# Ultra-Hostile Reviewer Report, "Enhancing Security in Blockchain Networks"

**Manuscript**: Osterrieder, Chan, Chu, Zhang, Mare (2024). *Enhancing Security in Blockchain Networks: Anomalies, Frauds, and Advanced Detection Techniques.*
**Target journal**: *Financial Innovation* (SpringerOpen)
**Reviewer posture**: Desk-reject-level rigour. Evidence-driven, line-referenced.
**Date**: 2026-04-21
**Source of evidence**: `2024.02.20 Enhancing Security in Blockchain Networks_….md` (526 lines); `scripts/hostile_lint.json` (automated scan); `scripts/refs_resolved.json` (OpenAlex enrichment for flag #8).

---

## VERDICT: DESK_REJECT (pre-revision), 3 BLOCKER / 5 MAJOR / 2 MINOR

Post-revision target: `MINOR_REVISION`. Phase 4 must close all BLOCKERs and at least 4 of 5 MAJORs.

---

## Flag #1, No explicit contribution statement [BLOCKER]

**Evidence**: §1.4 "Scope and structure" (source lines 115–134) describes what the paper *contains* (an enumeration, a review, case studies, analysis) but never states what the paper *contributes* that is not already known. The final sentence of §1.4 (line 134), "The intention is for this document to act as a resource for researchers and practitioners", is an audience statement, not a contribution claim.

**Why it blocks**: *Financial Innovation* requires an articulated contribution (per journal instructions and editorial practice). Survey papers especially must state what they contribute *beyond* existing surveys, and the paper explicitly cites Chandola 2009 (ref [6], line 443), Akoglu 2015 (ref [2], line 439), and Ahmed 2016 (ref [1], line 438) as prior general surveys, yet never positions itself against them. An editor will not defer desk-rejection for a survey that does not differentiate.

**Proposed fix** (Phase 4 step 3): add a subsection at the end of §1.4 titled "Contributions of this review" with four itemized contributions: (i) a dimensional taxonomy of blockchain anomalies and frauds by layer × class × detection method; (ii) a comparative matrix of detection techniques by data type, supervision regime, strengths, and limitations; (iii) a synthesis of 35+ references including explicit positioning against Ahmed 2016, Akoglu 2015, Chandola 2009; (iv) a research agenda specifically for the 2022–2025 methodological frontier.

---

## Flag #2, No methodology for reference selection [BLOCKER]

**Evidence**: §1.3 "Literature overview" (source lines 75–90) narrates the literature in two blocks ([1]–[17] then [18]–[35]) without disclosing *how* those references were selected. No database query, no date range, no inclusion criteria, no exclusion rationale, no PRISMA diagram, no justification for the n=35 bound. In a survey submitted in 2024, this is methodologically indefensible.

**Why it blocks**: reviewers will suspect cherry-picking. Without a methodology section, a reviewer has no way to evaluate whether the survey is representative.

**Proposed fix** (Phase 4 step 2): create a new §1.5 "Methodology of this review" before "Scope and structure". Content: databases queried (OpenAlex, IEEE Xplore, Scopus, arXiv); search terms ("blockchain" AND ("anomaly detection" OR "fraud detection")); date range and language restriction; inclusion criteria (peer-reviewed OR high-citation-count preprint); exclusion criteria (non-English, non-blockchain, purely theoretical without anomaly/fraud application); explicit justification for non-PRISMA ("this is a narrative structured review, not a systematic review; PRISMA applies to systematic reviews with pooled effect sizes"). Acknowledge limitations (English-only, no meta-analysis).

---

## Flag #3, Finance framing weak vs target journal [BLOCKER]

**Evidence**: Abstract (line 24) and §1.1 "Definition of blockchain and its properties" (lines 42–59) frame blockchain as a general distributed-systems technology. The word "finance" or "financial" appears in the abstract only once (in the context of "financial gain", referring to attacker motive). *Financial Innovation* is a finance journal; its audience is finance researchers and practitioners. The current framing reads as a computer-science survey with tangential finance relevance.

**Why it blocks**: editors desk-reject submissions that do not demonstrate fit with the journal's audience. The paper's actual financial-relevance signal is strong (systemic risk, market infrastructure, cryptoasset markets, financial fraud), but the framing does not surface it.

