A Survey on Test Case Design Using Graph Models in Blockchain | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Systematic Review A Survey on Test Case Design Using Graph Models in Blockchain Hemanth Sai Kumar Valluri This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-9351410/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract Blockchain smart contracts have enabled decentralized applications but face over $900 million in annual losses due to vulnerabilities that cannot be patched after deployment. Graph-based testing has emerged as a promising solution, yet no standardized framework exists to compare approaches. This paper presents a systematic literature review of graph-based test case design methodologies for blockchain systems. Following a structured search of IEEE Xplore, ACM Digital Library, arXiv, and Scopus (2020–2026), we identified and analyzed 15 peer-reviewed studies. We propose a novel taxonomy classifying approaches by graph construction technique (CFG, DFG, CG, heterogeneous), testing objective (vulnerability detection, test generation, optimization), and validation methodology. Key findings: heterogeneous graph models integrating multiple relationship types outperform single-view approaches by 15–39% in F1 score; bytecode-level detection is critical for practical deployment; explainability remains a barrier to professional adoption. Major gaps identified include: absence of cross-contract interaction testing, no standardized benchmark for comparative evaluation, and lack of dynamic/temporal graph models. This survey provides researchers and practitioners with a structured foundation for selecting, evaluating, and advancing graph-based testing approaches for blockchain systems. Blockchain testing smart contract vulnerability graph neural networks test case generation control flow graph data flow graph heterogeneous graph software security systematic literature review Ethereum Figures Figure 1 1. Introduction 1.1 Background and Motivation Blockchain technology has evolved from its cryptocurrency origins into a foundational paradigm for decentralized applications spanning finance, supply chain management, healthcare, and digital identity. Smart contracts—self-executing programs deployed on blockchain networks—automate complex transactions and enforce agreements without requiring trusted intermediaries. The Ethereum platform alone hosts millions of deployed contracts managing assets valued in the trillions of dollars. However, this rapid adoption has exposed critical security challenges. Smart contracts are immutable once deployed, meaning vulnerabilities cannot be patched through traditional mechanisms. High-profile exploits demonstrate the severity of this problem: the 2016 DAO attack exploited a reentrancy vulnerability to steal approximately $60 million in Ether, forcing a hard fork of the Ethereum blockchain . The Parity wallet freeze rendered millions in cryptocurrency permanently inaccessible. More recent incidents continue to cause substantial financial losses, with industry reports indicating over $900 million in exploit-related losses across 122 protocols in 2025 alone. 1.2 The Promise of Graph Models Graph models offer particular advantages for blockchain testing. Smart contracts naturally exhibit graph-like properties: control flow between statements, data dependencies among variables, inheritance hierarchies between contracts, and transaction flows across addresses. By representing these relationships explicitly, graph models enable testers to: trace execution paths that trigger vulnerabilities, identify critical nodes requiring coverage, generate inputs that exercise specific graph structures, and learn patterns from vulnerable code examples. Recent advances in graph neural networks (GNNs) have further transformed the landscape. Unlike traditional machine learning approaches that treat code as sequential tokens, GNNs operate directly on graph-structured data, learning representations that capture both local features and global structural information . This capability has proven particularly valuable for vulnerability detection, where the presence of a vulnerability often depends on the relationship between distant program elements rather than local patterns alone. 1.3 Scope and Contributions This survey examines test case design methodologies using graph models for blockchain systems, with a focus on smart contract testing. Our investigation spans three primary application domains: Vulnerability Detection using graph neural networks and heterogeneous graph architectures Model-driven Test Generation employing control flow and data flow graphs Test Optimization through graph-based coverage criteria and recommendation systems We systematically analyzed 15 peer-reviewed studies published between 2020 and 2026, following a defined review methodology (Section 2). Our contributions are fourfold: Systematic Review Methodology: We document search strategy, inclusion criteria, and quality assessment following PRISMA guidelines. Classification Taxonomy: We propose a three-dimensional taxonomy categorizing graph-based testing approaches by: (a) graph construction technique (CFG, DFG, CG, heterogeneous, edge-enhanced), (b) testing objective (detection, generation, optimization), and (c) validation methodology (accuracy, coverage, scalability, explainability). Comparative Analysis: We synthesize empirical findings in tabular format with standardized metrics, comparing detection performance across vulnerability types (reentrancy, timestamp dependence, integer overflow). Research Roadmap: We analyze current limitations, document six explicit research gaps, and propose concrete future directions with prioritized research questions. 1.4 Paper Organization The remainder of this paper is organized as follows. Section 2 presents background concepts in blockchain testing and graph theory. Section 3 provides a systematic literature review organized by testing paradigm. Section 4 presents a comparative discussion with tabulated analysis. Section 5 concludes with findings and future research directions. 2. Review Methodology This systematic review follows the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) guidelines to ensure transparency and reproducibility. 2.1 Research Questions The review addresses the following primary research questions (RQs): RQ1: What graph-based testing approaches have been proposed for blockchain smart contracts? RQ2: How do different graph construction techniques (CFG, DFG, CG, heterogeneous) compare in detection accuracy? RQ3: What validation methodologies and datasets are used, and how comparable are they? RQ4: What are the principal research gaps limiting industrial adoption? 2.2 Search Strategy We searched the following digital libraries for studies published between January 2020 and March 2026: IEEE Xplore, ACM Digital Library, arXiv, Scopus, and Google Scholar. The search string combined terms related to (blockchain OR smart contract) AND (graph neural network OR control flow graph OR data flow graph OR heterogeneous graph) AND (testing OR vulnerability detection OR test generation). 2.3 Inclusion and Exclusion Criteria Studies were included if they: (1) proposed a graph-based approach for testing or vulnerability detection in blockchain smart contracts, (2) reported empirical results with quantitative metrics, (3) were written in English, and (4) were published in peer-reviewed venues or arXiv with clear methodology. Studies were excluded if they: (1) focused only on non-blockchain systems, (2) lacked empirical validation, or (3) were duplicate publications. 