TaintSentinel: Path-Level Randomness Vulnerability Detection for Ethereum Smart Contracts

The deterministic nature of blockchain technology creates fundamental difficulties in producing secure random numbers within smart contracts, a limitation that exposes vulnerabilities in applications such as decentralized finance (DeFi) protocols and blockchain-based gaming platforms. From our observations, the current state-of-the-art detection tools suffer from inadequate precision while dealing with random number vulnerabilities. To address this problem, we propose TaintSentinel, a novel path-sensitive vulnerability detection system designed to analyze smart contracts at the execution path level and gradually analyze taint with domain-specific rules. This paper discusses a solution that incorporates a multifaceted approach, integrating rule-based taint analysis to track data flow, a dual-stream neural network to identify complex vulnerability signatures, and evidence-based parameter initialization to minimize false positives. The two-phase operation of the system involves the construction of semantic graphs and the analysis of taint propagation, followed by pattern recognition using PathGNN and global structural analysis via GlobalGCN. Our experiments on 4,844 contracts demonstrate the superior performance of TaintSentinel relative to existing tools, yielding an F1-score of 0.892, an AUC-ROC of 0.94, and a PRA accuracy of 97%.