diff --git a/README.md b/README.md index d42273f..ce2340a 100644 --- a/README.md +++ b/README.md @@ -53,523 +53,525 @@ Welcome developers or researchers to add more published paper to this list. --- -## ESEC/FSE +----- -### 2022 +## S&P -[security] [An Empirical Study of Blockchain System Vulnerabilities: Modules, Types, and Patterns](). +###2023 -Xiao Yi, Daoyuan Wu, Lingxiao Jiang, Yuzhou Fang, Kehuan Zhang, Wei Zhang. +[security] [Clockwork Finance: Automated Analysis of Economic Security in Smart Contracts](https://eprint.iacr.org/2021/1147.pdf) -[security] [Declarative Smart Contracts](https://arxiv.org/pdf/2207.13827.pdf). +Kushal Babel (Cornell Tech), Philip Daian (Cornell Tech), Mahimna Kelkar (Cornell Tech), Ari Juels (Cornell Tech) -Haoxian Chen, Gerald Whitters, Mohammad Javad Amiri, Yuepeng Wang, Boon Thau Loo. +### 2022 -### 2021 +[security] [Quantifying Blockchain Extractable Value: How dark is the forest?](https://arxiv.org/pdf/2101.05511.pdf) + +Kaihua Qin, Liyi Zhou, Arthur Gervais. -~~[security] [Towards Practical and Cost-Effective Batching of Smart-Contract Invocations on Ethereum](). -Yibo Wang, Qi Zhang, Kai Li, Yuzhe Tang, Jiaqi Chen, Xiapu Luo, Ting Chen.~~ +[security] [SAILFISH: Vetting Smart Contract State-Inconsistency Bugs in Seconds](https://arxiv.org/pdf/2104.08638.pdf). + +Priyanka Bose, Dipanjan Das, Yanju Chen, Yu Feng, Christopher Kruegel, Giovanni Vigna. -[security] [ÐArcher: Detecting On-Chain-Off-Chain Synchronization Bugs in Decentralized Applications](https://dl.acm.org/doi/pdf/10.1145/3468264.3468546). +### 2021 -Wuqi Zhang, Lili Wei, Shuqing Li, Yepang Liu, Shing-Chi Cheung. +[security] [SmartPulse: Automated Checking of Temporal Properties in Smart Contracts](https://www.microsoft.com/en-us/research/uploads/prod/2021/02/SmartPulse-Oakland21-preprint.pdf). + +Jon Stephens, Kostas Ferles, Benjamin Mariano, Shuvendu Lahiri, Isil Dillig. -[application] [Making Smart Contract Development More Secure and Easier](https://dl.acm.org/doi/pdf/10.1145/3468264.3473929). +[security] [sGUARD: Towards Fixing Vulnerable Smart Contracts Automatically](https://arxiv.org/abs/2101.01917). + +Tai D. Nguyen, Long H. Pham, Jun Sun. IEEE S&P '21. -Meng Ren, Fuchen Ma, Zijing Yin, Ying Fu, Huizhong Li, Wanli Chang, Yu Jiang +[finance] [On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols](). + +Liyi Zhou, Kaihua Qin, Antoine Cully, Benjamin Livshits, Arthur Gervais. -[application] [iBatch: Saving Ethereum Fees via Secure and Cost-Effective Batching of Smart-Contract Invocations](https://dl.acm.org/doi/pdf/10.1145/3468264.3468568). +[security] [Compositional Security for Reentrant Applications](https://arxiv.org/abs/2103.08577). + +Ethan Cecchetti, Siqiu Yao, Haobin Ni, Andrew C. Myers. -Yibo Wang, Kai Li, Yuzhe Tang, Jiaqi Chen, Qi Zhang, Xiapu Luo, Ting Chen. +[security] [High-Frequency Trading on Decentralized On-Chain Exchanges](https://arxiv.org/pdf/2009.14021.pdf). + +Liyi Zhou, Kaihua Qin, Christof Ferreira Torres, Duc V Le, Arthur Gervais. ### 2020 -[security] [Towards Automated Verification of Smart Contract Fairness](https://dl.acm.org/doi/pdf/10.1145/3368089.3409740). - -Ye Liu, Yi Li, Shang-Wei Lin, Rong Zhao. FSE/ESEC '2020 +[security] [Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability](https://par.nsf.gov/servlets/purl/10159474). + +Philip Daian, Steven Goldfeder, T. Kell, Yunqi Li, Xueyuan Zhao, Iddo Bentov, Lorenz Breidenbach, A. Juels. -[security] [ModCon: a model-based testing platform for smart contracts](https://dl.acm.org/doi/pdf/10.1145/3368089.3417939). +[security] [VerX: Safety Verification of Smart Contracts](). + +Anton Permenev, Dimitar Dimitrov, Petar Tsankov, Dana Drachsler-Cohen, Martin Vechev. IEEE S&P '20. -Ye Liu, Yi Li, Shang-Wei Lin, Qiang Yan. FSE/ESEC '2020 +[security] [VeriSmart: A Highly Precise Safety Verifier for Ethereum Smart Contracts](). + +Sunbeom So, Myungho Lee, Jisu Park, Heejo Lee, Hakjoo Oh. IEEE S&P '20. -[security] [HARVEY:A Greybox Fuzzer for Smart Contracts](https://dl.acm.org/doi/pdf/10.1145/3368089.3417064). +[security] [Executable Operational Semantics of Solidity](https://arxiv.org/pdf/1804.01295.pdf). + +Jiao Jiao, Shuanglong Kan, Shang-Wei Lin, David Sanan, Yang Liu, Jun Sun. IEEE S&P '20. -Valentin Wüstholz, Maria Christakis. FSE/ESEC '2020 +### 2016 -### 2019 +[application] [Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts](https://eprint.iacr.org/2015/675.pdf). + +Kosba A, Miller A, Shi E, Wen Z, Papamanthou C. S&P '16 -[security] [EVMFuzzer: Detect EVM vulnerabilities via fuzz testing](https://dl.acm.org/doi/pdf/10.1145/3338906.3341175). +--- -Ying Fu, Meng Ren, Fuchen Ma, Heyuan Shi, Xin Yang, Yu Jiang, Huizhong Li, -Xiang Shi. FSE/ESEC '2019 +## CCS -[security] [A graph-based framework for analysing the design of smart contracts](https://dl.acm.org/doi/pdf/10.1145/3338906.3342495). +### 2022 -Bram Vandenbogaerde. +[security] [Empirical Analysis of EIP-1559: Transaction Fees, Waiting Time, and Consensus Security](https://arxiv.org/pdf/2201.05574.pdf). ---- +Liu, Yulin ; Lu, Yuxuan ; Nayak, Kartik ; Zhang, Fan ; Zhang, Luyao search by orcid ; Zhao, Yinhong. -## ISSTA +[security] [Towards Automated Safety Vetting of Smart Contracts in Decentralized Applications](https://yueduan.github.io/pub/smart_contracts_analysis__ccs22.pdf). -### 