Related papers: SSR: Safeguarding Staking Rewards by Defining and Detecting Logical Defects in DeFi Staking

SSR: Safeguarding Staking Rewards by Defining and Detecting Logical Defects in DeFi Staking

URL: http://arxiv.org/abs/2601.05827v1
Date: Fri, 09 Jan 2026 15:01:41 GMT
Title: SSR: Safeguarding Staking Rewards by Defining and Detecting Logical Defects in DeFi Staking
Authors: Zewei Lin, Jiachi Chen, Jingwen Zhang, Zexu Wang, Yuming Feng, Weizhe Zhang, Zibin Zheng,
Abstract summary: Decentralized Finance (DeFi) staking is one of the most prominent applications within the DeFi ecosystem.<n> logical defects in DeFi staking could enable attackers to claim unwarranted rewards.<n>We developed SSR (Safeguarding Staking Reward), a static analysis tool designed to detect logical defects in DeFi staking contracts.
Score: 55.62033436283969
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Decentralized Finance (DeFi) staking is one of the most prominent applications within the DeFi ecosystem, where DeFi projects enable users to stake tokens on the platform and reward participants with additional tokens. However, logical defects in DeFi staking could enable attackers to claim unwarranted rewards by manipulating reward amounts, repeatedly claiming rewards, or engaging in other malicious actions. To mitigate these threats, we conducted the first study focused on defining and detecting logical defects in DeFi staking. Through the analysis of 64 security incidents and 144 audit reports, we identified six distinct types of logical defects, each accompanied by detailed descriptions and code examples. Building on this empirical research, we developed SSR (Safeguarding Staking Reward), a static analysis tool designed to detect logical defects in DeFi staking contracts. SSR utilizes a large language model (LLM) to extract fundamental information about staking logic and constructs a DeFi staking model. It then identifies logical defects by analyzing the model and the associated semantic features. We constructed a ground truth dataset based on known security incidents and audit reports to evaluate the effectiveness of SSR. The results indicate that SSR achieves an overall precision of 92.31%, a recall of 87.92%, and an F1-score of 88.85%. Additionally, to assess the prevalence of logical defects in real-world smart contracts, we compiled a large-scale dataset of 15,992 DeFi staking contracts. SSR detected that 3,557 (22.24%) of these contracts contained at least one logical defect.

