Document Open Access Logo

On-Chain Decentralized Learning and Cost-Effective Inference for DeFi Attack Mitigation

Authors Abdulrahman Alhaidari , Balaji Palanisamy , Prashant Krishnamurthy

PDF

File

Thumbnail PDF
PDF
LIPIcs.AFT.2025.35.pdf
  • Filesize: 1.35 MB
  • 27 pages

Document Identifiers

Subject Classification

ACM Subject Classification
  • Security and privacy → Network security
  • Security and privacy → Distributed systems security
  • Security and privacy → Security protocols
Keywords
  • DeFi attacks
  • on-chain machine learning
  • decentralized learning
  • real-time defense

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads
    0
    Metadata Views

Abstract

Billions of dollars are lost every year in DeFi platforms by transactions exploiting business logic or accounting vulnerabilities. Existing defenses focus on static code analysis, public mempool screening, attacker contract detection, or trusted off-chain monitors, none of which prevents exploits submitted through private relays or malicious contracts that execute within the same block. We present the first decentralized, fully on-chain learning framework that: (i) performs gas-prohibitive computation on Layer-2 to reduce cost, (ii) propagates verified model updates to Layer-1, and (iii) enables gas-bounded, low-latency inference inside smart contracts. A novel Proof-of-Improvement (PoIm) protocol governs the training process and verifies each decentralized micro update as a self-verifying training transaction. Updates are accepted by PoIm only if they demonstrably improve at least one core metric (e.g., accuracy, F1-score, precision, or recall) on a public benchmark without degrading any of the other core metrics, while adversarial proposals get financially penalized through an adaptable test set for evolving threats. We develop quantization and loop-unrolling techniques that enable inference for logistic regression, SVM, MLPs, CNNs, and gated RNNs (with support for formally verified decision tree inference) within the Ethereum block gas limit, while remaining bit-exact to their off-chain counterparts, formally proven in Z3. We curate 298 unique real-world exploits (2020 - 2025) with 402 exploit transactions across eight EVM chains, collectively responsible for $3.74 B in losses. We demonstrate that on-chain ML governed by PoIm detects previously unseen attacks with over 97% attack detection accuracy and 82.0% F1. A single inference, such as one made via an external call, typically incurs zero cost. Fully on-chain inference consumes 57,603 gas (≈ $0.18) for linear models, 143,647 gas (≈ $0.49) for CNN(F2, K1), and 506,397 gas (≈ $1.77) for CNN(F8, K4) on L1 (e.g., Ethereum). Our results show that practical and continually evolving DeFi defenses can be embedded directly in protocol logic without trusted guardians, and our solution achieves highly cost-effective protection while filling a critical gap between vulnerability scanners and real-time transaction screening.

Cite As Get BibTex

Abdulrahman Alhaidari, Balaji Palanisamy, and Prashant Krishnamurthy. On-Chain Decentralized Learning and Cost-Effective Inference for DeFi Attack Mitigation. In 7th Conference on Advances in Financial Technologies (AFT 2025). Leibniz International Proceedings in Informatics (LIPIcs), Volume 354, pp. 35:1-35:27, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2025) https://doi.org/10.4230/LIPIcs.AFT.2025.35

Author Details

Abdulrahman Alhaidari
  • School of Computing and Information, University of Pittsburgh, Pittsburgh, PA, USA
Balaji Palanisamy
  • School of Computing and Information, University of Pittsburgh, Pittsburgh, PA, USA
Prashant Krishnamurthy
  • School of Computing and Information, University of Pittsburgh, Pittsburgh, PA, USA

Funding

This material is based upon work supported by the National Science Foundation under Grant #2020071. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.

