Raven: Mining Defensive Patterns in Ethereum via Semantic Transaction Revert Invariants Categories

TL;DR

Raven is a framework that identifies and categorizes defensive patterns in Ethereum smart contracts by analyzing reverted transactions and their underlying invariants, uncovering new defense mechanisms and aiding security research.

Contribution

The paper introduces Raven, a novel approach that uses semantic clustering of invariants in reverted transactions to discover previously unknown defensive invariant categories in Ethereum smart contracts.

Findings

Successfully clusters 20,000 reverted transactions into meaningful categories

Identifies six new invariant categories not present in existing catalogs

Demonstrates practical use of invariants as fuzzing oracles for vulnerability detection

Abstract

We frame Ethereum transactions reverted by invariants-require(<invariant>)/ assert(<invariant>)/if (<invariant>) revert statements in the contract implementation-as a positive signal of active on-chain defenses. Despite their value, the defensive patterns in these transactions remain undiscovered and underutilized in security research. We present Raven, a framework that aligns reverted transactions to the invariant causing the reversion in the smart contract source code, embeds these invariants using our BERT-based fine-tuned model, and clusters them by semantic intent to mine defensive invariant categories on Ethereum. Evaluated on a sample of 20,000 reverted transactions, Raven achieves cohesive and meaningful clusters of transaction-reverting invariants. Manual expert review of the mined 19 semantic clusters uncovers six new invariant categories absent from existing invariant catalogs, including feature toggles, replay prevention, proof/signature verification, counters, caller-provided slippage thresholds, and allow/ban/bot lists. To demonstrate the practical utility of this invariant catalog mining pipeline, we conduct a case study using one of the newly discovered invariant categories as a fuzzing oracle to detect vulnerabilities in a real-world attack. Raven thus can map Ethereum's successful defenses. These invariant categories enable security researchers to develop analysis tools based on data-driven security oracles extracted from the smart contracts' working defenses.