TaintSentinel: Path-Level Randomness Vulnerability Detection for Ethereum Smart Contracts
- URL: http://arxiv.org/abs/2510.18192v1
- Date: Tue, 21 Oct 2025 00:35:45 GMT
- Title: TaintSentinel: Path-Level Randomness Vulnerability Detection for Ethereum Smart Contracts
- Authors: Hadis Rezaei, Ahmed Afif Monrat, Karl Andersson, Francesco Flammini,
- Abstract summary: The inherent determinism of blockchain technology poses a significant challenge to generating secure random numbers within smart contracts.<n>We propose TaintSentinel, a novel path sensitive vulnerability detection system designed to analyze smart contracts at the execution path level.<n>Our experiments on 4,844 contracts demonstrate the superior performance of TaintSentinel relative to existing tools.
- Score: 2.064923532131528
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The inherent determinism of blockchain technology poses a significant challenge to generating secure random numbers within smart contracts, leading to exploitable vulnerabilities, particularly in decentralized finance (DeFi) ecosystems and blockchain-based gaming applications. From our observations, the current state-of-the-art detection tools suffer from inadequate precision while dealing with random number vulnerabilities. To address this problem, we propose TaintSentinel, a novel path sensitive vulnerability detection system designed to analyze smart contracts at the execution path level and gradually analyze taint with domain-specific rules. This paper discusses a solution that incorporates a multi-faceted approach, integrating rule-based taint analysis to track data flow, a dual stream neural network to identify complex vulnerability signatures, and evidence-based parameter initialization to minimize false positives. The system's two-phase operation involves semantic graph construction and taint propagation analysis, followed by pattern recognition using PathGNN and global structural analysis via GlobalGCN. Our experiments on 4,844 contracts demonstrate the superior performance of TaintSentinel relative to existing tools, yielding an F1-score of 0.892, an AUC-ROC of 0.94, and a PRA accuracy of 97%.
Related papers
- MI$^2$DAS: A Multi-Layer Intrusion Detection Framework with Incremental Learning for Securing Industrial IoT Networks [47.386868423451595]
MI$2$DAS is a multi-layer intrusion detection framework that integrates anomaly-based hierarchical traffic pooling and open-set recognition.<n>Experiments conducted on the Edge-IIoTset dataset demonstrate strong performance across all layers.<n>These results showcase MI$2$DAS as an effective, scalable and adaptive framework for enhancing IIoT security.
arXiv Detail & Related papers (2026-02-27T09:37:05Z) - SecureScan: An AI-Driven Multi-Layer Framework for Malware and Phishing Detection Using Logistic Regression and Threat Intelligence Integration [0.0]
This work presents SecureScan, an AI-driven, triplelayer detection framework.<n>It integrates logistic regression-based classification, analysis, and external threat intelligence via the VirusTotal API.<n>On benchmark datasets, SecureScan achieves 93.1 percent accuracy with balanced precision.
arXiv Detail & Related papers (2026-02-11T11:26:11Z) - Autonomous Chain-of-Thought Distillation for Graph-Based Fraud Detection [73.9189065770752]
Graph-based fraud detection on text-attributed graphs (TAGs) requires jointly modeling rich textual semantics and relational dependencies.<n>We propose FraudCoT, a unified framework that advances TAG-based fraud detection through autonomous, graph-aware chain-of-thought (CoT) reasoning and scalable LLM-GNN co-training.
arXiv Detail & Related papers (2026-01-30T13:12:12Z) - ParaVul: A Parallel Large Language Model and Retrieval-Augmented Framework for Smart Contract Vulnerability Detection [43.41293570032631]
ParaVul is a retrieval-augmented framework to improve the reliability and accuracy of smart contract vulnerability detection.<n>We develop Sparse Low-Rank Adaptation (SLoRA) for LLM fine-tuning.<n>We construct a vulnerability contract dataset and develop a hybrid Retrieval-Augmented Generation (RAG) system.
