DeFiTail: DeFi Protocol Inspection through Cross-Contract Execution Analysis

TL;DR

DeFiTail is a deep learning framework designed to detect malicious activities like access control and flash loan exploits in DeFi protocols by analyzing execution paths and employing symbolic execution for accuracy.

Contribution

This paper introduces DeFiTail, the first framework combining deep learning and symbolic execution to effectively detect DeFi protocol exploits and malicious contracts.

Findings

Achieves 98.39% accuracy in detecting access control exploits

Achieves 97.43% accuracy in detecting flash loan exploits

Identifies 86.67% of malicious contracts in the CVE dataset

Abstract

Decentralized finance (DeFi) protocols are crypto projects developed on the blockchain to manage digital assets. Attacks on DeFi have been frequent and have resulted in losses exceeding \$77 billion. However, detection methods for malicious DeFi events are still lacking. In this paper, we propose DeFiTail, the first framework that utilizes deep learning to detect access control and flash loan exploits that may occur on DeFi. Since the DeFi protocol events involve invocations with multi-account transactions, which requires execution path unification with different contracts. Moreover, to mitigate the impact of mistakes in Control Flow Graph (CFG) connections, we validate the data path by employing the symbolic execution stack. Furthermore, we feed the data paths through our model to achieve the inspection of DeFi protocols. Experimental results indicate that DeFiTail achieves the highest accuracy, with 98.39% in access control and 97.43% in flash loan exploits. DeFiTail also demonstrates an enhanced capability to detect malicious contracts, identifying 86.67% accuracy from the CVE dataset.