Related papers: Penetrating the Hostile: Detecting DeFi Protocol Exploits through Cross-Contract Analysis

Penetrating the Hostile: Detecting DeFi Protocol Exploits through Cross-Contract Analysis

URL: http://arxiv.org/abs/2511.00408v1
Date: Sat, 01 Nov 2025 05:23:24 GMT
Title: Penetrating the Hostile: Detecting DeFi Protocol Exploits through Cross-Contract Analysis
Authors: Xiaoqi Li, Wenkai Li, Zhiquan Liu, Yuqing Zhang, Yingjie Mao,
Abstract summary: Decentralized finance (DeFi) protocols are crypto projects developed on the blockchain to manage digital assets.<n>Current tools detect and locate possible vulnerabilities in contracts by analyzing the state changes that may occur during malicious events.<n>We propose DeFiTail, the first framework that utilizes deep learning technology for access control and flash loan exploit detection.
Score: 13.470122729910152
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Decentralized finance (DeFi) protocols are crypto projects developed on the blockchain to manage digital assets. Attacks on DeFi have been frequent and have resulted in losses exceeding $80 billion. Current tools detect and locate possible vulnerabilities in contracts by analyzing the state changes that may occur during malicious events. However, this victim-only approaches seldom possess the capability to cover the attacker's interaction intention logic. Furthermore, only a minuscule percentage of DeFi protocols experience attacks in real-world scenarios, which poses a significant challenge for these detection tools to demonstrate practical effectiveness. In this paper, we propose DeFiTail, the first framework that utilizes deep learning technology for access control and flash loan exploit detection. Through feeding the cross-contract static data flow, DeFiTail automatically learns the attack logic in real-world malicious events that occur on DeFi protocols, capturing the threat patterns between attacker and victim contracts. Since the DeFi protocol events involve interactions with multi-account transactions, the execution path with external and internal transactions requires to be unified. Moreover, to mitigate the impact of mistakes in Control Flow Graph (CFG) connections, DeFiTail validates the data path by employing the symbolic execution stack. Furthermore, we feed the data paths through our model to achieve the inspection of DeFi protocols. Comparative experiment results indicate that DeFiTail achieves the highest accuracy, with 98.39% in access control and 97.43% in flash loan exploits. DeFiTail also demonstrates an enhanced capability to detect malicious contracts, identifying 86.67% accuracy from the CVE dataset.

Related papers

SSR: Safeguarding Staking Rewards by Defining and Detecting Logical Defects in DeFi Staking [55.62033436283969]
Decentralized Finance (DeFi) staking is one of the most prominent applications within the DeFi ecosystem.<n> logical defects in DeFi staking could enable attackers to claim unwarranted rewards.<n>We developed SSR (Safeguarding Staking Reward), a static analysis tool designed to detect logical defects in DeFi staking contracts.
arXiv Detail & Related papers (2026-01-09T15:01:41Z)
Trace: Securing Smart Contract Repository Against Access Control Vulnerability [58.02691083789239]
GitHub hosts numerous smart contract repositories containing source code, documentation, and configuration files.<n>Third-party developers often reference, reuse, or fork code from these repositories during custom development.<n>Existing tools for detecting smart contract vulnerabilities are limited in their ability to handle complex repositories.
arXiv Detail & Related papers (2025-10-22T05:18:28Z)
Adaptive Attacks on Trusted Monitors Subvert AI Control Protocols [80.68060125494645]
We study adaptive attacks by an untrusted model that knows the protocol and the monitor model.<n>We instantiate a simple adaptive attack vector by which the attacker embeds publicly known or zero-shot prompt injections in the model outputs.
arXiv Detail & Related papers (2025-10-10T15:12:44Z)
Malice in Agentland: Down the Rabbit Hole of Backdoors in the AI Supply Chain [82.98626829232899]
Fine-tuning AI agents on data from their own interactions introduces a critical security vulnerability within the AI supply chain.<n>We show that adversaries can easily poison the data collection pipeline to embed hard-to-detect backdoors.
arXiv Detail & Related papers (2025-10-03T12:47:21Z)
CANTXSec: A Deterministic Intrusion Detection and Prevention System for CAN Bus Monitoring ECU Activations [53.036288487863786]
We propose CANTXSec, the first deterministic Intrusion Detection and Prevention system based on physical ECU activations.<n>It detects and prevents classical attacks in the CAN bus, while detecting advanced attacks that have been less investigated in the literature.<n>We prove the effectiveness of our solution on a physical testbed, where we achieve 100% detection accuracy in both classes of attacks while preventing 100% of FIAs.
arXiv Detail & Related papers (2025-05-14T13:37:07Z)
Secure Smart Contract with Control Flow Integrity [3.1655211232629563]
We develop CrossGuard, a framework that enforces control flow integrity in real-time to secure smart contracts.<n>Our evaluation demonstrates that CrossGuard effectively blocks 28 of the 30 analyzed attacks when configured only once prior to contract deployment.
arXiv Detail & Related papers (2025-04-07T21:08:16Z)
Strengthening DeFi Security: A Static Analysis Approach to Flash Loan Vulnerabilities [0.0]
We introduce FlashDeFier, an advanced detection framework for price manipulation vulnerabilities arising from flash loans.<n>FlashDeFier expands the scope of taint sources and sinks, enabling comprehensive analysis of data flows across DeFi protocols.<n>Tested against a dataset of high-profile DeFi incidents, FlashDeFier identifies 76.4% of price manipulation vulnerabilities, marking a 30% improvement over DeFiTainter.
arXiv Detail & Related papers (2024-11-02T12:42:01Z)
DeFiTail: DeFi Protocol Inspection through Cross-Contract Execution Analysis [4.891180928768215]
Decentralized finance (DeFi) protocols are crypto projects developed on the blockchain to manage digital assets. We propose DeFiTail, the first framework that utilizes deep learning to detect access control and flash loan exploits. DeFiTail achieves the highest accuracy, with 98.39% in access control and 97.43% in flash loan exploits.
arXiv Detail & Related papers (2024-05-17T18:14:19Z)
Hunting DeFi Vulnerabilities via Context-Sensitive Concolic Verification [24.94431436197627]
Attacks targeting DeFi services have severely damaged the DeFi market. Existing methods, based on symbolic execution, model checking, semantic analysis, and fuzzing, fall short in identifying the most DeFi vulnerability types. We propose Context-Sensitive Concolic Verification (CSCV), a method of automating the DeFi vulnerability finding based on user-defined properties formulated in temporal logic.
arXiv Detail & Related papers (2024-04-16T08:13:13Z)
LookAhead: Preventing DeFi Attacks via Unveiling Adversarial Contracts [15.071155232677643]
Decentralized Finance (DeFi) has resulted in financial losses exceeding 3 billion US dollars.<n>Current detection tools face significant challenges in identifying attack activities effectively.<n>We propose LookAhead, a new framework for detecting DeFi attacks via unveiling adversarial contracts.
arXiv Detail & Related papers (2024-01-14T11:39:33Z)
ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable. We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts. We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z)

This list is automatically generated from the titles and abstracts of the papers in this site.