区块链前沿 | 文献

【Author】 Zhang, Weijie; Chen, Ting; Li, Teng; Wang, Ze; Zhu, Zhichao; Shen, Hangbin

【Source】CLUSTER COMPUTING-THE JOURNAL OF NETWORKS SOFTWARE TOOLS AND APPLICATIONS

【影响因子】2.303

【Abstract】Move is a new programming language for smart contracts, known for making security its primary goal. However, several recent studies, reports, and other relevant materials have identified potential security concerns associated with Move. In this paper, we systematically collect and analyze a range of audit reports, blog posts, and bounty challenges related to Move. Through this analysis, we identify four types of vulnerabilities that have the potential to cause significant financial losses but have not been adequately addressed or explored in prior studies. For instance, one of the identified vulnerabilities enables attackers to gain the ability to issue tokens. To assist developers in understanding and mitigating these vulnerabilities, this paper provides a detailed description, illustrative examples, potential impacts, and mitigation recommendations for each vulnerability. Furthermore, to enable automated detection, we developed four new detectors based on MoveScan, the most advanced analysis framework for Move smart contracts. Using these four detectors, we identify up to 20,778 vulnerabilities across 37,302 contracts deployed on the Aptos and Sui, two of the most popular blockchains using Move. Through manual inspection, we find that our detectors achieve an overall precision rate of 98.82% and uncover real, impactful vulnerabilities. We performed formal verification of two vulnerabilities using Move Prover. Compared to the vulnerabilities identified by MoveScan, Move Prover achieved a relative recall rate of 78.95%. The novel findings presented in this paper offer valuable insights that empower developers to effectively detect and prevent these vulnerabilities using our proposed detectors, thereby contributing to the future improvement of Move contract security.

【Keywords】Move language; Smart contract; Vulnerability detection; Security; Blockchain

【发表时间】2025 SEP 3

【收录时间】2025-09-13

【文献类型】

【主题类别】

--

【DOI】 10.1007/s10586-025-05439-1

Analyzing and detecting four types of critical security vulnerabilities in move smart contracts

评论

HRL-D3: High resolution and lightweight defective data detection for IoT data integrity

Analyzing and detecting four types of critical security vulnerabilities in move smart contracts

Impact of Digital Supply Chain Finance to alleviate SMEs financing constraints: Evidence from SRDI enterprises in China

BOTSIAM-DRL-Botnet detection using a few shot active matching siamese network deep reinforcement learning in IoT networks

Vulnerabilities and attacks assessments in blockchain 1.0, 2.0 and 3.0: tools, analysis and countermeasures

Evaluation on the application mode of blockchain technology in water transportation engineering project management

Cashing out crypto: state of practice in ransom payments

Cryptocurrency and digital currency based on blockchain-enabled IoT: a bibliometric literature review