Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
194 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

DeFiTail: DeFi Protocol Inspection through Cross-Contract Execution Analysis (2405.11035v1)

Published 17 May 2024 in cs.CR

Abstract: Decentralized finance (DeFi) protocols are crypto projects developed on the blockchain to manage digital assets. Attacks on DeFi have been frequent and have resulted in losses exceeding \$77 billion. However, detection methods for malicious DeFi events are still lacking. In this paper, we propose DeFiTail, the first framework that utilizes deep learning to detect access control and flash loan exploits that may occur on DeFi. Since the DeFi protocol events involve invocations with multi-account transactions, which requires execution path unification with different contracts. Moreover, to mitigate the impact of mistakes in Control Flow Graph (CFG) connections, we validate the data path by employing the symbolic execution stack. Furthermore, we feed the data paths through our model to achieve the inspection of DeFi protocols. Experimental results indicate that DeFiTail achieves the highest accuracy, with 98.39% in access control and 97.43% in flash loan exploits. DeFiTail also demonstrates an enhanced capability to detect malicious contracts, identifying 86.67% accuracy from the CVE dataset.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (27)
  1. Ethainter: a smart contract security analyzer for composite vulnerabilities 2020. In Proc. of PLDI. 454–469.
  2. Jiachi Chen. Finding Ethereum Smart Contracts Security Issues by Comparing History Versions 2020. In Proc. of ASE. 1382–1384.
  3. A large-scale empirical study on control flow identification of smart contracts 2019. In Proc. of ESEM. 1–11.
  4. Solidity Engineers. Top Crypto Hacks 2023. https://de.fi/rekt-database
  5. Zhipeng Gao. When deep learning meets smart contracts 2020. In Proc. of ASE. 1400–1402.
  6. Smartembed: A tool for clone and bug detection in smart contracts through structural code embedding 2019. In Proc. of ICSME. 394–397.
  7. AChecker: Statically Detecting Smart Contract Access Control Vulnerabilities 2023. In Proc. of ICSE. 1–12.
  8. Wenkai Li. DeFiTail artifact 2023. http://doi.org/10.6084/m9.figshare.24117993.
  9. Security analysis of DeFi: Vulnerabilities, attacks and advances 2022a. In Proc. of Blockchain. 488–493.
  10. A survey of DeFi security: Challenges and opportunities 2022b. Journal of King Saud University-Computer and Information Sciences 34, 10, 10378–10404.
  11. CLUE: towards discovering locked cryptocurrencies in ethereum 2021. In Proc. of SAC. 1584–1587.
  12. Characterizing erasable accounts in ethereum 2020. In Proc. of ISC. 352–371.
  13. An Overview of AI and Blockchain Integration for Privacy-Preserving 2023. arXiv preprint arXiv:2305.03928.
  14. BertGCN: Transductive Text Classification by Combining GNN and BERT 2021. In Proc. of ACL. 1456–1462.
  15. Finding permission bugs in smart contracts with role mining 2022. In Proc. of ISSTA. 716–727.
  16. Pluto: Exposing vulnerabilities in inter-contract scenarios 2021. IEEE Transactions on Software Engineering 48, 11, 4380–4396.
  17. Mythril. A Security Analysis Tool. 2019. https://github.com/ConsenSys/mythril
  18. Attacking the defi ecosystem with flash loans for fun and profit 2021. In Proc. of FC. 3–32.
  19. Quantstamp. Quantstamp 2023. https://quantstamp.com/economic-exploits
  20. Midnight: An Efficient Event-driven EVM Transaction Security Monitoring Approach For Flash Loan Detection 2023. In Proc. of JCSSE. 237–241.
  21. SmarTest: Effectively Hunting Vulnerable Transaction Sequences in Smart Contracts through Language Model-Guided Symbolic Execution 2021. In Proc. of USENIX Security. 17–20.
  22. Blockeye: Hunting for defi attacks on blockchain 2021a. In Proc. of ICSE. 17–20.
  23. Towards a first step to understand flash loan and its applications in defi ecosystem 2021b. In Proc. of ASIA-CCS. 23–28.
  24. Graph convolutional networks for text classification 2019. In Proc. of AAAI. 7370–7377.
  25. TXSPECTOR: Uncovering attacks in ethereum from transactions 2020. In Proc. of USENIX Security. 2775–2792.
  26. Authros: Secure data sharing among robot operating systems based on ethereum 2022. In Proc. of QRS. 147–156.
  27. Smart contract vulnerability detection using graph neural networks 2021. In Proc. of IJCAI. 3283–3290.
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets