FSE 2025
Mon 23 - Fri 27 June 2025 Trondheim, Norway
Tue 24 Jun 2025 10:40 - 11:00 at Vega - Blockchain and Smart Contract Chair(s): Cuiyun Gao

Decentralized Finance (DeFi) incidents stemming from the exploitation of smart contract vulnerabilities have culminated in financial damages exceeding $3 billion US dollars. Existing defense mechanisms typically focus on detecting and reacting to malicious transactions executed by attackers that target victim contracts. However, with the emergence of private transaction pools where transactions are sent directly to miners without first appearing in public mempools, current detection tools face significant challenges in identifying attack activities effectively.

Based on the fact that most attack logic rely on deploying one or more intermediate smart contracts as supporting components to the exploitation of victim contracts, in this paper, we propose a new direction for detecting DeFi attacks that focuses on identifying adversarial contracts instead of adversarial transactions. Our approach allows us to leverage common attack patterns, code semantics and intrinsic characteristics found in malicious smart contracts to build the LookAhead system based on Machine Learning (ML) classifiers and a transformer model that is able to effectively distinguish adversarial contracts from benign ones, and make just-in-time predictions of potential zero-day attacks. Our contributions are three-fold: First, we construct a comprehensive dataset consisting of features extracted and constructed from 210,643 recent contracts and 375 hand-picked then carefully reviewed and identified adversarial contracts deployed on the Ethereum and Binance Smart Chain (BSC) blockchains. Secondly, we design a condensed representation of smart contract programs called Pruned Semantic-Control Flow Tokenization (PSCFT) and use it to train a combination of ML models that understand the behaviour of malicious codes based on function calls, control flows and other pattern-conforming features. Lastly, we provide the complete implementation of LookAhead and the evaluation of its performance metrics for detecting adversarial contracts. Our experiments show that LookAhead achieves an F1-score as high as 0.8966, which represents an improvement of over 44.4% compared to the previous state-of-the-art solution Forta, with a False Positive Rate (FPR) at only 0.16%.

Tue 24 Jun

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

10:30 - 12:20
Blockchain and Smart ContractIdeas, Visions and Reflections / Research Papers at Vega
Chair(s): Cuiyun Gao Harbin Institute of Technology, Shenzhen
10:30
10m
Talk
SmartShift: A Secure and Efficient Approach to Smart Contract Migration
Ideas, Visions and Reflections
Tahrim Hossain Syracuse University, Faisal Haque Bappy Syracuse University, Tarannum Shaila Zaman University of Maryland Baltimore County, Raiful Hasan Kent State University, Tariqul Islam Syracuse University
10:40
20m
Talk
LookAhead: Preventing DeFi Attacks via Unveiling Adversarial Contracts
Research Papers
Shoupeng Ren Zhejiang University, Lipeng He University of Waterloo, Tianyu Tu Zhejiang University, Di Wu Zhejiang University, Jian Liu Zhejiang University, Kui Ren Zhejiang University, Chun Chen Zhejiang University
DOI Pre-print
11:00
20m
Talk
SmartShot: Hunt Hidden Vulnerabilities in Smart Contracts using Mutable Snapshots
Research Papers
Ruichao Liang Wuhan University, Jing Chen Wuhan University, Ruochen Cao Wuhan University, Kun He Wuhan University, Ruiying Du Wuhan University, Shuhua Li Wuhan University, Zheng Lin University of Hong Kong, Cong Wu Wuhan University
DOI
11:20
20m
Talk
Automated and Accurate Token Transfer Identification and Its Applications in Cryptocurrency Security
Research Papers
Shuwei Song University of Electronic Science and Technology of China, Ting Chen University of Electronic Science and Technology of China, Ao Qiao University of Electronic Science and Technology of China, Xiapu Luo Hong Kong Polytechnic University, Leqing Wang University of Electronic Science and Technology of China, Zheyuan He University of Electronic Science and Technology of China, Ting Wang Penn State University, Xiaodong Lin University of Guelph, Peng He University of Electronic Science and Technology of China, Wensheng Zhang University of Electronic Science and Technology of China, Xiaosong Zhang University of Electronic Science and Technology of China
DOI
11:40
20m
Talk
Detecting Smart Contract State-Inconsistency Bugs via Flow Divergence and Multiplex Symbolic Execution
Research Papers
Yinxi Liu Rochester Institute of Technology, Wei Meng Chinese University of Hong Kong, Yinqian Zhang Southern University of Science and Technology
DOI
12:00
20m
Talk
Smart Contract Fuzzing Towards Profitable Vulnerabilities
Research Papers
Ziqiao Kong Nanyang Technological University, Cen Zhang Nanyang Technological University, Maoyi Xie Nanyang Technological University, Ming Hu Singapore Management University, Yue Xue MetaTrust Labs, Ye Liu Singapore Management University, Haijun Wang Xi'an Jiaotong University, Yang Liu Nanyang Technological University
DOI Pre-print File Attached

Information for Participants
Tue 24 Jun 2025 10:30 - 12:20 at Vega - Blockchain and Smart Contract Chair(s): Cuiyun Gao
Info for room Vega:

Vega is close to the registration desk.

Facing the registration desk, its entrance is on the left, close to the hotel side entrance.