**DeFiTail: DeFi Protocol Inspection through Cross-Contract Execution Analysis** **Authors:** Wenkai Li **Abstract:** Decentralized Finance (DeFi) protocols, developed on blockchain to manage digital assets, have faced frequent attacks, resulting in losses exceeding $77 billion. However, detection methods for malicious DeFi events are still lacking. This paper introduces DeFiTail, a framework that uses deep learning to detect access control and flash loan exploits in DeFi protocols. DeFi protocols involve multi-account transactions and complex control flow graphs (CFGs), making it challenging to unify execution paths and validate data paths. To address these challenges, DeFiTail employs sequence and graph learning to extract and analyze data paths, unifies external and internal paths, and validates data path feasibility using a symbolic execution stack. Experimental results show that DeFiTail achieves 98.39% accuracy in detecting access control and 97.43% in detecting flash loan exploits, outperforming state-of-the-art tools. Additionally, DeFiTail demonstrates an 86.67% accuracy in identifying vulnerabilities from the CVE dataset. **CCS Concepts:** - Security and privacy → Software security engineering. **Keywords:** DeFi, Deep Learning, CFG, Access Control, Flash Loan **Introduction:** DeFi protocols leverage smart contracts to facilitate financial transactions. While previous research has focused on detecting vulnerabilities in smart contracts using user-defined rules and expert knowledge, deep learning models have shown promise in identifying patterns from historical contracts. However, challenges remain in detecting DeFi projects, including invocation pattern learning, external and internal path unification, and data path feasibility validation. **Solution:** DeFiTail addresses these challenges by: 1. **Invocation Pattern Learning:** Using sequence and graph learning to extract sequential and structural features. 2. **External and Internal Path Unification:** Analyzing external transactions in the Ethereum Virtual Machine (EVM) and unifying them with internal transaction logic. 3. **Data Path Feasibility Validation:** Integrating a symbolic execution stack to validate the feasibility of data paths. **Contributions:** - Proposes DeFiTail, the first deep learning-based inspection framework for DeFi attacks. - Unifies external and internal paths and connects CFGs at the code level. - Evaluates DeFiTail's performance and highlights improvements through CFG connection and data path validation. - Open-sources DeFiTail and provides further details upon acceptance. **Experimental Evaluation:** - **Accuracy:** DeFiTail outperforms state-of-the-art tools with 98.39% accuracy in access control and 97.43% in flash loan exploits. - **Ablation:** Both CFGs connection and data path validation are crucial for improving detection accuracy. - **Applicability:** DeFiTail successfully identifies 86.67% of 15 CVE incidents, demonstrating its effectiveness in real-world scenarios. ****DeFiTail: DeFi Protocol Inspection through Cross-Contract Execution Analysis** **Authors:** Wenkai Li **Abstract:** Decentralized Finance (DeFi) protocols, developed on blockchain to manage digital assets, have faced frequent attacks, resulting in losses exceeding $77 billion. However, detection methods for malicious DeFi events are still lacking. This paper introduces DeFiTail, a framework that uses deep learning to detect access control and flash loan exploits in DeFi protocols. DeFi protocols involve multi-account transactions and complex control flow graphs (CFGs), making it challenging to unify execution paths and validate data paths. To address these challenges, DeFiTail employs sequence and graph learning to extract and analyze data paths, unifies external and internal paths, and validates data path feasibility using a symbolic execution stack. Experimental results show that DeFiTail achieves 98.39% accuracy in detecting access control and 97.43% in detecting flash loan exploits, outperforming state-of-the-art tools. Additionally, DeFiTail demonstrates an 86.67% accuracy in identifying vulnerabilities from the CVE dataset. **CCS Concepts:** - Security and privacy → Software security engineering. **Keywords:** DeFi, Deep Learning, CFG, Access Control, Flash Loan **Introduction:** DeFi protocols leverage smart contracts to facilitate financial transactions. While previous research has focused on detecting vulnerabilities in smart contracts using user-defined rules and expert knowledge, deep learning models have shown promise in identifying patterns from historical contracts. However, challenges remain in detecting DeFi projects, including invocation pattern learning, external and internal path unification, and data path feasibility validation. **Solution:** DeFiTail addresses these challenges by: 1. **Invocation Pattern Learning:** Using sequence and graph learning to extract sequential and structural features. 2. **External and Internal Path Unification:** Analyzing external transactions in the Ethereum Virtual Machine (EVM) and unifying them with internal transaction logic. 3. **Data Path Feasibility Validation:** Integrating a symbolic execution stack to validate the feasibility of data paths. **Contributions:** - Proposes DeFiTail, the first deep learning-based inspection framework for DeFi attacks. - Unifies external and internal paths and connects CFGs at the code level. - Evaluates DeFiTail's performance and highlights improvements through CFG connection and data path validation. - Open-sources DeFiTail and provides further details upon acceptance. **Experimental Evaluation:** - **Accuracy:** DeFiTail outperforms state-of-the-art tools with 98.39% accuracy in access control and 97.43% in flash loan exploits. - **Ablation:** Both CFGs connection and data path validation are crucial for improving detection accuracy. - **Applicability:** DeFiTail successfully identifies 86.67% of 15 CVE incidents, demonstrating its effectiveness in real-world scenarios. **