2022 +Yue Duan, Xin Zhao, Yu Pan, Shucheng Li, Minghao Li, Fengyuan Xu, and Mu Zhang. -[security] [WASAI: uncovering vulnerabilities in Wasm smart contracts](https://dl.acm.org/doi/pdf/10.1145/3533767.3534218). +[security] [VRust: Automated Vulnerability Detection for Solana Smart Contracts](). -Weimin Chen, Zihan Sun, Haoyu Wang, Xiapu Luo,Haipeng Cai ,Lei Wu. +Siwei Cui,Gang Zhao,Yifei Gao,Tien Tavu,Jeff Huang. -[security] [Finding permission bugs in smart contracts with role mining](https://dl.acm.org/doi/pdf/10.1145/3533767.3534372). +[security] [Understanding Security Issues in the NFT Ecosystem](https://arxiv.org/pdf/2111.08893.pdf). -Ye Liu,Yi Li,Shang-Wei Lin,Cyrille Artho. +Dipanjan Das, Priyanka Bose, Nicola Ruaro, Christopher Kruegel, Giovanni Vigna. -[security] [eTainter: detecting gas-related vulnerabilities in smart contracts](https://dl.acm.org/doi/pdf/10.1145/3533767.3534378). +### 2021 -Asem Ghaleb,Julia Rubin,Karthik Pattabiraman. +[security] [DETER: Denial of Ethereum Txpool sERvices](https://dl.acm.org/doi/pdf/10.1145/3460120.3485369). -[security] [Park: accelerating smart contract vulnerability detection via parallel-fork symbolic execution](https://dl.acm.org/doi/pdf/10.1145/3533767.3534395). +Kai Li, Yibo Wang, Yuzhe Tang. -Peilin Zheng, Zibin Zheng, Xiapu Luo. +### 2020 -[security] [SmartDagger: a bytecode-based static analysis approach for detecting cross-contract vulnerability](https://dl.acm.org/doi/pdf/10.1145/3533767.3534222). +[security] [ACE: Asynchronous and Concurrent Execution of Complex Smart Contracts](https://dl.acm.org/doi/pdf/10.1145/3372297.3417243). + CCS '2020 +Karl Wüst, Sinisa Matetic, Silvan Egli, Kari Kostiainen, Srdjan Capkun. -Zeqin Liao, Zibin Zheng, Xiao Chen, Yuhong Nan. +[security] [eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts](https://dl.acm.org/doi/pdf/10.1145/3372297.3417250). -### 2021 +Clara Schneidewind, Ilya Grishchenko, Markus Scherer, Matteo Maffei. CCS '2020. -[security] [Empirical Evaluation of Smart Contract Testing: What Is the Best Choice?](https://dl.acm.org/doi/pdf/10.1145/3460319.3464837). +### 2019 -Meng Ren, Zijing Yin, Fuchen Ma, Zhenyang Xu, Yu Jiang, Chengnian Sun, Huizhong Li, Yan Cai. +[SoftwareAnalysis] [TokenScope: Automatically Discovering Inconsistent Cryptocurrency Tokens](https://dl.acm.org/doi/pdf/10.1145/3319535.3345664). -### 2020 +Ting Chen ,Yufei Zhang ,Zihao Li, Xiapu Luo,Ting Wang,Rong Cao,Xiuzhuo Xiao,Xiaosong Zhang . CCS '19. -[security] [How effective are smart contract analysis tools? evaluating smart contract static analysis tools using bug injection](https://dl.acm.org/doi/abs/10.1145/3395363.3397385). +[security] [Learning to Fuzz from Symbolic Execution with Application to Smart Contracts](https://dl.acm.org/doi/pdf/10.1145/3319535.3363230). -Asem Ghaleb, Karthik Pattabiraman. +Jingxuan He, Mislav Balunovic, Nodar Ambroladze, Petar Tsankov, Martin Vechev. CCS '19. -[security] [Echidna: effective, usable, and fast fuzzing for smart contracts](https://dl.acm.org/doi/abs/10.1145/3395363.3404366). +[security] [Zkay: Specifying and Enforcing Data Privacy in Smart Contracts](https://dl.acm.org/doi/pdf/10.1145/3319535.3363222). -Gustavo Grieco, Will Song, Artur Cygan, Josselin Feist, Alex Groce. +Samuel Steffen, Benjamin Bichsel, Mario Gersbach , Noa Melchior , Petar Tsankov, Martin T Vechev. CCS '19. -[security] [EShield: protect smart contracts against reverse engineering](https://dl.acm.org/doi/pdf/10.1145/3395363.3404365). +### 2018 -Wentian Yan, Jianbo Gao, Zhenhao Wu, Yue Li, Zhi Guan, Qingshan Li, Zhong Chen. +[security] [Securify: Practical Security Analysis of Smart Contracts](https://dl.acm.org/doi/pdf/10.1145/3243734.3243780). -### 2019 +Petar Tsankov, Andrei Dan, Dana Drachsler Cohen, Arthur Gervais, Florian Buenzli, Martin Vechev. CCS '18. -[security] [SAFEVM: a safety verifier for Ethereum smart contracts](https://dl.acm.org/doi/pdf/10.1145/3293882.3338999). +[security] [BitML: a calculus for Bitcoin smart contracts Massimo](https://dl.acm.org/doi/pdf/10.1145/3243734.3243795). -Elvira Albert, Jesús Correasl, Pablo Gordillo, Guillermo Román-Díez, Albert Rubio. ISSTA '2019 +Bartoletti, Roberto Zunino. -[security] [Exploiting the laws of order in smart contracts](https://dl.acm.org/doi/pdf/10.1145/3293882.3330560). +### 2017 -Kolluri ANikolic,Ivica Nikolic, Ilya Sergey, Aquinas Hobor, Prateek Saxena. ISSTA '2019 +[security] [Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing](https://dl.acm.org/doi/pdf/10.1145/3133956.3134032). ---- +Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, Aad van Moorsel. -## ASE +### 2016 -### 2022 +[security] [Making Smart Contracts Smarter](https://dl.acm.org/doi/pdf/10.1145/2976749.2978309). -[security] [Reentrancy Vulnerability Detection and Localization: A Deep Learning Based Two-phase Approach](). +Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, Aquinas Hobor. CCS '16. -Zhuo Zhang, Yan Lei, Meng Yan, Yue Yu, Jiachi Chen, Shangwen Wang, Xiaoguang Mao. +[security] [Formal verification of smart contracts: Short paper](https://dl.acm.org/doi/10.1145/2993600.2993611). -[security] [Identifying Solidity Smart Contract API Documentation Errors](https://personal.ntu.edu.sg/yi_li/files/Zhu2022ISS.pdf). +Bhargavan K,Delignat-Lavaud A,Fournet C. CCS '16. -Chenguang