Table of Contents
Fetching ...

Raven: Mining Defensive Patterns in Ethereum via Semantic Transaction Revert Invariants Categories

Mojtaba Eshghie, Melissa Mazura, Alexandre Bartel

TL;DR

Raven treats failed Ethereum transactions caused by contract invariants as rich signals of on-chain defenses. It collects precise failure invariants from verified contracts, embeds them with a fine-tuned RavenBERT model, and semantically clusters them to reveal defensive categories, including six novel patterns. A 20k-transaction study yields 19 coherent clusters, with manual validation and a real-world Nomad Bridge case study demonstrating practical utility as a fuzzing oracle. The work provides a data-driven map of working defenses in Ethereum and lays groundwork for improved invariant catalogs and defense-oriented tooling for security researchers.

Abstract

We frame Ethereum transactions reverted by invariants-require(<invariant>)/ assert(<invariant>)/if (<invariant>) revert statements in the contract implementation-as a positive signal of active on-chain defenses. Despite their value, the defensive patterns in these transactions remain undiscovered and underutilized in security research. We present Raven, a framework that aligns reverted transactions to the invariant causing the reversion in the smart contract source code, embeds these invariants using our BERT-based fine-tuned model, and clusters them by semantic intent to mine defensive invariant categories on Ethereum. Evaluated on a sample of 20,000 reverted transactions, Raven achieves cohesive and meaningful clusters of transaction-reverting invariants. Manual expert review of the mined 19 semantic clusters uncovers six new invariant categories absent from existing invariant catalogs, including feature toggles, replay prevention, proof/signature verification, counters, caller-provided slippage thresholds, and allow/ban/bot lists. To demonstrate the practical utility of this invariant catalog mining pipeline, we conduct a case study using one of the newly discovered invariant categories as a fuzzing oracle to detect vulnerabilities in a real-world attack. Raven thus can map Ethereum's successful defenses. These invariant categories enable security researchers to develop analysis tools based on data-driven security oracles extracted from the smart contracts' working defenses.

Raven: Mining Defensive Patterns in Ethereum via Semantic Transaction Revert Invariants Categories

TL;DR

Raven treats failed Ethereum transactions caused by contract invariants as rich signals of on-chain defenses. It collects precise failure invariants from verified contracts, embeds them with a fine-tuned RavenBERT model, and semantically clusters them to reveal defensive categories, including six novel patterns. A 20k-transaction study yields 19 coherent clusters, with manual validation and a real-world Nomad Bridge case study demonstrating practical utility as a fuzzing oracle. The work provides a data-driven map of working defenses in Ethereum and lays groundwork for improved invariant catalogs and defense-oriented tooling for security researchers.

Abstract

We frame Ethereum transactions reverted by invariants-require(<invariant>)/ assert(<invariant>)/if (<invariant>) revert statements in the contract implementation-as a positive signal of active on-chain defenses. Despite their value, the defensive patterns in these transactions remain undiscovered and underutilized in security research. We present Raven, a framework that aligns reverted transactions to the invariant causing the reversion in the smart contract source code, embeds these invariants using our BERT-based fine-tuned model, and clusters them by semantic intent to mine defensive invariant categories on Ethereum. Evaluated on a sample of 20,000 reverted transactions, Raven achieves cohesive and meaningful clusters of transaction-reverting invariants. Manual expert review of the mined 19 semantic clusters uncovers six new invariant categories absent from existing invariant catalogs, including feature toggles, replay prevention, proof/signature verification, counters, caller-provided slippage thresholds, and allow/ban/bot lists. To demonstrate the practical utility of this invariant catalog mining pipeline, we conduct a case study using one of the newly discovered invariant categories as a fuzzing oracle to detect vulnerabilities in a real-world attack. Raven thus can map Ethereum's successful defenses. These invariant categories enable security researchers to develop analysis tools based on data-driven security oracles extracted from the smart contracts' working defenses.
Paper Structure (43 sections, 5 equations, 4 figures, 5 tables)

This paper contains 43 sections, 5 equations, 4 figures, 5 tables.

Figures (4)

  • Figure 1: Raven's pipeline for semantic clustering of revert-inducing transaction invariants.
  • Figure 2: Failure invariant dataset collection pipeline.
  • Figure 3: Summary of the failure categories in the test set.
  • Figure 4: PCA Analysis for the clusters generated by the best-performing configurations of Raven.