Tootfinder

LLAMA: Multi-Feedback Smart Contract Fuzzing Framework with LLM-Guided Seed Generation
Keke Gai, Haochen Liang, Jing Yu, Liehuang Zhu, Dusit Niyato
https://arxiv.org/abs/2507.12084

LLAMA: Multi-Feedback Smart Contract Fuzzing Framework with LLM-Guided Seed Generation
Smart contracts play a pivotal role in blockchain ecosystems, and fuzzing remains an important approach to securing smart contracts. Even though mutation scheduling is a key factor influencing fuzzing effectiveness, existing fuzzers have primarily explored seed scheduling and generation, while mutation scheduling has been rarely addressed by prior work. In this work, we propose a Large Language Models (LLMs)-based Multi-feedback Smart Contract Fuzzing framework (LLAMA) that integrates LLMs, evo…

This story is cute: A malicious "Solidity" (that's the smart contract language Ethereum and other blockchains use) extension for Cursor, the Vibe-Coding Editor included code that steals your tokens/coins.
I find it funny for two reasons:
- Blockchainers love talking about how you need to verify things you interact with but someone wasn't checking if they have the right extension
- Programming smart contracts is hard because it's a massively hostile envir…

Code highlighting with Cursor AI for $500,000
Kaspersky GReAT experts uncover malicious extensions for Cursor AI that download the Quasar backdoor and a crypto stealer.

IDOL: Improved Different Optimization Levels Testing for Solidity Compilers
Lantian Li, Yejian Liang, Zhongxing Yu
https://arxiv.org/abs/2506.12760 https:/…

IDOL: Improved Different Optimization Levels Testing for Solidity Compilers
As blockchain technology continues to evolve and mature, smart contracts have become a key driving force behind the digitization and automation of transactions. Smart contracts greatly simplify and refine the traditional business transaction processes, and thus have had a profound impact on various industries such as finance and supply chain management. However, because smart contracts cannot be modified once deployed, any vulnerabilities or design flaws within the contract cannot be easily fix…

AI Agent Smart Contract Exploit Generation
Arthur Gervais, Liyi Zhou
https://arxiv.org/abs/2507.05558 https://arxiv.org/pdf/2507.0555…

AI Agent Smart Contract Exploit Generation
We present A1, an agentic execution driven system that transforms any LLM into an end-to-end exploit generator. A1 has no hand-crafted heuristics and provides the agent with six domain-specific tools that enable autonomous vulnerability discovery. The agent can flexibly leverage these tools to understand smart contract behavior, generate exploit strategies, test them on blockchain states, and refine approaches based on execution feedback. All outputs are concretely validated to eliminate false …

Bridging Solidity Evolution Gaps: An LLM-Enhanced Approach for Smart Contract Compilation Error Resolution
Likai Ye, Mengliang Li, Dehai Zhao, Jiamou Sun, Xiaoxue Ren
https://arxiv.org/abs/2508.10517

Bridging Solidity Evolution Gaps: An LLM-Enhanced Approach for Smart Contract Compilation Error Resolution
Solidity, the dominant smart contract language for Ethereum, has rapidly evolved with frequent version updates to enhance security, functionality, and developer experience. However, these continual changes introduce significant challenges, particularly in compilation errors, code migration, and maintenance. Therefore, we conduct an empirical study to investigate the challenges in the Solidity version evolution and reveal that 81.68% of examined contracts encounter errors when compiled across di…

Sources: Binance wrote the smart contract for USD1, a stablecoin launched by Trump's World Liberty, and promoted it to its 275M users, before CZ sought a pardon (Bloomberg)
https://www.bloomberg.com/news/features/20

This https://arxiv.org/abs/2504.16552 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csDC_…

DTVM: Revolutionizing Smart Contract Execution with Determinism and Compatibility
We introduce the DeTerministic Virtual Machine (DTVM) Stack, a next-generation smart contract execution framework designed to address critical performance, determinism, and ecosystem compatibility challenges in blockchain networks. Building upon WebAssembly (Wasm) while maintaining full Ethereum Virtual Machine (EVM) ABI compatibility, DTVM introduces a Deterministic Middle Intermediate Representation (dMIR) and a hybrid lazy-JIT compilation engine to balance compilation speed and execution eff…

Understanding Inconsistent State Update Vulnerabilities in Smart Contracts
Lantian Li, Yuyu Chen, Jingwen Wu, Yue Pan, Zhongxing Yu
https://arxiv.org/abs/2508.06192 https://

Understanding Inconsistent State Update Vulnerabilities in Smart Contracts
Smart contracts enable contract terms to be automatically executed and verified on the blockchain, and recent years have witnessed numerous applications of them in areas such as financial institutions and supply chains. The execution logic of a smart contract is closely related to the contract state, and thus the correct and safe execution of the contract depends heavily on the precise control and update of the contract state. However, the contract state update process can have issues. In parti…

ScamDetect: Towards a Robust, Agnostic Framework to Uncover Threats in Smart Contracts
Pasquale De Rosa, Pascal Felber, Valerio Schiavoni
https://arxiv.org/abs/2508.07094 https:…

ScamDetect: Towards a Robust, Agnostic Framework to Uncover Threats in Smart Contracts
Smart contracts have transformed decentralized finance by enabling programmable, trustless transactions. However, their widespread adoption and growing financial significance have attracted persistent and sophisticated threats, such as phishing campaigns and contract-level exploits. Traditional transaction-based threat detection methods often expose sensitive user data and interactions, raising privacy and security concerns. In response, static bytecode analysis has emerged as a proactive mitig…

Properties of UTxO Ledgers and Programs Implemented on Them
Polina Vinogradova (Input Output Global), Alexey Sorokin (Input Output Global)
https://arxiv.org/abs/2506.05832

Properties of UTxO Ledgers and Programs Implemented on Them
Trace-based properties are the gold standard for program behaviour analysis. One of the domains of application of this type of analysis is cryptocurrency ledgers, both for the purpose of analyzing the behaviour of the ledger itself, and any user-defined programs called by it, known as smart contracts. The (extended) UTxO ledger model is a kind of ledger model where all smart contract code is stateless, and additional work must be done to model stateful programs. We formalize the application of …

A Smart-Contract to Resolve Multiple Equilibrium in Intermediated Trade
Daniel Aronoff, Robert M. Townsend
https://arxiv.org/abs/2505.22940 https://…

A Smart-Contract to Resolve Multiple Equilibrium in Intermediated Trade
We present a model of a market that is intermediated by broker-dealers where there is multiple equilibrium. We then design a smart-contract that receives messages and algorithmically sends trading instructions. The smart-contract resolves the multiple equilibrium by implementing broker-dealer joint profit maximization as a Nash equilibrium. This outcome relies upon several factors: Agent commitments to follow the smart contract protocol; selective privacy of information; a structured timing of …

EVMx: An FPGA-Based Smart Contract Processing Unit
Joel Poncha Lemayian, Hachem Bensalem, Ghyslain Gagnon, Kaiwen Zhang, Pascal Giard
https://arxiv.org/abs/2507.23518 https://…

EVMx: An FPGA-Based Smart Contract Processing Unit
Ethereum blockchain uses smart contracts (SCs) to implement decentralized applications (dApps). SCs are executed by the Ethereum virtual machine (EVM) running within an Ethereum client. Moreover, the EVM has been widely adopted by other blockchain platforms, including Solana, Cardano, Avalanche, Polkadot, and more. However, the EVM performance is limited by the constraints of the general-purpose computer it operates on. This work proposes offloading SC execution onto a dedicated hardware-based …

FSM Modeling For Off-Blockchain Computation
Christian Gang Liu
https://arxiv.org/abs/2506.02086 https://arxiv.org/pdf/2506.02086

FSM Modeling For Off-Blockchain Computation
Blockchain benefits are due to immutability, replication, and storage-and-execution of smart contracts on the blockchain. However, the benefits come at increased costs due to the blockchain size and execution. We address three fundamental issues that arise in transferring certain parts of a smart contract to be executed off-chain: (i) identifying which parts (patterns) of the smart contract should be considered for processing off-chain, (ii) under which conditions should a smart-contract patter…

The Dark Side of Upgrades: Uncovering Security Risks in Smart Contract Upgrades
Dingding Wang, Jianting He, Siwei Wu, Yajin Zhou, Lei Wu, Cong Wang
https://arxiv.org/abs/2508.02145

The Dark Side of Upgrades: Uncovering Security Risks in Smart Contract Upgrades
Smart contract upgrades are increasingly common due to their flexibility in modifying deployed contracts, such as fixing bugs or adding new functionalities. Meanwhile, upgrades compromise the immutability of contracts, introducing significant security concerns. While existing research has explored the security impacts of contract upgrades, these studies are limited in collection of upgrade behaviors and identification of insecurities. To address these limitations, we conduct a comprehensive s…

Smart-LLaMA-DPO: Reinforced Large Language Model for Explainable Smart Contract Vulnerability Detection
Lei Yu, Zhirong Huang, Hang Yuan, Shiqi Cheng, Li Yang, Fengjun Zhang, Chenjie Shen, Jiajia Ma, Jingyuan Zhang, Junyi Lu, Chun Zuo
https://arxiv.org/abs/2506.18245

Smart-LLaMA-DPO: Reinforced Large Language Model for Explainable Smart Contract Vulnerability Detection
Smart contract vulnerability detection remains a major challenge in blockchain security. Existing vulnerability detection methods face two main issues: (1) Existing datasets lack comprehensive coverage and high-quality explanations for preference learning. (2) Large language models (LLMs) often struggle with accurately interpreting specific concepts in smart contract security. Empirical analysis shows that even after continual pre-training (CPT) and supervised fine-tuning (SFT), LLMs may misint…

The Feasibility of MBSs as Decentralized Autonomous Organizations
Timothy Dombrowski, V. Carlos Slawson Jr
https://arxiv.org/abs/2507.05439 https://…

The Feasibility of MBSs as Decentralized Autonomous Organizations
Can the general structure of a mortgage-backed security (MBS) contract be programmatically represented through the use of decentralized autonomous organizations (DAOs)? Such an approach could allow for the portfolio of loans to be managed by investors in a trustless and transparent way. The focus and scope of this paper is to explore the potential for applying the tools of modern fintech, such as asset tokenization, smart contracts, and DAOs, to reconstruct traditional structured products that …

Replaced article(s) found for cs.DB. https://arxiv.org/list/cs.DB/new
[1/1]:
- Thunderbolt: Concurrent Smart Contract Execution with Non-blocking Reconfiguration for Sharded DAGs
Junchao Chen, Alberto Sonnino, Lefteris Kokoris-Kogias, Mohammad Sadoghi

Sources: Microsoft is pushing to remove the AGI clause from its OpenAI contract, which lets OpenAI limit Microsoft's access to its IP once its systems reach AGI (Berber Jin/Wall Street Journal)
https://www.wsj.com/tech…

Transforming Automatically BPMN Models to Smart Contracts with Nested Collaborative Transactions (TABS )
Christian Gang Liu, Peter Bodorik, Dawn Jutla
https://arxiv.org/abs/2506.02727

Transforming Automatically BPMN Models to Smart Contracts with Nested Collaborative Transactions (TABS+)
Development of blockchain smart contracts is more difficult than mainstream software development because the underlying blockchain infrastructure poses additional complexity. To ease the developer's task of writing smart contract, as other research efforts, we also use Business Process Model and Notation BPMN modeling to describe application requirements for trade of goods and services and then transform automatically the BPMN model into the methods of a smart contract. In our previous research…

Optimal Benchmark Design under Costly Manipulation
\'Angel Hernando-Veciana
https://arxiv.org/abs/2506.22142 https://arxiv.org/pd…

Optimal Benchmark Design under Costly Manipulation
Price benchmarks are used to incorporate market price trends into contracts, but their use can create opportunities for manipulation by parties involved in the contract. This paper examines this issue using a realistic and tractable model inspired by smart contracts on blockchains like Ethereum. In our model, manipulation costs depend on two factors: the magnitude of adjustments to individual prices (variable costs) and the number of prices adjusted (fixed costs). We find that a weighted mean i…

This https://arxiv.org/abs/2404.00306 has been replaced.
link: https://scholar.google.com/scholar?q=a

A blockchain-based intelligent recommender system framework for enhancing supply chain resilience
This research proposed a data-driven supply chain disruption response baseline framework based on intelligent recommender system technology as an initial SCRes reactive solution. To improve the data quality and reliability of the proposed IRS as a stable, secure, and resilient decision support system, blockchain technology is integrated into the baseline architecture. The smart contract is prototyped to demonstrate the information exchange mechanism under a BLC network environment. The BLC-IRS …

SAEL: Leveraging Large Language Models with Adaptive Mixture-of-Experts for Smart Contract Vulnerability Detection
Lei Yu, Shiqi Cheng, Zhirong Huang, Jingyuan Zhang, Chenjie Shen, Junyi Lu, Li Yang, Fengjun Zhang, Jiajia Ma
https://arxiv.org/abs/2507.22371

SAEL: Leveraging Large Language Models with Adaptive Mixture-of-Experts for Smart Contract Vulnerability Detection
With the increasing security issues in blockchain, smart contract vulnerability detection has become a research focus. Existing vulnerability detection methods have their limitations: 1) Static analysis methods struggle with complex scenarios. 2) Methods based on specialized pre-trained models perform well on specific datasets but have limited generalization capabilities. In contrast, general-purpose Large Language Models (LLMs) demonstrate impressive ability in adapting to new vulnerability pa…

Supporting Long-term Transactions in Smart Contracts Generated from Business Process Model and Notation (BPMN) Models
Christian Gang Liu
https://arxiv.org/abs/2505.24309

Supporting Long-term Transactions in Smart Contracts Generated from Business Process Model and Notation (BPMN) Models
To alleviate difficulties in writing smart contracts for distributed blockchain applications, as other research, we propose transformation of Business Process Model and Notation (BPMN) models into blockchain smart contracts. Unlike other research, we use Discrete Event Hierarchical State Machine (DE-HSM) multi-modal modeling to identify collaborative trade transactions that need to be supported by the smart contract and describe how the trade transactions, that may be nested, are supported by a…

Reliability Analysis of Smart Contract Execution Architectures: A Comparative Simulation Study
\"Onder G\"urcan
https://arxiv.org/abs/2506.22180 …

Reliability Analysis of Smart Contract Execution Architectures: A Comparative Simulation Study
The industrial market continuously needs reliable solutions to secure autonomous systems. Especially as these systems become more complex and interconnected, reliable security solutions are becoming increasingly important. One promising solution to tackle this challenge is using smart contracts designed to meet contractual conditions, avoid malicious errors, secure exchanges, and minimize the need for reliable intermediaries. However, smart contracts are immutable. Moreover, there are different…

FORGE: An LLM-driven Framework for Large-Scale Smart Contract Vulnerability Dataset Construction
Jiachi Chen, Yiming Shen, Jiashuo Zhang, Zihao Li, John Grundy, Zhenzhe Shao, Yanlin Wang, Jiashui Wang, Ting Chen, Zibin Zheng
https://arxiv.org/abs/2506.18795

FORGE: An LLM-driven Framework for Large-Scale Smart Contract Vulnerability Dataset Construction
High-quality smart contract vulnerability datasets are critical for evaluating security tools and advancing smart contract security research. Two major limitations of current manual dataset construction are (1) labor-intensive and error-prone annotation processes limiting the scale, quality, and evolution of the dataset, and (2) absence of standardized classification rules results in inconsistent vulnerability categories and labeling results across different datasets. To address these limitatio…

Automated Mechanism to Support Trade Transactions in Smart Contracts with Upgrade and Repair
Christian Gang Liu, Peter Bodorik, Dawn Jutla
https://arxiv.org/abs/2506.03877

Automated Mechanism to Support Trade Transactions in Smart Contracts with Upgrade and Repair
In our previous research, we addressed the problem of automated transformation of models, represented using the business process model and notation (BPMN) standard, into the methods of a smart contract. The transformation supports BPMN models that contain complex multi-step activities that are supported using our concept of multi-step nested trade transactions, wherein the transactional properties are enforced by a mechanism generated automatically by the transformation process from a BPMN mode…

Mazzaroth: A High-Throughput DAG Consensus with State Root
Haohan Li
https://arxiv.org/abs/2506.01960 https://arxiv.org/pdf/2506.0196…

Mazzaroth: A High-Throughput DAG Consensus with State Root
Nakamoto Consensus achieves a decentralized ledger through a single-chain blockchain, assuming a maximum network delay, which limits block generation speed, resulting in low throughput. \cite{pg2018} (PG) enhances throughput using a blockDAG structure, but its probabilistic confirmation restricts smart contract applications. To address this, Mazzaroth proposes a Pow-based blockDAG consensus, employing a linear ordering algorithm to compute the \cite{eth} and achieve state finality, thereby supp…

Program Analysis for High-Value Smart Contract Vulnerabilities: Techniques and Insights
Yannis Smaragdakis, Neville Grech, Sifis Lagouvardos, Konstantinos Triantafyllou, Ilias Tsatiris, Yannis Bollanos, Tony Rocco Valentine
https://arxiv.org/abs/2507.20672

Program Analysis for High-Value Smart Contract Vulnerabilities: Techniques and Insights
A widespread belief in the blockchain security community is that automated techniques are only good for detecting shallow bugs, typically of small value. In this paper, we present the techniques and insights that have led us to repeatable success in automatically discovering high-value smart contract vulnerabilities. Our vulnerability disclosures have yielded 10 bug bounties, for a total of over $3M, over high-profile deployed code, as well as hundreds of bugs detected in pre-deployment or unde…

SoK: Root Cause of \$1 Billion Loss in Smart Contract Real-World Attacks via a Systematic Literature Review of Vulnerabilities
Hadis Rezaei, Mojtaba Eshghie, Karl Anderesson, Francesco Palmieri
https://arxiv.org/abs/2507.20175

SoK: Root Cause of \$1 Billion Loss in Smart Contract Real-World Attacks via a Systematic Literature Review of Vulnerabilities
The Ethereum ecosystem, despite its maturity, continues to witness catastrophic attacks, with billions of dollars in assets lost annually. In response, a significant body of research has focused on identifying and mitigating smart contract vulnerabilities. However, these efforts predominantly focus on implementation-level bugs, leaving a critical gap between academic understanding of vulnerabilities and the root causes of real-world high-impact financial losses. We employ a two-pronged methodol…

On LLM-Assisted Generation of Smart Contracts from Business Processes
Fabian Stiehle, Hans Weytjens, Ingo Weber
https://arxiv.org/abs/2507.23087 https://ar…

On LLM-Assisted Generation of Smart Contracts from Business Processes
Large language models (LLMs) have changed the reality of how software is produced. Within the wider software engineering community, among many other purposes, they are explored for code generation use cases from different types of input. In this work, we present an exploratory study to investigate the use of LLMs for generating smart contract code from business process descriptions, an idea that has emerged in recent literature to overcome the limitations of traditional rule-based code generati…

CASPER: Contrastive Approach for Smart Ponzi Scheme Detecter with More Negative Samples
Weijia Yang, Tian Lan, Leyuan Liu, Wei Chen, Tianqing Zhu, Sheng Wen, Xiaosong Zhang
https://arxiv.org/abs/2507.16840

CASPER: Contrastive Approach for Smart Ponzi Scheme Detecter with More Negative Samples
The rapid evolution of digital currency trading, fueled by the integration of blockchain technology, has led to both innovation and the emergence of smart Ponzi schemes. A smart Ponzi scheme is a fraudulent investment operation in smart contract that uses funds from new investors to pay returns to earlier investors. Traditional Ponzi scheme detection methods based on deep learning typically rely on fully supervised models, which require large amounts of labeled data. However, such data is often…

Combating Reentrancy Bugs on Sharded Blockchains
Roman Kashitsyn, Robin K\"unzler, Ognjen Mari\'c, Lara Schmid
https://arxiv.org/abs/2506.05932 ht…

Combating Reentrancy Bugs on Sharded Blockchains
Reentrancy is a well-known source of smart contract bugs on Ethereum, leading e.g. to double-spending vulnerabilities in DeFi applications. But less is known about this problem in other blockchains, which can have significantly different execution models. Sharded blockchains in particular generally use an asynchronous messaging model that differs substantially from the synchronous and transactional model of Ethereum. We study the features of this model and its effect on reentrancy bugs on three…

Decompiling Smart Contracts with a Large Language Model
Isaac David, Liyi Zhou, Dawn Song, Arthur Gervais, Kaihua Qin
https://arxiv.org/abs/2506.19624 http…

Decompiling Smart Contracts with a Large Language Model
The widespread lack of broad source code verification on blockchain explorers such as Etherscan, where despite 78,047,845 smart contracts deployed on Ethereum (as of May 26, 2025), a mere 767,520 (< 1%) are open source, presents a severe impediment to blockchain security. This opacity necessitates the automated semantic analysis of on-chain smart contract bytecode, a fundamental research challenge with direct implications for identifying vulnerabilities and understanding malicious behavior. Pre…

From Contracts to Code: Automating Smart Contract Generation with Multi-Level Finite State Machines
Lambard Maxence, Bertelle Cyrille, Duvallet Claude
https://arxiv.org/abs/2507.16276

From Contracts to Code: Automating Smart Contract Generation with Multi-Level Finite State Machines
In an increasingly complex contractual landscape, the demand for transparency, security, and efficiency has intensified. Blockchain technology, with its decentralized and immutable nature, addresses these challenges by reducing intermediary costs, minimizing fraud risks, and enhancing system compatibility. Smart contracts, initially conceptualized by Nick Szabo and later implemented on the Ethereum blockchain, automate and secure contractual clauses, offering a robust solution for various indus…

A Preference-Driven Methodology for High-Quality Solidity Code Generation
Zhiyuan Peng, Xin Yin, Chenhao Ying, Chao Ni, Yuan Luo
https://arxiv.org/abs/2506.03006

A Preference-Driven Methodology for High-Quality Solidity Code Generation
While Large Language Models (LLMs) have demonstrated remarkable progress in generating functionally correct Solidity code, they continue to face critical challenges in producing gas-efficient and secure code, which are critical requirements for real-world smart contract deployment. Although recent advances leverage Supervised Fine-Tuning (SFT) and Direct Preference Optimization (DPO) for code preference alignment, existing approaches treat functional correctness, gas optimization, and security …

ETrace:Event-Driven Vulnerability Detection in Smart Contracts via LLM-Based Trace Analysis
Chenyang Peng, Haijun Wang, Yin Wu, Hao Wu, Ming Fan, Yitao Zhao, Ting Liu
https://arxiv.org/abs/2506.15790

ETrace:Event-Driven Vulnerability Detection in Smart Contracts via LLM-Based Trace Analysis
With the advance application of blockchain technology in various fields, ensuring the security and stability of smart contracts has emerged as a critical challenge. Current security analysis methodologies in vulnerability detection can be categorized into static analysis and dynamic analysis methods.However, these existing traditional vulnerability detection methods predominantly rely on analyzing original contract code, not all smart contracts provide accessible code.We present ETrace, a novel…

Dataset of Yul Contracts to Support Solidity Compiler Research
Krzysztof Fonal
https://arxiv.org/abs/2506.19153 https://arxiv.org/pdf…

Dataset of Yul Contracts to Support Solidity Compiler Research
The YulCode dataset presents a comprehensive collection of 348,840 Yul-based smart contract instances, comprising approximately 135,013 unique contracts. These contracts were generated through the compilation of Solidity source files that have been deployed on the Ethereum mainnet, making the dataset directly representative of real-world decentralized applications. YulCode provides a rich foundation for a variety of research and development tasks, including but not limited to machine learning a…