Zhu, Ye Liu, Xiuheng Wu, and Yi Li. +[security] [Town crier: An authenticated data feed for smart contracts](https://dl.acm.org/doi/pdf/10.1145/2976749.2978326). -### 2021 +Fan Zhang, Ethan Cecchetti, Kyle Croman, Ari Juels, Elaine Shi. CCS '16. -[security] [GASOL: Gas Analysis and Optimization for Ethereum Smart Contracts](https://arxiv.org/pdf/1912.11929.pdf). +--- -Elvira Albert, Jesús Correas, Pablo Gordillo, Guillermo Román-Díez, Albert Rubio. +## USENIX Security -[security] [Automating User Notice Generation for Smart Contract Functions](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9678552). +### 2021 -Xing Hu, Zhipeng Gao, Xin Xia, David Lo, Xiaohu Yang. +[security] [Evil Under the Sun: Understanding and Discovering Attacks on Ethereum Decentralized Applications](https://www.usenix.org/system/files/sec21summer_su.pdf). -[security] [Characterizing Transaction-Reverting Statements in Ethereum Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9678597). +Liya Su, Xinyue Shen, Xiaojing Liao, XiaoFeng Wang, Luyi Xing. -Lu Liu, Lili Wei, Wuqi Zhang, Ming Wen, Yepang Liu, Shing-Chi Cheung. +[security] [EOSAFE: Security Analysis of EOSIO Smart Contracts](http://sei.pku.edu.cn/~yaoguo/papers/He-Security-21.pdf). -[security] [SMARTIAN: Enhancing Smart Contract Fuzzing with Static and Dynamic Analyses](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9678888). +Ningyu He, Ruiyi Zhang, Lei Wu, Haoyu Wang, Xiapu Luo, Yao Guo, Ting Yu, Xuxian Jiang. -Jaeseung Choi, Doyeon Kim, Soomin Kim, Gustavo Grieco, Alex Groce, Sang Kil Cha. +[security] [SmarTest: Effectively Hunting Vulnerable Transaction Sequences in Smart Contracts through Language Model-Guided Symbolic Execution](http://prl.korea.ac.kr/~ssb920/papers/sec21.pdf). -[security] [SigRec: Automatic Recovery of Function Signatures in Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9426396). +Sunbeom So, Seongjoon Hong, and Hakjoo Oh. -Ting Chen, zihao li, Xiapu Luo, XiaoFeng Wang, Ting Wang, Hongwei Li, Xiaosong Zhang. +[security] [Smart Contract Vulnerabilities: Vulnerable Does Not Imply Exploited](https://www.doc.ic.ac.uk/~livshits/papers/pdf/usenixsec21.pdf). -### 2020 +Daniel Perez, Benjamin Livshits. -[security] [Cross-Contract Static Analysis for Detecting Practical Reentrancy Vulnerabilities in Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9286095). +[security] [EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts](https://www.usenix.org/system/files/sec21summer_rodler.pdf). -Yinxing Xue, Mingliang Ma, Yun Lin, Yulei Sui, Jiaming Ye, Tianyong Peng. ASE '2020 +Michael Rodler, University of Duisburg-Essen; Wenting Li and Ghassan O. Karame, NEC Laboratories Europe; Lucas Davi -[security] [Demystifying Loops in Smart Contracts](https://dl.acm.org/doi/pdf/10.1145/3324884.3416626). +[security] [Frontrunner Jones and the Raiders of the Dark Forest: An Empirical Study of Frontrunning on the Ethereum Blockchain](https://arxiv.org/abs/2102.03347). -Benjamin Mariano, Yanju Chen, Yu Feng, Shuvendu K. Lahiri, Isil Dillig. ASE '2020 +Christof Ferreira Torres, Ramiro Camino, Radu State. -[security] [Summary-Based Symbolic Evaluation for Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9286081). +### 2020 -Yu Feng, Emina Torlak, Rastislav Bodik. ASE '2020 +[security] [ETHBMC: A Bounded Model Checker for Smart Contracts](https://www.usenix.org/system/files/sec20-frank.pdf). -[security] [Finding Ethereum Smart Contracts Security Issues by Comparing History Versions](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9286004). +Joel Frank, Cornelius Aschermann, and Thorsten Holz. USENIX '20 Security Symposium. -Jiachi Chen. ASE '2020 +[security] [TXSPECTOR: Uncovering Attacks in Ethereum from Transactions](https://www.usenix.org/system/files/sec20-zhang-mengya.pdf). + +Mengya Zhang, Xiaokuan Zhang, Yinqian Zhang, and Zhiqiang Lin. USENIX '20 Security Symposium. -### 2019 +[security] [An Ever-evolving Game: Evaluation of Real-world Attacks and Defenses in Ethereum Ecosystem](https://www.usenix.org/system/files/sec20-zhou-shunfan.pdf). -[security] [Manticore: A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8952204). +Shunfan Zhou, Zhemin Yang, and Jie Xiang, Yinzhi Cao,Min Yang and Yuan Zhang. USENIX '20 Security Symposium. -Mark Mossberg, Felipe Manzano, Eric Hennenfent, Alex Groce, Gustavo Grieco, Josselin Feist, Trent Brunson, Artem Dinaburg. +### 2019 -[security] [MuSC: A Tool for Mutation Testing of Ethereum Smart Contract](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8952206). +[security] [The art of the scam: Demystifying honeypots in ethereum smart contracts](https://www.usenix.org/system/files/sec19-torres.pdf). -Zixin Li, Haoran Wu, Jiehui Xu, Xingya Wang, Lingming Zhang, Zhenyu Chen. +Torres C., Steichen M., State R. USENIX '19 Security Symposium. -[security] [Securing Smart Contracts in Blockchain](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8967424). +[application] [FastKitten: Practical Smart Contracts on Bitcoin](). -Jaturong Kongmanee, Phongphun Kijsanayothin, Rattikorn Hewett. +Poulami Das, Lisa Eckey, Tommaso Frassetto, David Gens, Kristina Hostáková, Patrick Jauernig, Sebastian Faust, and Ahmad-Reza Sadeghi. USENIX '19 Security Symposium. -### 2018 +### 2018 -[security] [ContractFuzzer: Fuzzing Smart Contracts for