{"id":"https://openalex.org/W7156745844","doi":"https://doi.org/10.48550/arxiv.2604.24341","title":"GoAT-X: A Graph of Auditing Thoughts for Securing Token Transactions in Cross-Chain Contracts","display_name":"GoAT-X: A Graph of Auditing Thoughts for Securing Token Transactions in Cross-Chain Contracts","publication_year":2026,"publication_date":"2026-04-27","ids":{"openalex":"https://openalex.org/W7156745844","doi":"https://doi.org/10.48550/arxiv.2604.24341"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.24341","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.24341","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.24341","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101647282","display_name":"Zijun Feng","orcid":"https://orcid.org/0009-0001-1910-5297"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Feng, Zijun","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134771276","display_name":"Yuming Feng","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Feng, Yuming","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134811011","display_name":"Yu Wang","orcid":"https://orcid.org/0000-0001-7635-2473"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Yu","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134757444","display_name":"Weizhe Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Weizhe","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065097911","display_name":"Yuhong Nan","orcid":"https://orcid.org/0000-0001-9597-9888"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Nan, Yuhong","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084379415","display_name":"Yuang Liu","orcid":"https://orcid.org/0000-0002-6152-5471"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Yuang","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5134759615","display_name":"Zibin Zheng","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zheng, Zibin","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.3012999892234802,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.3012999892234802,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.19200000166893005,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10270","display_name":"Blockchain Technology Applications and Security","score":0.11550000309944153,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.6779999732971191},{"id":"https://openalex.org/keywords/security-token","display_name":"Security token","score":0.6428999900817871},{"id":"https://openalex.org/keywords/matching","display_name":"Matching (statistics)","score":0.531000018119812},{"id":"https://openalex.org/keywords/database-transaction","display_name":"Database transaction","score":0.5288000106811523},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.39890000224113464},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.39010000228881836},{"id":"https://openalex.org/keywords/heuristic","display_name":"Heuristic","score":0.3840000033378601},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.3831000030040741},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.374099999666214},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.3677999973297119}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8289999961853027},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.6779999732971191},{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.6428999900817871},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.531000018119812},{"id":"https://openalex.org/C75949130","wikidata":"https://www.wikidata.org/wiki/Q848010","display_name":"Database transaction","level":2,"score":0.5288000106811523},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.420199990272522},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.39890000224113464},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.39010000228881836},{"id":"https://openalex.org/C173801870","wikidata":"https://www.wikidata.org/wiki/Q201413","display_name":"Heuristic","level":2,"score":0.3840000033378601},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.3831000030040741},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.374099999666214},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.3677999973297119},{"id":"https://openalex.org/C80958533","wikidata":"https://www.wikidata.org/wiki/Q1047174","display_name":"Audit trail","level":3,"score":0.36090001463890076},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.3321000039577484},{"id":"https://openalex.org/C2129575","wikidata":"https://www.wikidata.org/wiki/Q54837","display_name":"Semantic Web","level":2,"score":0.3190000057220459},{"id":"https://openalex.org/C16311509","wikidata":"https://www.wikidata.org/wiki/Q4148050","display_name":"Dependency graph","level":3,"score":0.3140999972820282},{"id":"https://openalex.org/C124304363","wikidata":"https://www.wikidata.org/wiki/Q673661","display_name":"Abstraction","level":2,"score":0.3091000020503998},{"id":"https://openalex.org/C195344581","wikidata":"https://www.wikidata.org/wiki/Q2555318","display_name":"Automated reasoning","level":2,"score":0.30799999833106995},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3041999936103821},{"id":"https://openalex.org/C204806902","wikidata":"https://www.wikidata.org/wiki/Q2333581","display_name":"Semantic security","level":5,"score":0.3025999963283539},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.301800012588501},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.29429998993873596},{"id":"https://openalex.org/C2777508537","wikidata":"https://www.wikidata.org/wiki/Q7936620","display_name":"Visual reasoning","level":2,"score":0.29280000925064087},{"id":"https://openalex.org/C102993220","wikidata":"https://www.wikidata.org/wiki/Q387196","display_name":"Description logic","level":2,"score":0.29179999232292175},{"id":"https://openalex.org/C189645446","wikidata":"https://www.wikidata.org/wiki/Q350865","display_name":"Mirroring","level":2,"score":0.29179999232292175},{"id":"https://openalex.org/C2780233690","wikidata":"https://www.wikidata.org/wiki/Q535347","display_name":"Transparency (behavior)","level":2,"score":0.2915000021457672},{"id":"https://openalex.org/C130440534","wikidata":"https://www.wikidata.org/wiki/Q14946528","display_name":"Conflation","level":2,"score":0.28940001130104065},{"id":"https://openalex.org/C12590798","wikidata":"https://www.wikidata.org/wiki/Q3933199","display_name":"Replication (statistics)","level":2,"score":0.2865000069141388},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.28529998660087585},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.2770000100135803},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.27549999952316284},{"id":"https://openalex.org/C33762810","wikidata":"https://www.wikidata.org/wiki/Q461671","display_name":"Data integrity","level":2,"score":0.2651999890804291},{"id":"https://openalex.org/C189790780","wikidata":"https://www.wikidata.org/wiki/Q933932","display_name":"Horn clause","level":3,"score":0.26420000195503235},{"id":"https://openalex.org/C193221554","wikidata":"https://www.wikidata.org/wiki/Q5153664","display_name":"Commonsense reasoning","level":2,"score":0.26179999113082886},{"id":"https://openalex.org/C2778493491","wikidata":"https://www.wikidata.org/wiki/Q7449072","display_name":"Semantic matching","level":3,"score":0.25940001010894775},{"id":"https://openalex.org/C89288958","wikidata":"https://www.wikidata.org/wiki/Q7301504","display_name":"Reasoning system","level":2,"score":0.25859999656677246},{"id":"https://openalex.org/C19768560","wikidata":"https://www.wikidata.org/wiki/Q320727","display_name":"Dependency (UML)","level":2,"score":0.25679999589920044},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.25459998846054077},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.2506999969482422},{"id":"https://openalex.org/C61455927","wikidata":"https://www.wikidata.org/wiki/Q1030529","display_name":"Blossom algorithm","level":3,"score":0.2506999969482422}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.24341","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.24341","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.24341","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.24341","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.40876975655555725,"display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Cross-chain":[0],"bridges,":[1],"the":[2,6,39,87,127,201],"critical":[3],"infrastructure":[4],"of":[5,42,93,192],"multi-chain":[7],"ecosystem,":[8],"have":[9],"become":[10],"a":[11,67,91,171,208],"primary":[12],"target":[13],"for":[14,211],"attackers,":[15],"resulting":[16],"in":[17,21,112,150,200],"over":[18,57],"$2.8":[19],"billion":[20],"losses":[22],"due":[23],"to":[24,37,123,162],"subtle":[25],"implementation":[26],"flaws.":[27],"Existing":[28],"defenses,":[29],"such":[30],"as":[31,90,153],"bytecode-level":[32],"static":[33],"analysis,":[34],"are":[35],"ill-equipped":[36],"handle":[38],"semantic":[40,130,165],"complexity":[41],"cross-chain":[43,72,151,177,214],"interactions,":[44],"while":[45,195],"LLM-based":[46],"approaches,":[47],"which":[48],"can":[49],"understand":[50],"source":[51],"code,":[52],"struggle":[53],"with":[54,203],"hallucinatory":[55],"reasoning":[56,111,131,160],"complex,":[58],"multi-contract":[59],"dependencies.":[60],"In":[61],"this":[62,139],"paper,":[63],"we":[64],"propose":[65],"GoAT-X,":[66],"framework":[68,128],"that":[69],"shifts":[70],"automated":[71],"smart":[73],"contract":[74],"codebases":[75],"auditing":[76],"from":[77],"heuristic":[78],"pattern":[79],"matching":[80],"toward":[81],"systematic":[82],"first-principles":[83],"verification.":[84],"GoAT-X":[85,142,169,181],"structures":[86],"audit":[88,187],"process":[89],"Graph":[92],"Auditing":[94],"Thoughts,":[95],"explicitly":[96,118],"mirroring":[97],"how":[98],"human":[99],"experts":[100],"decompose,":[101],"reason":[102],"about,":[103],"and":[104,117,135,146,157,189],"validate":[105],"security":[106,121],"logic.":[107],"By":[108],"anchoring":[109],"LLM":[110],"statically":[113],"extracted":[114],"data":[115],"flows":[116],"linking":[119],"abstract":[120],"properties":[122],"concrete":[124],"code":[125],"implementations,":[126],"constrains":[129],"within":[132],"well-defined":[133],"structural":[134],"state":[136],"boundaries.":[137],"Within":[138],"constrained":[140],"space,":[141],"treats":[143],"missing":[144],"constraints":[145],"adversarial":[147],"bypass":[148],"paths":[149,161],"logic":[152],"first-class":[154],"vulnerability":[155],"targets":[156],"dynamically":[158],"explores":[159],"identify":[163],"exploitable":[164],"gaps.":[166],"We":[167],"evaluate":[168],"on":[170,185],"comprehensive":[172],"benchmark":[173],"covering":[174],"all":[175],"known":[176],"token":[178],"transaction":[179],"attacks.":[180],"achieves":[182],"92%":[183],"recall":[184],"fine-grained":[186],"points":[188],"95%":[190],"coverage":[191],"vulnerable":[193],"projects,":[194],"identifying":[196],"117":[197],"confirmed":[198],"risks":[199],"wild":[202],"low":[204],"operational":[205],"cost,":[206],"establishing":[207],"new":[209],"standard":[210],"scalable,":[212],"logic-driven":[213],"security.":[215]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-04-29T00:00:00"}