LookAhead: Preventing DeFi Attacks via Unveiling Adversarial Contracts
Shoupeng Ren, Lipeng He, Tianyu Tu, Di Wu, Jian Liu, Kui Ren, Chun Chen
TL;DR
LookAhead tackles DeFi security by detecting adversarial contracts rather than adversarial transactions, addressing the blind spot created by private mempools. It introduces PSCFT, a pruned semantic representation of EVM bytecode, and combines a transformer with an ensemble meta-classifier to identify adversarial contracts with high precision and low false positives. The approach is validated on a large, manually labeled dataset of adversarial and benign contracts, achieving an F1-score of up to 0.8966 and a false positive rate as low as 0.16%, significantly outperforming prior work. Practical evaluations, including on-chain live experiments, demonstrate timely, just-in-time predictions within the rescue window and potential defense actions. The work provides a scalable dataset, a novel semantic-tokenization pipeline, and openly available tools to advance real-world DeFi defense.
Abstract
The exploitation of smart contract vulnerabilities in Decentralized Finance (DeFi) has resulted in financial losses exceeding 3 billion US dollars. Existing defense mechanisms primarily focus on detecting and reacting to adversarial transactions executed by attackers that target victim contracts. However, with the emergence of private transaction pools where transactions are sent directly to miners without first appearing in public mempools, current detection tools face significant challenges in identifying attack activities effectively. Based on the fact that most attack logic rely on deploying intermediate smart contracts as supporting components to the exploitation of victim contracts, novel detection methods have been proposed that focus on identifying these adversarial contracts instead of adversarial transactions. However, previous state-of-the-art approaches in this direction have failed to produce results satisfactory enough for real-world deployment. In this paper, we propose LookAhead, a new framework for detecting DeFi attacks via unveiling adversarial contracts. LookAhead leverages common attack patterns, code semantics and intrinsic characteristics found in adversarial smart contracts to train Machine Learning (ML)-based classifiers that can effectively distinguish adversarial contracts from benign ones and make timely predictions of different types of potential attacks. Experiments on our labeled datasets show that LookAhead achieves an F1-score as high as 0.8966, which represents an improvement of over 44.4% compared to the previous state-of-the-art solution, with a False Positive Rate (FPR) at only 0.16%.