Vulnerability](https://dl.acm.org/doi/pdf/10.1145/3238147.3238177). +[security] [Erays: Reverse Engineering Ethereum's Opaque Smart Contracts](https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-zhou.pdf). + +Yi Zhou, Deepak Kumar, Surya Bakshi, Joshua Mason, Andrew Miller, and Michael Bailey. USENIX '18 Security Symposium. -Bo Jiang, Ye Liu, W.K. Chan. ASE '2018 +[security] [teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts](https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-krupp.pdf). + +Johannes Krupp and Christian Rossow. USENIX '18 Security Symposium. -[security] [S-gram: towards semantic-aware security auditing for Ethereum smart contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9000031). +[application] [Arbitrum: Scalable, private smart contracts](https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-kalodner.pdf). + +Harry Kalodner, Steven Goldfeder, Xiaoqi Chen, S. Matthew Weinberg, Edward W. Felten. USENIX '18 Security Symposium. -Han Liu, Chao Liu, Wenqi Zhao, Yu Jiang, Jiaguang Sun. +[security] [Enter the Hydra: Towards principled bug bounties and exploit-resistant smart contracts](https://eprint.iacr.org/2017/1090.pdf). + +Breidenbach L,Daian P,Tramèr F. USENIX '18 Security Symposium. --- -## ICSE - -### 2022 - -[security] [Utilizing Parallelism in Smart Contracts on Decentralized Blockchains by Taming Application-Inherent Conflicts](https://dl.acm.org/doi/pdf/10.1145/3510003.3510086). - -Péter Garamvölgyi, Yuxi Liu, Dong Zhou, Fan Long, Ming Wu. +## NDSS ### 2021 -[security] [Smart Contract Security: a Practitioners’ Perspective](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9402082). +[application] [Bitcontracts: Supporting Smart Contracts in Legacy Blockchains](). + +Karl Wüst, Loris Diana, and Kari Kostiainen (ETH Zurich); Ghassan Karame; Sinisa Matetic and Srdjan Capkun (ETH Zurich) -Zhiyuan Wan, Xin Xia, David Lo, Jiachi Chen, Xiapu Luo, Xiaohu Yang. +[Sercurity] [As Strong As Its Weakest Link: How to Break Blockchain DApps at RPC Service](https://www.ndss-symposium.org/wp-content/uploads/ndss2021_3C-1_23108_paper.pdf). + +Kai Li, Jiaqi Chen, Xianghong Liu, and Yuzhe Tang; XiaoFeng Wang; Xiapu Luo + +[Sercurity] [SquirRL: Automating Attack Analysis on Blockchain Incentive Mechanisms with Deep Reinforcement Learning](https://arxiv.org/abs/1912.01798). + +Charlie Hou; Mingxun Zhou; Yan Ji and Phil Daian; Florian Tramèr; Giulia Fanti; Ari Juels ### 2020 -[security] [Empirical Review of Automated Analysis Tools on 47,587 Ethereum Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9284023). +[security] [SODA: A Generic Online Detection Framework for Smart Contracts](https://www.ndss-symposium.org/wp-content/uploads/2020/02/24449-paper.pdf). + +Ting Chen, Rong Cao, Ting Li, Xiapu Luo, Guofei Gu, Yufei Zhang, Zhou Liao, Hang Zhu, Gang Chen, Zheyuan He, Yuxing Tang, Xiaodong Lin, and Xiaosong Zhang. NDSS '20. -Thomas Durieux, João F. Ferreira, Rui Abreu, Pedro Cruz. +[security] [Broken Metre: Attacking Resource Metering in EVM](https://arxiv.org/pdf/1909.07220.pdf). + +Daniel Perez, and Benjamin Livshits. NDSS '20. -[security] [sFuzz-An Efficient Adaptive Fuzzer for Solidity Smart Contracts](https://arxiv.org/pdf/2004.08563.pdf). +### 2019 -Tai D. Nguyen, Long H. Pham, Jun Sun, Yun Lin, Quang Tran Minh. +[security] [Seth: Protecting Existing Smart Contracts Against Re-Entrancy Attacks](https://arxiv.org/pdf/1812.05934.pdf). + +Michael Rodler, Wenting Li and Ghassan Karame, Lucas Davi. NDSS '19. -[security] [Smart Contract Development: Challenges and Opportunities](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8847638). +[security] [YODA: Enabling computationally intensive contracts on blockchains with Byzantine and Selfish nodes](https://arxiv.org/pdf/1811.03265.pdf). + +Sourav Das, Vinay Joseph Ribeiro, and Abhijeet Anand. NDSS '19. -Weiqin Zou, David Lo, Pavneet Singh Kochhar, Xuan-Bach D. Le, Xin Xia, Yang Feng, Zhenyu Chen, Baowen Xu. - -[security] [Targeted Greybox Fuzzing with Static Lookahead Analysis](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9284040). +[security] [Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks](). + +Michael Rodler, Wenting Li, Ghassan O. Karame, Lucas Davi. -Valentin Wüstholz, Maria Christakis. +### 2018 -[security] [Gap between Theory and Practice : An Empirical Study of Security Patches in Solidity](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9283944). +[security] ["Zeus": Analyzing Safety of Smart Contracts](http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_09-1_Kalra_paper.pdf). -Sungjae Hwang, Sukyoung Ryu +Kalra S, Goel S, Dhawan M, Sharma S. NDSS '18. -[security] [Seraph: Enabling Cross-Platform Security Analysis For EVM and WASM Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9270363). - -Z Yang +[security] [Chainspace: A Sharded Smart Contracts Platform](). -### 2019 +Mustafa Al-Bassam, Alberto Sonnino, Shehar Bano, Dave Hrycyszyn, George Danezis. -[security] [Gigahorse: Thorough, Declarative Decompilation of Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8811905). +## ESEC/FSE -Neville Grech, Lexi Brent, Bernhard Scholz, Yannis Smaragdakis. +### 2022 -[security] [VULTRON: Catching Vulnerable Smart Contracts Once and for All](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8805696). +[security] [An Empirical Study of Blockchain System Vulnerabilities: Modules, Types, and Patterns](). -Haijun Wang, Yi Li, Shang-Wei Lin, Lei Ma, Yang Liu. +Xiao Yi, Daoyuan Wu, Lingxiao Jiang, Yuzhou Fang, Kehuan Zhang, Wei Zhang. -### 2018 +[security] [Declarative Smart Contracts](https://arxiv.org/pdf/2207.13827.pdf). -[security] [ReGuard: Finding Reentrancy Bugs in Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8805696). +Haoxian Chen, Gerald Whitters, Mohammad Javad Amiri, Yuepeng Wang, Boon Thau Loo. -Chao Liu, Han Liu, Zhao Cao, Zhong Chen, Bangdao Chen, Bill Roscoe. +### 2021 ---- +~~[security] [Towards Practical and Cost-Effective Batching of Smart-Contract Invocations on Ethereum](). +Yibo Wang, Qi Zhang, Kai Li, Yuzhe Tang, Jiaqi Chen, Xiapu Luo, Ting Chen.~~ -## CCS +[security] [ÐArcher: Detecting On-Chain-Off-Chain Synchronization Bugs in Decentralized Applications](https://dl.acm.org/doi/pdf/10.1145/3468264.3468546). -### 2022 +Wuqi Zhang, Lili Wei, Shuqing Li, Yepang Liu, Shing-Chi Cheung. -[security] [Empirical Analysis of EIP-1559: Transaction Fees, Waiting Time, and Consensus Security](https://arxiv.org/pdf/2201.05574.pdf). +[application] [Making Smart Contract Development More Secure and Easier](https://dl.acm.org/doi/pdf/10.1145/3468264.3473929). -Liu, Yulin ; Lu, Yuxuan ; Nayak, Kartik ; Zhang, Fan ; Zhang, Luyao search by orcid ; Zhao, Yinhong. +Meng Ren, Fuchen Ma, Zijing Yin, Ying Fu, Huizhong Li, Wanli Chang, Yu Jiang -[security] [Towards Automated Safety Vetting of Smart Contracts in Decentralized Applications](https://yueduan.github.io/pub/smart_contracts_analysis__ccs22.pdf). +[application] [iBatch: Saving Ethereum Fees via Secure and Cost-Effective Batching of Smart-Contract Invocations](https://dl.acm.org/doi/pdf/10.1145/3468264.3468568). -Yue Duan, Xin Zhao, Yu Pan, Shucheng Li, Minghao Li, Fengyuan Xu, and Mu Zhang. +Yibo Wang, Kai Li, Yuzhe Tang, Jiaqi Chen, Qi Zhang, Xiapu Luo, Ting Chen. -[security] [VRust: Automated Vulnerability Detection for Solana Smart Contracts](). +### 2020 -Siwei Cui,Gang Zhao,Yifei Gao,Tien Tavu,Jeff Huang. +[security] [Towards Automated Verification of Smart Contract Fairness](https://dl.acm.org/doi/pdf/10.1145/3368089.3409740). -[security] [Understanding Security Issues in the NFT Ecosystem](https://arxiv.org/pdf/2111.08893.pdf). +Ye Liu, Yi Li, Shang-Wei Lin, Rong Zhao. FSE/ESEC '2020 -Dipanjan Das, Priyanka Bose, Nicola Ruaro, Christopher Kruegel, Giovanni Vigna. +[security] [ModCon: a model-based testing platform for smart contracts](https://dl.acm.org/doi/pdf/10.1145/3368089.3417939). -### 2021 +Ye Liu, Yi Li, Shang-Wei Lin, Qiang Yan. FSE/ESEC '2020 -[security] [DETER: Denial of Ethereum Txpool sERvices](https://dl.acm.org/doi/pdf/10.1145/3460120.3485369). +[security] [HARVEY:A Greybox Fuzzer for Smart Contracts](https://dl.acm.org/doi/pdf/10.1145/3368089.3417064). -Kai Li, Yibo Wang, Yuzhe Tang. +Valentin Wüstholz, Maria Christakis. FSE/ESEC '2020 -### 2020 +### 2019 -[security] [ACE: Asynchronous and Concurrent Execution of Complex Smart Contracts](https://dl.acm.org/doi/pdf/10.1145/3372297.3417243). - CCS '2020 -Karl Wüst, Sinisa Matetic, Silvan Egli, Kari Kostiainen, Srdjan Capkun. +[security] [EVMFuzzer: Detect EVM vulnerabilities via fuzz testing](https://dl.acm.org/doi/pdf/10.1145/3338906.3341175). -[security] [eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts](https://dl.acm.org/doi/pdf/10.1145/3372297.3417250). +Ying Fu, Meng Ren, Fuchen Ma, Heyuan Shi, Xin Yang, Yu Jiang, Huizhong Li, +Xiang Shi. FSE/ESEC '2019 -Clara Schneidewind, Ilya Grishchenko, Markus Scherer, Matteo Maffei. CCS '2020. +[security] [A graph-based framework for analysing the design of smart contracts](https://dl.acm.org/doi/pdf/10.1145/3338906.3342495). -### 2019 +Bram Vandenbogaerde. -[SoftwareAnalysis] [TokenScope: Automatically Discovering Inconsistent Cryptocurrency Tokens](https://dl.acm.org/doi/pdf/10.1145/3319535.3345664). +--- -Ting Chen ,Yufei Zhang ,Zihao Li, Xiapu Luo,Ting Wang,Rong Cao,Xiuzhuo Xiao,Xiaosong Zhang . CCS '19. +## ISSTA -[security] [Learning to Fuzz from Symbolic Execution with Application to Smart Contracts](https://dl.acm.org/doi/pdf/10.1145/3319535.3363230). +### 2022 -Jingxuan He, Mislav Balunovic, Nodar Ambroladze, Petar Tsankov, Martin Vechev. CCS '19. +[security] [WASAI: uncovering vulnerabilities in Wasm smart contracts](https://dl.acm.org/doi/pdf/10.1145/3533767.3534218). -[security] [Zkay: Specifying and Enforcing Data Privacy in Smart Contracts](https://dl.acm.org/doi/pdf/10.1145/3319535.3363222). +Weimin Chen, Zihan Sun, Haoyu Wang, Xiapu Luo,Haipeng Cai ,Lei Wu. -Samuel Steffen, Benjamin Bichsel, Mario Gersbach , Noa Melchior , Petar Tsankov, Martin T Vechev. CCS '19. +[security] [Finding permission bugs in smart contracts with role mining](https://dl.acm.org/doi/pdf/10.1145/3533767.3534372). -### 2018 +Ye Liu,Yi Li,Shang-Wei Lin,Cyrille Artho. -[security] [Securify: Practical Security Analysis of Smart Contracts](https://dl.acm.org/doi/pdf/10.1145/3243734.3243780). +[security] [eTainter: detecting gas-related vulnerabilities in smart contracts](https://dl.acm.org/doi/pdf/10.1145/3533767.3534378). -Petar Tsankov, Andrei Dan, Dana Drachsler Cohen, Arthur Gervais, Florian Buenzli, Martin Vechev. CCS '18. +Asem Ghaleb,Julia Rubin,Karthik