References

  1. Hedgey finance. https://hedgey.finance/, 2024. Accessed: 2024-05-08.
  2. Martín Abadi. Tensorflow: learning functions at scale. In Proceedings of the 21st ACM SIGPLAN international conference on functional programming, pages 1-1, 2016. Google Scholar
  3. Sa’ed Abed, Reem Jaffal, Bassam J Mohd, and Mohammad Al-Shayeji. An analysis and evaluation of lightweight hash functions for blockchain-based iot devices. Cluster computing, 24:3065-3084, 2021. URL: https://doi.org/10.1007/S10586-021-03324-1.
  4. Alchemy. Web3 Development Platform. https://www.alchemy.com, 2024.
  5. Abdulrahman Alhaidari, Balaji Palanisamy, and Prashant Krishnamurthy. Poster: Flashguard: Real-time disruption of non-price flash loan attacks in defi. In Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS '24), page 3, Salt Lake City, UT, USA, october 14-18 2024. ACM. URL: https://doi.org/10.1145/3658644.3691385.
  6. Abdulrahman Alhaidari, Balaji Palanisamy, and Prashant Krishnamurthy. Protecting defi platforms against non-price flash loan attacks. In Proceedings of the Fifteenth ACM Conference on Data and Application Security and Privacy (CODASPY ’25), pages 1-12, Pittsburgh, PA, USA, 2025. ACM. URL: https://doi.org/10.1145/3714393.3726503.
  7. Dana Alsagheer, Lei Xu, and Weidong Shi. Decentralized machine learning governance: Overview, opportunities, and challenges. IEEE Access, 11:96718-96732, 2023. URL: https://doi.org/10.1109/ACCESS.2023.3311713.
  8. Raphael Auer, Bernhard Haslhofer, Stefan Kitzler, Pietro Saggese, and Friedhelm Victor. The technology of decentralized finance (defi). Digital Finance, 6(1):55-95, 2024. Google Scholar
  9. Nic Carter and Linda Jeng. Defi protocol risks: The paradox of defi. Regtech, suptech and beyond: innovation and technology in financial services” riskbooks-forthcoming Q, 3, 2021. Google Scholar
  10. Stefanos Chaliasos, Marcos Antonios Charalambous, Liyi Zhou, Rafaila Galanopoulou, Arthur Gervais, Dimitris Mitropoulos, and Benjamin Livshits. Smart contract and defi security tools: Do they meet the needs of practitioners? In Proceedings of the 46th IEEE/ACM International Conference on Software Engineering, pages 1-13, 2024. URL: https://doi.org/10.1145/3597503.3623302.
  11. Bing-Jyue Chen, Suppakit Waiwitlikhit, Ion Stoica, and Daniel Kang. Zkml: An optimizing system for ml inference in zero-knowledge proofs. In Proceedings of the Nineteenth European Conference on Computer Systems, pages 560-574, 2024. URL: https://doi.org/10.1145/3627703.3650088.
  12. Huashan Chen, Marcus Pendleton, Laurent Njilla, and Shouhuai Xu. A survey on ethereum systems security: Vulnerabilities, attacks, and defenses. ACM Computing Surveys (CSUR), 53(3):1-43, 2020. URL: https://doi.org/10.1145/3391195.
  13. Arka Rai Choudhuri, Sanjam Garg, Julien Piet, and Guru-Vamsi Policharla. Mempool privacy via batched threshold encryption: Attacks and defenses. Cryptology ePrint Archive, 2024. Google Scholar
  14. Web3.js Contributors. Web3.js, 2024. URL: https://github.com/web3/web3.js.
  15. KD Conway, Cathie So, Xiaohang Yu, and Kartin Wong. opml: Optimistic machine learning on blockchain. arXiv preprint arXiv:2401.17555, 2024. URL: https://doi.org/10.48550/arXiv.2401.17555.
  16. Sourav Das, Vinay Joseph Ribeiro, and Abhijeet Anand. Yoda: Enabling computationally intensive contracts on blockchains with byzantine and selfish nodes. arXiv preprint arXiv:1811.03265, 2018. URL: https://arxiv.org/abs/1811.03265.
  17. Leonardo De Moura and Nikolaj Bjørner. Z3: An efficient smt solver. In International conference on Tools and Algorithms for the Construction and Analysis of Systems, pages 337-340. Springer, 2008. Google Scholar
  18. De.Fi. Rekt db, 2024. Accessed: 2024-06-07. URL: https://de.fi/rekt-database.
  19. DeFiLlama. DeFi Dashboard. https://defillama.com, 2024. Accessed: 2024-05-14.
