Rollback transactions in Ethereum smart contracts—often overlooked as mere failures—contain valuable signals of proactive defensive logic that remain systematically unexplored. Method: We propose the first systematic approach to mine defensive invariants from rollback transactions, combining source-code-level rollback attribution alignment, fine-grained semantic embedding via BERT fine-tuning, unsupervised clustering, and expert-guided validation. Contribution/Results: Applied to 20,000 rollback transactions, our method automatically identifies 19 defensive patterns, including six previously undocumented ones (e.g., feature toggles, replay protection, multi-signature validation), thereby filling critical gaps in existing security pattern repositories. Our embeddings significantly improve semantic cohesion within invariant clusters. Furthermore, integrating these invariants into fuzz testing successfully uncovers multiple real-world vulnerabilities, demonstrating both the method’s analytical rigor and practical utility for smart contract security assessment.

We frame Ethereum transactions reverted by invariants-require(<invariant>)/ assert(<invariant>)/if (<invariant>) revert statements in the contract implementation-as a positive signal of active on-chain defenses. Despite their value, the defensive patterns in these transactions remain undiscovered and underutilized in security research. We present Raven, a framework that aligns reverted transactions to the invariant causing the reversion in the smart contract source code, embeds these invariants using our BERT-based fine-tuned model, and clusters them by semantic intent to mine defensive invariant categories on Ethereum. Evaluated on a sample of 20,000 reverted transactions, Raven achieves cohesive and meaningful clusters of transaction-reverting invariants. Manual expert review of the mined 19 semantic clusters uncovers six new invariant categories absent from existing invariant catalogs, including feature toggles, replay prevention, proof/signature verification, counters, caller-provided slippage thresholds, and allow/ban/bot lists. To demonstrate the practical utility of this invariant catalog mining pipeline, we conduct a case study using one of the newly discovered invariant categories as a fuzzing oracle to detect vulnerabilities in a real-world attack. Raven thus can map Ethereum's successful defenses. These invariant categories enable security researchers to develop analysis tools based on data-driven security oracles extracted from the smart contracts' working defenses.