{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,3]],"date-time":"2026-02-03T19:27:54Z","timestamp":1770146874379,"version":"3.49.0"},"reference-count":67,"publisher":"Association for Computing Machinery (ACM)","issue":"FSE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Proc. ACM Softw. Eng."],"published-print":{"date-parts":[[2025,6,19]]},"abstract":"<jats:p>The exploitation of smart contract vulnerabilities in Decentralized Finance (DeFi) has resulted in financial losses exceeding 3 billion US dollars. Existing defense mechanisms primarily focus on detecting and reacting to adversarial transactions executed by attackers that target victim contracts. However, with the emergence of private transaction pools where transactions are sent directly to miners without first appearing in public mempools, current detection tools face significant challenges in identifying attack activities effectively.<\/jats:p>\n          <jats:p>Based on the fact that most attack logic rely on deploying intermediate contracts as supporting components to the exploitation of victim contracts, novel detection methods have been proposed that focus on identifying these adversarial contracts instead of adversarial transactions. However, previous state-of-the-art approaches in this direction have failed to produce results satisfactory enough for real-world deployment. In this paper, we propose LookAhead, a new framework for detecting DeFi attacks via unveiling adversarial contracts. LookAhead leverages common attack patterns, code semantics and intrinsic characteristics found in adversarial contracts to train Machine Learning (ML)-based classifiers that can effectively distinguish adversarial contracts from benign ones and make timely predictions of different types of potential attacks. Experiments on our labeled datasets show that LookAhead achieves an F1-score of 0.8966, which represents an improvement of over 44.4% compared to the previous state-of-the-art solution, with a False Positive Rate at only 0.16%.<\/jats:p>","DOI":"10.1145\/3729353","type":"journal-article","created":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T15:15:34Z","timestamp":1750346134000},"page":"1847-1869","source":"Crossref","is-referenced-by-count":3,"title":["LookAhead: Preventing DeFi Attacks via Unveiling Adversarial Contracts"],"prefix":"10.1145","volume":"2","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-6440-3800","authenticated-orcid":false,"given":"Shoupeng","family":"Ren","sequence":"first","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-1802-7394","authenticated-orcid":false,"given":"Lipeng","family":"He","sequence":"additional","affiliation":[{"name":"University of Waterloo, Waterloo, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9776-5610","authenticated-orcid":false,"given":"Tianyu","family":"Tu","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-4785-706X","authenticated-orcid":false,"given":"Di","family":"Wu","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6796-6828","authenticated-orcid":false,"given":"Jian","family":"Liu","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3441-6277","authenticated-orcid":false,"given":"Kui","family":"Ren","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6198-7481","authenticated-orcid":false,"given":"Chun","family":"Chen","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}]}],"member":"320","published-online":{"date-parts":[[2025,6,19]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"2020. AAVE Protocol Whitepaper. https:\/\/github.com\/aave\/aave-protocol\/blob\/master\/docs\/Aave_Protocol_Whitepaper_v1_0.pdf Accessed 2024"},{"key":"e_1_2_1_2_1","unstructured":"2024. Alchemy. https:\/\/www.alchemy.com\/ Accessed 2024"},{"key":"e_1_2_1_3_1","unstructured":"2024. Arbitrum Documentation. https:\/\/docs.arbitrum.io\/ Accessed 2024"},{"key":"e_1_2_1_4_1","unstructured":"2024. Attacker Drains $182M From Beanstalk Stablecoin Protocol. https:\/\/www.coindesk.com\/tech\/2022\/04\/17\/attacker-drains-182m-from-beanstalk-stablecoin-protocol\/ Accessed 2024"},{"key":"e_1_2_1_5_1","unstructured":"2024. Attacker Hacks Arbitrum\u2019s Treasure DAO for Over 100 NFTs by Leveraging Marketplace