{"id":"https://openalex.org/W7160332205","doi":"https://doi.org/10.48550/arxiv.2605.02868","title":"EvoPoC: Automated Exploit Synthesis for DeFi Smart Contracts via Hierarchical Knowledge Graphs","display_name":"EvoPoC: Automated Exploit Synthesis for DeFi Smart Contracts via Hierarchical Knowledge Graphs","publication_year":2026,"publication_date":"2026-05-04","ids":{"openalex":"https://openalex.org/W7160332205","doi":"https://doi.org/10.48550/arxiv.2605.02868"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2605.02868","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.02868","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2605.02868","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103272632","display_name":"Ruichao Liang","orcid":"https://orcid.org/0009-0003-0709-6420"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Liang, Ruichao","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135408867","display_name":"Jing Chen","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chen, Jing","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135415127","display_name":"Xianglong Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Xianglong","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135356616","display_name":"Huangpeng Gu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Gu, Huangpeng","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135393025","display_name":"Yebo Feng","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Feng, Yebo","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082360292","display_name":"Yue Xue","orcid":"https://orcid.org/0009-0004-2141-2044"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xue, Yue","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126180597","display_name":"Cong Wu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wu, Cong","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5135392811","display_name":"Yang Liu","orcid":"https://orcid.org/0009-0005-9213-5328"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Yang","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5103272632"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.1850000023841858,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.1850000023841858,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.16949999332427979,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.14090000092983246,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.983299970626831},{"id":"https://openalex.org/keywords/soundness","display_name":"Soundness","score":0.5482000112533569},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5113999843597412},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.39629998803138733},{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.39570000767707825},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.3677999973297119},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.35839998722076416},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.3440999984741211},{"id":"https://openalex.org/keywords/reachability","display_name":"Reachability","score":0.3366999924182892}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.983299970626831},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.830299973487854},{"id":"https://openalex.org/C39920170","wikidata":"https://www.wikidata.org/wiki/Q693083","display_name":"Soundness","level":2,"score":0.5482000112533569},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5397999882698059},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5113999843597412},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.39629998803138733},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.39570000767707825},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.3677999973297119},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.35839998722076416},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.3440999984741211},{"id":"https://openalex.org/C136643341","wikidata":"https://www.wikidata.org/wiki/Q1361526","display_name":"Reachability","level":2,"score":0.3366999924182892},{"id":"https://openalex.org/C181622380","wikidata":"https://www.wikidata.org/wiki/Q26911","display_name":"Profit (economics)","level":2,"score":0.3287000060081482},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.32580000162124634},{"id":"https://openalex.org/C2780992000","wikidata":"https://www.wikidata.org/wiki/Q17016113","display_name":"Generator (circuit theory)","level":3,"score":0.320499986410141},{"id":"https://openalex.org/C2779639559","wikidata":"https://www.wikidata.org/wiki/Q7661178","display_name":"Symbolic