**Proposed fix** (Phase 4 step 1): rewrite abstract to structured (Purpose / Methods / Findings / Originality) format; lead with the financial-infrastructure framing ("Blockchain networks underpin \$2+ trillion in cryptoasset markets and an expanding set of decentralized finance applications; their security posture is therefore a first-order financial-integrity concern"); re-anchor §1.1 to emphasize the financial-market consequences of each property (decentralization → no central settlement intermediary; immutability → no recourse for fraud; pseudonymity → AML/KYC challenge).

---

## Flag #4, Verbatim duplicate bullet lists in Chapter 4 [MAJOR]

**Evidence**: Chapter 4 opener (source lines 259–262) introduces 4 fraud-detection techniques as a bullet list: (1) Statistical techniques, (2) Machine learning techniques, (3) Game-theoretic techniques, (4) Digital forensics. §4.1 "Overview of fraud detection techniques" (lines 271–274) reproduces the *same four items* as a bullet list with near-identical wording. §4.2 "Specific techniques" (lines 282–287) then re-lists items 2, 3, 4 (clustering/ML, game-theoretic models, digital forensics) mixed with new items (transaction pattern analysis, anomaly scoring, blockchain simulation).

**Why it matters**: this is sloppy editing. An editor scanning for quality signals will flag visible duplication as evidence of insufficient author attention. iThenticate will also detect the intra-manuscript duplication.

**Proposed fix** (Phase 4 step 4): retain Chapter 4 opener as narrative introduction WITHOUT bullets; move the 4-technique bullet list into §4.1 only; reorganize §4.2 to present *strictly new* techniques (transaction pattern analysis, anomaly scoring, blockchain simulation), dropping the re-introduced items from §4.2. Each remaining subsection (§4.2.1 Digital forensics, §4.2.2 Reputation-based, §4.2.3 Risk assessment) gets a one-sentence lead-in.

---

## Flag #5, Chapter 5 case studies lack citations and primary-source verification [MAJOR]

**Evidence**: Chapter 5 (lines 328–351) describes three specific incidents with specific dates and technical details but no citations:
- **§5 item 1 / §5.1 expansion (lines 332, 340–345)**: "On June 18, 2016, Ethereum suffered from a large-scale denial of service (DoS) attack … exploited a vulnerability in the Ethereum Virtual Machine (EVM) to create a large number of contract accounts". **Verification status**: the Ethereum DoS attacks of 2016 are real (the "Shanghai" attacks via `EXTCODESIZE` and similar opcodes, documented September, October 2016, not June 18). The June 17–20, 2016 window is associated with the **DAO reentrancy hack**, not a DoS attack. The date + mechanism described in the paper conflates two incidents. **MARKED: unverified (date/mechanism inaccurate)**.
- **§5 item 2 / §5.1 expansion (lines 333, 346–351)**: "On August 15, 2014, Bitcoin suffered from a double-spending attack in which a fraudulent actor was able to create two conflicting transactions that were both accepted by the network." **Verification status**: no documented single-incident Bitcoin double-spending attack on this specific date. The Mt. Gox collapse (February 2014) involved transaction malleability exploitation and is the canonical 2014 Bitcoin fraud incident; the August 15 2014 date does not match any well-documented double-spend event. **MARKED: possibly fabricated (no corroborating primary source found)**.
- **§5 item 3 (line 334)**: "In 2017, Ripple suffered from a series of attacks in which fraudulent actors were able to create large numbers of transactions and flood the network". **Verification status**: no documented Ripple network-flooding attack in 2017 in primary sources. Ripple has had congestion incidents but no "series of fraudulent-actor flooding attacks" matching this description. **MARKED: possibly fabricated**.

**Why it matters**: a hostile reviewer will spot-check each case and reject the paper on first factually inaccurate claim. Inaccurate historical attribution is a credibility-killing finding for a security survey.

**Proposed fix** (Phase 4 step 5, decision tree):
- **Ethereum case**: rewrite as the Shanghai DoS attacks (Sep, Oct 2016) with citation to the Ethereum Foundation post-mortem *or* replace with the DAO hack (June 17, 2016) with citation to Buterin's post-mortem + Daian 2016 analysis (published); cite via OpenAlex-verified refs.
- **Bitcoin case**: replace with Mt. Gox collapse (February 2014, transaction malleability, Decker & Wattenhofer 2014 "Bitcoin transaction malleability and MtGox" on arXiv / FC 2014 proceedings).
- **Ripple case**: either (a) remove and replace with a Poly Network (2021) or Ronin Bridge (2022) case with citation, or (b) document as "unverified in primary sources" with an author footnote.

