This paper identifies and formalizes “phantom events”—a novel security vulnerability in EVM-based blockchains wherein smart contract event logs are maliciously forged. We systematically model five realistic attack patterns exploiting this flaw. Methodologically, we propose a lightweight, high-precision detection framework that integrates symbolic execution with semantic modeling of event signatures, complemented by static analysis and runtime log verification. Our contributions include: (1) the first in-depth security analysis specifically targeting event log forgery, comprehensively covering all five attack classes; (2) discovery of dozens of real-world phantom event vulnerabilities across major EVM chains—including Ethereum—with significantly higher detection accuracy than state-of-the-art tools; and (3) empirical validation through concrete exploits in widely used DeFi protocols, leading to coordinated disclosure and critical contract patches.

With the rapid development of blockchain technology, transaction logs play a central role in various applications, including decentralized exchanges, wallets, cross-chain bridges, and other third-party services. However, these logs, particularly those based on smart contract events, are highly susceptible to manipulation and forgery, creating substantial security risks across the ecosystem. To address this issue, we present the first in-depth security analysis of transaction log forgery in EVM-based blockchains, a phenomenon we term Phantom Events. We systematically model five types of attacks and propose a tool designed to detect event forgery vulnerabilities in smart contracts. Our evaluation demonstrates that our approach outperforms existing tools in identifying potential phantom events. Furthermore, we have successfully identified real-world instances for all five types of attacks across multiple decentralized applications. Finally, we call on community developers to take proactive steps to address these critical security vulnerabilities.