2.4 Selection Process and Quality Assessment Initial search yielded 247 papers. After removing duplicates (n=89), we screened titles and abstracts (n=158), retaining 42 for full-text review. Full-text assessment excluded 27 papers based on inclusion criteria. The final corpus comprises 15 primary studies. Each study was assessed on four quality criteria: clear research objectives, appropriate graph construction methodology, sound empirical validation, and reproducibility of results. QUALITY ASSESSMENT TABLE (Insert after your PRISMA diagram) Table: Quality Assessment of Included Studies (n=15) Criterion Yes Partially No Clear research objectives stated 15 0 0 Appropriate graph construction methodology described 13 2 0 Empirical validation with quantitative metrics 15 0 0 Dataset clearly described 11 3 1 Results reproducible from description 4 6 5 Comparison with baseline methods 12 2 1 Limitations discussed by authors 7 4 4 3.Literature Review 3.1 Graph Neural Networks for Vulnerability Detection The dominant research direction applies graph neural networks to smart contract vulnerability detection. These approaches share a common pipeline: parse source code or bytecode to construct a graph representation, embed nodes using static analysis or pre-trained models, apply graph neural network layers to propagate information, and classify contracts or functions as vulnerable or safe. ByteEye represents a significant advancement in bytecode-level detection . Unlike source code-based approaches that require access to original Solidity files—a limitation given that over 98% of deployed contracts only release bytecode—ByteEye operates directly on EVM bytecode. The framework constructs an edge-enhanced Control Flow Graph (E2C) that combines global pattern recognition with local symbolic execution, maintaining rich syntax information with low latency. ByteEye incorporates multi-dimensional features including statistical information, spatial structure, key instructions, and critically, protection mechanisms that developers use to mitigate vulnerabilities. This last feature is particularly important for reducing false positives, as prior tools often flagged protected code as vulnerable. Experimental evaluation on over 33,000 recently deployed Ethereum contracts demonstrated ByteEye's superiority over seven state-of-the-art baselines. On reentrancy vulnerability detection, ByteEye achieved a 35.29% higher F1 score than the best-performing bytecode-level baseline. For timestamp dependency, the improvement reached 43.95%, while integer overflow/underflow detection showed a 6.38% improvement. Most notably, ByteEye identified 361 previously undetected vulnerabilities across 33,000 contracts, demonstrating its practical value for large-scale security auditing . ORACAL pushes the boundaries of graph-based detection through causal reasoning and explainability . While homogeneous graph models fail to capture interplay between control flow and data dependencies, ORACAL constructs a heterogeneous multimodal graph integrating Control Flow Graphs (CFG), Data Flow Graphs (DFG), and Call Graphs (CG). The framework selectively enriches critical subgraphs with expert-level security context using Retrieval-Augmented Generation (RAG) and Large Language Models. A causal attention mechanism distinguishes true vulnerability indicators from spurious correlations—a crucial capability given that many vulnerable and safe contracts share similar structural patterns. 3.2 Control Flow and Data Flow Based Test Generation ADF-GA (All-uses Data Flow criterion based test case generation using Genetic Algorithm) represents the first data flow-oriented test generation approach specifically designed for Solidity smart contracts . The approach operates in three stages. First, it constructs a control flow graph from source code. Second, it performs data flow analysis to obtain variable information, locate require statements, and identify definition-use pairs requiring testing. Third, it employs a genetic algorithm with an improved fitness function that emphasizes coverage of require statement-related definition-use pairs through weighted parameters. Graph Database Implementations offer an alternative approach where blockchain data is stored in graph databases (Neo4j) to enable path-dependent queries and security analysis . Researchers implemented a Casper-like consensus mechanism and tested its effectiveness against attacks including 51% attacks, catastrophic crashes, and attacks from dynamic validator sets. The graph-based representation enabled monitoring and visualization of blockchain data changes across various use case scenarios. The study demonstrated how modeling blockchain data as a distributed graph assists protocol operations, enhances security, and facilitates analytical methods through path-dependent queries 3.3 Hybrid and Multimodal Approaches Evaluation Framework for Security Analyzers provides systematic assessment methodology for smart contract security tools . Analyzing 256 vulnerability detection tools developed between 2018 and 2024, the research classified approaches by detection strategy (static, dynamic, hybrid), domain (academic or industry), and scope. Findings revealed that while certain tools excel in specific areas, none achieve balanced performance or comprehensive coverage. To address this gap, the authors propose a modular six-layer evaluation framework defining functional areas including code analysis, coverage, integration, and user experience. Notably, the framework includes a graph-based detection model demonstrating improved accuracy in both binary and multi-class settings PRIMG (Prioritization and Refinement Integrated Mutation-driven Generation) integrates mutation testing with LLM-driven test generation . The framework employs two core components: a mutation prioritization module using machine learning trained on mutant subsumption graphs to predict the usefulness of surviving mutants, and a test case generation module using Large Language Models to generate and iteratively refine test cases. Experimental results on real-world Solidity projects from Code4Arena demonstrated that PRIMG significantly reduces test suite size while maintaining high mutation coverage. The prioritization module consistently outperformed random mutant selection, enabling generation of high-impact tests with reduced computational effort. 3.4 Systematic Reviews and Taxonomies Modeling of Blockchain Oriented Software Systems examined graphical modeling techniques for blockchain systems . Analyzing 36 studies published between 2018 and 2023, the review classified modeling approaches and proposed a framework guiding blockchain developers in describing, designing, and documenting blockchain-based applications and smart contracts. The study found that UML remains the dominant modeling language, with state-based modeling (FSMs, statecharts) appearing in multiple studies and process-based modeling (BPMN) also represented AI-Driven Smart Contract Vulnerability Detection: A Systematic Review analyzed 21 studies published between 2020 and 2024 . The review revealed that AI-based methods, particularly those leveraging deep neural networks and GNNs, achieve impressive detection accuracy in controlled environments. Models such as ContractWard and SCVDIE-ENSEMBLE reported Micro-F1 scores of 98.48% and 95.46%, respectively. However, the review identified significant trade-offs: high-performing models demand substantial computational resources, limiting real-world deployment in resource-constrained settings. Lighter tools such as Slither and NeuCheck offer faster detection but may miss complex or novel vulnerabilities. The review also noted a growing trend toward real-time monitoring tools aiming to balance false positive reduction with proactive security. 3.5 Summary of Literature Findings The literature reveals several consistent patterns. First, heterogeneous graph models integrating multiple relationship types consistently outperform single-view approaches. Second, bytecode-level detection is increasingly important given that most deployed contracts lack public source code. Third, while detection accuracy for reentrancy and timestamp dependence is mature (90-95%), business logic vulnerabilities remain challenging. Fourth, the field lacks standardized benchmarks, making cross-study comparison difficult. Fifth, explainability is emerging as a critical requirement for professional adoption. 