Saved in:
Bibliographic Details
Main Author: Topal, Selçuk
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2505.19047
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912392846245888
author Topal, Selçuk
author_facet Topal, Selçuk
contents We introduce the MoveEVM Weakness Classification (MWC) system -- a dedicated vulnerability taxonomy for smart contracts built with Move and executed in EVM-compatible environments. While Move was originally designed to prevent common security flaws via linear resource types and strict ownership, its integration with EVM bytecode introduces novel hybrid vulnerabilities not captured by existing systems like the SWC registry. Our taxonomy spans 37 categorized vulnerability types (MWC-100 to MWC-136) across six semantic frames, addressing issues such as hybrid gas metering, capability misuse, meta-transaction spoofing, and AI-integrated logic. Through analysis of real-world contracts from Aptos and Sui, we demonstrate that current verification tools often miss these hybrid risks. We also explore how formal methods and LLM-based audit agents can operationalize this classification, enabling scalable, logic-aware smart contract auditing. MWC lays the foundation for more secure and verifiable contracts in next-generation blockchain systems. (Shortened Abstract)
format Preprint
id arxiv_https___arxiv_org_abs_2505_19047
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle A Systematic Classification of Vulnerabilities in MoveEVM Smart Contracts (MWC)
Topal, Selçuk
Cryptography and Security
68M14
We introduce the MoveEVM Weakness Classification (MWC) system -- a dedicated vulnerability taxonomy for smart contracts built with Move and executed in EVM-compatible environments. While Move was originally designed to prevent common security flaws via linear resource types and strict ownership, its integration with EVM bytecode introduces novel hybrid vulnerabilities not captured by existing systems like the SWC registry. Our taxonomy spans 37 categorized vulnerability types (MWC-100 to MWC-136) across six semantic frames, addressing issues such as hybrid gas metering, capability misuse, meta-transaction spoofing, and AI-integrated logic. Through analysis of real-world contracts from Aptos and Sui, we demonstrate that current verification tools often miss these hybrid risks. We also explore how formal methods and LLM-based audit agents can operationalize this classification, enabling scalable, logic-aware smart contract auditing. MWC lays the foundation for more secure and verifiable contracts in next-generation blockchain systems. (Shortened Abstract)
title A Systematic Classification of Vulnerabilities in MoveEVM Smart Contracts (MWC)
topic Cryptography and Security
68M14
url https://arxiv.org/abs/2505.19047