Pattabiraman. -[security] [BitML: a calculus for Bitcoin smart contracts Massimo](https://dl.acm.org/doi/pdf/10.1145/3243734.3243795). +[security] [Park: accelerating smart contract vulnerability detection via parallel-fork symbolic execution](https://dl.acm.org/doi/pdf/10.1145/3533767.3534395). -Bartoletti, Roberto Zunino. +Peilin Zheng, Zibin Zheng, Xiapu Luo. -### 2017 +[security] [SmartDagger: a bytecode-based static analysis approach for detecting cross-contract vulnerability](https://dl.acm.org/doi/pdf/10.1145/3533767.3534222). -[security] [Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing](https://dl.acm.org/doi/pdf/10.1145/3133956.3134032). +Zeqin Liao, Zibin Zheng, Xiao Chen, Yuhong Nan. -Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, Aad van Moorsel. +### 2021 -### 2016 +[security] [Empirical Evaluation of Smart Contract Testing: What Is the Best Choice?](https://dl.acm.org/doi/pdf/10.1145/3460319.3464837). -[security] [Making Smart Contracts Smarter](https://dl.acm.org/doi/pdf/10.1145/2976749.2978309). +Meng Ren, Zijing Yin, Fuchen Ma, Zhenyang Xu, Yu Jiang, Chengnian Sun, Huizhong Li, Yan Cai. -Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, Aquinas Hobor. CCS '16. +### 2020 -[security] [Formal verification of smart contracts: Short paper](https://dl.acm.org/doi/10.1145/2993600.2993611). +[security] [How effective are smart contract analysis tools? evaluating smart contract static analysis tools using bug injection](https://dl.acm.org/doi/abs/10.1145/3395363.3397385). -Bhargavan K,Delignat-Lavaud A,Fournet C. CCS '16. +Asem Ghaleb, Karthik Pattabiraman. -[security] [Town crier: An authenticated data feed for smart contracts](https://dl.acm.org/doi/pdf/10.1145/2976749.2978326). +[security] [Echidna: effective, usable, and fast fuzzing for smart contracts](https://dl.acm.org/doi/abs/10.1145/3395363.3404366). -Fan Zhang, Ethan Cecchetti, Kyle Croman, Ari Juels, Elaine Shi. CCS '16. +Gustavo Grieco, Will Song, Artur Cygan, Josselin Feist, Alex Groce. ---- +[security] [EShield: protect smart contracts against reverse engineering](https://dl.acm.org/doi/pdf/10.1145/3395363.3404365). -## USENIX Security +Wentian Yan, Jianbo Gao, Zhenhao Wu, Yue Li, Zhi Guan, Qingshan Li, Zhong Chen. -### 2021 +### 2019 -[security] [Evil Under the Sun: Understanding and Discovering Attacks on Ethereum Decentralized Applications](https://www.usenix.org/system/files/sec21summer_su.pdf). +[security] [SAFEVM: a safety verifier for Ethereum smart contracts](https://dl.acm.org/doi/pdf/10.1145/3293882.3338999). -Liya Su, Xinyue Shen, Xiaojing Liao, XiaoFeng Wang, Luyi Xing. +Elvira Albert, Jesús Correasl, Pablo Gordillo, Guillermo Román-Díez, Albert Rubio. ISSTA '2019 -[security] [EOSAFE: Security Analysis of EOSIO Smart Contracts](http://sei.pku.edu.cn/~yaoguo/papers/He-Security-21.pdf). +[security] [Exploiting the laws of order in smart contracts](https://dl.acm.org/doi/pdf/10.1145/3293882.3330560). -Ningyu He, Ruiyi Zhang, Lei Wu, Haoyu Wang, Xiapu Luo, Yao Guo, Ting Yu, Xuxian Jiang. +Kolluri ANikolic,Ivica Nikolic, Ilya Sergey, Aquinas Hobor, Prateek Saxena. ISSTA '2019 -[security] [SmarTest: Effectively Hunting Vulnerable Transaction Sequences in Smart Contracts through Language Model-Guided Symbolic Execution](http://prl.korea.ac.kr/~ssb920/papers/sec21.pdf). +--- -Sunbeom So, Seongjoon Hong, and Hakjoo Oh. +## ASE -[security] [Smart Contract Vulnerabilities: Vulnerable Does Not Imply Exploited](https://www.doc.ic.ac.uk/~livshits/papers/pdf/usenixsec21.pdf). +### 2022 -Daniel Perez, Benjamin Livshits. +[security] [Reentrancy Vulnerability Detection and Localization: A Deep Learning Based Two-phase Approach](). -[security] [EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts](https://www.usenix.org/system/files/sec21summer_rodler.pdf). +Zhuo Zhang, Yan Lei, Meng Yan, Yue Yu, Jiachi Chen, Shangwen Wang, Xiaoguang Mao. -Michael Rodler, University of Duisburg-Essen; Wenting Li and Ghassan O. Karame, NEC Laboratories Europe; Lucas Davi +[security] [Identifying Solidity Smart Contract API Documentation Errors](https://personal.ntu.edu.sg/yi_li/files/Zhu2022ISS.pdf). -[security] [Frontrunner Jones and the Raiders of the Dark Forest: An Empirical Study of Frontrunning on the Ethereum Blockchain](https://arxiv.org/abs/2102.03347). +Chenguang Zhu, Ye Liu, Xiuheng Wu, and Yi Li. -Christof Ferreira Torres, Ramiro Camino, Radu State. +### 2021 -### 2020 +[security] [GASOL: Gas Analysis and Optimization for Ethereum Smart Contracts](https://arxiv.org/pdf/1912.11929.pdf). -[security] [ETHBMC: A Bounded Model Checker for Smart Contracts](https://www.usenix.org/system/files/sec20-frank.pdf). +Elvira Albert, Jesús Correas, Pablo Gordillo, Guillermo Román-Díez, Albert Rubio. -Joel Frank, Cornelius Aschermann, and Thorsten Holz. USENIX '20 Security Symposium. +[security] [Automating User Notice Generation for Smart Contract Functions](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9678552). -[security] [TXSPECTOR: Uncovering Attacks in Ethereum from Transactions](https://www.usenix.org/system/files/sec20-zhang-mengya.pdf). - -Mengya Zhang, Xiaokuan Zhang, Yinqian Zhang, and Zhiqiang Lin. USENIX '20 Security Symposium. +Xing Hu, Zhipeng Gao, Xin Xia, David Lo, Xiaohu Yang. -[security] [An Ever-evolving Game: Evaluation of Real-world