Um Framework Unificado para Auditoria de Contratos Inteligentes com Análise Multicamada
Resumo
Contratos inteligentes gerenciam ativos digitais de alto valor, mas falhas de segurança frequentemente causam perdas financeiras irreversíveis. Este trabalho propõe e avalia um framework unificado para auditoria de contratos em Solidity, orquestrando análise estática (Slither), execução simbólica (Mythril) e testes dinâmicos (Foundry). A arquitetura normaliza saídas heterogêneas em SARIF e emprega LLM no pós-processamento para produzir relatórios explicáveis. Em um dataset de 53 contratos do SmartBugs, o framework atingiu F1-Score de 92,93%, superando Slither (72,28%) e Mythril (88,42%).Referências
Alchini, C. A. (2025). Análise de ameaças e vulnerabilidades em blockchains permissionadas. Trabalho de conclusão de curso (graduação), Universidade Federal de Santa Catarina, Florianópolis.
Carrera, L., Cordeiro, R., and Abelém, A. (2025). Auditai: Automatizando e facilitando a auditoria de contratos inteligentes com relatórios contextuais gerados por ia. In Anais do VII Workshop em Blockchain: Teoria, Tecnologias e Aplicações, pages 140–153, Porto Alegre, RS, Brasil. SBC.
Chen, C., Su, J., Chen, J., Wang, Y., Bi, T., Yu, J., Wang, Y., Lin, X., Chen, T., and Zheng, Z. (2025). When chatgpt meets smart contract vulnerability detection: How far are we? ACM Transactions on Software Engineering and Methodology, 34(4):100.
Durieux, T., Ferreira, J. F., Abreu, R., and Cruz, P. (2020). Empirical review of automated analysis tools on 47,587 ethereum smart contracts. In Proceedings of the 42nd International Conference on Software Engineering (ICSE ’20), pages 530–541. ACM.
Feist, J., Grieco, G., and Groce, A. (2019). Slither: A static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pages 8–15. IEEE.
Ferreira, J. F., Cruz, P., Durieux, T., and Abreu, R. (2020). Smartbugs: A framework to analyze solidity smart contracts. In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering, pages 1349–1352.
Foundry Contributors (2024). Foundry: Blazing fast, portable and modular toolkit for ethereum application development. [link]. Acessado em: 05 fev. 2026.
Li, P., Li, S., Ding, M., Yu, J., Zhang, H., Zhou, X., and Li, J. (2022). A vulnerability detection framework for hyperledger fabric smart contracts based on dynamic and static analysis. In Proceedings of the 26th International Conference on Evaluation and Assessment in Software Engineering (EASE ’22), pages 366–374, New York, NY, USA. ACM.
Mueller, B. (2018). Mythril: Security analysis tool for ethereum smart contracts. [link].
Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Acessado em: 28 jan. 2026.
Roziere, B., Gehring, J., Gloeckle, F., Sootla, S., Gat, I., Tan, X. E., Adi, Y., Liu, J., Remez, T., Rapin, J., et al. (2023). Code llama: Open foundation models for code. arXiv preprint arXiv:2308.12950.
Standard, O. (2020). Static analysis results interchange format (sarif) version 2.1.0. Technical report, OASIS Open.
U.S. Securities and Exchange Commission (2017). Report of investigation pursuant to section 21(a) of the securities exchange act of 1934: The dao. [link]. Release No. 81207. Acessado em: 28 jan. 2026.
Vogelgesang, T. et al. (2020). Smart contract weakness classification and test cases. IEEE Standard for Smart Contract Security.
Zhang, C., Dou, F., and Li, X. (2025). Dos attacks and defense technologies in blockchain systems: A hierarchical analysis. arXiv preprint arXiv:2507.22611.
Carrera, L., Cordeiro, R., and Abelém, A. (2025). Auditai: Automatizando e facilitando a auditoria de contratos inteligentes com relatórios contextuais gerados por ia. In Anais do VII Workshop em Blockchain: Teoria, Tecnologias e Aplicações, pages 140–153, Porto Alegre, RS, Brasil. SBC.
Chen, C., Su, J., Chen, J., Wang, Y., Bi, T., Yu, J., Wang, Y., Lin, X., Chen, T., and Zheng, Z. (2025). When chatgpt meets smart contract vulnerability detection: How far are we? ACM Transactions on Software Engineering and Methodology, 34(4):100.
Durieux, T., Ferreira, J. F., Abreu, R., and Cruz, P. (2020). Empirical review of automated analysis tools on 47,587 ethereum smart contracts. In Proceedings of the 42nd International Conference on Software Engineering (ICSE ’20), pages 530–541. ACM.
Feist, J., Grieco, G., and Groce, A. (2019). Slither: A static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pages 8–15. IEEE.
Ferreira, J. F., Cruz, P., Durieux, T., and Abreu, R. (2020). Smartbugs: A framework to analyze solidity smart contracts. In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering, pages 1349–1352.
Foundry Contributors (2024). Foundry: Blazing fast, portable and modular toolkit for ethereum application development. [link]. Acessado em: 05 fev. 2026.
Li, P., Li, S., Ding, M., Yu, J., Zhang, H., Zhou, X., and Li, J. (2022). A vulnerability detection framework for hyperledger fabric smart contracts based on dynamic and static analysis. In Proceedings of the 26th International Conference on Evaluation and Assessment in Software Engineering (EASE ’22), pages 366–374, New York, NY, USA. ACM.
Mueller, B. (2018). Mythril: Security analysis tool for ethereum smart contracts. [link].
Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Acessado em: 28 jan. 2026.
Roziere, B., Gehring, J., Gloeckle, F., Sootla, S., Gat, I., Tan, X. E., Adi, Y., Liu, J., Remez, T., Rapin, J., et al. (2023). Code llama: Open foundation models for code. arXiv preprint arXiv:2308.12950.
Standard, O. (2020). Static analysis results interchange format (sarif) version 2.1.0. Technical report, OASIS Open.
U.S. Securities and Exchange Commission (2017). Report of investigation pursuant to section 21(a) of the securities exchange act of 1934: The dao. [link]. Release No. 81207. Acessado em: 28 jan. 2026.
Vogelgesang, T. et al. (2020). Smart contract weakness classification and test cases. IEEE Standard for Smart Contract Security.
Zhang, C., Dou, F., and Li, X. (2025). Dos attacks and defense technologies in blockchain systems: A hierarchical analysis. arXiv preprint arXiv:2507.22611.
Publicado
19/07/2026
Como Citar
SOARES, Guilherme A.; S. FILHO, João L. D.; FONTANINI, Nicholas P.; EVARISTO, Bruno.
Um Framework Unificado para Auditoria de Contratos Inteligentes com Análise Multicamada. In: COLÓQUIO EM BLOCKCHAIN E WEB DESCENTRALIZADA (CBLOCKCHAIN), 4. , 2026, Gramado/RS.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2026
.
p. 59-64.
DOI: https://doi.org/10.5753/cblockchain.2026.23478.