  20. Kaustubh Dwivedi, Ankit Agrawal, Ashutosh Bhatia, and Kamlesh Tiwari. A novel classification of attacks on blockchain layers: Vulnerabilities, attacks, mitigations, and research directions. arXiv preprint arXiv:2404.18090, 2024. URL: https://doi.org/10.48550/arXiv.2404.18090.
  21. Ethereum Foundation. Ethereum improvement proposals. https://eips.ethereum.org/, 2025.
  22. Etherscan. Ethereum blockchain explorer. http://etherscan.io/, 2024.
  23. Andres Fabrega, Amy Zhao, Jay Yu, James Austgen, Sarah Allen, Kushal Babel, Mahimna Kelkar, and Ari Juels. Voting-Bloc Entropy: A New Metric for DAO Decentralization. In 2025 USENIX Security Symposium (USENIX Security 25), 2025. Google Scholar
  24. Rainer Feichtinger, Robin Fritsch, Lioba Heimbach, Yann Vonlanthen, and Roger Wattenhofer. Sok: Attacks on daos. In 6th Conference on Advances in Financial Technologies (AFT 2024), pages 28-1. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2024. URL: https://doi.org/10.4230/LIPIcs.AFT.2024.28.
  25. Flashbots. Mitigating MEV in Blockchain. https://www.flashbots.net, 2024. Accessed: 2024-07-23.
  26. Ethereum Foundation. Ethereum, 2024. URL: https://ethereum.org/.
  27. Foundry. Blazing fast, portable and modular toolkit for Ethereum application development written in Rust. https://getfoundry.sh, 2024.
  28. Rundong Gan, Liyi Zhou, Le Wang, Kaihua Qin, and Xiaodong Lin. Defialigner: Leveraging symbolic analysis and large language models for inconsistency detection in decentralized finance. In 6th Conference on Advances in Financial Technologies (AFT 2024), pages 7-1. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2024. URL: https://doi.org/10.4230/LIPIcs.AFT.2024.7.
  29. Bianca-Mihaela Ganescu and Jonathan Passerat-Palmbach. Trust the process: Zero-knowledge machine learning to enhance trust in generative ai interactions. arXiv preprint, 2024. URL: https://doi.org/10.48550/arXiv.2402.06414.
  30. Caleb Geren, Amanda Board, Gaby G Dagher, Tim Andersen, and Jun Zhuang. Blockchain for large language model security and safety: A holistic survey. ACM SIGKDD Explorations Newsletter, 26(2):1-20, 2025. URL: https://doi.org/10.1145/3715073.3715075.
  31. Arthur Gervais, Ghassan O Karame, Karl Wüst, Vasileios Glykantzis, Hubert Ritzdorf, and Srdjan Capkun. On the security and performance of proof of work blockchains. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pages 3-16, 2016. URL: https://doi.org/10.1145/2976749.2978341.
  32. Thomas Guilmeau, Emilie Chouzenoux, and Víctor Elvira. Simulated annealing: A review and a new scheme. In 2021 IEEE statistical signal processing workshop (SSP), pages 101-105. IEEE, 2021. URL: https://doi.org/10.1109/SSP49050.2021.9513782.
  33. Yang Guo. A review of machine learning-based zero-day attack detection: Challenges and future directions. Computer communications, 198:175-185, 2023. URL: https://doi.org/10.1016/J.COMCOM.2022.11.001.
  34. Charles R Harris, K Jarrod Millman, Stéfan J Van Der Walt, Ralf Gommers, Pauli Virtanen, David Cournapeau, Eric Wieser, Julian Taylor, Sebastian Berg, Nathaniel J Smith, et al. Array programming with numpy. Nature, 585(7825):357-362, 2020. URL: https://doi.org/10.1038/S41586-020-2649-2.
  35. Ningyu He, Lei Wu, Haoyu Wang, Yao Guo, and Xuxian Jiang. Characterizing code clones in the ethereum smart contract ecosystem. In International Conference on Financial Cryptography and Data Security, pages 654-675. Springer, 2020. URL: https://doi.org/10.1007/978-3-030-51280-4_35.
  36. Lioba Heimbach and Roger Wattenhofer. Eliminating sandwich attacks with the help of game theory. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, pages 153-167, 2022. URL: https://doi.org/10.1145/3488932.3517390.
  37. Safak Kayikci and Taghi M Khoshgoftaar. Blockchain meets machine learning: a survey. Journal of Big Data, 11(1):9, 2024. URL: https://doi.org/10.1186/S40537-023-00852-Y.