Attacks and Defenses in Ethereum Ecosystem](https://www.usenix.org/system/files/sec20-zhou-shunfan.pdf). +[security] [Characterizing Transaction-Reverting Statements in Ethereum Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9678597). -Shunfan Zhou, Zhemin Yang, and Jie Xiang, Yinzhi Cao,Min Yang and Yuan Zhang. USENIX '20 Security Symposium. +Lu Liu, Lili Wei, Wuqi Zhang, Ming Wen, Yepang Liu, Shing-Chi Cheung. -### 2019 +[security] [SMARTIAN: Enhancing Smart Contract Fuzzing with Static and Dynamic Analyses](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9678888). -[security] [The art of the scam: Demystifying honeypots in ethereum smart contracts](https://www.usenix.org/system/files/sec19-torres.pdf). +Jaeseung Choi, Doyeon Kim, Soomin Kim, Gustavo Grieco, Alex Groce, Sang Kil Cha. -Torres C., Steichen M., State R. USENIX '19 Security Symposium. +[security] [SigRec: Automatic Recovery of Function Signatures in Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9426396). -[application] [FastKitten: Practical Smart Contracts on Bitcoin](). +Ting Chen, zihao li, Xiapu Luo, XiaoFeng Wang, Ting Wang, Hongwei Li, Xiaosong Zhang. -Poulami Das, Lisa Eckey, Tommaso Frassetto, David Gens, Kristina Hostáková, Patrick Jauernig, Sebastian Faust, and Ahmad-Reza Sadeghi. USENIX '19 Security Symposium. +### 2020 -### 2018 +[security] [Cross-Contract Static Analysis for Detecting Practical Reentrancy Vulnerabilities in Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9286095). -[security] [Erays: Reverse Engineering Ethereum's Opaque Smart Contracts](https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-zhou.pdf). - -Yi Zhou, Deepak Kumar, Surya Bakshi, Joshua Mason, Andrew Miller, and Michael Bailey. USENIX '18 Security Symposium. +Yinxing Xue, Mingliang Ma, Yun Lin, Yulei Sui, Jiaming Ye, Tianyong Peng. ASE '2020 -[security] [teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts](https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-krupp.pdf). - -Johannes Krupp and Christian Rossow. USENIX '18 Security Symposium. +[security] [Demystifying Loops in Smart Contracts](https://dl.acm.org/doi/pdf/10.1145/3324884.3416626). -[application] [Arbitrum: Scalable, private smart contracts](https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-kalodner.pdf). - -Harry Kalodner, Steven Goldfeder, Xiaoqi Chen, S. Matthew Weinberg, Edward W. Felten. USENIX '18 Security Symposium. +Benjamin Mariano, Yanju Chen, Yu Feng, Shuvendu K. Lahiri, Isil Dillig. ASE '2020 -[security] [Enter the Hydra: Towards principled bug bounties and exploit-resistant smart contracts](https://eprint.iacr.org/2017/1090.pdf). - -Breidenbach L,Daian P,Tramèr F. USENIX '18 Security Symposium. +[security] [Summary-Based Symbolic Evaluation for Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9286081). ------- +Yu Feng, Emina Torlak, Rastislav Bodik. ASE '2020 -## S&P +[security] [Finding Ethereum Smart Contracts Security Issues by Comparing History Versions](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9286004). -### 2022 +Jiachi Chen. ASE '2020 -[security] [Quantifying Blockchain Extractable Value: How dark is the forest?](https://arxiv.org/pdf/2101.05511.pdf) - -Kaihua Qin, Liyi Zhou, Arthur Gervais. +### 2019 -[security] [SAILFISH: Vetting Smart Contract State-Inconsistency Bugs in Seconds](https://arxiv.org/pdf/2104.08638.pdf). - -Priyanka Bose, Dipanjan Das, Yanju Chen, Yu Feng, Christopher Kruegel, Giovanni Vigna. +[security] [Manticore: A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8952204). -### 2021 +Mark Mossberg, Felipe Manzano, Eric Hennenfent, Alex Groce, Gustavo Grieco, Josselin Feist, Trent Brunson, Artem Dinaburg. -[security] [SmartPulse: Automated Checking of Temporal Properties in Smart Contracts](https://www.microsoft.com/en-us/research/uploads/prod/2021/02/SmartPulse-Oakland21-preprint.pdf). - -Jon Stephens, Kostas Ferles, Benjamin Mariano, Shuvendu Lahiri, Isil Dillig. +[security] [MuSC: A Tool for Mutation Testing of Ethereum Smart Contract](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8952206). -[security] [sGUARD: Towards Fixing Vulnerable Smart Contracts Automatically](https://arxiv.org/abs/2101.01917). - -Tai D. Nguyen, Long H. Pham, Jun Sun. IEEE S&P '21. +Zixin Li, Haoran Wu, Jiehui Xu, Xingya Wang, Lingming Zhang, Zhenyu Chen. -[finance] [On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols](). - -Liyi Zhou, Kaihua Qin, Antoine Cully, Benjamin Livshits, Arthur Gervais. +[security] [Securing Smart Contracts in Blockchain](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8967424). -[security] [Compositional Security for Reentrant Applications](https://arxiv.org/abs/2103.08577). - -Ethan Cecchetti, Siqiu Yao, Haobin Ni, Andrew C. Myers. +Jaturong Kongmanee, Phongphun Kijsanayothin, Rattikorn Hewett. -[security] [High-Frequency Trading on Decentralized On-Chain Exchanges](https://arxiv.org/pdf/2009.14021.pdf). - -Liyi Zhou, Kaihua Qin, Christof Ferreira Torres, Duc V Le, Arthur Gervais. +### 2018 -### 2020 +[security] [ContractFuzzer: Fuzzing Smart Contracts for Vulnerability](https://dl.acm.org/doi/pdf/10.1145/3238147.3238177). -[security] [Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability](https://par.nsf.gov/servlets/purl/10159474). - -Philip Daian, Steven Goldfeder, T. Kell, Yunqi