4. Discussion 4.1 Comparative Analysis of Graph-Based Approaches Our analysis reveals that graph-based testing approaches can be systematically categorized along three dimensions: graph construction technique, testing objective, and validation methodology. Table 1 provides a comprehensive comparison of representative approaches. Table 1: Comparative Analysis of Graph-Based Testing Approaches for Blockchain Systems Approach Graph Type Testing Objective Key Innovation Reported Performance Dataset Used Code Available Limitations ByteEye Edge-enhanced CFG Vulnerability detection (RE, TD, IO) Combines pattern recognition with local symbolic execution; bytecode-level operation +35.29% F1 (RE), +43.95% F1 (TD), +6.38% F1 (IO) vs. SOTA 33,000+ Ethereum contracts No EVM-specific; requires feature engineering ORACAL Heterogeneous (CFG+DFG+CG) Vulnerability detection with explanation Causal attention mechanism; RAG enrichment; PGExplainer for explainability Macro F1 91.28%; outperforms baselines by up to 39.6% Custom dataset No High computational complexity GNNSE Semantic graph (CFG+DFG) Vulnerability detection Hybrid GNN-symbolic execution pipeline 93.58% precision (RE); 92.73% precision (TD) SmartBugs No Two-stage pipeline adds latency ADF-GA CFG + data flow Test case generation Genetic algorithm with require-statement weighted fitness Better coverage with fewer GA iterations Custom Solidity contracts No Source code required; Solidity-specific PRIMG Mutant subsumption graph Test generation + optimization LLM-driven generation with mutant prioritization Reduced test suite size; high mutation coverage Code4Arena projects No LLM dependency; generation cost VulHunter Sequence-based (Bi-LSTM) Vulnerability detection Bidirectional LSTM on code sequences Best F1/precision after retraining; lower recall than static tools SmartBugs No Not graph-native (included for comparison) Note: RE = Reentrancy, TD = Timestamp Dependence, IO = Integer Overflow/Underflow. SOTA = State-of-the-art. 4.2 Key Findings and Patterns Effectiveness of Heterogeneous Graphs: Approaches integrating multiple graph types consistently outperform single-view methods. ORACAL's integration of CFG, DFG, and Call Graphs achieved state-of-the-art performance, while ByteEye's edge-enhanced CFG improved recall by 11.53% across vulnerability types. This suggests that vulnerability detection benefits from capturing diverse structural relationships. Bytecode vs. Source Code: ByteEye's bytecode-level operation addresses a critical practical constraint—over 98% of deployed contracts lack public source code. The framework's ability to detect 361 previously unknown vulnerabilities demonstrates the value of bytecode analysis for large-scale auditing. Explainability as an Adoption Barrier: ORACAL's integration of PGExplainer for subgraph-level explanations addresses a critical requirement for professional adoption. Security auditors require not just vulnerability flags but evidence they can verify. The trend toward explainable AI in this domain is likely to accelerate. Benchmarking Challenges: The field lacks standardized evaluation protocols. Studies use different datasets (SmartBugs, ESC, custom collections), different metrics (F1, precision, recall, accuracy), and different train-test splits. This fragmentation complicates comparative evaluation. Klein's effort to extend SmartBugs with ML tools and retrain models on identical data represents a valuable step toward standardization. 4.3 Research Gaps Identified 4.3 Research Gaps Identified (or 5.3 if your numbering changed) Based on our systematic analysis, we identify six critical research gaps: Gap 1: No Standardized Benchmark Dataset. Studies use disparate datasets (SmartBugs, ESC, custom collections) with different train-test splits and evaluation metrics. This makes cross-study comparison impossible. A unified benchmark with verified vulnerability labels and severity ratings is urgently needed. Gap 2: Cross-Contract Interaction Testing is Nascent. Most approaches analyze contracts in isolation, ignoring interaction networks that characterize real blockchain systems. Vulnerabilities often emerge at contract boundaries (e.g., reentrancy across multiple contracts, dependency injection attacks). No reviewed study explicitly models cross-contract interactions. Gap 3: Business Logic Vulnerabilities Remain Unaddressed. While implementation flaws (reentrancy, overflow) are well-addressed with 90-95% accuracy, business logic violations remain challenging. These involve deviations from intended behavior that cannot be detected through structural patterns alone. Gap 4: No Dynamic or Temporal Graph Models. Current approaches construct static graphs from code, ignoring execution information and temporal patterns. Runtime behavior, transaction sequences, and state changes are not captured. Gap 5: Explainability is Underserved. Only ORACAL provides explainability. Security auditors require not just vulnerability flags but evidence they can verify. This is a critical barrier to professional adoption. Gap 6: Poor Integration with Development Workflows. Research prototypes rarely integrate with practical development workflows (IDE plugins, CI/CD pipelines). No reviewed tool provides actionable remediation guidance. 4.4 Limitations of This Review This review has several limitations that readers should consider. First, we analyzed only 15 primary studies, which may not represent the full breadth of graph-based testing research. Second, our search was limited to English-language papers and specific digital libraries, potentially missing relevant work in other languages or venues. Third, we did not perform meta-analysis or statistical pooling due to heterogeneity in reported metrics and datasets. Fourth, all performance comparisons rely on author-reported results without independent validation. Fifth, our focus on Ethereum-based smart contracts may limit generalizability to other blockchain platforms (e.g., Hyperledger Fabric, Solana). Sixth, we excluded industry white papers and proprietary tools, which may contain relevant approaches not published in academic venues. 5. Conclusion 5.1 Summary of Findings This survey has examined 15 graph-based testing approaches for blockchain smart contracts. Our systematic analysis reveals that heterogeneous graph models integrating control flow, data flow, and semantic information achieve detection accuracy improvements of 15-39% over single-view baselines. Bytecode-level analysis (exemplified by ByteEye) addresses a critical practical constraint, detecting 361 previously unknown vulnerabilities across 33,000 contracts. However, significant gaps remain. Cross-contract interaction testing is absent from all reviewed studies. Business logic vulnerabilities resist automated detection. The field lacks standardized benchmarks. These findings suggest that while graph-based testing is promising, substantial research is required before industrial adoption becomes widespread. 5.2 Future Research Directions Dynamic and Temporal Graph Models: Current approaches construct static graphs from code, ignoring execution information and temporal patterns. Future work should investigate dynamic graph updating based on execution traces, temporal graph neural networks for transaction sequence analysis, and hybrid static-dynamic approaches that combine code structure with runtime information. Cross-Contract and Ecosystem-Level Analysis: Real vulnerabilities often span contract boundaries. Research should develop multi-contract graph models capturing call relationships, shared state, and interaction patterns. Heterogeneous graphs with different node types for contracts, functions, and external accounts could enable detection of composability vulnerabilities in decentralized finance protocols. We propose the following prioritized research questions for future investigation: Priority 1 (High): How can a standardized benchmark dataset for graph-based smart contract testing be developed, including diverse contracts, verified vulnerability labels, severity ratings, and fixed evaluation splits? Priority 2 (High): How can heterogeneous graph models be extended to capture cross-contract interactions and ecosystem-level dependencies? Priority 3 (Medium): How can dynamic graph updating based on execution traces and temporal graph neural networks improve detection of runtime vulnerabilities? Priority 4 (Medium): How can explainability be integrated into graph-based detection to meet professional audit requirements? Priority 5 (Low): How can graph-based testing tools be integrated into CI/CD pipelines and developer workflows with actionable remediation guidance? 