Saved in:
Bibliographic Details
Main Authors: Rezaei, Hadis, Monrat, Ahmed Afif, Andersson, Karl, Flammini, Francesco
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2510.18192
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917029336842240
author Rezaei, Hadis
Monrat, Ahmed Afif
Andersson, Karl
Flammini, Francesco
author_facet Rezaei, Hadis
Monrat, Ahmed Afif
Andersson, Karl
Flammini, Francesco
contents The inherent determinism of blockchain technology poses a significant challenge to generating secure random numbers within smart contracts, leading to exploitable vulnerabilities, particularly in decentralized finance (DeFi) ecosystems and blockchain-based gaming applications. From our observations, the current state-of-the-art detection tools suffer from inadequate precision while dealing with random number vulnerabilities. To address this problem, we propose TaintSentinel, a novel path sensitive vulnerability detection system designed to analyze smart contracts at the execution path level and gradually analyze taint with domain-specific rules. This paper discusses a solution that incorporates a multi-faceted approach, integrating rule-based taint analysis to track data flow, a dual stream neural network to identify complex vulnerability signatures, and evidence-based parameter initialization to minimize false positives. The system's two-phase operation involves semantic graph construction and taint propagation analysis, followed by pattern recognition using PathGNN and global structural analysis via GlobalGCN. Our experiments on 4,844 contracts demonstrate the superior performance of TaintSentinel relative to existing tools, yielding an F1-score of 0.892, an AUC-ROC of 0.94, and a PRA accuracy of 97%.
format Preprint
id arxiv_https___arxiv_org_abs_2510_18192
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle TaintSentinel: Path-Level Randomness Vulnerability Detection for Ethereum Smart Contracts
Rezaei, Hadis
Monrat, Ahmed Afif
Andersson, Karl
Flammini, Francesco
Cryptography and Security
The inherent determinism of blockchain technology poses a significant challenge to generating secure random numbers within smart contracts, leading to exploitable vulnerabilities, particularly in decentralized finance (DeFi) ecosystems and blockchain-based gaming applications. From our observations, the current state-of-the-art detection tools suffer from inadequate precision while dealing with random number vulnerabilities. To address this problem, we propose TaintSentinel, a novel path sensitive vulnerability detection system designed to analyze smart contracts at the execution path level and gradually analyze taint with domain-specific rules. This paper discusses a solution that incorporates a multi-faceted approach, integrating rule-based taint analysis to track data flow, a dual stream neural network to identify complex vulnerability signatures, and evidence-based parameter initialization to minimize false positives. The system's two-phase operation involves semantic graph construction and taint propagation analysis, followed by pattern recognition using PathGNN and global structural analysis via GlobalGCN. Our experiments on 4,844 contracts demonstrate the superior performance of TaintSentinel relative to existing tools, yielding an F1-score of 0.892, an AUC-ROC of 0.94, and a PRA accuracy of 97%.
title TaintSentinel: Path-Level Randomness Vulnerability Detection for Ethereum Smart Contracts
topic Cryptography and Security
url https://arxiv.org/abs/2510.18192