Scam contracts on Ethereum have rapidly evolved alongside the rise of DeFi and NFT ecosystems, utilizing increasingly complex code obfuscation techniques to avoid early detection. This paper systematically investigates how obfuscation amplifies the financial risks of fraudulent contracts and undermines existing auditing tools. We propose a transfer-centric obfuscation taxonomy, distilling seven key features, and introduce ObfProbe, a framework that performs bytecode-level smart contract analysis to uncover obfuscation techniques and quantify obfuscation complexity via Z-score ranking. In a large-scale study of 1.03 million Ethereum contracts, we isolate over 3 000 highly obfuscated contracts and identify two scam archetypes, three high-risk contract categories, and MEV bots that employ a variety of obfuscation maneuvers such as inline assembly, dead code insertion, and deep function splitting. We further show that obfuscation substantially increases both the scale of financial damage and the time until detection. Finally, we evaluate SourceP, a state-of-the-art Ponzi detection tool, on obfuscated versus non-obfuscated samples and observe its accuracy drop from approximately 80 percent to approximately 12 percent in real-world scenarios. These findings highlight the urgent need for enhanced anti-obfuscation analysis techniques and broader community collaboration to stem the proliferation of scam contracts in the expanding DeFi ecosystem.
翻译:随着DeFi和NFT生态系统的兴起,以太坊上的欺诈合约迅速发展,其采用日益复杂的代码混淆技术以规避早期检测。本文系统性地研究了混淆技术如何放大欺诈合约的金融风险并削弱现有审计工具的有效性。我们提出了一种以资金转移为中心的混淆分类法,提炼出七个关键特征,并引入了ObfProbe框架——该框架通过字节码层级的智能合约分析来揭示混淆技术,并借助Z-score排序量化混淆复杂度。在对103万个以太坊合约的大规模研究中,我们分离出3000余个高度混淆的合约,识别出两类欺诈原型、三种高风险合约类别,以及采用多种混淆手段(如内联汇编、死代码插入和深度函数分割)的MEV机器人。我们进一步证明,混淆技术显著增加了资金损失的规模并延长了检测所需时间。最后,我们在混淆与非混淆样本上评估了最先进的庞氏骗局检测工具SourceP,发现在实际场景中其准确率从约80%骤降至约12%。这些发现凸显了在日益扩张的DeFi生态系统中,亟需加强反混淆分析技术并拓展社区协作,以遏制欺诈合约的扩散。