Exploit. https:\/\/news.bitcoin.com\/attacker-hacks-arbitrums-treasure-dao-for-over-100-nfts-by-leveraging-marketplace-exploit\/ Accessed 2024"},{"key":"e_1_2_1_6_1","unstructured":"2024. Blocksec. https:\/\/blocksec.com\/ Accessed 2024"},{"key":"e_1_2_1_7_1","unstructured":"2024. BNB Chain Documentation. https:\/\/docs.bnbchain.org\/docs\/overview Accessed 2024"},{"key":"e_1_2_1_8_1","unstructured":"2024. BurgerSwap Hit by Flash Loan Attack Netting Over $7M. https:\/\/www.coindesk.com\/markets\/2021\/05\/28\/burgerswap-hit-by-flash-loan-attack-netting-over-7m\/ Accessed 2024"},{"key":"e_1_2_1_9_1","unstructured":"2024. Certik. https:\/\/www.certik.com\/ Accessed 2024"},{"key":"e_1_2_1_10_1","unstructured":"2024. ChangeNOW: Instant Cryptocurrency Exchange. https:\/\/changenow.io\/ Accessed 2024"},{"key":"e_1_2_1_11_1","unstructured":"2024. DeFi Hacks Reproduce. https:\/\/github.com\/SunWeb3Sec\/DeFiHackLabs Accessed 2024"},{"key":"e_1_2_1_12_1","unstructured":"2024. ERC20 Token Standard. https:\/\/eips.ethereum.org\/EIPS\/eip-20 Accessed 2024"},{"key":"e_1_2_1_13_1","unstructured":"2024. ERC721 Token Standard. https:\/\/eips.ethereum.org\/EIPS\/eip-721 Accessed 2024"},{"key":"e_1_2_1_14_1","unstructured":"2024. Ethereum Signature Dataset. https:\/\/www.4byte.directory\/ Accessed 2024"},{"key":"e_1_2_1_15_1","unstructured":"2024. Flashbots Documentation. https:\/\/docs.flashbots.net\/ Accessed 2024"},{"key":"e_1_2_1_16_1","unstructured":"2024. Forta Network. https:\/\/forta.org\/blog\/how-fortas-predictive-ml-models-detect-attacks-before-exploitation\/ Accessed 2024"},{"key":"e_1_2_1_17_1","unstructured":"2024. Foundry. https:\/\/github.com\/foundry-rs\/foundry Accessed 2024"},{"key":"e_1_2_1_18_1","unstructured":"2024. Label Word Cloud on BscScan. https:\/\/bscscan.com\/labelcloud Accessed 2024"},{"key":"e_1_2_1_19_1","unstructured":"2024. Label Word Cloud on Etherscan. https:\/\/etherscan.io\/labelcloud Accessed 2024"},{"key":"e_1_2_1_20_1","unstructured":"2024. Learn EVM Attacks. https:\/\/github.com\/coinspect\/learn-evm-attacks Accessed 2024"},{"key":"e_1_2_1_21_1","unstructured":"2024. LookAhead dataset and source code. https:\/\/github.com\/zju-abclab\/LookAhead Accessed 2024"},{"key":"e_1_2_1_22_1","unstructured":"2024. Optimism Documentation. https:\/\/community.optimism.io\/ Accessed 2024"},{"key":"e_1_2_1_23_1","unstructured":"2024. PancakeBunny tanks 96% following $200M flash loan exploit. https:\/\/cointelegraph.com\/news\/pancakebunny-tanks-96-following-200m-flash-loan-exploit Accessed 2024"},{"key":"e_1_2_1_24_1","unstructured":"2024. Polygon Documentation. https:\/\/docs.polygon.technology\/ Accessed 2024"},{"key":"e_1_2_1_25_1","unstructured":"2024. SideShift: No Sign-Up Crypto Exchange. https:\/\/sideshift.ai\/ Accessed 2024"},{"key":"e_1_2_1_26_1","unstructured":"2024. SlowMist Hacked Events. https:\/\/hacked.slowmist.io\/ Accessed 2024"},{"key":"e_1_2_1_27_1","unstructured":"2024. SushiSwap Exchange Suffers Major $3.3 Million Smart Contract Hack. https:\/\/cryptonews.com\/news\/sushiswap-exchange-suffers-major-33-million-smart-contract-hack-heres-what-happened.htm Accessed 2024"},{"key":"e_1_2_1_28_1","unstructured":"2024. SushiSwap\u2019s Token Launchpad Hacked for Over $3M in Ethereum. https:\/\/decrypt.co\/81120\/sushiswaps-token-launchpad-hacked-over-3m-ethereum Accessed 2024"},{"key":"e_1_2_1_29_1","unstructured":"2024. Tornado Cash Label on Etherscan. https:\/\/etherscan.io\/accounts\/label\/tornado-cash Accessed 2024"},{"key":"e_1_2_1_30_1","unstructured":"2024. Total Value Locked - DefiLlama. https:\/\/defillama.com\/ Accessed 2024"},{"key":"e_1_2_1_31_1","unstructured":"Hayden Adams Noah Zinsmeister Moody Salem River Keefer and Dan Robinson. 2021. Uniswap v3 Core. https:\/\/uniswap.org\/whitepaper-v3.pdf Accessed 2024"},{"key":"e_1_2_1_32_1","unstructured":"Yixin Cao Chuanwei Zou and Xianfeng Cheng. 2021. Flashot: a snapshot of flash loan attack on DeFi ecosystem. arXiv preprint arXiv:2102.00626."},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24449"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/sp40000.2020.00040"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4842-2535-6"},{"key":"e_1_2_1_36_1","unstructured":"DLNews. 