{"id":"https://openalex.org/W4416236035","doi":"https://doi.org/10.48550/arxiv.2511.09051","title":"Attack-Centric by Design: A Program-Structure Taxonomy of Smart Contract Vulnerabilities","display_name":"Attack-Centric by Design: A Program-Structure Taxonomy of Smart Contract Vulnerabilities","publication_year":2025,"publication_date":"2025-11-12","ids":{"openalex":"https://openalex.org/W4416236035","doi":"https://doi.org/10.48550/arxiv.2511.09051"},"language":null,"primary_location":{"id":"pmh:oai:arXiv.org:2511.09051","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2511.09051","pdf_url":"https://arxiv.org/pdf/2511.09051","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2511.09051","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5120449644","display_name":"Parsa Hedayatnia","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Hedayatnia, Parsa","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5120598727","display_name":"Tina Tavakkoli","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tavakkoli, Tina","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076407794","display_name":"Hadi Amini","orcid":"https://orcid.org/0000-0001-8002-8182"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Amini, Hadi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046739900","display_name":"Mohammad Allahbakhsh","orcid":"https://orcid.org/0000-0002-2861-7745"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Allahbakhsh, Mohammad","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5024201764","display_name":"Haleh Amintoosi","orcid":"https://orcid.org/0000-0002-1447-8086"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Amintoosi, Haleh","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5120449644"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.44440001249313354,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.44440001249313354,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.1273999959230423,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10270","display_name":"Blockchain Technology Applications and Security","score":0.07280000299215317,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/solidity","display_name":"Solidity","score":0.8971999883651733},{"id":"https://openalex.org/keywords/taxonomy","display_name":"Taxonomy (biology)","score":0.7534999847412109},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6862000226974487},{"id":"https://openalex.org/keywords/vocabulary","display_name":"Vocabulary","score":0.4514999985694885},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.3804999887943268},{"id":"https://openalex.org/keywords/checklist","display_name":"Checklist","score":0.32690000534057617}],"concepts":[{"id":"https://openalex.org/C2778362873","wikidata":"https://www.wikidata.org/wiki/Q24909565","display_name":"Solidity","level":2,"score":0.8971999883651733},{"id":"https://openalex.org/C58642233","wikidata":"https://www.wikidata.org/wiki/Q8269924","display_name":"Taxonomy (biology)","level":2,"score":0.7534999847412109},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6862000226974487},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6075999736785889},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5461000204086304},{"id":"https://openalex.org/C2777601683","wikidata":"https://www.wikidata.org/wiki/Q6499736","display_name":"Vocabulary","level":2,"score":0.4514999985694885},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.3804999887943268},{"id":"https://openalex.org/C2779356329","wikidata":"https://www.wikidata.org/wiki/Q922625","display_name":"Checklist","level":2,"score":0.32690000534057617},{"id":"https://openalex.org/C79581498","wikidata":"https://www.wikidata.org/wiki/Q1367530","display_name":"Suite","level":2,"score":0.32170000672340393},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.3140999972820282},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2985000014305115},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.27790001034736633},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.2590999901294708}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:arXiv.org:2511.09051","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2511.09051","pdf_url":"https://arxiv.org/pdf/2511.09051","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.48550/arxiv.2511.09051","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2511.09051","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2511.09051","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2511.09051","pdf_url":"https://arxiv.org/pdf/2511.09051","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4416236035.pdf"},"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Smart":[0],"contracts":[1],"concentrate":[2],"high":[3],"value":[4],"assets":[5],"and":[6,23,67,81,83,93,110,119,129,136],"complex":[7],"logic":[8],"in":[9],"small,":[10],"immutable":[11],"programs,":[12],"where":[13],"even":[14],"minor":[15],"bugs":[16],"can":[17],"cause":[18],"major":[19],"losses.":[20],"Existing":[21],"taxonomies":[22],"tools":[24],"remain":[25],"fragmented,":[26],"organized":[27],"around":[28],"symptoms":[29],"such":[30],"as":[31],"reentrancy":[32],"rather":[33],"than":[34],"structural":[35],"causes.":[36],"This":[37],"paper":[38],"introduces":[39],"an":[40],"attack-centric,":[41],"program-structure":[42],"taxonomy":[43,105,114],"that":[44,122],"unifies":[45],"Solidity":[46,77],"vulnerabilities":[47],"into":[48],"eight":[49],"root-cause":[50],"families":[51],"covering":[52],"control":[53],"flow,":[54],"external":[55],"calls,":[56],"state":[57],"integrity,":[58],"arithmetic":[59],"safety,":[60],"environmental":[61],"dependencies,":[62],"access":[63],"control,":[64],"input":[65],"validation,":[66],"cross-domain":[68],"protocol":[69],"assumptions.":[70],"Each":[71],"family":[72],"is":[73],"illustrated":[74],"through":[75],"concise":[76],"examples,":[78],"exploit":[79],"mechanics,":[80],"mitigations,":[82],"linked":[84],"to":[85,103,106],"the":[86],"detection":[87],"signals":[88],"observable":[89],"by":[90],"static,":[91],"dynamic,":[92],"learning-based":[94],"tools.":[95],"We":[96],"further":[97],"cross-map":[98],"legacy":[99],"datasets":[100],"(SmartBugs,":[101],"SolidiFI)":[102],"this":[104],"reveal":[107],"label":[108],"drift":[109],"coverage":[111],"gaps.":[112],"The":[113],"provides":[115],"a":[116],"consistent":[117],"vocabulary":[118],"practical":[120],"checklist":[121],"enable":[123],"more":[124],"interpretable":[125],"detection,":[126],"reproducible":[127],"audits,":[128],"structured":[130],"security":[131],"education":[132],"for":[133],"both":[134],"researchers":[135],"practitioners.":[137]},"counts_by_year":[],"updated_date":"2026-03-11T14:59:36.786465","created_date":"2025-11-14T00:00:00"}