  38. Nikhil Ketkar. Introduction to keras. In Deep learning with python: a hands-on introduction, pages 97-111. Springer, 2017. Google Scholar
  39. Oliver Kramer and Oliver Kramer. Scikit-learn. Machine learning for evolution strategies, pages 45-53, 2016. Google Scholar
  40. Wenkai Li, Xiaoqi Li, Yuqing Zhang, and Zongwei Li. Defitail: Defi protocol inspection through cross-contract execution analysis. In Companion Proceedings of the ACM on Web Conference 2024, pages 786-789, 2024. URL: https://doi.org/10.1145/3589335.3651488.
  41. Xiaofan Li, Jin Yang, Jiaqi Chen, Yuzhe Tang, and Xing Gao. Characterizing ethereum upgradable smart contracts and their security implications. In Proceedings of the ACM Web Conference 2024, pages 1847-1858, 2024. URL: https://doi.org/10.1145/3589334.3645640.
  42. Zhikai Li, Steve Vott, and Bhaskar Krishnamachari. Ml2sc: Deploying machine learning models as smart contracts on the blockchain. In 2024 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), pages 645-649. IEEE, 2024. URL: https://doi.org/10.1109/ICBC59979.2024.10634431.
  43. Yulin Liu, Yuxuan Lu, Kartik Nayak, Fan Zhang, Luyao Zhang, and Yinhong Zhao. Empirical analysis of eip-1559: Transaction fees, waiting times, and consensus security. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pages 2099-2113, 2022. URL: https://doi.org/10.1145/3548606.3559341.
  44. Rischan Mafrur. Ai-based crypto tokens: The illusion of decentralized ai? IET Blockchain, 5(1):e70015, 2025. URL: https://doi.org/10.1049/BLC2.70015.
  45. Wes McKinney et al. pandas: a foundational python library for data analysis and statistics. Python for high performance and scientific computing, 14(9):1-9, 2011. Google Scholar
  46. Johnnatan Messias, Vabuk Pahari, Balakrishnan Chandrasekaran, Krishna P Gummadi, and Patrick Loiseau. Dissecting bitcoin and ethereum transactions: On the lack of transaction contention and prioritization transparency in blockchains. In International Conference on Financial Cryptography and Data Security, pages 221-240. Springer, 2023. URL: https://doi.org/10.1007/978-3-031-47751-5_13.
  47. Nexus Mutual. CREAM Finance Hack. https://nexusmutual.io/claims-stories/cream-finance-hack, 2025. Accessed: 2025-02-05.
  48. Optimism Foundation. Optimism. https://www.optimism.io/, 2025. Accessed: 2025-02-21.
  49. Zhizhi Peng, Taotao Wang, Chonghe Zhao, Guofu Liao, Zibin Lin, Yifeng Liu, Bin Cao, Long Shi, Qing Yang, and Shengli Zhang. A survey of zero-knowledge proof based verifiable machine learning. arXiv preprint arXiv:2502.18535, 2025. Google Scholar
  50. Daniel Perez and Benjamin Livshits. Smart contract vulnerabilities: Vulnerable does not imply exploited. In 30th USENIX Security Symposium (USENIX Security 21), pages 1325-1341, 2021. URL: https://www.usenix.org/conference/usenixsecurity21/presentation/perez.
  51. Maksym Petkus. Why and how zk-snark works. arXiv preprint arXiv:1906.07221, 2019. URL: https://arxiv.org/abs/1906.07221.
  52. Valentina Piantadosi, Giovanni Rosa, Davide Placella, Simone Scalabrino, and Rocco Oliveto. Detecting functional and security-related issues in smart contracts: A systematic literature review. Software: Practice and experience, 53(2):465-495, 2023. URL: https://doi.org/10.1002/SPE.3156.
  53. PolygonScan. Polygon Gas Tracker. https://polygonscan.com/gastracker, 2024. Accessed: 2024-08-30.
  54. Shoupeng Ren, Lipeng He, Tianyu Tu, Di Wu, Jian Liu, Kui Ren, and Chun Chen. Lookahead: Preventing defi attacks via unveiling adversarial contracts. arXiv preprint arXiv:2401.07261, 2024. Google Scholar
  55. Sarwar Sayeed, Hector Marco-Gisbert, and Tom Caira. Smart contract: Attacks and protections. Ieee Access, 8:24416-24427, 2020. URL: https://doi.org/10.1109/ACCESS.2020.2970495.