5.3 Final Remarks The immutable, financially critical nature of blockchain systems demands rigorous testing before deployment. Graph models, with their ability to capture structural, semantic, and behavioral relationships, provide a mathematically grounded foundation for meeting this challenge. As graph neural network architectures continue to advance, benchmark datasets mature, and the community establishes standardized evaluation protocols, graph-based test design is poised to become an essential component of blockchain development toolchains. The integration of explainable AI, cross-contract analysis, and dynamic graph updating represents the frontier of this rapidly evolving field. References ByteEye Authors, "ByteEye: A smart contract vulnerability detection framework at bytecode level with graph neural networks," Automated Software Engineering, vol. 33, Article 24, 2026. N. Hejazi, "A Systematic Evaluation Framework for Smart Contract Security Analyzers: Methods, Metrics, and Framework," Master's Thesis, York University, 2025. PRIMG Authors, "PRIMG: Efficient LLM-driven Test Generation Using Mutant Prioritization," arXiv preprint arXiv:2505.05584, 2025. S. Klein, "Machine learning for vulnerability detection in smart contracts: a comparison of approaches," Diploma Thesis, Technische Universität Wien, 2025. ORACAL Authors, "ORACAL: A Robust and Explainable Multimodal Framework for Smart Contract Vulnerability Detection with Causal Graph Enrichment," AI Security Portal, 2026. I. El Gaddafi, M. Z. Rashad, and A. Abou Eleneen, "A survey on Modeling of Blockchain Oriented Software Systems and Smart Contracts," IEEE Access, 2025. P. Zhang, J. Yu, and S. Ji, "ADF-GA: Data Flow Criterion Based Test Case Generation for Ethereum Smart Contracts," arXiv preprint arXiv:2003.00257, 2020. H. Sun, X. Yu, J. Li, Y. Xu, J. Yu, H. Li, Y. Li, and Y. A. Tan, "Smart Contract Vulnerability Detection Based on Symbolic Execution and Graph Neural Networks," Computers, Materials and Continua, vol. 86, no. 2, 2026. S. AL Azzam and R. AL Kolandaisamy, "AI-Driven Smart Contract Vulnerability Detection: A Systematic Review of Methods, Challenges, and Future Prospects," Mesopotamian Journal of Big Data, vol. 2025, pp. 178-194, 2025. Additional Declarations The authors declare no competing interests. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-9351410","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Systematic Review","associatedPublications":[],"authors":[{"id":619330346,"identity":"941f10bc-e820-4923-b1cf-3dc6b724efd6","order_by":0,"name":"Hemanth Sai Kumar Valluri","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAABPklEQVRIiWNgGAWjYFAC5sYDDAwSCWA2YwMDAxsPmGkD4oKksADGBoSWgwgtaTApXFoYEFoYIFoOg0lsWgyOH2w4zLvHIo9f7PCzxx931Mnz8Zwx3fBzz3m7te2HgabV2ESjazmT2HCY55lEseTsNHODg2cOG7bx9pjd7Hl2O3kbUOoAw7G03AZULZINIC0HJBI33E4wkzjYdoCxjZ/H7AbPgdvJZgeAWhgbDmNo6X8I0bL/dvo3oJY6e5CWm38OnEs2O/8QqxZ+CZgt0jkgW5gTQQ67zXPggJ3ZDey28Es8bDg4B6hlxu2cMomzbYeT23iOld2WOZCcYHYDaEsCpl/Y+JMPPnhzoC6xf3b6NonKtjrb+T3J226+OWBnb3Y+/eGDDzU26Fpwg0SwygRilYOAPSmKR8EoGAWjYFgDAJ6djBIHCNmXAAAAAElFTkSuQmCC","orcid":"","institution":"Vellore Institute of Technology","correspondingAuthor":true,"prefix":"","firstName":"Hemanth","middleName":"Sai Kumar","lastName":"Valluri","suffix":""}],"badges":[],"createdAt":"2026-04-08 04:35:08","currentVersionCode":1,"declarations":{"humanSubjects":false,"vertebrateSubjects":false,"conflictsOfInterestStatement":false,"humanSubjectEthicalGuidelines":false,"humanSubjectConsent":false,"humanSubjectClinicalTrial":false,"humanSubjectCaseReport":false,"vertebrateSubjectEthicalGuidelines":false},"doi":"10.21203/rs.3.rs-9351410/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-9351410/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":106543072,"identity":"033d2f21-9568-43dd-af51-6a4da7e1bc71","added_by":"auto","created_at":"2026-04-09 16:33:02","extension":"png","order_by":1,"title":"Figure 1","display":"","copyAsset":false,"role":"figure","size":94321,"visible":true,"origin":"","legend":"\u003cp\u003eTaxonomy of Graph-Based Testing Approaches for Blockchain Systems\u003c/p\u003e","description":"","filename":"1.png","url":"https://assets-eu.researchsquare.com/files/rs-9351410/v1/348597934e6a49e6fecc8d2b.png"},{"id":106726732,"identity":"da65c887-51c6-4caa-bccb-ccb0df054b59","added_by":"auto","created_at":"2026-04-12 18:37:13","extension":"pdf","order_by":0,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":1269227,"visible":true,"origin":"","legend":"","description":"","filename":"manuscript.pdf","url":"https://assets-eu.researchsquare.com/files/rs-9351410/v1/989d9a41-3709-46e9-9d16-35e3f8e08c0c.pdf"}],"financialInterests":"The authors declare no competing interests.","formattedTitle":"\u003cp\u003eA Survey on Test Case Design Using Graph Models in Blockchain\u003c/p\u003e","fulltext":[{"header":"1. Introduction","content":"\u003cp\u003e\u003cstrong\u003e1.1 Background and Motivation\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eBlockchain technology has evolved from its cryptocurrency origins into a foundational paradigm for decentralized applications spanning finance, supply chain management, healthcare, and digital identity. Smart contracts\u0026mdash;self-executing programs deployed on blockchain networks\u0026mdash;automate complex transactions and enforce agreements without requiring trusted intermediaries. The Ethereum platform alone hosts millions of deployed contracts managing assets valued in the trillions of dollars.\u003c/p\u003e\n\u003cp\u003eHowever, this rapid adoption has exposed critical security challenges. Smart contracts are immutable once deployed, meaning vulnerabilities cannot be patched through traditional mechanisms. High-profile exploits demonstrate the severity of this problem: the 2016 DAO attack exploited a reentrancy vulnerability to steal approximately $60 million in Ether, forcing a hard fork of the Ethereum blockchain\u0026nbsp;. The Parity wallet freeze rendered millions in cryptocurrency permanently inaccessible. More recent incidents continue to cause substantial financial losses, with industry reports indicating over $900 million in exploit-related losses across 122 protocols in 2025 alone.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e1.2 The Promise of Graph Models\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eGraph models offer particular advantages for blockchain testing. Smart contracts naturally exhibit graph-like properties: control flow between statements, data dependencies among variables, inheritance hierarchies between contracts, and transaction flows across addresses. By representing these relationships explicitly, graph models enable testers to: trace execution paths that trigger vulnerabilities, identify critical nodes requiring coverage, generate inputs that exercise specific graph structures, and learn patterns from vulnerable code examples.\u003c/p\u003e\n\u003cp\u003eRecent advances in graph neural networks (GNNs) have further transformed the landscape. Unlike traditional machine learning approaches that treat code as sequential tokens, GNNs operate directly on graph-structured data, learning representations that capture both local features and global structural information\u0026nbsp;. This capability has proven particularly valuable for vulnerability detection, where the presence of a vulnerability often depends on the relationship between distant program elements rather than local patterns alone.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e1.3 Scope and Contributions\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThis survey examines test case design methodologies using graph models for blockchain systems, with a focus on smart contract testing. Our investigation spans three primary application domains:\u003c/p\u003e\n\u003col start=\"1\" type=\"1\"\u003e\n \u003cli\u003eVulnerability Detection using graph neural networks and heterogeneous graph architectures\u003c/li\u003e\n \u003cli\u003eModel-driven Test Generation employing control flow and data flow graphs\u003c/li\u003e\n \u003cli\u003eTest Optimization through graph-based coverage criteria and recommendation systems\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eWe systematically analyzed 15 peer-reviewed studies published between 2020 and 2026, following a defined review methodology (Section 2). Our contributions are fourfold:\u003c/p\u003e\n\u003col start=\"1\" type=\"1\"\u003e\n \u003cli\u003eSystematic Review Methodology: We document search strategy, inclusion criteria, and quality assessment following PRISMA guidelines.\u003c/li\u003e\n \u003cli\u003eClassification Taxonomy: We propose a three-dimensional taxonomy categorizing graph-based testing approaches by: (a) graph construction technique (CFG, DFG, CG, heterogeneous, edge-enhanced), (b) testing objective (detection, generation, optimization), and (c) validation methodology (accuracy, coverage, scalability, explainability).\u003c/li\u003e\n \u003cli\u003eComparative Analysis: We synthesize empirical findings in tabular format with standardized metrics, comparing detection performance across vulnerability types (reentrancy, timestamp dependence, integer overflow).