{"id":"https://openalex.org/W7092299523","doi":"https://doi.org/10.1109/tse.2025.3605145","title":"Who Is Pulling the Strings: Unveiling Smart Contract State Manipulation Attacks Through State-Aware Dataflow Analysis","display_name":"Who Is Pulling the Strings: Unveiling Smart Contract State Manipulation Attacks Through State-Aware Dataflow Analysis","publication_year":2025,"publication_date":"2025-10-01","ids":{"openalex":"https://openalex.org/W7092299523","doi":"https://doi.org/10.1109/tse.2025.3605145"},"language":null,"primary_location":{"id":"doi:10.1109/tse.2025.3605145","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2025.3605145","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Shuo Yang","orcid":"https://orcid.org/0009-0004-4919-3138"},"institutions":[{"id":"https://openalex.org/I157773358","display_name":"Sun Yat-sen University","ror":"https://ror.org/0064kty71","country_code":"CN","type":"education","lineage":["https://openalex.org/I157773358"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Shuo Yang","raw_affiliation_strings":["School of Software Engineering, Sun Yat-sen University, Zhuhai, China"],"affiliations":[{"raw_affiliation_string":"School of Software Engineering, Sun Yat-sen University, Zhuhai, China","institution_ids":["https://openalex.org/I157773358"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Jiachi Chen","orcid":"https://orcid.org/0000-0002-0192-9992"},"institutions":[{"id":"https://openalex.org/I157773358","display_name":"Sun Yat-sen University","ror":"https://ror.org/0064kty71","country_code":"CN","type":"education","lineage":["https://openalex.org/I157773358"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiachi Chen","raw_affiliation_strings":["School of Software Engineering, Sun Yat-sen University, Zhuhai, China"],"affiliations":[{"raw_affiliation_string":"School of Software Engineering, Sun Yat-sen University, Zhuhai, China","institution_ids":["https://openalex.org/I157773358"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Lei Xiao","orcid":"https://orcid.org/0009-0001-7093-0364"},"institutions":[{"id":"https://openalex.org/I157773358","display_name":"Sun Yat-sen University","ror":"https://ror.org/0064kty71","country_code":"CN","type":"education","lineage":["https://openalex.org/I157773358"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lei Xiao","raw_affiliation_strings":["School of Computer Science, Sun Yat-sen University, Guangzhou, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, Sun Yat-sen University, Guangzhou, China","institution_ids":["https://openalex.org/I157773358"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Jinyuan Hu","orcid":"https://orcid.org/0009-0009-4860-5790"},"institutions":[{"id":"https://openalex.org/I157773358","display_name":"Sun Yat-sen University","ror":"https://ror.org/0064kty71","country_code":"CN","type":"education","lineage":["https://openalex.org/I157773358"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jinyuan Hu","raw_affiliation_strings":["School of Software Engineering, Sun Yat-sen University, Zhuhai, China"],"affiliations":[{"raw_affiliation_string":"School of Software Engineering, Sun Yat-sen University, Zhuhai, China","institution_ids":["https://openalex.org/I157773358"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Dan Lin","orcid":"https://orcid.org/0000-0001-7067-2396"},"institutions":[{"id":"https://openalex.org/I157773358","display_name":"Sun Yat-sen University","ror":"https://ror.org/0064kty71","country_code":"CN","type":"education","lineage":["https://openalex.org/I157773358"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Dan Lin","raw_affiliation_strings":["School of Software Engineering, Sun Yat-sen University, Zhuhai, China"],"affiliations":[{"raw_affiliation_string":"School of Software Engineering, Sun Yat-sen University, Zhuhai, China","institution_ids":["https://openalex.org/I157773358"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Jiajing Wu","orcid":"https://orcid.org/0000-0001-5155-8547"},"institutions":[{"id":"https://openalex.org/I157773358","display_name":"Sun Yat-sen University","ror":"https://ror.org/0064kty71","country_code":"CN","type":"education","lineage":["https://openalex.org/I157773358"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiajing Wu","raw_affiliation_strings":["School of Software Engineering, Sun Yat-sen University, Zhuhai, China"],"affiliations":[{"raw_affiliation_string":"School of Software Engineering, Sun Yat-sen University, Zhuhai, China","institution_ids":["https://openalex.org/I157773358"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Tao Zhang","orcid":"https://orcid.org/0000-0002-6272-4069"},"institutions":[{"id":"https://openalex.org/I111950717","display_name":"Macau University of Science and Technology","ror":"https://ror.org/03jqs2n27","country_code":"MO","type":"education","lineage":["https://openalex.org/I111950717","https://openalex.org/I4391767947"]}],"countries":["MO"],"is_corresponding":false,"raw_author_name":"Tao Zhang","raw_affiliation_strings":["School of Computer Science and Engineering, Macau University of Science and Technology, Macau, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Macau University of Science and Technology, Macau, China","institution_ids":["https://openalex.org/I111950717"]}]},{"author_position":"last","author":{"id":null,"display_name":"Zibin Zheng","orcid":"https://orcid.org/0000-0001-7872-7718"},"institutions":[{"id":"https://openalex.org/I157773358","display_name":"Sun Yat-sen University","ror":"https://ror.org/0064kty71","country_code":"CN","type":"education","lineage":["https://openalex.org/I157773358"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zibin Zheng","raw_affiliation_strings":["School of Software Engineering, Sun Yat-sen University, Zhuhai, China"],"affiliations":[{"raw_affiliation_string":"School of Software Engineering, Sun Yat-sen University, Zhuhai, China","institution_ids":["https://openalex.org/I157773358"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":8,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I157773358"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.757239,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"51","issue":"10","first_page":"2942","last_page":"2956"},"is_retracted":false,"is_paratext":false,"is_xpac":true,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.5376999974250793,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.5376999974250793,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.1590999960899353,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.05130000039935112,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8075000047683716},{"id":"https://openalex.org/keywords/dataflow","display_name":"Dataflow","score":0.7554000020027161},{"id":"https://openalex.org/keywords/hacker","display_name":"Hacker","score":0.6449000239372253},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.5985000133514404},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.4950000047683716},{"id":"https://openalex.org/keywords/control-flow","display_name":"Control flow","score":0.4553999900817871},{"id":"https://openalex.org/keywords/dependency","display_name":"Dependency (UML)","score":0.4309999942779541},{"id":"https://openalex.org/keywords/callback","display_name":"Callback","score":0.41780000925064087}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8632000088691711},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8075000047683716},{"id":"https://openalex.org/C96324660","wikidata":"https://www.wikidata.org/wiki/Q205446","display_name":"Dataflow","level":2,"score":0.7554000020027161},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6567999720573425},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.6449000239372253},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.5985000133514404},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.4950000047683716},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.4553999900817871},{"id":"https://openalex.org/C19768560","wikidata":"https://www.wikidata.org/wiki/Q320727","display_name":"Dependency (UML)","level":2,"score":0.4309999942779541},{"id":"https://openalex.org/C204495577","wikidata":"https://www.wikidata.org/wiki/Q1205349","display_name":"Callback","level":2,"score":0.41780000925064087},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.39809998869895935},{"id":"https://openalex.org/C167822520","wikidata":"https://www.wikidata.org/wiki/Q176452","display_name":"Finite-state machine","level":2,"score":0.38440001010894775},{"id":"https://openalex.org/C2779950589","wikidata":"https://www.wikidata.org/wiki/Q7544035","display_name":"Smart contract","level":3,"score":0.3621000051498413},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.3610999882221222},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.31700000166893005},{"id":"https://openalex.org/C181622380","wikidata":"https://www.wikidata.org/wiki/Q26911","display_name":"Profit (economics)","level":2,"score":0.3082999885082245},{"id":"https://openalex.org/C80291951","wikidata":"https://www.wikidata.org/wiki/Q1200691","display_name":"Design by contract","level":5,"score":0.2944999933242798},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.28029999136924744},{"id":"https://openalex.org/C110251889","wikidata":"https://www.wikidata.org/wiki/Q1569697","display_name":"Model checking","level":2,"score":0.26669999957084656},{"id":"https://openalex.org/C2781241145","wikidata":"https://www.wikidata.org/wiki/Q204606","display_name":"Cyberspace","level":3,"score":0.25589999556541443},{"id":"https://openalex.org/C144559511","wikidata":"https://www.wikidata.org/wiki/Q2986279","display_name":"Principal (computer