We introduce the MoveEVM Weakness Classification (MWC) system -- a dedicated vulnerability taxonomy for smart contracts built with Move and executed in EVM-compatible environments. While Move was originally designed to prevent common security flaws via linear resource types and strict ownership, its integration with EVM bytecode introduces novel hybrid vulnerabilities not captured by existing systems like the SWC registry. Our taxonomy spans 37 categorized vulnerability types (MWC-100 to MWC-136) across six semantic frames, addressing issues such as hybrid gas metering, capability misuse, meta-transaction spoofing, and AI-integrated logic. Through analysis of real-world contracts from Aptos and Sui, we demonstrate that current verification tools often miss these hybrid risks. We also explore how formal methods and LLM-based audit agents can operationalize this classification, enabling scalable, logic-aware smart contract auditing. MWC lays the foundation for more secure and verifiable contracts in next-generation blockchain systems. (Shortened Abstract)

翻译：本文提出MoveEVM弱点分类（MWC）系统——一套专为基于Move语言开发并在EVM兼容环境中执行的智能合约设计的漏洞分类体系。尽管Move最初通过线性资源类型和严格所有权机制来防范常见安全缺陷，但其与EVM字节码的集成引入了新型混合漏洞，这些漏洞未被SWC注册表等现有分类体系涵盖。我们的分类体系涵盖六大语义框架下的37类漏洞（MWC-100至MWC-136），涉及混合燃料计量、能力滥用、元交易欺骗及AI集成逻辑等问题。通过对Aptos和Sui实际合约的分析，我们证明当前验证工具常遗漏这些混合风险。本文还探讨了如何通过形式化方法和基于LLM的审计代理实现该分类体系的操作化，从而支持可扩展、具备逻辑感知能力的智能合约审计。MWC为新一代区块链系统中构建更安全、可验证的合约奠定了基础。（摘要简版）