DeFiTail: DeFi Protocol Inspection through Cross-Contract Execution Analysis
- URL: http://arxiv.org/abs/2405.11035v1
- Date: Fri, 17 May 2024 18:14:19 GMT
- Title: DeFiTail: DeFi Protocol Inspection through Cross-Contract Execution Analysis
- Authors: Wenkai Li, Xiaoqi Li, Yuqing Zhang, Zongwei Li,
- Abstract summary: Decentralized finance (DeFi) protocols are crypto projects developed on the blockchain to manage digital assets.
We propose DeFiTail, the first framework that utilizes deep learning to detect access control and flash loan exploits.
DeFiTail achieves the highest accuracy, with 98.39% in access control and 97.43% in flash loan exploits.
- Score: 4.891180928768215
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Decentralized finance (DeFi) protocols are crypto projects developed on the blockchain to manage digital assets. Attacks on DeFi have been frequent and have resulted in losses exceeding \$77 billion. However, detection methods for malicious DeFi events are still lacking. In this paper, we propose DeFiTail, the first framework that utilizes deep learning to detect access control and flash loan exploits that may occur on DeFi. Since the DeFi protocol events involve invocations with multi-account transactions, which requires execution path unification with different contracts. Moreover, to mitigate the impact of mistakes in Control Flow Graph (CFG) connections, we validate the data path by employing the symbolic execution stack. Furthermore, we feed the data paths through our model to achieve the inspection of DeFi protocols. Experimental results indicate that DeFiTail achieves the highest accuracy, with 98.39% in access control and 97.43% in flash loan exploits. DeFiTail also demonstrates an enhanced capability to detect malicious contracts, identifying 86.67% accuracy from the CVE dataset.
Related papers
- Secure Smart Contract with Control Flow Integrity [3.1655211232629563]
We develop CrossGuard, a framework that enforces control flow integrity in real-time to secure smart contracts.
Our evaluation demonstrates that CrossGuard effectively blocks 28 of the 30 analyzed attacks when configured only once prior to contract deployment.
arXiv Detail & Related papers (2025-04-07T21:08:16Z) - Deep Learning Approaches for Anti-Money Laundering on Mobile Transactions: Review, Framework, and Directions [51.43521977132062]
Money laundering is a financial crime that obscures the origin of illicit funds.
The proliferation of mobile payment platforms and smart IoT devices has significantly complicated anti-money laundering investigations.
This paper conducts a comprehensive review of deep learning solutions and the challenges associated with their use in AML.
arXiv Detail & Related papers (2025-03-13T05:19:44Z) - DeFiScope: Detecting Various DeFi Price Manipulations with LLM Reasoning [13.536828549768858]
We introduce the first LLM-based approach, DeFiScope, for detecting DeFi price manipulation attacks.
DeFiScope achieves a high precision of 96% and a recall rate of 80%, significantly outperforming SOTA approaches.
arXiv Detail & Related papers (2025-02-17T07:45:03Z) - Towards Resource-Efficient Federated Learning in Industrial IoT for Multivariate Time Series Analysis [50.18156030818883]
Anomaly and missing data constitute a thorny problem in industrial applications.
Deep learning enabled anomaly detection has emerged as a critical direction.
The data collected in edge devices contain user privacy.
arXiv Detail & Related papers (2024-11-06T15:38:31Z) - Strengthening DeFi Security: A Static Analysis Approach to Flash Loan Vulnerabilities [0.0]
We introduce FlashDeFier, an advanced detection framework for price manipulation vulnerabilities arising from flash loans.
FlashDeFier expands the scope of taint sources and sinks, enabling comprehensive analysis of data flows across DeFi protocols.
Tested against a dataset of high-profile DeFi incidents, FlashDeFier identifies 76.4% of price manipulation vulnerabilities, marking a 30% improvement over DeFiTainter.
arXiv Detail & Related papers (2024-11-02T12:42:01Z) - What If We Had Used a Different App? Reliable Counterfactual KPI Analysis in Wireless Systems [52.499838151272016]
This paper addresses the "what-if" problem of estimating the values of key performance indicators (KPIs) that would have been obtained if a different app had been implemented by the radio access network (RAN)
We propose a conformal-prediction-based counterfactual analysis method for wireless systems that provides reliable "error bars" for the estimated, containing the true with a user-defined probability.
arXiv Detail & Related papers (2024-09-30T18:47:26Z) - Lazy Layers to Make Fine-Tuned Diffusion Models More Traceable [70.77600345240867]
A novel arbitrary-in-arbitrary-out (AIAO) strategy makes watermarks resilient to fine-tuning-based removal.
Unlike the existing methods of designing a backdoor for the input/output space of diffusion models, in our method, we propose to embed the backdoor into the feature space of sampled subpaths.
Our empirical studies on the MS-COCO, AFHQ, LSUN, CUB-200, and DreamBooth datasets confirm the robustness of AIAO.
arXiv Detail & Related papers (2024-05-01T12:03:39Z) - Hunting DeFi Vulnerabilities via Context-Sensitive Concolic Verification [24.94431436197627]
Attacks targeting DeFi services have severely damaged the DeFi market.
Existing methods, based on symbolic execution, model checking, semantic analysis, and fuzzing, fall short in identifying the most DeFi vulnerability types.
We propose Context-Sensitive Concolic Verification (CSCV), a method of automating the DeFi vulnerability finding based on user-defined properties formulated in temporal logic.
arXiv Detail & Related papers (2024-04-16T08:13:13Z) - LookAhead: Preventing DeFi Attacks via Unveiling Adversarial Contracts [15.071155232677643]
Decentralized Finance (DeFi) incidents have resulted in financial damages exceeding 3 billion US dollars.
Current detection tools face significant challenges in identifying attack activities effectively.
We propose a new direction for detecting DeFi attacks that focuses on identifying adversarial contracts.
arXiv Detail & Related papers (2024-01-14T11:39:33Z) - Empirical Review of Smart Contract and DeFi Security: Vulnerability
Detection and Automated Repair [36.46679501556185]
Decentralized Finance (DeFi) is emerging as a peer-to-peer financial ecosystem.
smart contracts hold a massive amount of value, making them an attractive target for attacks.
This paper reviews the progress made in the field of smart contract and DeFi security from the perspective of both vulnerability detection and automated repair.
arXiv Detail & Related papers (2023-09-05T17:00:42Z) - Blockchain Large Language Models [65.7726590159576]
This paper presents a dynamic, real-time approach to detecting anomalous blockchain transactions.
The proposed tool, BlockGPT, generates tracing representations of blockchain activity and trains from scratch a large language model to act as a real-time Intrusion Detection System.
arXiv Detail & Related papers (2023-04-25T11:56:18Z) - Detecting DeFi Securities Violations from Token Smart Contract Code [0.4263043028086136]
Decentralized Finance (DeFi) is a system of financial products and services built and delivered through smart contracts on various blockchains.
This study aims to uncover whether we can identify DeFi projects potentially engaging in securities violations based on their tokens' smart contract code.
arXiv Detail & Related papers (2021-12-06T01:44:08Z) - Fault-tolerant parity readout on a shuttling-based trapped-ion quantum
computer [64.47265213752996]
We experimentally demonstrate a fault-tolerant weight-4 parity check measurement scheme.
We achieve a flag-conditioned parity measurement single-shot fidelity of 93.2(2)%.
The scheme is an essential building block in a broad class of stabilizer quantum error correction protocols.
arXiv Detail & Related papers (2021-07-13T20:08:04Z) - ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep
Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable.
We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts.
We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.