TaintSentinel: Path-Level Randomness Vulnerability Detection for Ethereum Smart Contracts

TL;DR

TaintSentinel is a path-sensitive detection system that improves identification of randomness vulnerabilities in Ethereum smart contracts by combining rule-based taint analysis, neural network pattern recognition, and structural analysis.

Contribution

It introduces a novel multi-phase approach integrating domain-specific taint analysis and deep learning for precise vulnerability detection in smart contracts.

Findings

Achieved an F1-score of 0.892 in vulnerability detection.

Demonstrated superior performance over existing tools.

Validated on 4,844 smart contracts.

Abstract

The inherent determinism of blockchain technology poses a significant challenge to generating secure random numbers within smart contracts, leading to exploitable vulnerabilities, particularly in decentralized finance (DeFi) ecosystems and blockchain-based gaming applications. From our observations, the current state-of-the-art detection tools suffer from inadequate precision while dealing with random number vulnerabilities. To address this problem, we propose TaintSentinel, a novel path sensitive vulnerability detection system designed to analyze smart contracts at the execution path level and gradually analyze taint with domain-specific rules. This paper discusses a solution that incorporates a multi-faceted approach, integrating rule-based taint analysis to track data flow, a dual stream neural network to identify complex vulnerability signatures, and evidence-based parameter initialization to minimize false positives. The system's two-phase operation involves semantic graph construction and taint propagation analysis, followed by pattern recognition using PathGNN and global structural analysis via GlobalGCN. Our experiments on 4,844 contracts demonstrate the superior performance of TaintSentinel relative to existing tools, yielding an F1-score of 0.892, an AUC-ROC of 0.94, and a PRA accuracy of 97%.