Anonymous reviewer artifact for the CCS '26 submission TEFIE-Secure: Propagation-Time Screening of Smart Contract Vulnerabilities. The repository is immutable through the review period and will be de-anonymized and archived to a persistent DOI-backed repository upon acceptance.
Reproduce every table and figure reported in the main text:
./reproduce_all.shThis is the entry point referenced in Appendix B of the manuscript and expands to:
cd graph
python3 -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
make paperOutputs land under graph/output/ and are listed below.
This artifact mirrors the structure described in Appendix B of the manuscript:
.
├── README.md # this file
├── LICENSE # MIT
├── reproduce_all.sh # one-command reproduction
├── graph/ # reproduction entry point
│ ├── Makefile
│ ├── Dockerfile # optional containerized build
│ ├── docker-compose.yml
│ ├── requirements.txt # pinned dependencies (Python 3.10)
│ ├── scripts/
│ │ └── make_paper_tables_figs.py
│ ├── paper/
│ │ ├── assets/ # paper PDF + ROC/SHAP spreadsheets
│ │ └── figs/ # source images for Figures 1, 2
│ └── output/ # populated by `make paper`
│ ├── tables/ # table{2..7}.csv and .tex
│ ├── figs/ # fig3_roc, fig4_shap (png + pdf)
│ └── eval/ # table3_std.csv, table4_full.csv
├── reentrancy/ # Solidity samples (ESC label class)
├── time_manipulation/ # Solidity samples (ESC label class)
├── denial_of_service/ # Solidity samples (VSC class proxy)
├── access_control/ # out-of-scope class samples (§2.4)
├── arithmetic/ # out-of-scope class samples (§2.4)
├── bad_randomness/
├── front_running/
├── short_addresses/
├── unchecked_low_level_calls/
└── *.R # reference R implementations
The Solidity samples grouped by vulnerability family are the
contract-level inputs the paper labels through the ESC and VSC
annotation protocols. The *.R files are reference implementations of
the preprocessing, feature selection, and classification pipelines
described in Sections 3 and 4 of the manuscript.
| File | Manuscript reference |
|---|---|
graph/output/tables/table2.csv,tex |
Table 2: Detection accuracy across classes |
graph/output/tables/table3.csv,tex |
Table 3: FPR/FNR at three thresholds |
graph/output/tables/table4.csv,tex |
Table 4: Runtime and resource profile |
graph/output/tables/table5.csv,tex |
Table 5: Ablation results |
graph/output/tables/table6.csv,tex |
Table 6: Real-world post-2023 evaluation |
graph/output/tables/table7.csv,tex |
Table 7: Learning-rate sensitivity |
| File | Manuscript reference |
|---|---|
graph/output/figs/fig3_roc.{png,pdf} |
Figure 3: ROC curves |
graph/output/figs/fig4_shap.{png,pdf} |
Figure 4: SHAP |
graph/paper/figs/fig1_overview.png |
Figure 1: pipeline |
graph/paper/figs/fig2_cross_address.png |
Figure 2: cross-addr |
Figures 1 and 2 are vector diagrams (rendered from the source images
in graph/paper/figs/) and are not regenerated by make paper.
| File | Contents |
|---|---|
graph/output/eval/table3_std.csv |
Five-seed mean ± std for Table 3 thresholds |
graph/output/eval/table4_full.csv |
Default/HR/HP operating points for all methods |
The training and evaluation datasets cited in the paper:
- ESC (Ethereum Smart Contract dataset) — Zhuang et al., IJCAI 2020. Used for reentrancy and timestamp-dependency tasks. Solidity samples grouped by vulnerability family are included in the top-level per-class directories.
- VSC (Vulnerable Smart Contract dataset) — same source. Used for
the gas-exhaustion-loop task. Solidity samples are included under the
denial_of_service/directory.
Both datasets are redistributed under the licenses of their original
publication. The data/rq5/ materials referenced in §5.6 (1,500
post-2023 mainnet contracts) contain only public on-chain addresses
and public deployment timestamps; they are released under the
responsible-disclosure protocol described in Appendix A of the
manuscript.
cd graph
docker compose up --buildThe container runs make paper against the same inputs and writes the
same outputs to graph/output/.
This repository is hosted anonymously on anonymous.4open.science
during the CCS '26 review period. Author identifiers, institutional
affiliations, and previous version histories have been redacted. Upon
acceptance, the artifact will be re-published with full provenance and
a persistent DOI.
MIT (see LICENSE).