Blockchain’s deterministic execution hinders secure random number generation in smart contracts, creating widespread exploitable vulnerabilities in DeFi and blockchain games; existing detection tools suffer from low precision and high false-positive rates. To address this, we propose a path-level taint analysis system featuring a novel path-sensitive, two-stage analysis framework: (1) semantic graph construction and rule-driven taint propagation tracking; and (2) joint modeling via PathGNN—capturing path-level structural patterns—and GlobalGCN—encoding global contract topology—for fine-grained randomness vulnerability identification. We further introduce evidence-driven parameter initialization to enhance generalization. Evaluated on 4,844 Ethereum smart contracts, our approach achieves an F1-score of 0.892, AUC-ROC of 0.94, and PRA accuracy of 97%, significantly outperforming state-of-the-art methods.

The inherent determinism of blockchain technology poses a significant challenge to generating secure random numbers within smart contracts, leading to exploitable vulnerabilities, particularly in decentralized finance (DeFi) ecosystems and blockchain-based gaming applications. From our observations, the current state-of-the-art detection tools suffer from inadequate precision while dealing with random number vulnerabilities. To address this problem, we propose TaintSentinel, a novel path sensitive vulnerability detection system designed to analyze smart contracts at the execution path level and gradually analyze taint with domain-specific rules. This paper discusses a solution that incorporates a multi-faceted approach, integrating rule-based taint analysis to track data flow, a dual stream neural network to identify complex vulnerability signatures, and evidence-based parameter initialization to minimize false positives. The system's two-phase operation involves semantic graph construction and taint propagation analysis, followed by pattern recognition using PathGNN and global structural analysis via GlobalGCN. Our experiments on 4,844 contracts demonstrate the superior performance of TaintSentinel relative to existing tools, yielding an F1-score of 0.892, an AUC-ROC of 0.94, and a PRA accuracy of 97%.