A Unified Framework for Smart Contract Auditing with Multilayer Analysis
Abstract
Smart contracts manage high-value digital assets, but security flaws frequently result in irreversible financial losses. Although several automated auditing tools exist, their isolated execution often yields high rates of false positives and false negatives. This paper proposes and evaluates a unified framework for auditing Solidity smart contracts, combining static analysis (Slither), symbolic execution (Mythril), and dynamic testing (Foundry). The architecture orchestrates tool execution, unifies heterogeneous outputs using SARIF, and uses a Large Language Model (LLM) only in the post-processing stage to generate explainable reports. Evaluated on a curated dataset of 53 contracts from SmartBugs, the framework achieved an F1-Score of 92.93%, outperforming Slither (72.28%) and Mythril (88.42%).References
Alchini, C. A. (2025). Análise de ameaças e vulnerabilidades em blockchains permissionadas. Trabalho de conclusão de curso (graduação), Universidade Federal de Santa Catarina, Florianópolis.
Carrera, L., Cordeiro, R., and Abelém, A. (2025). Auditai: Automatizando e facilitando a auditoria de contratos inteligentes com relatórios contextuais gerados por ia. In Anais do VII Workshop em Blockchain: Teoria, Tecnologias e Aplicações, pages 140–153, Porto Alegre, RS, Brasil. SBC.
Chen, C., Su, J., Chen, J., Wang, Y., Bi, T., Yu, J., Wang, Y., Lin, X., Chen, T., and Zheng, Z. (2025). When chatgpt meets smart contract vulnerability detection: How far are we? ACM Transactions on Software Engineering and Methodology, 34(4):100.
Durieux, T., Ferreira, J. F., Abreu, R., and Cruz, P. (2020). Empirical review of automated analysis tools on 47,587 ethereum smart contracts. In Proceedings of the 42nd International Conference on Software Engineering (ICSE ’20), pages 530–541. ACM.
Feist, J., Grieco, G., and Groce, A. (2019). Slither: A static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pages 8–15. IEEE.
Ferreira, J. F., Cruz, P., Durieux, T., and Abreu, R. (2020). Smartbugs: A framework to analyze solidity smart contracts. In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering, pages 1349–1352.
Foundry Contributors (2024). Foundry: Blazing fast, portable and modular toolkit for ethereum application development. [link]. Acessado em: 05 fev. 2026.
Li, P., Li, S., Ding, M., Yu, J., Zhang, H., Zhou, X., and Li, J. (2022). A vulnerability detection framework for hyperledger fabric smart contracts based on dynamic and static analysis. In Proceedings of the 26th International Conference on Evaluation and Assessment in Software Engineering (EASE ’22), pages 366–374, New York, NY, USA. ACM.
Mueller, B. (2018). Mythril: Security analysis tool for ethereum smart contracts. [link].
Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Acessado em: 28 jan. 2026.
Roziere, B., Gehring, J., Gloeckle, F., Sootla, S., Gat, I., Tan, X. E., Adi, Y., Liu, J., Remez, T., Rapin, J., et al. (2023). Code llama: Open foundation models for code. arXiv preprint arXiv:2308.12950.
Standard, O. (2020). Static analysis results interchange format (sarif) version 2.1.0. Technical report, OASIS Open.
U.S. Securities and Exchange Commission (2017). Report of investigation pursuant to section 21(a) of the securities exchange act of 1934: The dao. [link]. Release No. 81207. Acessado em: 28 jan. 2026.
Vogelgesang, T. et al. (2020). Smart contract weakness classification and test cases. IEEE Standard for Smart Contract Security.
Zhang, C., Dou, F., and Li, X. (2025). Dos attacks and defense technologies in blockchain systems: A hierarchical analysis. arXiv preprint arXiv:2507.22611.
Carrera, L., Cordeiro, R., and Abelém, A. (2025). Auditai: Automatizando e facilitando a auditoria de contratos inteligentes com relatórios contextuais gerados por ia. In Anais do VII Workshop em Blockchain: Teoria, Tecnologias e Aplicações, pages 140–153, Porto Alegre, RS, Brasil. SBC.
Chen, C., Su, J., Chen, J., Wang, Y., Bi, T., Yu, J., Wang, Y., Lin, X., Chen, T., and Zheng, Z. (2025). When chatgpt meets smart contract vulnerability detection: How far are we? ACM Transactions on Software Engineering and Methodology, 34(4):100.
Durieux, T., Ferreira, J. F., Abreu, R., and Cruz, P. (2020). Empirical review of automated analysis tools on 47,587 ethereum smart contracts. In Proceedings of the 42nd International Conference on Software Engineering (ICSE ’20), pages 530–541. ACM.
Feist, J., Grieco, G., and Groce, A. (2019). Slither: A static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pages 8–15. IEEE.
Ferreira, J. F., Cruz, P., Durieux, T., and Abreu, R. (2020). Smartbugs: A framework to analyze solidity smart contracts. In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering, pages 1349–1352.
Foundry Contributors (2024). Foundry: Blazing fast, portable and modular toolkit for ethereum application development. [link]. Acessado em: 05 fev. 2026.
Li, P., Li, S., Ding, M., Yu, J., Zhang, H., Zhou, X., and Li, J. (2022). A vulnerability detection framework for hyperledger fabric smart contracts based on dynamic and static analysis. In Proceedings of the 26th International Conference on Evaluation and Assessment in Software Engineering (EASE ’22), pages 366–374, New York, NY, USA. ACM.
Mueller, B. (2018). Mythril: Security analysis tool for ethereum smart contracts. [link].
Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Acessado em: 28 jan. 2026.
Roziere, B., Gehring, J., Gloeckle, F., Sootla, S., Gat, I., Tan, X. E., Adi, Y., Liu, J., Remez, T., Rapin, J., et al. (2023). Code llama: Open foundation models for code. arXiv preprint arXiv:2308.12950.
Standard, O. (2020). Static analysis results interchange format (sarif) version 2.1.0. Technical report, OASIS Open.
U.S. Securities and Exchange Commission (2017). Report of investigation pursuant to section 21(a) of the securities exchange act of 1934: The dao. [link]. Release No. 81207. Acessado em: 28 jan. 2026.
Vogelgesang, T. et al. (2020). Smart contract weakness classification and test cases. IEEE Standard for Smart Contract Security.
Zhang, C., Dou, F., and Li, X. (2025). Dos attacks and defense technologies in blockchain systems: A hierarchical analysis. arXiv preprint arXiv:2507.22611.
Published
2026-07-19
How to Cite
SOARES, Guilherme A.; S. FILHO, João L. D.; FONTANINI, Nicholas P.; EVARISTO, Bruno.
A Unified Framework for Smart Contract Auditing with Multilayer Analysis. In: COLLOQUIUM ON BLOCKCHAIN AND DECENTRALIZED WEB (CBLOCKCHAIN), 4. , 2026, Gramado/RS.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2026
.
p. 59-64.
DOI: https://doi.org/10.5753/cblockchain.2026.23478.