arXiv Detail & Related papers (2025-10-20T03:23:41Z) - AI-Based Vulnerability Analysis of NFT Smart Contracts [6.378351117969227]
This study proposes an AI-driven approach to detect vulnerabilities in NFT smart contracts.<n>We collected 16,527 public smart contract codes, classifying them into five vulnerability categories: Risky Mutable Proxy, ERC-721 Reentrancy, Unlimited Minting, Missing Requirements, and Public Burn.<n>A random forest model was implemented to improve robustness through random data/feature sampling and multitree integration.
arXiv Detail & Related papers (2025-04-18T08:55:31Z) - MOS: Towards Effective Smart Contract Vulnerability Detection through Mixture-of-Experts Tuning of Large Language Models [16.16186929130931]
Smart contract vulnerabilities pose significant security risks to blockchain systems.<n>We propose a smart contract vulnerability detection framework based on mixture-of-experts tuning (MOE-Tuning) of large language models.<n> Experiments show that MOS significantly outperforms existing methods with average improvements of 6.32% in F1 score and 4.80% in accuracy.
arXiv Detail & Related papers (2025-04-16T16:33:53Z) - SmartBugBert: BERT-Enhanced Vulnerability Detection for Smart Contract Bytecode [0.7018579932647147]
This paper introduces SmartBugBert, a novel approach that combines BERT-based deep learning with control flow graph (CFG) analysis to detect vulnerabilities directly from bytecode.<n>Our method first decompiles smart contract bytecode into optimized opcode sequences, extracts semantic features using TF-IDF, constructs control flow graphs to capture execution logic, and isolates vulnerable CFG fragments for targeted analysis.
arXiv Detail & Related papers (2025-04-07T12:30:12Z) - Lie Detector: Unified Backdoor Detection via Cross-Examination Framework [68.45399098884364]
We propose a unified backdoor detection framework in the semi-honest setting.<n>Our method achieves superior detection performance, improving accuracy by 5.4%, 1.6%, and 11.9% over SoTA baselines.<n> Notably, it is the first to effectively detect backdoors in multimodal large language models.
arXiv Detail & Related papers (2025-03-21T06:12:06Z) - Vulnerability-Hunter: An Adaptive Feature Perception Attention Network for Smart Contract Vulnerabilities [4.487191851300675]
We propose AFPNet, a novel vulnerability detection model equipped with a feature perception module that has dynamic weights for comprehensive scanning of the entire smart contract code.
We conduct an evaluation of AFPNet in the several large-scale datasets with vulnerability labels.
arXiv Detail & Related papers (2024-07-07T10:13:41Z) - Small Object Detection via Coarse-to-fine Proposal Generation and
Imitation Learning [52.06176253457522]
We propose a two-stage framework tailored for small object detection based on the Coarse-to-fine pipeline and Feature Imitation learning.
CFINet achieves state-of-the-art performance on the large-scale small object detection benchmarks, SODA-D and SODA-A.
arXiv Detail & Related papers (2023-08-18T13:13:09Z) - Combining Graph Neural Networks with Expert Knowledge for Smart Contract
Vulnerability Detection [37.7763374870026]
Existing efforts for contract security analysis rely on rigid rules defined by experts, which are labor-intensive and non-scalable.
We propose a novel temporal message propagation network to extract the graph feature from the normalized graph, and combine the graph feature with designed expert patterns to yield a final detection system.
arXiv Detail & Related papers (2021-07-24T13:16:30Z) - ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep
Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable.
We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts.
We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z) - Increasing the Confidence of Deep Neural Networks by Coverage Analysis [71.57324258813674]
This paper presents a lightweight monitoring architecture based on coverage paradigms to enhance the model against different unsafe inputs.
Experimental results show that the proposed approach is effective in detecting both powerful adversarial examples and out-of-distribution inputs.
arXiv Detail & Related papers (2021-01-28T16:38:26Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.