execution","level":3,"score":0.3147999942302704},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.3041999936103821},{"id":"https://openalex.org/C2778583558","wikidata":"https://www.wikidata.org/wiki/Q771245","display_name":"Code reuse","level":3,"score":0.2824999988079071},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.28139999508857727},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.27230000495910645},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.257999986410141},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.2558000087738037},{"id":"https://openalex.org/C68513836","wikidata":"https://www.wikidata.org/wiki/Q3265969","display_name":"Profit motive","level":2,"score":0.25529998540878296},{"id":"https://openalex.org/C2129575","wikidata":"https://www.wikidata.org/wiki/Q54837","display_name":"Semantic Web","level":2,"score":0.25380000472068787},{"id":"https://openalex.org/C62230096","wikidata":"https://www.wikidata.org/wiki/Q275969","display_name":"Crowdsourcing","level":2,"score":0.25099998712539673}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2605.02868","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.02868","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2605.02868","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.02868","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"display_name":"Decent work and economic growth","id":"https://metadata.un.org/sdg/8","score":0.7187705039978027}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Smart":[0],"contract":[1,65],"vulnerabilities":[2,43],"in":[3,177,205,209,240],"Decentralized":[4],"Finance":[5],"caused":[6],"over":[7,192,235],"billions":[8],"of":[9,93],"dollars":[10],"losses":[11],"every":[12],"year,":[13],"yet":[14],"the":[15,27,213],"security":[16],"community":[17],"faces":[18],"a":[19,23,59,80,85,107,130,180],"critical":[20],"bottleneck:":[21],"identifying":[22],"vulnerability":[24,66],"is":[25,32,37,51,74,78],"not":[26,79],"same":[28],"as":[29,114],"proving":[30],"it":[31],"exploitable.":[33],"Manual":[34],"PoC":[35],"construction":[36],"prohibitively":[38],"labor-intensive,":[39],"leaving":[40],"most":[41],"disclosed":[42],"unverified":[44],"and":[45,68,99,141,154,164,174,179,190,207,212,220,237],"protocols":[46],"exposed":[47],"long":[48],"before":[49],"mitigation":[50],"applied.":[52],"In":[53,223],"this":[54,104],"paper,":[55],"we":[56],"propose":[57],"\\sys,":[58],"knowledge-driven":[60],"agentic":[61],"system":[62],"for":[63,117],"end-to-end":[64],"detection":[67],"exploit":[69,76,100,123,182,215],"synthesis.":[70],"Our":[71],"core":[72],"insight":[73],"that":[75,89,112,134],"synthesis":[77],"code":[81,126],"generation":[82],"task":[83],"but":[84],"\\emph{structured":[86],"reasoning":[87],"problem}":[88],"requires":[90],"grounded":[91],"knowledge":[92,105],"protocol":[94],"semantics,":[95],"failure":[96],"root":[97],"cause,":[98],"primitives.":[101],"\\sys":[102,128,170,195,227],"organizes":[103],"into":[106],"\\emph{Hierarchical":[108],"Knowledge":[109],"Graph}":[110],"(HKG)":[111],"serves":[113],"structured":[115],"memory":[116],"LLM-guided":[118],"multi-hop":[119],"reasoning.":[120],"To":[121],"validate":[122],"feasibility":[124],"beyond":[125],"synthesis,":[127],"employs":[129],"two-stage":[131],"validation":[132],"framework":[133],"checks":[135],"exploit-path":[136],"reachability":[137],"via":[138,144],"SMT":[139],"solving":[140],"profit":[142],"realizability":[143],"asset-level":[145],"state":[146],"simulation,":[147],"ensuring":[148],"generated":[149],"PoCs":[150],"satisfy":[151],"both":[152],"logical":[153],"economic":[155],"viability":[156],"constraints.":[157],"Evaluated":[158],"on":[159],"88":[160],"real-world":[161],"DeFi":[162],"attacks":[163],"72":[165],"audited":[166],"projects":[167],"(2,573":[168],"contracts),":[169],"achieves":[171],"98\\%":[172],"recall":[173],"0.9":[175],"F1-score":[176],"detection,":[178],"96.6\\%":[181],"success":[183],"rate":[184],"(ESR),":[185],"reproducing":[186],"85":[187],"historical":[188],"exploits":[189],"recovering":[191],"\\$116.2M":[193],"revenue.":[194],"outperforms":[196],"SOTA":[197],"fuzzers":[198],"(\\textsc{Verite},":[199],"\\textsc{ItyFuzz})":[200],"by":[201,218],"up":[202],"to":[203],"$5\\times$":[204],"ESR":[206],"$300\\times$":[208],"recoverable":[210],"value,":[211],"LLM-based":[214],"generator":[216],"\\textsc{A1}":[217],"$2\\times$":[219],"$8.5\\times$":[221],"respectively.":[222],"bug":[224],"bounty":[225],"evaluation,":[226],"identified":[228],"16":[229],"confirmed":[230],"0-day":[231],"vulnerabilities,":[232],"helping":[233],"secure":[234],"\\$70.6M":[236],"earning":[238],"\\$2,900":[239],"bounties.":[241]},"counts_by_year":[],"updated_date":"2026-05-06T06:10:43.113611","created_date":"2026-05-06T00:00:00"}