Table of Contents
Fetching ...

TxRay: Agentic Postmortem of Live Blockchain Attacks

Ziyue Wang, Jiangshan Yu, Kaihua Qin, Dawn Song, Arthur Gervais, Liyi Zhou

TL;DR

TxRay introduces an agentic postmortem system that starts from limited seed on-chain evidence of ACT opportunities and, via a coordinated multi-agent pipeline, yields an evidence-backed root-cause report and a deterministic, self-contained Foundry PoC that reproduces the incident on a forked chain. A dedicated PoCEvaluator independently validates PoC correctness and quality, reporting high reproduction rates (≈$92.11\%$) and attacker-address-free PoCs on aligned cases, with live deployment showing sub-hour turnaround. The work also presents a standardized DeFi incident benchmark (196 incidents across 9 chains) and demonstrates generalized attack imitation capabilities, improving coverage relative to prior baselines like APE and STING. Overall, TxRay enables faster, more reliable DeFi postmortems and provides a scalable dataset for IDS benchmarking, vulnerability research, and defense-ready tooling.

Abstract

Decentralized Finance (DeFi) has turned blockchains into financial infrastructure, allowing anyone to trade, lend, and build protocols without intermediaries, but this openness exposes pools of value controlled by code. Within five years, the DeFi ecosystem has lost over 15.75B USD to reported exploits. Many exploits arise from permissionless opportunities that any participant can trigger using only public state and standard interfaces, which we call Anyone-Can-Take (ACT) opportunities. Despite on-chain transparency, postmortem analysis remains slow and manual: investigations start from limited evidence, sometimes only a single transaction hash, and must reconstruct the exploit lifecycle by recovering related transactions, contract code, and state dependencies. We present TxRay, a Large Language Model (LLM) agentic postmortem system that uses tool calls to reconstruct live ACT attacks from limited evidence. Starting from one or more seed transactions, TxRay recovers the exploit lifecycle, derives an evidence-backed root cause, and generates a runnable, self-contained Proof of Concept (PoC) that deterministically reproduces the incident. TxRay self-checks postmortems by encoding incident-specific semantic oracles as executable assertions. To evaluate PoC correctness and quality, we develop PoCEvaluator, an independent agentic execution-and-review evaluator. On 114 incidents from DeFiHackLabs, TxRay produces an expert-aligned root cause and an executable PoC for 105 incidents, achieving 92.11% end-to-end reproduction. Under PoCEvaluator, 98.1% of TxRay PoCs avoid hard-coding attacker addresses, a +24.8pp lift over DeFiHackLabs. In a live deployment, TxRay delivers validated root causes in 40 minutes and PoCs in 59 minutes at median latency. TxRay's oracle-validated PoCs enable attack imitation, improving coverage by 15.6% and 65.5% over STING and APE.

TxRay: Agentic Postmortem of Live Blockchain Attacks

TL;DR

TxRay introduces an agentic postmortem system that starts from limited seed on-chain evidence of ACT opportunities and, via a coordinated multi-agent pipeline, yields an evidence-backed root-cause report and a deterministic, self-contained Foundry PoC that reproduces the incident on a forked chain. A dedicated PoCEvaluator independently validates PoC correctness and quality, reporting high reproduction rates (≈) and attacker-address-free PoCs on aligned cases, with live deployment showing sub-hour turnaround. The work also presents a standardized DeFi incident benchmark (196 incidents across 9 chains) and demonstrates generalized attack imitation capabilities, improving coverage relative to prior baselines like APE and STING. Overall, TxRay enables faster, more reliable DeFi postmortems and provides a scalable dataset for IDS benchmarking, vulnerability research, and defense-ready tooling.

Abstract

Decentralized Finance (DeFi) has turned blockchains into financial infrastructure, allowing anyone to trade, lend, and build protocols without intermediaries, but this openness exposes pools of value controlled by code. Within five years, the DeFi ecosystem has lost over 15.75B USD to reported exploits. Many exploits arise from permissionless opportunities that any participant can trigger using only public state and standard interfaces, which we call Anyone-Can-Take (ACT) opportunities. Despite on-chain transparency, postmortem analysis remains slow and manual: investigations start from limited evidence, sometimes only a single transaction hash, and must reconstruct the exploit lifecycle by recovering related transactions, contract code, and state dependencies. We present TxRay, a Large Language Model (LLM) agentic postmortem system that uses tool calls to reconstruct live ACT attacks from limited evidence. Starting from one or more seed transactions, TxRay recovers the exploit lifecycle, derives an evidence-backed root cause, and generates a runnable, self-contained Proof of Concept (PoC) that deterministically reproduces the incident. TxRay self-checks postmortems by encoding incident-specific semantic oracles as executable assertions. To evaluate PoC correctness and quality, we develop PoCEvaluator, an independent agentic execution-and-review evaluator. On 114 incidents from DeFiHackLabs, TxRay produces an expert-aligned root cause and an executable PoC for 105 incidents, achieving 92.11% end-to-end reproduction. Under PoCEvaluator, 98.1% of TxRay PoCs avoid hard-coding attacker addresses, a +24.8pp lift over DeFiHackLabs. In a live deployment, TxRay delivers validated root causes in 40 minutes and PoCs in 59 minutes at median latency. TxRay's oracle-validated PoCs enable attack imitation, improving coverage by 15.6% and 65.5% over STING and APE.
Paper Structure (32 sections, 9 figures, 4 tables)

This paper contains 32 sections, 9 figures, 4 tables.

Figures (9)

  • Figure 1: We draw incidents from four sources and forward seed transaction(s) to TxRay. TxRay performs root cause analysis and synthesizes an executable Foundry-based PoC. We evaluate TxRay in Sections \ref{['sec:postmortem-quality']}--\ref{['sec:generalized-imitation']} and produce a standardized dataset in Section \ref{['sec:defi-incident-benchmark']}.
  • Figure 2: TxRay design. A shared orchestrator coordinates six specialist subagents over a shared session workspace. Components (1)--(3) iteratively collect on-chain evidence, draft the root cause, and validate it with actionable feedback; components (4)--(6) derive semantic oracles, synthesize a self-contained Foundry PoC, and validate correctness and quality under an iteration budget.
  • Figure 3: Overview of the PoCEvaluator workflow. Stage (i) : $N$ sub-evaluator agents independently inspect the PoC and emit initial evaluation reports. Stage (ii) : an aggregator agent aggregates reports, extracts disagreements, and iteratively prompts sub-evaluators to maintain or change their judgments until consensus, producing a consolidated JSON report with final metrics and negotiation history.
  • Figure 4: PoCEvaluator pass counts for correctness (left) and quality (right) metrics. For a controlled comparison, we evaluate both TxRay and DeFiHackLabs on the 105 incidents where TxRay's root-cause report aligns with the ground truth. Q1--Q3 rule out degenerate "PoCs" that merely replay the attacker execution (e.g., invoking attacker-side helper contracts or calling the same attacker contract with copied addresses and parameters), which is common in public incident repositories but does not yield a self-contained reproduction. Q3 and Q4 highlight a recurrent baseline gap: avoiding exploit-specific constants (Q3) and encoding explicit success predicates as assertions (Q4).
  • Figure 5: Cost and performance of TxRay on the DeFiHackLabs benchmark. Left: token usage (log scale); each split violin compares root cause analysis (left half) and PoC generation (right half), and uncached input is computed as $(\text{input} - \text{cached input})$. Middle: estimated API cost distribution (USD) under gpt-5.1 pricing. Right: end-to-end session duration distribution (minutes).
  • ...and 4 more figures