Existing DeFi vulnerability detection tools primarily focus on state changes in victim contracts, struggling to model attackers’ cross-contract interaction logic; their practicality is further hindered by the scarcity of real-world attack samples. This paper proposes the first deep learning–based static cross-contract data-flow analysis framework, integrating symbolic execution with optimized control-flow graph (CFG) construction. It unifies intra- and inter-transaction path modeling, leverages symbolic execution to validate critical data flows—thereby mitigating CFG inaccuracies—and precisely characterizes access-control flaws and flash-loan attack patterns. Experiments demonstrate that our method achieves 98.39% accuracy in detecting access-control vulnerabilities and 97.43% accuracy in identifying flash-loan attacks on real-world datasets, while attaining an 86.67% malicious-contract detection rate on the CVE dataset.

Decentralized finance (DeFi) protocols are crypto projects developed on the blockchain to manage digital assets. Attacks on DeFi have been frequent and have resulted in losses exceeding $80 billion. Current tools detect and locate possible vulnerabilities in contracts by analyzing the state changes that may occur during malicious events. However, this victim-only approaches seldom possess the capability to cover the attacker's interaction intention logic. Furthermore, only a minuscule percentage of DeFi protocols experience attacks in real-world scenarios, which poses a significant challenge for these detection tools to demonstrate practical effectiveness. In this paper, we propose DeFiTail, the first framework that utilizes deep learning technology for access control and flash loan exploit detection. Through feeding the cross-contract static data flow, DeFiTail automatically learns the attack logic in real-world malicious events that occur on DeFi protocols, capturing the threat patterns between attacker and victim contracts. Since the DeFi protocol events involve interactions with multi-account transactions, the execution path with external and internal transactions requires to be unified. Moreover, to mitigate the impact of mistakes in Control Flow Graph (CFG) connections, DeFiTail validates the data path by employing the symbolic execution stack. Furthermore, we feed the data paths through our model to achieve the inspection of DeFi protocols. Comparative experiment results indicate that DeFiTail achieves the highest accuracy, with 98.39% in access control and 97.43% in flash loan exploits. DeFiTail also demonstrates an enhanced capability to detect malicious contracts, identifying 86.67% accuracy from the CVE dataset.