Papers accepted by ISSTA 2026

We have three papers accepted at ISSTA’26:

1. EventSpec [1] introduces the first systematic study of event-semantic defects in smart contracts, uncovering vulnerabilities that arise when emitted events diverge from actual on-chain state. By automatically inferring event specifications and detecting semantic inconsistencies, EventSpec achieves over 90% precision on 6,552 real-world contracts and demonstrates practical attacks against wallets, bridges, explorers, and NFT marketplaces, leading to multiple confirmed vulnerability reports and bug bounties.
2. TrapHunter [2] tackles the growing threat of trap tokens—malicious token contracts that deceptively comply with standards while embedding hidden fraudulent behaviors. The framework combines program analysis, LLM-based intent reasoning, and dynamic validation to expose covert execution pathways and identify intent deviations from legitimate token implementations. Evaluations show that TrapHunter substantially outperforms existing approaches, achieving 81.8% precision and 85.4% recall across six categories of token traps.
3. RollGain [3] reveals a previously underexplored attack surface rooted in Ethereum’s rollback semantics. The framework synthesizes profit-driven rollback attacks on-chain and systematically tests off-chain systems for rollback misinterpretation vulnerabilities. Analyzing over 3 billion Ethereum transactions, RollGain achieves 95.3% recall with zero false positives and uncovers 20 vulnerabilities across blockchain explorers, token trackers, and RPC services, resulting in numerous confirmed fixes and CVE assignments.

Collectively, these three papers advance blockchain security beyond traditional smart contract logic bugs by exposing vulnerabilities that emerge at the intersection of on-chain execution semantics, developer intent, and off-chain ecosystem assumptions.

This year, ISSTA received 888 submissions and 90 papers were directly accepted. This leaves 128 papers for major revision and 120 were accepted after revision. The overall acceptance rate is 23.6%.

References

1. Liu, Y., Dong, Y., Liu, Y., Wu, Y., Zhang, C., Luo, X., & Li, Y. (2026, October). EventSpec: Defining and Detecting Event-Semantic Issues in Blockchain Ecosystems. Proceedings of the 35th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA).
2. Liu, Y., Li, X., & Li, Y. (2026, October). Exploiting Ethereum Rollback Semantics: Profit-Driven Attack Synthesis and Off-Chain Misinterpretation Testing. Proceedings of the 35th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA).
3. Wu, Y., Liu, Y., Li, Y., Peng, C., Wu, H., Fan, M., Liu, T., & Wang, H. (2026, October). TrapHunter: Exposing Covert Pathways in Trap Token Contracts. Proceedings of the 35th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA).