NDSS 2025 – Silence False Alarms

Reentrancy vulnerabilities have repeatedly exposed Ethereum contracts to multi‑million‑dollar exploits, prompting a wave of automated detectors. While these tools are essential for early risk identification, their reliance on simplistic heuristics leads to a flood of false alarms, especially when contracts employ sophisticated anti‑reentrancy safeguards. This noise not only drains developer resources but also erodes confidence in security analyses, creating a barrier to wider blockchain adoption.

AutoAR tackles the false‑positive dilemma by introducing RentPDG, a specialized program‑dependency graph that captures the nuanced control‑flow and data‑flow semantics of anti‑reentrancy mechanisms. The system feeds these graphs into a graph auto‑encoder, which learns compact embeddings before applying a clustering algorithm to isolate distinct protective patterns. Trained on a large corpus of real‑world contracts, AutoAR reliably flags twelve prevalent anti‑reentrancy designs, achieving 89% identification accuracy—a notable leap over prior code‑analysis attempts.

The integration of AutoAR into existing detection pipelines promises tangible business benefits. Auditors can now prioritize genuine threats, cutting review time and lowering compliance costs. Moreover, the methodology sets a precedent for pattern‑based security tooling across other blockchain platforms, encouraging research into automated recognition of defensive coding practices. As the ecosystem matures, such precision tools will be pivotal in sustaining investor trust and fostering the next generation of secure decentralized applications.