DeFiScanner: Spotting DeFi Attacks Exploiting Logic Vulnerabilities on Blockchain

With the rapid development of decentralized financial (DeFi), the total value locked (TVL) in DeFi continues to increase. A big number of adversaries exploit logic vulnerabilities to attack DeFi applications for profit, such as flash loan attacks and price manipulation attacks. However, the current vulnerability detection tools for smart contracts cannot be directly used to detect the logic vulnerabilities generated by the combination of different protocols. How to characterize and detect DeFi attacks that exploited logic vulnerabilities is a big challenge. In this work, we propose a deep-learning-based attack detection system on DeFi, called DeFiScanner, in which we design a novel neural network that includes a global model, a local model, and a fusion model to characterize DeFi attacks. First, the unstructured emitted events are automatically and efficiently normalized. Second, the transaction-related features of normalized emitted events are enriched with the global model and the semantic features of emitted events are extracted with the local model. Finally, the transaction-related features and the semantic features of emitted events are fused efficiently with the fusion model to detect DeFi attacks. We collect a dataset that consists of 50 910 real-world DeFi transactions on Ethereum (ETH). The extensive experimental results demonstrate the effectiveness of DeFiScanner. The true positive rate (TPR) and the area under the receiver operating characteristic (ROC) curve of the system reach 0.91 and 0.97, respectively.