  56. Cosimo Sguanci, Roberto Spatafora, and Andrea Mario Vergani. Layer 2 blockchain scaling: A survey. arXiv preprint arXiv:2107.10881, 2021. URL: https://arxiv.org/abs/2107.10881.
  57. Nikumbh Sarthak Sham, Sandip Chakraborty, and Shamik Sural. Generation of optimized solidity code for machine learning models using llms. arXiv preprint arXiv:2503.06203, 2025. URL: https://doi.org/10.48550/arXiv.2503.06203.
  58. SunWeb3Sec. DeFiHackLabs. https://github.com/SunWeb3Sec/DeFiHackLabs, 2024. Accessed: 2024-05-08.
  59. Jason Teutsch and Christian Reitwießner. A scalable verification solution for blockchains. In Aspects of Computation and Automata Theory with Applications, pages 377-424. World Scientific, 2024. Google Scholar
  60. Louis Tremblay Thibault, Tom Sarry, and Abdelhakim Senhaji Hafid. Blockchain scaling using rollups: A comprehensive survey. IEEE Access, 10:93039-93054, 2022. URL: https://doi.org/10.1109/ACCESS.2022.3200051.
  61. Xiaojie Wang, Hanxue Li, Ling Yi, Zhaolong Ning, Song Guo, and Yan Zhang. A survey on off-chain networks: Frameworks, technologies, solutions and challenges. arXiv preprint arXiv:2311.10298, 2023. URL: https://doi.org/10.48550/arXiv.2311.10298.
  62. Gavin Wood et al. Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper, 151(2014):1-32, 2014. Google Scholar
  63. Zihuan Xu and Lei Chen. L2chain: Towards high-performance, confidential and secure layer-2 blockchain solution for decentralized applications. Proceedings of the VLDB Endowment, 16(4):986-999, 2022. URL: https://doi.org/10.14778/3574245.3574278.
  64. Chavhan Sujeet Yashavant, Saurabh Kumar, and Amey Karkare. Scrawld: A dataset of real world ethereum smart contracts labelled with vulnerabilities. arXiv preprint arXiv:2202.11409, 2022. URL: https://arxiv.org/abs/2202.11409.
  65. Zheming Ye, Xiaodong Qi, Zhao Zhang, and Cheqing Jin. Yoimiya: A scalable framework for optimal resource utilization in zk-snark systems. arXiv preprint arXiv:2502.18288, 2025. URL: https://doi.org/10.48550/arXiv.2502.18288.
  66. Pengcheng Zhang, Feng Xiao, and Xiapu Luo. A framework and dataset for bugs in ethereum smart contracts. In 2020 IEEE international conference on software maintenance and evolution (ICSME), pages 139-150. IEEE, 2020. URL: https://doi.org/10.1109/ICSME46990.2020.00023.
  67. Zhuo Zhang, Zhiqiang Lin, Marcelo Morales, Xiangyu Zhang, and Kaiyuan Zhang. Your exploit is mine: Instantly synthesizing counterattack smart contract. In 32nd USENIX Security Symposium (USENIX Security 23), pages 1757-1774, 2023. URL: https://www.usenix.org/conference/usenixsecurity23/presentation/zhang-zhuo-exploit.
  68. Zhuo Zhang, Brian Zhang, Wen Xu, and Zhiqiang Lin. Demystifying exploitable bugs in smart contracts. In 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE), pages 615-627. IEEE, 2023. URL: https://doi.org/10.1109/ICSE48619.2023.00061.
  69. Zibin Zheng, Jianzhong Su, Jiachi Chen, David Lo, Zhijie Zhong, and Mingxi Ye. Dappscan: building large-scale datasets for smart contract weaknesses in dapp projects. IEEE Transactions on Software Engineering, 2024. Google Scholar
  70. Zihan Zheng, Peichen Xie, Xian Zhang, Shuo Chen, Yang Chen, Xiaobing Guo, Guangzhong Sun, Guangyu Sun, and Lidong Zhou. Agatha: Smart contract for dnn computation. arXiv preprint arXiv:2105.04919, 2021. URL: https://arxiv.org/abs/2105.04919.
  71. Liyi Zhou, Xihan Xiong, Jens Ernstberger, Stefanos Chaliasos, Zhipeng Wang, Ye Wang, Kaihua Qin, Roger Wattenhofer, Dawn Song, and Arthur Gervais. Sok: Decentralized finance (defi) attacks. In 2023 IEEE Symposium on Security and Privacy (SP), pages 2444-2461. IEEE, 2023. URL: https://doi.org/10.1109/SP46215.2023.10179435.
Any Issues?
X

Feedback on the Current Page

CAPTCHA

Thanks for your feedback!

Feedback submitted to Dagstuhl Publishing

Could not send message

Please try again later or send an E-mail
© 2023-2025 Schloss Dagstuhl – LZI GmbH About DROPS Imprint Privacy Contact