Yi Li bio photo

Yi Li

Associate Professor

College of Computing and Data Science (CCDS)
Nanyang Technological University (NTU)

Address: Block S3-01c-104
50 Nanyang Avenue, Singapore 639798
Phone: +65 6790 4287

Email Twitter LinkedIn GitHub Bitbucket Google Scholar ORCID

TrapHunter: Exposing Covert Pathways in Trap Token Contracts

Yin Wu, Yixuan Liu, Yi Li, Chenyang Peng, Hao Wu, Ming Fan, Ting Liu, and Haijun Wang

In Proceedings of the 35th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2026

Abstract: Standardized token contracts (e.g., ERC-20) form the foundation of digital assets. However, attackers increasingly abuse this standardization to disguise malicious trap tokens. Unlike obvious violations, these contracts employ a strategy of "deceptive adherence": they strictly adhere to standard protocols to evade detection, while embedding covert logic to defraud users. To address this, we first systematize the trap landscape by proposing a novel taxonomy derived from the intrinsic functional lifecycle of tokens (Generation, Circulation, Persistence, and Observation). We then propose TrapHunter, an end-to-end framework designed to identify these traps and expose covert pathways within these deceptive contracts via intent deviation analysis. Specifically, TrapHunter introduces a unified semantic representation combining Abstract Behavior Trees (ABTs) and Augmented Path Graphs (APGs) to normalize intra-procedural syntax and reveal the hidden execution paths driven by inter-procedural state dependencies. Crucially, it bridges the semantic gap by leveraging LLMs to reason about the behavioral intent of deviations from reference implementations, followed by a fork-based dynamic validation to confirm exploitability. Experimental evaluations on 269 real-world contracts with three LLMs (DeepSeek, GPT, and Gemini) demonstrate that TrapHunter effectively detects all six categories of traps, achieving an average precision of 81.8% and recall of 85.4%, significantly outperforming state-of-the-art tools.

Cite:

@inproceedings{Wu2026TEC,
  author = {Wu, Yin and Liu, Yixuan and Li, Yi and Peng, Chenyang and Wu, Hao and Fan, Ming and Liu, Ting and Wang, Haijun},
  booktitle = {Proceedings of the 35th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)},
  month = oct,
  title = {{TrapHunter}: Exposing Covert Pathways in Trap Token Contracts},
  year = {2026}
}