xie, and Yang Liu. 2024. Gptscan: Detecting logic vulnerabilities in smart contracts by combining gpt with program analysis. InProceedings of the IEEE/ACM 46th International Conference on Software Engineering. 1–13

    2024

  51. [51]

    Christof Ferreira Torres, Antonio Ken Iannillo, Arthur Gervais, and Radu State. 2021. Confuzzius: A data dependency- aware hybrid fuzzer for smart contracts. In2021 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, Proc. ACM Softw. Eng., Vol. 3, No. FSE, Article FSE101. Publication date: July 2026. V2E: Validating Smart Contract Vulnerabili...

    2021

  52. [52]

    Vyper. 2025. Vyper Document. Retrieved August 31, 2025 from https://docs.vyperlang.org/en/latest/

    2025

  53. [53]

    Zexu Wang, Jiachi Chen, Peilin Zheng, Yu Zhang, Weizhe Zhang, and Zibin Zheng. 2024. Unity is strength: Enhancing precision in reentrancy vulnerability detection of smart contract analysis tools.IEEE Transactions on Software Engineering(2024)

    2024

  54. [54]

    Gavin Wood et al. 2014. Ethereum: A secure decentralised generalised transaction ledger.Ethereum project yellow paper151, 2014 (2014), 1–32

    2014

  55. [55]

    Shuohan Wu, Zihao Li, Luyi Yan, Weimin Chen, Muhui Jiang, Chenxu Wang, Xiapu Luo, and Hao Zhou. 2024. Are we there yet? unraveling the state-of-the-art smart contract fuzzers. InProceedings of the IEEE/ACM 46th International Conference on Software Engineering. 1–13

    2024

  56. [56]

    Yin Wu, Xiaofei Xie, Chenyang Peng, Dijun Liu, Hao Wu, Ming Fan, Ting Liu, and Haijun Wang. 2024. AdvSCanner: Generating Adversarial Smart Contracts to Exploit Reentrancy Vulnerabilities Using LLM and Static Analysis. In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, ASE

    2024

  57. [57]

    Valentin Wüstholz and Maria Christakis. 2020. Harvey: A greybox fuzzer for smart contracts. InProceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 1398–1409

    2020

  58. [58]

    Chunqiu Steven Xia and Lingming Zhang. 2024. Automated program repair via conversation: Fixing 162 out of 337 bugs for $0.42 each using chatgpt. InProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis. 819–831

    2024

  59. [59]

    Ziwei Xu, Sanjay Jain, and Mohan Kankanhalli. 2024. Hallucination is inevitable: An innate limitation of large language models.arXiv preprint arXiv:2401.11817(2024)

    work page internal anchor Pith review arXiv 2024

  60. [60]

    Yinxing Xue, Jiaming Ye, Wei Zhang, Jun Sun, Lei Ma, Haijun Wang, and Jianjun Zhao. 2022. xfuzz: Machine learning guided cross-contract fuzzing.IEEE Transactions on Dependable and Secure Computing(2022)

    2022

  61. [61]

    Mingxi Ye, Xingwei Lin, Yuhong Nan, Jiajing Wu, and Zibin Zheng. 2024. Midas: Mining Profitable Exploits in On-Chain Smart Contracts via Feedback-Driven Fuzzing and Differential Analysis. InProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis. 794–805

    2024

  62. [62]

    Mingxi Ye, Yuhong Nan, Zibin Zheng, Dongpeng Wu, and Huizhong Li. 2023. Detecting State Inconsistency Bugs in DApps via On-Chain Transaction Replay and Fuzzing. InProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. 298–309

    2023

  63. [63]

    Zheng Yu, Ziyi Guo, Yuhang Wu, Jiahao Yu, Meng Xu, Dongliang Mu, Yan Chen, and Xinyu Xing. [n. d.]. PATCHAGENT: A Practical Program Repair Agent Mimicking Human Expertise. InUSENIX Security 2025

    2025

  64. [64]

    Jingwen Zhang, Yuhong Nan, Wei Li, Kaiwen Ning, Zewei Lin, Zitong Yao, Yuming Feng, Weizhe Zhang, and Zibin Zheng. 2025. Finding Insecure State Dependency in DApps via Multi-Source Tracing and Semantic Enrichment. In 2025 40th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 1529–1540

    2025

  65. [65]

    Jingwen Zhang, Zibin Zheng, Yuhong Nan, Mingxi Ye, Kaiwen Ning, Yu Zhang, and Weizhe Zhang. 2025. SmartReco: De- tecting Read-Only Reentrancy via Fine-Grained Cross-DApp Analysis. InProceedings of the IEEE/ACM 47th International Conference on Software Engineering. 1–12

    2025

  66. [66]

    Qingzhao Zhang, Yizhuo Wang, Juanru Li, and Siqi Ma. 2020. EthPloit: From Fuzzing to Efficient Exploit Generation against Smart Contracts. In27th IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2020, London, ON, Canada, February 18-21, 2020. 116–126

    2020

  67. [67]

    Wuqi Zhang, Zhuo Zhang, Qingkai Shi, Lu Liu, Lili Wei, Yepang Liu, Xiangyu Zhang, and Shing-Chi Cheung. 2024. Nyx: Detecting Exploitable Front-Running Vulnerabilities in Smart Contracts. In2024 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 146–146

    2024

  68. [68]

    Zhuo Zhang, Brian Zhang, Wen Xu, and Zhiqiang Lin. 2023. Demystifying exploitable bugs in smart contracts. In2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE). IEEE, 615–627

    2023

  69. [69]

    Zibin Zheng, Jianzhong Su, Jiachi Chen, David Lo, Zhijie Zhong, and Mingxi Ye. 2024. DAppSCAN: Building Large-Scale Datasets for Smart Contract Weaknesses in DApp Projects.IEEE Transactions on Software Engineering(2024). Received 2025-09-11; accepted 2026-03-24 Proc. ACM Softw. Eng., Vol. 3, No. FSE, Article FSE101. Publication date: July 2026

    2024