security)","level":2,"score":0.25360000133514404},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.2517000138759613}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tse.2025.3605145","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2025.3605145","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.7824687361717224}],"awards":[{"id":"https://openalex.org/G1378608539","display_name":null,"funder_award_id":"62032025","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G273012991","display_name":null,"funder_award_id":"623B2102","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4425133490","display_name":null,"funder_award_id":"62302534","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5197747723","display_name":null,"funder_award_id":"2025A1515011632","funder_id":"https://openalex.org/F4320337111","funder_display_name":"Basic and Applied Basic Research Foundation of Guangdong Province"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320337111","display_name":"Basic and Applied Basic Research Foundation of Guangdong Province","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W2076164405","https://openalex.org/W2191468669","https://openalex.org/W2539190473","https://openalex.org/W2559974467","https://openalex.org/W2751702350","https://openalex.org/W2846896781","https://openalex.org/W2964051315","https://openalex.org/W2981490091","https://openalex.org/W2995871203","https://openalex.org/W2998074434","https://openalex.org/W3091620507","https://openalex.org/W3134196592","https://openalex.org/W4205689130","https://openalex.org/W4225143755","https://openalex.org/W4237049557","https://openalex.org/W4285490421","https://openalex.org/W4293545213","https://openalex.org/W4313563646","https://openalex.org/W4313563778","https://openalex.org/W4384154512","https://openalex.org/W4384155542","https://openalex.org/W4384345844","https://openalex.org/W4390578001","https://openalex.org/W4394745234","https://openalex.org/W4394769109","https://openalex.org/W4400117505","https://openalex.org/W4411449886","https://openalex.org/W4411552321"],"related_works":[],"abstract_inverted_index":{"Recently,":[0],"the":[1,75,91,101,117,128,146,185,255],"increasing":[2],"complexity":[3],"of":[4,60,77,93,103,120,227,247],"smart":[5],"contracts":[6,25,40,198,208],"and":[7,57,62,149,176,188,252],"their":[8,33,151,231],"interactions":[9],"has":[10],"led":[11],"to":[12,22,28,141,159,172,254],"more":[13],"sophisticated":[14],"strategies":[15],"for":[16,38,242],"executing":[17],"attacks.":[18,84],"Hackers":[19],"often":[20],"need":[21],"deploy":[23],"attacker":[24,39,164,207,233],"as":[26],"delegators":[27],"automate":[29],"these":[30,72,87,112],"attacks":[31],"on":[32,43,145,183,194],"behalf.":[34],"Existing":[35],"identification":[36],"methods":[37],"either":[41],"rely":[42],"simple":[44],"patterns":[45],"(e.g.,":[46],"recursive":[47],"callback":[48],"control":[49],"flow)":[50],"that":[51,200],"suffer":[52],"from":[53,108],"high":[54],"false-positive":[55],"rates":[56],"limited":[58],"extraction":[59],"interaction":[61,189],"call":[63,135,186],"information,":[64],"or":[65],"lack":[66],"fully":[67],"automated":[68],"detection":[69],"capabilities.":[70],"Consequently,":[71],"limitations":[73],"reduce":[74],"effectiveness":[76],"current":[78],"solutions":[79],"in":[80,213,217],"identifying":[81],"modern,":[82],"intricate":[83],"To":[85],"overcome":[86],"challenges,":[88],"we":[89,236],"introduce":[90],"concept":[92],"<italic":[94],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[95],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">state":[96],"manipulation":[97,163,206],"attacks</i>,":[98],"which":[99,126,248],"abstracts":[100],"exploitation":[102,174],"problematic":[104],"state":[105,119,148,162,178,205],"dependencies":[106,179],"arising":[107],"contract":[109,122,137],"interactions.":[110],"During":[111],"attacks,":[113,245],"hackers":[114],"first":[115],"alter":[116],"storage":[118],"one":[121],"(the":[123,138],"manipulated":[124],"contract),":[125],"determines":[127],"profit":[129],"they":[130],"can":[131],"gain.":[132],"They":[133],"then":[134],"another":[136],"victim":[139],"contract)":[140],"exploit":[142],"its":[143],"dependency":[144],"altered":[147],"maximize":[150],"profits.":[152],"We":[153],"present":[154],"SMAsher,":[155],"a":[156],"tool":[157],"designed":[158],"automatically":[160],"identify":[161],"contracts.":[165,234],"SMAsher":[166,201],"leverages":[167],"fine-grained":[168],"state-aware":[169],"dataflow":[170],"analysis":[171],"detect":[173],"traces":[175],"exploited":[177],"among":[180],"contracts,":[181],"focusing":[182],"recovering":[184],"path":[187],"semantics.":[190],"Our":[191,219],"extensive":[192],"experiments":[193],"1.38":[195],"million":[196,216],"real-world":[197],"demonstrate":[199],"successfully":[202],"identifies":[203],"311":[204],"with":[209],"100%":[210],"precision,":[211],"resulting":[212],"$":[214],"6.95":[215],"losses.":[218],"findings":[220],"also":[221],"reveal":[222],"some":[223],"notable":[224],"malicious":[225],"characteristics":[226],"hackers\u2019":[228],"accounts":[229],"through":[230],"deployed":[232],"Additionally,":[235],"have":[237,249],"provided":[238],"10":[239],"PoCs":[240],"(Proof-of-Concepts)":[241],"previously":[243],"unidentified":[244],"all":[246],"been":[250],"confirmed":[251],"released":[253],"community.":[256]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-18T00:00:00"}