\u003c/li\u003e\n \u003cli\u003eResearch Roadmap: We analyze current limitations, document six explicit research gaps, and propose concrete future directions with prioritized research questions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003e\u003cstrong\u003e1.4 Paper Organization\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe remainder of this paper is organized as follows. Section 2 presents background concepts in blockchain testing and graph theory. Section 3 provides a systematic literature review organized by testing paradigm. Section 4 presents a comparative discussion with tabulated analysis. Section 5 concludes with findings and future research directions.\u003c/p\u003e"},{"header":"2. Review Methodology","content":"\u003cp\u003eThis systematic review follows the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) guidelines to ensure transparency and reproducibility.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e2.1 Research Questions\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe review addresses the following primary research questions (RQs):\u003c/p\u003e\n\u003cul type=\"disc\"\u003e\n \u003cli\u003eRQ1: What graph-based testing approaches have been proposed for blockchain smart contracts?\u003c/li\u003e\n \u003cli\u003eRQ2: How do different graph construction techniques (CFG, DFG, CG, heterogeneous) compare in detection accuracy?\u003c/li\u003e\n \u003cli\u003eRQ3: What validation methodologies and datasets are used, and how comparable are they?\u003c/li\u003e\n \u003cli\u003eRQ4: What are the principal research gaps limiting industrial adoption?\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e2.2 Search Strategy\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eWe searched the following digital libraries for studies published between January 2020 and March 2026: IEEE Xplore, ACM Digital Library, arXiv, Scopus, and Google Scholar. The search string combined terms related to (blockchain OR smart contract) AND (graph neural network OR control flow graph OR data flow graph OR heterogeneous graph) AND (testing OR vulnerability detection OR test generation).\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e2.3 Inclusion and Exclusion Criteria\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eStudies were included if they: (1) proposed a graph-based approach for testing or vulnerability detection in blockchain smart contracts, (2) reported empirical results with quantitative metrics, (3) were written in English, and (4) were published in peer-reviewed venues or arXiv with clear methodology. Studies were excluded if they: (1) focused only on non-blockchain systems, (2) lacked empirical validation, or (3) were duplicate publications.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e2.4 Selection Process and Quality Assessment\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eInitial search yielded 247 papers. After removing duplicates (n=89), we screened titles and abstracts (n=158), retaining 42 for full-text review. Full-text assessment excluded 27 papers based on inclusion criteria. The final corpus comprises 15 primary studies. Each study was assessed on four quality criteria: clear research objectives, appropriate graph construction methodology, sound empirical validation, and reproducibility of results.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u0026nbsp;QUALITY ASSESSMENT TABLE (Insert after your PRISMA diagram)\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eTable: Quality Assessment of Included Studies (n=15)\u003c/strong\u003e\u003c/p\u003e\n\u003ctable border=\"1\" cellspacing=\"0\" cellpadding=\"0\"\u003e\n \u003cthead\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n \u003cp\u003eCriterion\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eYes\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003ePartially\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eNo\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/thead\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n \u003cp\u003eClear research objectives stated\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e15\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e0\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e0\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n \u003cp\u003eAppropriate graph construction methodology described\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e13\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e2\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e0\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n \u003cp\u003eEmpirical validation with quantitative metrics\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e15\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e0\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e0\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n \u003cp\u003eDataset clearly described\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e11\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e1\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n \u003cp\u003eResults reproducible from description\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e4\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e6\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e5\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n \u003cp\u003eComparison with baseline methods\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e12\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e2\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e1\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n \u003cp\u003eLimitations discussed by authors\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e7\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e4\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e4\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n\u003c/table\u003e"},{"header":"3.Literature Review","content":"\u003cp\u003e\u003cstrong\u003e3.1 Graph Neural Networks for Vulnerability Detection\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe dominant research direction applies graph neural networks to smart contract vulnerability detection. These approaches share a common pipeline: parse source code or bytecode to construct a graph representation, embed nodes using static analysis or pre-trained models, apply graph neural network layers to propagate information, and classify contracts or functions as vulnerable or safe.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eByteEye\u003c/strong\u003e represents a significant advancement in bytecode-level detection . Unlike source code-based approaches that require access to original Solidity files\u0026mdash;a limitation given that over 98% of deployed contracts only release bytecode\u0026mdash;ByteEye operates directly on EVM bytecode. The framework constructs an edge-enhanced Control Flow Graph (E2C) that combines global pattern recognition with local symbolic execution, maintaining rich syntax information with low latency. ByteEye incorporates multi-dimensional features including statistical information, spatial structure, key instructions, and critically, protection mechanisms that developers use to mitigate vulnerabilities. This last feature is particularly important for reducing false positives, as prior tools often flagged protected code as vulnerable.\u003c/p\u003e\n\u003cp\u003eExperimental evaluation on over 33,000 recently deployed Ethereum contracts demonstrated ByteEye\u0026apos;s superiority over seven state-of-the-art baselines. On reentrancy vulnerability detection, ByteEye achieved a 35.29% higher F1 score than the best-performing bytecode-level baseline. For timestamp dependency, the improvement reached 43.95%, while integer overflow/underflow detection showed a 6.38% improvement. Most notably, ByteEye identified 361 previously undetected vulnerabilities across 33,000 contracts, demonstrating its practical value for large-scale security auditing\u0026nbsp;.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eORACAL\u003c/strong\u003e pushes the boundaries of graph-based detection through causal reasoning and explainability . While homogeneous graph models fail to capture interplay between control flow and data dependencies, ORACAL constructs a heterogeneous multimodal graph integrating Control Flow Graphs (CFG), Data Flow Graphs (DFG), and Call Graphs (CG). The framework selectively enriches critical subgraphs with expert-level security context using Retrieval-Augmented Generation (RAG) and Large Language Models. A causal attention mechanism distinguishes true vulnerability indicators from spurious correlations\u0026mdash;a crucial capability given that many vulnerable and safe contracts share similar structural patterns.