ScamDetect: Towards a Robust, Agnostic Framework to Uncover Threats in Smart Contracts

TL;DR

ScamDetect is a proposed platform-agnostic framework that uses advanced graph neural network analysis of control flow graphs to detect obfuscated smart contract threats, enhancing security in decentralized finance.

Contribution

It introduces a modular, scalable approach combining GNNs and CFG analysis to detect malicious smart contracts across different blockchain platforms.

Findings

Proposes a GNN-based method for obfuscated bytecode analysis.

Aims to generalize detection to multiple blockchain runtimes.

Envisions a proactive security framework for decentralized ecosystems.

Abstract

Smart contracts have transformed decentralized finance by enabling programmable, trustless transactions. However, their widespread adoption and growing financial significance have attracted persistent and sophisticated threats, such as phishing campaigns and contract-level exploits. Traditional transaction-based threat detection methods often expose sensitive user data and interactions, raising privacy and security concerns. In response, static bytecode analysis has emerged as a proactive mitigation strategy, identifying malicious contracts before they execute harmful actions. Building on this approach, we introduced PhishingHook, the first machine-learning-based framework for detecting phishing activities in smart contracts via static bytecode and opcode analysis, achieving approximately 90% detection accuracy. Nevertheless, two pressing challenges remain: (1) the increasing use of sophisticated bytecode obfuscation techniques designed to evade static analysis, and (2) the heterogeneity of blockchain environments requiring platform-agnostic solutions. This paper presents a vision for ScamDetect (Smart Contract Agnostic Malware Detector), a robust, modular, and platform-agnostic framework for smart contract malware detection. Over the next 2.5 years, ScamDetect will evolve in two stages: first, by tackling obfuscated Ethereum Virtual Machine (EVM) bytecode through graph neural network (GNN) analysis of control flow graphs (CFGs), leveraging GNNs' ability to capture complex structural patterns beyond opcode sequences; and second, by generalizing detection capabilities to emerging runtimes such as WASM. ScamDetect aims to enable proactive, scalable security for the future of decentralized ecosystems.