Static detection of smart contract vulnerabilities—such as reentrancy—suffers from high false-positive rates and poor scalability. Method: This paper proposes a precise static analysis framework based on bounded game semantics: it models contract execution as an interactive two-player game between the contract and its environment, and achieves zero false positives (up to the EVM-Yul interpreter layer) and bounded completeness by enumerating all feasible bounded execution traces. It is the first work to introduce game semantics into smart contract analysis, enabling Solidity-level domain knowledge injection and automatic propagation to the Yul intermediate representation. The approach integrates Solidity-to-Yul instrumentation with full-trace exploration optimizations to enhance scalability without sacrificing precision. Results: The method successfully reproduces known vulnerabilities and generates executable triggering traces for real-world contracts—including The DAO, PredyPool, and Lendf.Me—and confirms zero false positives post-fixing. Benchmark evaluations demonstrate both high precision and practical applicability.

We present a new approach to finding smart contract vulnerabilities that is precise (no false positives up to our EVM-Yul interpreter), bounded-complete, and, when instrumented with domain knowledge, scales to real-world contracts. Our method is based on game semantics, modelling computation as an interaction between a contract and its environment, reducing reasoning about unknown or malicious external contracts to trace enumeration. We implement this in a tool we refer to as YulToolkit, a bounded game-semantics checker for Yul, the intermediate language of Solidity. By exploring only feasible interactions, YulToolkit avoids over-approximation, and by relying on the theory of game semantics it achieves bounded completeness. To make exploration tractable, YulToolkit supports instrumentation written in Solidity and propagated to Yul, comparable in effort to creating a test harness. Unlike tests, however, our technique explores all admissible traces within the chosen parameters and bounds. We evaluate YulToolkit on three real-world incidents: The DAO, PredyPool, and Lendf.Me, as well as benchmark contracts. In all cases, YulToolkit detects the known vulnerabilities (producing a violation-triggering trace), and after applying fixes, reports no further violations within bounds. These results show that bounded game semantics exploration is an effective and precise addition to the smart contract analysis toolbox, particularly for vulnerabilities such as reentrancy that are hard to detect precisely in real code.