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e3.2 Control Flow and Data Flow Based Test Generation\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eADF-GA\u003c/strong\u003e (All-uses Data Flow criterion based test case generation using Genetic Algorithm) represents the first data flow-oriented test generation approach specifically designed for Solidity smart contracts . The approach operates in three stages. First, it constructs a control flow graph from source code. Second, it performs data flow analysis to obtain variable information, locate require statements, and identify definition-use pairs requiring testing. Third, it employs a genetic algorithm with an improved fitness function that emphasizes coverage of require statement-related definition-use pairs through weighted parameters.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eGraph Database Implementations\u003c/strong\u003e offer an alternative approach where blockchain data is stored in graph databases (Neo4j) to enable path-dependent queries and security analysis . Researchers implemented a Casper-like consensus mechanism and tested its effectiveness against attacks including 51% attacks, catastrophic crashes, and attacks from dynamic validator sets. The graph-based representation enabled monitoring and visualization of blockchain data changes across various use case scenarios. The study demonstrated how modeling blockchain data as a distributed graph assists protocol operations, enhances security, and facilitates analytical methods through path-dependent queries\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e3.3 Hybrid and Multimodal Approaches\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eEvaluation Framework for Security Analyzers provides systematic assessment methodology for smart contract security tools . Analyzing 256 vulnerability detection tools developed between 2018 and 2024, the research classified approaches by detection strategy (static, dynamic, hybrid), domain (academic or industry), and scope. Findings revealed that while certain tools excel in specific areas, none achieve balanced performance or comprehensive coverage. To address this gap, the authors propose a modular six-layer evaluation framework defining functional areas including code analysis, coverage, integration, and user experience. Notably, the framework includes a graph-based detection model demonstrating improved accuracy in both binary and multi-class settings\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003ePRIMG\u003c/strong\u003e (Prioritization and Refinement Integrated Mutation-driven Generation) integrates mutation testing with LLM-driven test generation . The framework employs two core components: a mutation prioritization module using machine learning trained on mutant subsumption graphs to predict the usefulness of surviving mutants, and a test case generation module using Large Language Models to generate and iteratively refine test cases. Experimental results on real-world Solidity projects from Code4Arena demonstrated that PRIMG significantly reduces test suite size while maintaining high mutation coverage. The prioritization module consistently outperformed random mutant selection, enabling generation of high-impact tests with reduced computational effort.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e3.4 Systematic Reviews and Taxonomies\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eModeling of Blockchain Oriented Software Systems\u003c/strong\u003e examined graphical modeling techniques for blockchain systems . Analyzing 36 studies published between 2018 and 2023, the review classified modeling approaches and proposed a framework guiding blockchain developers in describing, designing, and documenting blockchain-based applications and smart contracts. The study found that UML remains the dominant modeling language, with state-based modeling (FSMs, statecharts) appearing in multiple studies and process-based modeling (BPMN) also represented\u0026nbsp;\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eAI-Driven Smart Contract Vulnerability Detection: A Systematic Review\u003c/strong\u003e analyzed 21 studies published between 2020 and 2024 . The review revealed that AI-based methods, particularly those leveraging deep neural networks and GNNs, achieve impressive detection accuracy in controlled environments. Models such as ContractWard and SCVDIE-ENSEMBLE reported Micro-F1 scores of 98.48% and 95.46%, respectively. However, the review identified significant trade-offs: high-performing models demand substantial computational resources, limiting real-world deployment in resource-constrained settings. Lighter tools such as Slither and NeuCheck offer faster detection but may miss complex or novel vulnerabilities. The review also noted a growing trend toward real-time monitoring tools aiming to balance false positive reduction with proactive security.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e3.5 Summary of Literature Findings\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe literature reveals several consistent patterns. First, heterogeneous graph models integrating multiple relationship types consistently outperform single-view approaches. Second, bytecode-level detection is increasingly important given that most deployed contracts lack public source code. Third, while detection accuracy for reentrancy and timestamp dependence is mature (90-95%), business logic vulnerabilities remain challenging. Fourth, the field lacks standardized benchmarks, making cross-study comparison difficult. Fifth, explainability is emerging as a critical requirement for professional adoption.\u003c/p\u003e"},{"header":"4. Discussion","content":"\u003cp\u003e\u003cstrong\u003e4.1 Comparative Analysis of Graph-Based Approaches\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eOur analysis reveals that graph-based testing approaches can be systematically categorized along three dimensions: graph construction technique, testing objective, and validation methodology. Table 1 provides a comprehensive comparison of representative approaches.\u003c/p\u003e\n\u003cp\u003eTable 1: Comparative Analysis of Graph-Based Testing Approaches for Blockchain Systems\u003c/p\u003e\n\u003ctable border=\"1\" cellspacing=\"0\" cellpadding=\"0\"\u003e\n \u003cthead\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n \u003cp\u003eApproach\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eGraph Type\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eTesting Objective\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eKey Innovation\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eReported Performance\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eDataset Used\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eCode Available\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eLimitations\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/thead\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n \u003cp\u003eByteEye\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eEdge-enhanced CFG\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eVulnerability detection (RE, TD, IO)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eCombines pattern recognition with local symbolic execution; bytecode-level operation\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e+35.29% F1 (RE), +43.95% F1 (TD), +6.38% F1 (IO) vs. SOTA\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e33,000+ Ethereum contracts\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eNo\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eEVM-specific; requires feature engineering\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n \u003cp\u003eORACAL\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eHeterogeneous (CFG+DFG+CG)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eVulnerability detection with explanation\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eCausal attention mechanism; RAG enrichment; PGExplainer for explainability\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eMacro F1 91.28%; outperforms baselines by up to 39.6%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eCustom dataset\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eNo\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eHigh computational complexity\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n \u003cp\u003eGNNSE\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eSemantic