Li, Xueyuan Zhao, Iddo Bentov, Lorenz Breidenbach, A. Juels. +Bo Jiang, Ye Liu, W.K. Chan. ASE '2018 -[security] [VerX: Safety Verification of Smart Contracts](). - -Anton Permenev, Dimitar Dimitrov, Petar Tsankov, Dana Drachsler-Cohen, Martin Vechev. IEEE S&P '20. +[security] [S-gram: towards semantic-aware security auditing for Ethereum smart contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9000031). -[security] [VeriSmart: A Highly Precise Safety Verifier for Ethereum Smart Contracts](). - -Sunbeom So, Myungho Lee, Jisu Park, Heejo Lee, Hakjoo Oh. IEEE S&P '20. +Han Liu, Chao Liu, Wenqi Zhao, Yu Jiang, Jiaguang Sun. -[security] [Executable Operational Semantics of Solidity](https://arxiv.org/pdf/1804.01295.pdf). - -Jiao Jiao, Shuanglong Kan, Shang-Wei Lin, David Sanan, Yang Liu, Jun Sun. IEEE S&P '20. +--- -### 2016 +## ICSE -[application] [Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts](https://eprint.iacr.org/2015/675.pdf). - -Kosba A, Miller A, Shi E, Wen Z, Papamanthou C. S&P '16 +### 2022 ---- +[security] [Utilizing Parallelism in Smart Contracts on Decentralized Blockchains by Taming Application-Inherent Conflicts](https://dl.acm.org/doi/pdf/10.1145/3510003.3510086). -## NDSS +Péter Garamvölgyi, Yuxi Liu, Dong Zhou, Fan Long, Ming Wu. ### 2021 -[application] [Bitcontracts: Supporting Smart Contracts in Legacy Blockchains](). - -Karl Wüst, Loris Diana, and Kari Kostiainen (ETH Zurich); Ghassan Karame; Sinisa Matetic and Srdjan Capkun (ETH Zurich) - -[Sercurity] [As Strong As Its Weakest Link: How to Break Blockchain DApps at RPC Service](https://www.ndss-symposium.org/wp-content/uploads/ndss2021_3C-1_23108_paper.pdf). - -Kai Li, Jiaqi Chen, Xianghong Liu, and Yuzhe Tang; XiaoFeng Wang; Xiapu Luo +[security] [Smart Contract Security: a Practitioners’ Perspective](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9402082). -[Sercurity] [SquirRL: Automating Attack Analysis on Blockchain Incentive Mechanisms with Deep Reinforcement Learning](https://arxiv.org/abs/1912.01798). - -Charlie Hou; Mingxun Zhou; Yan Ji and Phil Daian; Florian Tramèr; Giulia Fanti; Ari Juels +Zhiyuan Wan, Xin Xia, David Lo, Jiachi Chen, Xiapu Luo, Xiaohu Yang. ### 2020 -[security] [SODA: A Generic Online Detection Framework for Smart Contracts](https://www.ndss-symposium.org/wp-content/uploads/2020/02/24449-paper.pdf). - -Ting Chen, Rong Cao, Ting Li, Xiapu Luo, Guofei Gu, Yufei Zhang, Zhou Liao, Hang Zhu, Gang Chen, Zheyuan He, Yuxing Tang, Xiaodong Lin, and Xiaosong Zhang. NDSS '20. +[security] [Empirical Review of Automated Analysis Tools on 47,587 Ethereum Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9284023). -[security] [Broken Metre: Attacking Resource Metering in EVM](https://arxiv.org/pdf/1909.07220.pdf). - -Daniel Perez, and Benjamin Livshits. NDSS '20. +Thomas Durieux, João F. Ferreira, Rui Abreu, Pedro Cruz. -### 2019 +[security] [sFuzz-An Efficient Adaptive Fuzzer for Solidity Smart Contracts](https://arxiv.org/pdf/2004.08563.pdf). -[security] [Seth: Protecting Existing Smart Contracts Against Re-Entrancy Attacks](https://arxiv.org/pdf/1812.05934.pdf). - -Michael Rodler, Wenting Li and Ghassan Karame, Lucas Davi. NDSS '19. +Tai D. Nguyen, Long H. Pham, Jun Sun, Yun Lin, Quang Tran Minh. -[security] [YODA: Enabling computationally intensive contracts on blockchains with Byzantine and Selfish nodes](https://arxiv.org/pdf/1811.03265.pdf). - -Sourav Das, Vinay Joseph Ribeiro, and Abhijeet Anand. NDSS '19. +[security] [Smart Contract Development: Challenges and Opportunities](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8847638). -[security] [Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks](). - -Michael Rodler, Wenting Li, Ghassan O. Karame, Lucas Davi. +Weiqin Zou, David Lo, Pavneet Singh Kochhar, Xuan-Bach D. Le, Xin Xia, Yang Feng, Zhenyu Chen, Baowen Xu. -### 2018 +[security] [Targeted Greybox Fuzzing with Static Lookahead Analysis](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9284040). -[security] ["Zeus": Analyzing Safety of Smart Contracts](http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_09-1_Kalra_paper.pdf). +Valentin Wüstholz, Maria Christakis. -Kalra S, Goel S, Dhawan M, Sharma S. NDSS '18. +[security] [Gap between Theory and Practice : An Empirical Study of Security Patches in Solidity](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9283944). -[security] [Chainspace: A Sharded Smart Contracts Platform](). +Sungjae Hwang, Sukyoung Ryu -Mustafa Al-Bassam, Alberto Sonnino, Shehar Bano, Dave Hrycyszyn, George Danezis. +[security] [Seraph: Enabling Cross-Platform Security Analysis For EVM and WASM Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9270363). + +Z Yang +### 2019 +[security] [Gigahorse: Thorough, Declarative Decompilation of Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8811905). ------- +Neville Grech, Lexi Brent, Bernhard Scholz, Yannis Smaragdakis. +[security] [VULTRON: Catching Vulnerable Smart Contracts Once and for All](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8805696). +Haijun Wang, Yi Li, Shang-Wei Lin, Lei Ma, Yang Liu. + +### 2018 + +[security] [ReGuard: Finding Reentrancy Bugs in Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8805696). + +Chao Liu, Han Liu, Zhao Cao, Zhong Chen, Bangdao Chen, Bill Roscoe. + +--- ## SOSP