Guardians of the Ledger: Protecting Decentralized Exchanges from State Derailment Defects
Zongwei Li, Wenkai Li, Xiaoqi Li, Yuqing Zhang
TL;DR
The paper addresses the vulnerability of DEX smart contracts to state derailment defects arising from complex cross-contract state logic. It proposes StateGuard, a three-stage framework that deconstructs contracts into ASTs, optimizes the resulting graphs to emphasize critical paths, and detects defects with a Graph Convolutional Network. On a large-scale dataset of 46 DEX projects (5,671 contracts), StateGuard achieves a F1-score of $94.25\%$, outperforming eight baselines by $6.29\%$ and locating novel real-world CVEs. The approach demonstrates practical utility for auditing real contracts and provides open-source code and data to support further research and deployment in DEX security analysis.
Abstract
The decentralized exchange (DEX) leverages smart contracts to trade digital assets for users on the blockchain. Developers usually develop several smart contracts into one project, implementing complex logic functions and multiple transaction operations. However, the interaction among these contracts poses challenges for developers analyzing the state logic. Due to the complex state logic in DEX projects, many critical state derailment defects have emerged in recent years. In this paper, we conduct the first systematic study of state derailment defects in DEX. We define five categories of state derailment defects and provide detailed analyses of them. Furthermore, we propose a novel deep learning-based framework StateGuard for detecting state derailment defects in DEX smart contracts. It leverages a smart contract deconstructor to deconstruct the contract into an Abstract Syntax Tree (AST), from which five categories of dependency features are extracted. Next, it implements a graph optimizer to process the structured data. At last, the optimized data is analyzed by Graph Convolutional Networks (GCNs) to identify potential state derailment defects. We evaluated StateGuard through a dataset of 46 DEX projects containing 5,671 smart contracts, and it achieved 94.25% F1-score. In addition, in a comparison experiment with state-of-the-art, StateGuard leads the F1-score by 6.29%. To further verify its practicality, we used StateGuar to audit real-world contracts and successfully authenticated multiple novel CVEs.