Related papers

Where Do Smart Contract Security Analyzers Fall Short? [1.6058099298620423]
We evaluate six widely used analyzers on 653 real-world smart contracts.<n>We then survey 150 professional developers and auditors to understand how they use and perceive these tools.<n>Our findings reveal that excessive false positives, vague explanations, and long analysis times are the main barriers to trust and adoption in practice.
arXiv Detail & Related papers (2026-03-01T03:27:05Z)
LogicScan: An LLM-driven Framework for Detecting Business Logic Vulnerabilities in Smart Contracts [18.126385773266396]
We propose LogicScan, an automated contrastive auditing framework for detecting business logic vulnerabilities in smart contracts.<n>The key insight behind LogicScan is that mature, widely deployed on-chain protocols implicitly encode well-tested and consensus-driven business invariants.<n>We evaluate LogicScan on three real-world datasets, including DeFiHacks, Web3Bugs, and a set of top-200 audited contracts.
arXiv Detail & Related papers (2026-02-03T08:56:53Z)
ReasoningBomb: A Stealthy Denial-of-Service Attack by Inducing Pathologically Long Reasoning in Large Reasoning Models [67.15960154375131]
Large reasoning models (LRMs) extend large language models with explicit multi-step reasoning traces.<n>This capability introduces a new class of prompt-induced inference-time denial-of-service (PI-DoS) attacks that exploit the high computational cost of reasoning.<n>We present ReasoningBomb, a reinforcement-learning-based PI-DoS framework that is guided by a constant-time surrogate reward.
arXiv Detail & Related papers (2026-01-29T18:53:01Z)
One Signature, Multiple Payments: Demystifying and Detecting Signature Replay Vulnerabilities in Smart Contracts [56.94148977064169]
lacking checks on signature usage conditions can lead to repeated verifications, increasing the risk of permission abuse and threatening contract assets.<n>We define this issue as the Signature Replay Vulnerability (SRV)<n>From 1,419 audit reports across 37 blockchain security companies, we identified 108 with detailed SRV descriptions and classified five types of SRVs.
arXiv Detail & Related papers (2025-11-12T09:17:13Z)
Penetrating the Hostile: Detecting DeFi Protocol Exploits through Cross-Contract Analysis [13.470122729910152]
Decentralized finance (DeFi) protocols are crypto projects developed on the blockchain to manage digital assets.<n>Current tools detect and locate possible vulnerabilities in contracts by analyzing the state changes that may occur during malicious events.<n>We propose DeFiTail, the first framework that utilizes deep learning technology for access control and flash loan exploit detection.
arXiv Detail & Related papers (2025-11-01T05:23:24Z)
TaintSentinel: Path-Level Randomness Vulnerability Detection for Ethereum Smart Contracts [2.064923532131528]
The inherent determinism of blockchain technology poses a significant challenge to generating secure random numbers within smart contracts.<n>We propose TaintSentinel, a novel path sensitive vulnerability detection system designed to analyze smart contracts at the execution path level.<n>Our experiments on 4,844 contracts demonstrate the superior performance of TaintSentinel relative to existing tools.
arXiv Detail & Related papers (2025-10-21T00:35:45Z)
Foundation Models for Logistics: Toward Certifiable, Conversational Planning Interfaces [59.80143393787701]
Large language models (LLMs) can handle uncertainty and promise to accelerate replanning while lowering the barrier to entry.<n>We introduce a neurosymbolic framework that pairs the accessibility of natural-language dialogue with verifiable guarantees on goal interpretation.<n>A lightweight model, fine-tuned on just 100 uncertainty-filtered examples, surpasses the zero-shot performance of GPT-4.1 while cutting inference latency by nearly 50%.
arXiv Detail & Related papers (2025-07-15T14:24:01Z)
RPHunter: Unveiling Rug Pull Schemes in Crypto Token via Code-and-Transaction Fusion Analysis [17.258396879604387]
Rug Pull scams have emerged as a persistent threat to cryptocurrency.<n>Current methods either rely on predefined patterns to detect code risks or utilize statistical transaction data to train detection models.<n>We propose RPHunter, a novel technique that integrates code and transaction for Rug Pull detection.
arXiv Detail & Related papers (2025-06-23T08:34:15Z)
Are You Getting What You Pay For? Auditing Model Substitution in LLM APIs [71.7892165868749]
Commercial Large Language Model (LLM) APIs create a fundamental trust problem.<n>Users pay for specific models but have no guarantee that providers deliver them faithfully.<n>We formalize this model substitution problem and evaluate detection methods under realistic adversarial conditions.<n>We propose and evaluate the use of Trusted Execution Environments (TEEs) as one practical and robust solution.
arXiv Detail & Related papers (2025-04-07T03:57:41Z)
Retrieval Augmented Generation Integrated Large Language Models in Smart Contract Vulnerability Detection [0.0]
Decentralized Finance (DeFi) has been accompanied by substantial financial losses due to smart contract vulnerabilities. With attacks becoming more frequent, the necessity and demand for auditing services has escalated. This study builds upon existing frameworks by integrating Retrieval-Augmented Generation (RAG) with large language models (LLMs)
arXiv Detail & Related papers (2024-07-20T10:46:42Z)
LookAhead: Preventing DeFi Attacks via Unveiling Adversarial Contracts [15.071155232677643]
Decentralized Finance (DeFi) has resulted in financial losses exceeding 3 billion US dollars.<n>Current detection tools face significant challenges in identifying attack activities effectively.<n>We propose LookAhead, a new framework for detecting DeFi attacks via unveiling adversarial contracts.
arXiv Detail & Related papers (2024-01-14T11:39:33Z)
G$^2$uardFL: Safeguarding Federated Learning Against Backdoor Attacks through Attributed Client Graph Clustering [116.4277292854053]
Federated Learning (FL) offers collaborative model training without data sharing. FL is vulnerable to backdoor attacks, where poisoned model weights lead to compromised system integrity. We present G$2$uardFL, a protective framework that reinterprets the identification of malicious clients as an attributed graph clustering problem.
arXiv Detail & Related papers (2023-06-08T07:15:04Z)
ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable. We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts. We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z)

This list is automatically generated from the titles and abstracts of the papers in this site.