We frame Ethereum transactions reverted by invariants-require(<invariant>)/ assert(<invariant>)/if (<invariant>) revert statements in the contract implementation-as a positive signal of active on-chain defenses. Despite their value, the defensive patterns in these transactions remain undiscovered and underutilized in security research. We present Raven, a framework that aligns reverted transactions to the invariant causing the reversion in the smart contract source code, embeds these invariants using our BERT-based fine-tuned model, and clusters them by semantic intent to mine defensive invariant categories on Ethereum. Evaluated on a sample of 20,000 reverted transactions, Raven achieves cohesive and meaningful clusters of transaction-reverting invariants. Manual expert review of the mined 19 semantic clusters uncovers six new invariant categories absent from existing invariant catalogs, including feature toggles, replay prevention, proof/signature verification, counters, caller-provided slippage thresholds, and allow/ban/bot lists. To demonstrate the practical utility of this invariant catalog mining pipeline, we conduct a case study using one of the newly discovered invariant categories as a fuzzing oracle to detect vulnerabilities in a real-world attack. Raven thus can map Ethereum's successful defenses. These invariant categories enable security researchers to develop analysis tools based on data-driven security oracles extracted from the smart contracts' working defenses.

翻译：我们将以太坊交易中因不变式（require(<invariant>)/assert(<invariant>)/if (<invariant>) revert等合约实现语句）导致回滚的现象，视为链上主动防御的有效信号。尽管具有重要价值，这些交易中的防御模式在安全研究中仍未得到充分发掘和利用。本文提出Raven框架，该框架能够将回滚交易与智能合约源码中触发回滚的不变式进行关联，通过基于BERT的微调模型对这些不变式进行语义嵌入，并依据语义意图进行聚类，从而挖掘以太坊上的防御性不变式类别。在20,000笔回滚交易的样本评估中，Raven实现了具有内聚性和语义意义的交易回滚不变式聚类。通过对挖掘出的19个语义聚类进行专家人工审查，我们发现了现有不变式目录中缺失的六类新不变式，包括：功能开关、重放攻击防护、证明/签名验证、计数器、调用者提供的滑点阈值以及许可/禁止/机器人名单。为展示该不变式目录挖掘流程的实用价值，我们选取新发现的不变式类别之一作为模糊测试预言机，通过案例研究检测真实攻击中的漏洞。Raven因此能够系统映射以太坊的成功防御机制。这些不变式类别使安全研究人员能够基于从智能合约实际防御中提取的数据驱动安全预言机，开发相应的分析工具。