JANUS: A Difference-Oriented Analyzer For Financial Centralization Risks in Smart Contracts
Wansen Wang, Pu Zhang, Renjie Ji, Wenchao Huang, Zhaoyi Meng, Yan Xiong
TL;DR
JANUS addresses financial centralized risks in Solidity smart contracts by comparing the states reached when privileged accounts act versus ordinary accounts and determining if the observed differences impact financial variables, via an iterative process over a difference set $D$ and a final check using a variable-summaries function $\Phi$. It combines a difference-oriented state traversal with variable summaries to prune the state space and ensure termination, and uses a Graph Neural Network-based module to automatically identify financial variables. On a 540-contract comparison dataset, JANUS outperforms pattern-based detectors, and on a real-world set of 33,151 contracts it uncovers novel risk types such as Parameter Manipulation and Whitelist that others miss, with precision/recall around 91%. The work demonstrates practical impact for detecting unknown centralization patterns and outlines directions for enhancement via dynamic analysis and potential LLM integration.
Abstract
Some smart contracts violate decentralization principles by defining privileged accounts that manage other users' assets without permission, introducing centralization risks that have caused financial losses. Existing methods, however, face challenges in accurately detecting diverse centralization risks due to their dependence on predefined behavior patterns. In this paper, we propose JANUS, an automated analyzer for Solidity smart contracts that detects financial centralization risks independently of their specific behaviors. JANUS identifies differences between states reached by privileged and ordinary accounts, and analyzes whether these differences are finance-related. Focusing on the impact of risks rather than behaviors, JANUS achieves improved accuracy compared to existing tools and can uncover centralization risks with unknown patterns. To evaluate JANUS's performance, we compare it with other tools using a dataset of 540 contracts. Our evaluation demonstrates that JANUS outperforms representative tools in terms of detection accuracy for financial centralization risks . Additionally, we evaluate JANUS on a real-world dataset of 33,151 contracts, successfully identifying two types of risks that other tools fail to detect. We also prove that the state traversal method and variable summaries, which are used in JANUS to reduce the number of states to be compared, do not introduce false alarms or omissions in detection.