Every case must have ≥1 OpenAlex-verified academic citation or reputable news source with URL in `@misc`.

---

## Flag #6, Pervasive AI-tells and formulaic academic prose [MAJOR]

**Evidence**: automated scan via `scripts/hostile_review.py` detected **59 AI-tell instances** across the manuscript. Highlights (line, phrase):

1. L24 "encompassing a thorough analysis" (abstract)
2. L30 "significantly impact various industries"
3. L32 "in the realm of anomaly and fraud detection"
4. L36 "a comprehensive understanding of blockchain technology's unique features"
5. L77 "In the dynamic and rapidly evolving field" + "A comprehensive review of recent literature"
6. L78 "highlighting the importance of unsupervised learning methods" + "delve into graph-based anomaly detection"
7. L80 "shedding light on systemic risks"
8. L82 "Together, these studies [1-17] encapsulate a rich and diverse body of research"
9. L83 "Building upon the foundational studies … delves into sophisticated methods"
10. L84 "highlighting the potential of machine learning"
11. L86 "In the context of societal impacts"
12. L89 "Together, these studies [18-35] represent a comprehensive effort"
13. L191 "highlighting the need for effective detection mechanisms"
14. L216 "sophisticated statistical models"
15. L228 "significantly enhance the accuracy"

Full list available in `scripts/hostile_lint.json`. Many are copy-paste formulas ("Together, these studies underscore..." appears at both line 82 and line 89, concluding two sequential literature sub-sections with the same rhetoric).

**Why it matters**: *Financial Innovation* and its reviewers are attuned to generic LLM prose since 2023. Repeated formulaic transitions signal low authorial engagement and, in combination with other signals, trigger AI-detection scrutiny. Springer's 2023 AI-content policy does not forbid AI-assisted writing, but it does require disclosure, and formulaic prose without disclosure is reputationally damaging.

**Proposed fix** (Phase 4 step 6): rewrite each flagged passage to eliminate hedging and formulaic transitions. Run `dhdna-profiler` on each rewrite. If a rewrite still scores ≥ 0.75 LLM-generated confidence, mark `<!-- TODO: human rewrite needed -->` and leave original for author attention. Provide AI-disclosure statement (prepared as `AI_DISCLOSURE.md`) in final manuscript.

**Acceptance threshold**: ≥10 flagged instances with line numbers → satisfied (59 instances found).

---

## Flag #7, Vague claims without citations [MAJOR]

**Evidence**: automated scan found **30 vague-claim instances**. Pattern: "can be used to", "has been shown", "various techniques", "several studies" appearing without adjacent citation. Highlights:

- L232 "Machine learning approaches … can be used to detect anomalies" (no cite; should anchor to e.g. Chandola 2009, Ahmed 2016)
- L235–238 each of the four ML subcategories (supervised / unsupervised / semi-supervised / deep) says "can be used to identify X" without citation, these must cite at least one foundational ML reference per sub-claim
- L244–250 game-theoretic approaches: 4 subsections (Bayesian / mechanism design / evolutionary / auctions) with "can be used to" in each; no cites
- L257–262 Chapter 4 opener repeats the same pattern for the 4 fraud-detection techniques
- L282–287 §4.2 specific techniques: 6 items, mostly no cites

**Why it matters**: a survey that makes category-level claims without citations is indistinguishable from undergraduate encyclopedic summary. Reviewers expect every "has been used to X" to reference prior work establishing the use.

**Proposed fix** (Phase 4 step 7): for each flagged claim, add a citation to the most-cited OpenAlex-resolved reference matching the sub-topic. Target: ≥80% of flagged claims get a citation; remainder marked `<!-- TODO: unsupported claim, consider removing -->`.

