{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2025:O7SAARSFA6UNAWL4IE6HR5JRY5","short_pith_number":"pith:O7SAARSF","canonical_record":{"source":{"id":"2504.13398","kind":"arxiv","version":4},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2025-04-18T01:22:58Z","cross_cats_sorted":[],"title_canon_sha256":"e7090e0850ecba8985ee353f49126ae23c039bc34b17909c4c2a28b9af1ae519","abstract_canon_sha256":"cc9dab03acc27dcb88e73e20e567fea6cebb72311ed4bb48040c09cd7b7b9fad"},"schema_version":"1.0"},"canonical_sha256":"77e400464507a8d0597c413c78f531c76d674018a8cec4ad2b0a9de6a9d3fca9","source":{"kind":"arxiv","id":"2504.13398","version":4},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2504.13398","created_at":"2026-06-11T02:09:23Z"},{"alias_kind":"arxiv_version","alias_value":"2504.13398v4","created_at":"2026-06-11T02:09:23Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2504.13398","created_at":"2026-06-11T02:09:23Z"},{"alias_kind":"pith_short_12","alias_value":"O7SAARSFA6UN","created_at":"2026-06-11T02:09:23Z"},{"alias_kind":"pith_short_16","alias_value":"O7SAARSFA6UNAWL4","created_at":"2026-06-11T02:09:23Z"},{"alias_kind":"pith_short_8","alias_value":"O7SAARSF","created_at":"2026-06-11T02:09:23Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2025:O7SAARSFA6UNAWL4IE6HR5JRY5","target":"record","payload":{"canonical_record":{"source":{"id":"2504.13398","kind":"arxiv","version":4},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2025-04-18T01:22:58Z","cross_cats_sorted":[],"title_canon_sha256":"e7090e0850ecba8985ee353f49126ae23c039bc34b17909c4c2a28b9af1ae519","abstract_canon_sha256":"cc9dab03acc27dcb88e73e20e567fea6cebb72311ed4bb48040c09cd7b7b9fad"},"schema_version":"1.0"},"canonical_sha256":"77e400464507a8d0597c413c78f531c76d674018a8cec4ad2b0a9de6a9d3fca9","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-11T02:09:23.556637Z","signature_b64":"s5iF8TWs5yOrTJ0rD3VKrVqYTR6VcGRcP9s3cAMTuiD0UStYzD+TC18ppnxhwqfiPqI24kMXD6iqebQ7VtqWBg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"77e400464507a8d0597c413c78f531c76d674018a8cec4ad2b0a9de6a9d3fca9","last_reissued_at":"2026-06-11T02:09:23.555625Z","signature_status":"signed_v1","first_computed_at":"2026-06-11T02:09:23.555625Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2504.13398","source_version":4,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-11T02:09:23Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"p9UlfkgXwwc+noNks6jx3H6G+xzSMCT8tJaNGfN5CptfVcCpe+Q+59WlQ5/67osM06Jfy2sTuh1HTntco9iyDg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-20T07:46:44.009962Z"},"content_sha256":"56d25d83c1612154ad23582fd83755e5420aae3dc210f9c7c10b8fb36a76c376","schema_version":"1.0","event_id":"sha256:56d25d83c1612154ad23582fd83755e5420aae3dc210f9c7c10b8fb36a76c376"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2025:O7SAARSFA6UNAWL4IE6HR5JRY5","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Insecurity Through Obscurity: Veiled Vulnerabilities in Closed-Source Contracts","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Aviv Yaish, Fan Zhang, Kaihua Qin, Sen Yang","submitted_at":"2025-04-18T01:22:58Z","abstract_excerpt":"Most blockchains cannot hide the binary code of programs (i.e., smart contracts) running on them. To conceal proprietary business logic and to potentially deter attacks, many smart contracts are closed-source and in many cases exhibit code obfuscation, either intentionally introduced to hide internal logic or unintentionally produced by optimizations. However, we demonstrate that such obfuscation can obscure critical vulnerabilities rather than enhance security, a phenomenon known as insecurity through obscurity. To systematically analyze these risks on a large scale, we present SKANF, a novel"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2504.13398","kind":"arxiv","version":4},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2504.13398/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-11T02:09:23Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"eijLDObr/yg0D08OSy/aEnt3+51fJjQT2y2Srp6ELLaRIf2yHEMGhkCR/vv+VWvu5lv5bLpJ5o9Re7jAktL9Cg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-20T07:46:44.010351Z"},"content_sha256":"1c315220a64d491645c0671f7a6c2ba33fafab8d07292bcc36ac95cc3d1feeca","schema_version":"1.0","event_id":"sha256:1c315220a64d491645c0671f7a6c2ba33fafab8d07292bcc36ac95cc3d1feeca"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/O7SAARSFA6UNAWL4IE6HR5JRY5/bundle.json","state_url":"https://pith.science/pith/O7SAARSFA6UNAWL4IE