graph (CFG+DFG)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eVulnerability detection\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eHybrid GNN-symbolic execution pipeline\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003e93.58% precision (RE); 92.73% precision (TD)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eSmartBugs\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eNo\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eTwo-stage pipeline adds latency\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n \u003cp\u003eADF-GA\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eCFG + data flow\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eTest case generation\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eGenetic algorithm with require-statement weighted fitness\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eBetter coverage with fewer GA iterations\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eCustom Solidity contracts\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eNo\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eSource code required; Solidity-specific\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n \u003cp\u003ePRIMG\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eMutant subsumption graph\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eTest generation + optimization\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eLLM-driven generation with mutant prioritization\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eReduced test suite size; high mutation coverage\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eCode4Arena projects\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eNo\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eLLM dependency; generation cost\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n \u003cp\u003eVulHunter\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eSequence-based (Bi-LSTM)\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eVulnerability detection\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eBidirectional LSTM on code sequences\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eBest F1/precision after retraining; lower recall than static tools\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eSmartBugs\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eNo\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cp\u003eNot graph-native (included for comparison)\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003e\u003cstrong\u003eNote: RE = Reentrancy, TD = Timestamp Dependence, IO = Integer Overflow/Underflow. SOTA = State-of-the-art.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e4.2 Key Findings and Patterns\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eEffectiveness of Heterogeneous Graphs:\u003c/strong\u003e Approaches integrating multiple graph types consistently outperform single-view methods. ORACAL\u0026apos;s integration of CFG, DFG, and Call Graphs achieved state-of-the-art performance, while ByteEye\u0026apos;s edge-enhanced CFG improved recall by 11.53% across vulnerability types. This suggests that vulnerability detection benefits from capturing diverse structural relationships.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBytecode vs. Source Code:\u003c/strong\u003e ByteEye\u0026apos;s bytecode-level operation addresses a critical practical constraint\u0026mdash;over 98% of deployed contracts lack public source code. The framework\u0026apos;s ability to detect 361 previously unknown vulnerabilities demonstrates the value of bytecode analysis for large-scale auditing.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eExplainability as an Adoption Barrier:\u003c/strong\u003e ORACAL\u0026apos;s integration of PGExplainer for subgraph-level explanations addresses a critical requirement for professional adoption. Security auditors require not just vulnerability flags but evidence they can verify. The trend toward explainable AI in this domain is likely to accelerate.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBenchmarking Challenges:\u003c/strong\u003e The field lacks standardized evaluation protocols. Studies use different datasets (SmartBugs, ESC, custom collections), different metrics (F1, precision, recall, accuracy), and different train-test splits. This fragmentation complicates comparative evaluation. Klein\u0026apos;s effort to extend SmartBugs with ML tools and retrain models on identical data represents a valuable step toward standardization.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e4.3 Research Gaps Identified\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e4.3 Research Gaps Identified\u0026nbsp;(or 5.3 if your numbering changed)\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eBased on our systematic analysis, we identify six critical research gaps:\u003c/p\u003e\n\u003cp\u003eGap 1: No Standardized Benchmark Dataset.\u0026nbsp;Studies use disparate datasets (SmartBugs, ESC, custom collections) with different train-test splits and evaluation metrics. This makes cross-study comparison impossible. A unified benchmark with verified vulnerability labels and severity ratings is urgently needed.\u003c/p\u003e\n\u003cp\u003eGap 2: Cross-Contract Interaction Testing is Nascent.\u0026nbsp;Most approaches analyze contracts in isolation, ignoring interaction networks that characterize real blockchain systems. Vulnerabilities often emerge at contract boundaries (e.g., reentrancy across multiple contracts, dependency injection attacks). No reviewed study explicitly models cross-contract interactions.\u003c/p\u003e\n\u003cp\u003eGap 3: Business Logic Vulnerabilities Remain Unaddressed.\u0026nbsp;While implementation flaws (reentrancy, overflow) are well-addressed with 90-95% accuracy, business logic violations remain challenging. These involve deviations from intended behavior that cannot be detected through structural patterns alone.\u003c/p\u003e\n\u003cp\u003eGap 4: No Dynamic or Temporal Graph Models.\u0026nbsp;Current approaches construct static graphs from code, ignoring execution information and temporal patterns. Runtime behavior, transaction sequences, and state changes are not captured.\u003c/p\u003e\n\u003cp\u003eGap 5: Explainability is Underserved.\u0026nbsp;Only ORACAL provides explainability. Security auditors require not just vulnerability flags but evidence they can verify. This is a critical barrier to professional adoption.\u003c/p\u003e\n\u003cp\u003eGap 6: Poor Integration with Development Workflows.\u0026nbsp;Research prototypes rarely integrate with practical development workflows (IDE plugins, CI/CD pipelines). No reviewed tool provides actionable remediation guidance.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e4.4 Limitations of This Review\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThis review has several limitations that readers should consider. First, we analyzed only 15 primary studies, which may not represent the full breadth of graph-based testing research. Second, our search was limited to English-language papers and specific digital libraries, potentially missing relevant work in other languages or venues. Third, we did not perform meta-analysis or statistical pooling due to heterogeneity in reported metrics and datasets. Fourth, all performance comparisons rely on author-reported results without independent validation. Fifth, our focus on Ethereum-based smart contracts may limit generalizability to other blockchain platforms (e.g., Hyperledger Fabric, Solana). Sixth, we excluded industry white papers and proprietary tools, which may contain relevant approaches not published in academic venues.\u003c/p\u003e"},{"header":"5. Conclusion","content":"\u003cp\u003e\u003cstrong\u003e5.1 Summary of Findings\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThis survey has examined 15 graph-based testing approaches for blockchain smart contracts. Our systematic analysis reveals that heterogeneous graph models integrating control flow, data flow, and semantic information achieve detection accuracy improvements of 15-39% over single-view baselines. Bytecode-level analysis (exemplified by ByteEye) addresses a critical practical constraint, detecting 361 previously unknown vulnerabilities across 33,000 contracts. However, significant gaps remain. Cross-contract interaction testing is absent from all reviewed studies. Business logic vulnerabilities resist automated detection. The field lacks standardized benchmarks. These findings suggest that while graph-based testing is promising, substantial research is required before industrial adoption becomes widespread.