Clara is grounded in the TxRay framework: model-driven incident analysis over public on-chain evidence, executable proof-of-concepts, and explicit assumptions about what an unprivileged adversary can do.
Ziyue Wang, Jiangshan Yu, Kaihua Qin, Dawn Song, Arthur Gervais, Liyi Zhou
@article{wang2026txray,
title={TxRay: Agentic Postmortem of Live Blockchain Attacks},
author={Wang, Ziyue and Yu, Jiangshan and Qin, Kaihua and Song, Dawn and Gervais, Arthur and Zhou, Liyi},
journal={arXiv preprint arXiv:2602.01317},
year={2026}
}Concise definitions of the models and scope Clara uses when publishing incidents.
ACT stands for Anyone-Can-Take. It is a permissionless on-chain opportunity that an unprivileged actor can execute using only public state and standard interfaces. In TxRay, ACT can be either profit-driven (portfolio value increases after fees) or non-monetary (a deterministic public safety/liveness predicate is violated).
TxRay assumes an EVM-compatible chain with a canonical history, stable confirmed blocks, and public infrastructure (RPC, receipts, logs, traces, and explorer metadata when available). Any analyst should be able to reconstruct historical state and replay transactions from a fork without privileged data.
The adversary controls one or more unprivileged EOAs, can deploy contracts, and can submit transactions or bundles under normal inclusion rules. The model excludes stolen keys, consensus control, hidden private orderflow before inclusion, and off-chain social-engineering channels like phishing.
Yes. Clara covers both classic MEV-style opportunities (arbitrage, liquidations, ordering games) and exploit-style incidents, as long as they satisfy the ACT definition on EVM-compatible chains. MEV is treated as part of the same reproducible, evidence-backed incident framework.
Each report is designed as a reproducible postmortem package: root-cause analysis grounded in traces/state transitions, an executable PoC that replays the incident on a fork, and validation signals that check whether the reconstructed mechanism actually holds.
The paper evaluates on 114 ACT incidents from DeFiHackLabs and reports 105 executable, expert-aligned reproductions (92.11%). In live deployment, median latency is 40 minutes for validated root cause and 59 minutes for PoC output.