6HR5JRY5/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/O7SAARSFA6UNAWL4IE6HR5JRY5/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-20T07:46:44Z","links":{"resolver":"https://pith.science/pith/O7SAARSFA6UNAWL4IE6HR5JRY5","bundle":"https://pith.science/pith/O7SAARSFA6UNAWL4IE6HR5JRY5/bundle.json","state":"https://pith.science/pith/O7SAARSFA6UNAWL4IE6HR5JRY5/state.json","well_known_bundle":"https://pith.science/.well-known/pith/O7SAARSFA6UNAWL4IE6HR5JRY5/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2025:O7SAARSFA6UNAWL4IE6HR5JRY5","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"cc9dab03acc27dcb88e73e20e567fea6cebb72311ed4bb48040c09cd7b7b9fad","cross_cats_sorted":[],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2025-04-18T01:22:58Z","title_canon_sha256":"e7090e0850ecba8985ee353f49126ae23c039bc34b17909c4c2a28b9af1ae519"},"schema_version":"1.0","source":{"id":"2504.13398","kind":"arxiv","version":4}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2504.13398","created_at":"2026-06-11T02:09:23Z"},{"alias_kind":"arxiv_version","alias_value":"2504.13398v4","created_at":"2026-06-11T02:09:23Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2504.13398","created_at":"2026-06-11T02:09:23Z"},{"alias_kind":"pith_short_12","alias_value":"O7SAARSFA6UN","created_at":"2026-06-11T02:09:23Z"},{"alias_kind":"pith_short_16","alias_value":"O7SAARSFA6UNAWL4","created_at":"2026-06-11T02:09:23Z"},{"alias_kind":"pith_short_8","alias_value":"O7SAARSF","created_at":"2026-06-11T02:09:23Z"}],"graph_snapshots":[{"event_id":"sha256:1c315220a64d491645c0671f7a6c2ba33fafab8d07292bcc36ac95cc3d1feeca","target":"graph","created_at":"2026-06-11T02:09:23Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2504.13398/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Most blockchains cannot hide the binary code of programs (i.e., smart contracts) running on them. To conceal proprietary business logic and to potentially deter attacks, many smart contracts are closed-source and in many cases exhibit code obfuscation, either intentionally introduced to hide internal logic or unintentionally produced by optimizations. However, we demonstrate that such obfuscation can obscure critical vulnerabilities rather than enhance security, a phenomenon known as insecurity through obscurity. To systematically analyze these risks on a large scale, we present SKANF, a novel","authors_text":"Aviv Yaish, Fan Zhang, Kaihua Qin, Sen Yang","cross_cats":[],"headline":"","license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2025-04-18T01:22:58Z","title":"Insecurity Through Obscurity: Veiled Vulnerabilities in Closed-Source Contracts"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2504.13398","kind":"arxiv","version":4},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:56d25d83c1612154ad23582fd83755e5420aae3dc210f9c7c10b8fb36a76c376","target":"record","created_at":"2026-06-11T02:09:23Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"cc9dab03acc27dcb88e73e20e567fea6cebb72311ed4bb48040c09cd7b7b9fad","cross_cats_sorted":[],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2025-04-18T01:22:58Z","title_canon_sha256":"e7090e0850ecba8985ee353f49126ae23c039bc34b17909c4c2a28b9af1ae519"},"schema_version":"1.0","source":{"id":"2504.13398","kind":"arxiv","version":4}},"canonical_sha256":"77e400464507a8d0597c413c78f531c76d674018a8cec4ad2b0a9de6a9d3fca9","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"77e400464507a8d0597c413c78f531c76d674018a8cec4ad2b0a9de6a9d3fca9","first_computed_at":"2026-06-11T02:09:23.555625Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-06-11T02:09:23.555625Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"s5iF8TWs5yOrTJ0rD3VKrVqYTR6VcGRcP9s3cAMTuiD0UStYzD+TC18ppnxhwqfiPqI24kMXD6iqebQ7VtqWBg==","signature_status":"signed_v1","signed_at":"2026-06-11T02:09:23.556637Z","signed_message":"canonical_sha256_bytes"},"source_id":"2504.13398","source_kind":"arxiv","source_version":4}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:56d25d83c1612154ad23582fd83755e5420aae3dc210f9c7c10b8fb36a76c376","sha256:1c315220a64d491645c0671f7a6c2ba33fafab8d07292bcc36ac95cc3d1feeca"],"state_sha256":"a3c54cf255e9635f5ca31d4c35890d78a7143bf9862b4a767882e60b6475eff1"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"1uQ7iLZ9Y9KBUmx7M9r7AR1sQtGY9O7qPYA6B1hr02PYwjFCe0STcyvfqlLXNm2WyeOllgXSASfu7Tly+bPZBQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-20T07:46:44.012329Z","bundle_sha256":"51791245316f90900b7a46034c2c65c31a2f596aedb4ffb5301160a79c9056c9"}}