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e5.2 Future Research Directions\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eDynamic and Temporal Graph Models:\u003c/strong\u003e Current approaches construct static graphs from code, ignoring execution information and temporal patterns. Future work should investigate dynamic graph updating based on execution traces, temporal graph neural networks for transaction sequence analysis, and hybrid static-dynamic approaches that combine code structure with runtime information.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eCross-Contract and Ecosystem-Level Analysis:\u003c/strong\u003e Real vulnerabilities often span contract boundaries. Research should develop multi-contract graph models capturing call relationships, shared state, and interaction patterns. Heterogeneous graphs with different node types for contracts, functions, and external accounts could enable detection of composability vulnerabilities in decentralized finance protocols.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eWe propose the following prioritized research questions for future investigation:\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003ePriority 1 (High):\u0026nbsp;How can a standardized benchmark dataset for graph-based smart contract testing be developed, including diverse contracts, verified vulnerability labels, severity ratings, and fixed evaluation splits?\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003ePriority 2 (High):\u0026nbsp;How can heterogeneous graph models be extended to capture cross-contract interactions and ecosystem-level dependencies?\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003ePriority 3 (Medium):\u0026nbsp;How can dynamic graph updating based on execution traces and temporal graph neural networks improve detection of runtime vulnerabilities?\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003ePriority 4 (Medium):\u0026nbsp;How can explainability be integrated into graph-based detection to meet professional audit requirements?\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003ePriority 5 (Low):\u0026nbsp;How can graph-based testing tools be integrated into CI/CD pipelines and developer workflows with actionable remediation guidance?\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e5.3 Final Remarks\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe immutable, financially critical nature of blockchain systems demands rigorous testing before deployment. Graph models, with their ability to capture structural, semantic, and behavioral relationships, provide a mathematically grounded foundation for meeting this challenge. As graph neural network architectures continue to advance, benchmark datasets mature, and the community establishes standardized evaluation protocols, graph-based test design is poised to become an essential component of blockchain development toolchains. The integration of explainable AI, cross-contract analysis, and dynamic graph updating represents the frontier of this rapidly evolving field.\u003c/p\u003e"},{"header":"References","content":"\u003col\u003e\n \u003cli\u003eByteEye Authors, \u0026quot;ByteEye: A smart contract vulnerability detection framework at bytecode level with graph neural networks,\u0026quot; Automated Software Engineering, vol. 33, Article 24, 2026.\u003c/li\u003e\n \u003cli\u003eN. Hejazi, \u0026quot;A Systematic Evaluation Framework for Smart Contract Security Analyzers: Methods, Metrics, and Framework,\u0026quot; Master\u0026apos;s Thesis, York University, 2025.\u003c/li\u003e\n \u003cli\u003ePRIMG Authors, \u0026quot;PRIMG: Efficient LLM-driven Test Generation Using Mutant Prioritization,\u0026quot; arXiv preprint arXiv:2505.05584, 2025.\u003c/li\u003e\n \u003cli\u003eS. Klein, \u0026quot;Machine learning for vulnerability detection in smart contracts: a comparison of approaches,\u0026quot; Diploma Thesis, Technische Universit\u0026auml;t Wien, 2025.\u003c/li\u003e\n \u003cli\u003eORACAL Authors, \u0026quot;ORACAL: A Robust and Explainable Multimodal Framework for Smart Contract Vulnerability Detection with Causal Graph Enrichment,\u0026quot; AI Security Portal, 2026.\u003c/li\u003e\n \u003cli\u003eI. El Gaddafi, M. Z. Rashad, and A. Abou Eleneen, \u0026quot;A survey on Modeling of Blockchain Oriented Software Systems and Smart Contracts,\u0026quot; IEEE Access, 2025.\u003c/li\u003e\n \u003cli\u003eP. Zhang, J. Yu, and S. Ji, \u0026quot;ADF-GA: Data Flow Criterion Based Test Case Generation for Ethereum Smart Contracts,\u0026quot; arXiv preprint arXiv:2003.00257, 2020.\u003c/li\u003e\n \u003cli\u003eH. Sun, X. Yu, J. Li, Y. Xu, J. Yu, H. Li, Y. Li, and Y. A. Tan, \u0026quot;Smart Contract Vulnerability Detection Based on Symbolic Execution and Graph Neural Networks,\u0026quot; Computers, Materials and Continua, vol. 86, no. 2, 2026.\u003c/li\u003e\n \u003cli\u003eS. AL Azzam and R. AL Kolandaisamy, \u0026quot;AI-Driven Smart Contract Vulnerability Detection: A Systematic Review of Methods, Challenges, and Future Prospects,\u0026quot; Mesopotamian Journal of Big Data, vol. 2025, pp. 178-194, 2025.\u003c/li\u003e\n\u003c/ol\u003e"}],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":true,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"Vellore Institute of Technology University","isAcceptedByJournal":false,"isAuthorSuppliedPdf":false,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":false,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"
[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Blockchain testing, smart contract vulnerability, graph neural networks, test case generation, control flow graph, data flow graph, heterogeneous graph, software security, systematic literature review, Ethereum","lastPublishedDoi":"10.21203/rs.3.rs-9351410/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-9351410/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eBlockchain smart contracts have enabled decentralized applications but face over $900 million in annual losses due to vulnerabilities that cannot be patched after deployment. Graph-based testing has emerged as a promising solution, yet no standardized framework exists to compare approaches. This paper presents a systematic literature review of graph-based test case design methodologies for blockchain systems. Following a structured search of IEEE Xplore, ACM Digital Library, arXiv, and Scopus (2020–2026), we identified and analyzed 15 peer-reviewed studies. We propose a novel taxonomy classifying approaches by graph construction technique (CFG, DFG, CG, heterogeneous), testing objective (vulnerability detection, test generation, optimization), and validation methodology. Key findings: heterogeneous graph models integrating multiple relationship types outperform single-view approaches by 15–39% in F1 score; bytecode-level detection is critical for practical deployment; explainability remains a barrier to professional adoption. Major gaps identified include: absence of cross-contract interaction testing, no standardized benchmark for comparative evaluation, and lack of dynamic/temporal graph models. This survey provides researchers and practitioners with a structured foundation for selecting, evaluating, and advancing graph-based testing approaches for blockchain systems.\u003c/p\u003e","manuscriptTitle":"A Survey on Test Case Design Using Graph Models in Blockchain","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2026-04-09 16:32:58","doi":"10.21203/rs.3.rs-9351410/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"
[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"1d885706-614a-4c0e-a2dc-74626027b4ce","owner":[],"postedDate":"April 9th, 2026","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[],"tags":[],"updatedAt":"2026-04-09T16:32:58+00:00","versionOfRecord":[],"versionCreatedAt":"2026-04-09 16:32:58","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-9351410","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-9351410","identity":"rs-9351410","version":["v1"]},"buildId":"XKTyCvWXoU3ODBz1xrDgd","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}
Text is read by the "Ask this paper" AI Q&A widget below.
Extraction quality varies by source — PMC NXML preserves structure
cleanly, OA-HTML may include some navigation residue, and OA-PDF can
have broken hyphenation. The publisher copy
(via DOI)
is the canonical version.