**Acceptance threshold**: ≥15 flagged instances with line numbers → satisfied (30 instances found).

---

## Flag #8, Reference currency (post-2020 coverage) [MAJOR]

**Evidence**: the 35 existing references include only 4 post-2020 entries per manual inspection of §References: [18] Liang 2021, [15] Kamps 2018 (pre-2020), [16] Kim 2021, [31] Shayegan 2021, [33] Taher 2024, [34] Yahoo 2021 (news). Actually verified post-2020 count ≈ 5 papers (Liang 2021, Kim 2021, Shayegan 2021, Taher 2024, Signorini 2020/2018, Zhang 2020). The automated count (`scripts/hostile_lint.json` `post_2020_refs_count: 19`) over-counts because the regex matches years appearing in URLs and access dates; the correct count of distinct post-2020 publications is ~5.

For a 2024 submission on a fast-moving field (blockchain, ML, anomaly detection), 5 post-2020 references out of 35 is insufficient. Significant post-2020 work is missing:
- Ethereum MEV literature (post-2021)
- DeFi exploit detection (Flash Loan attacks, e.g. Qin et al. 2021)
- Rug-pull detection (Xia et al. 2021, Mazorra et al. 2022)
- Cross-chain bridge attack analysis (Zhang et al. 2023)
- LLM-based smart-contract vulnerability detection (post-2023)

**Why it matters**: a review that misses the last 2–3 years of a hot topic looks stale and uninformed. Reviewers working in the area will immediately flag omitted seminal recent papers.

**Proposed fix** (Phase 4 step 8): run OpenAlex concept search with filter `concepts.id:C48103436` (blockchain) AND `publication_year:2022..2025` AND `cited_by_count >= 30`; human-curate top-20 to 8–12 additions; integrate into §1.3 Literature Overview; add to `refs.bib`.

---

## Flag #9, No dimensional taxonomy [MINOR]

**Evidence**: §2.1 "Types of anomalies and frauds" (lines 154–168) lists 3 anomaly types (outages, data corruption, unauthorized transactions) and 3 fraud types (double-spending, money laundering, insider trading) as unordered enumerations. No cross-cutting structure by (blockchain layer × attack class × detection method) is provided. This weakens the paper's claim to be a "taxonomy".

**Why it matters**: surveys are judged partly on the analytical structure they impose on a literature. Unstructured lists are inferior to dimensional taxonomies.

**Proposed fix** (Phase 5): construct a taxonomy table (`paper/tables/tab_taxonomy.tex`) with columns *Anomaly/Fraud class × Blockchain layer × Detection method × Example incident × Reference* and ~15 rows. Reference the table from §2.1 body text.

---

## Flag #10, Inconsistency between Appendix A.1 and Chapter 5 [MINOR]

**Evidence**: Appendix A.1 (line 480) states "Data sharing is not applicable to this article as no datasets were generated or analysed during the current study." Chapter 5 (lines 328–351) describes three case studies with technical detail (specific dates, mechanisms, mitigations). The case studies may be based on secondary sources (not datasets), but the flat assertion that "no datasets were analysed" is inconsistent with the case-study framing.

**Why it matters**: editors check for internal consistency; this is a small but visible inconsistency.

**Proposed fix** (Phase 4 step 5 side-effect or separate step): after Phase 4 case-study rewrite, update Appendix A.1 to: "This is a structured narrative review; no primary datasets were generated or analysed. Secondary sources (academic literature and incident reports) used for the case studies in Chapter 5 are all cited in the reference list."

---

## Summary

`VERDICT: DESK_REJECT, 3 BLOCKER / 5 MAJOR / 2 MINOR`

| Flag | Severity | Fixable in Phase 4? |
|------|----------|---------------------|
| 1, No contribution statement | BLOCKER | Yes (step 3) |
| 2, No methodology for ref selection | BLOCKER | Yes (step 2) |
| 3, Finance framing weak | BLOCKER | Yes (step 1) |
| 4, §4 duplicate bullets | MAJOR | Yes (step 4) |
| 5, Case studies lack citations | MAJOR | Yes (step 5) |
| 6, 59 AI-tells | MAJOR | Yes (step 6) |
| 7, 30 vague claims | MAJOR | Yes (step 7) |
| 8, Reference currency (5 post-2020) | MAJOR | Yes (step 8) |
| 9, No dimensional taxonomy | MINOR | Yes (Phase 5 tables) |
| 10, A.1 vs Ch.5 inconsistency | MINOR | Yes (Phase 4 side-effect) |

**After Phase 4 revision target verdict: `MINOR_REVISION`** (0 BLOCKERs, ≤2 MAJORs unresolved permitted, MINORs acceptable with acknowledgement).