2024. Conic Finance suffers $3m exploit in twist to \u2018typical re-entrancy attack\u2019. https:\/\/www.dlnews.com\/articles\/defi\/conic-finance-suffers-exploit-similar-to-the-dao-hack\/ Accessed 2024"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-43725-1_13"},{"key":"e_1_2_1_38_1","unstructured":"Yu Gai Liyi Zhou Kaihua Qin Dawn Song and Arthur Gervais. 2023. Blockchain large language models. arXiv preprint arXiv:2304.12749."},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/icse.2019.00120"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3158136"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/iotsms48152.2019.8939257"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/ijcnn.2008.4633969"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598124"},{"key":"e_1_2_1_44_1","volume-title":"A unified approach to interpreting model predictions. Advances in neural information processing systems, 30","author":"Lundberg Scott M","year":"2017","unstructured":"Scott M Lundberg and Su-In Lee. 2017. A unified approach to interpreting model predictions. Advances in neural information processing systems, 30 (2017), https:\/\/dl.acm.org\/doi\/10.5555\/3295222.3295230"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3560264"},{"key":"e_1_2_1_46_1","unstructured":"Fernando Martinelli and Nikolai Mushegian. 2019. A non-custodial portfolio manager liquidity provider and price sensor. https:\/\/balancer.fi\/whitepaper.pdf Accessed 2024"},{"key":"e_1_2_1_47_1","unstructured":"Tomas Mikolov. 2013. Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781."},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-54204-6_24"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.5555\/3620237.3620459"},{"key":"e_1_2_1_50_1","unstructured":"Kaihua Qin Zhe Ye Zhun Wang Weilin Li Liyi Zhou Chao Zhang Dawn Song and Arthur Gervais. 2023. Towards Automated Security Analysis of Smart Contracts based on Execution Property Graph. arXiv preprint arXiv:2305.14046."},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-64322-8_1"},{"key":"e_1_2_1_52_1","volume-title":"Compound: The Money Market Protocol. https:\/\/compound.finance\/documents\/Compound.Whitepaper.pdf Accessed 2024","author":"Robert Leshner","year":"2019","unstructured":"Leshner Robert and Hayes Geoffrey. 2019. Compound: The Money Market Protocol. https:\/\/compound.finance\/documents\/Compound.Whitepaper.pdf Accessed 2024"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23413"},{"key":"e_1_2_1_54_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Torres Christof Ferreira","year":"2021","unstructured":"Christof Ferreira Torres and Ramiro Camino. 2021. Frontrunner jones and the raiders of the dark forest: An empirical study of frontrunning on the ethereum blockchain. In 30th USENIX Security Symposium (USENIX Security 21). 1343\u20131359."},{"key":"e_1_2_1_55_1","unstructured":"A Vaswani. 2017. Attention is all you need. Advances in Neural Information Processing Systems https:\/\/dl.acm.org\/doi\/10.5555\/3295222.3295349"},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/tcss.2022.3228122"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3457977.3460301"},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3543507.3583217"},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3517745.3561448"},{"key":"e_1_2_1_60_1","volume-title":"Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper, 151","author":"Wood Gavin","year":"2014","unstructured":"Gavin Wood. 2014. Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper, 151, 2014 (2014), 1\u201332."},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3505263"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/tdsc.2023.3346888"},{"key":"e_1_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639153"},{"key":"e_1_2_1_64_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Zhang Mengya","year":"2020","unstructured":"Mengya Zhang, Xiaokuan Zhang, Yinqian Zhang, and Zhiqiang Lin. 2020. $TXSPECTOR$: Uncovering attacks in ethereum from transactions. In 29th USENIX Security Symposium (USENIX Security 20). 2775\u20132792. https:\/\/dl.acm.org\/doi\/10.5555\/3489212.3489368"},{"key":"e_1_2_1_65_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Zhang Zhuo","year":"2023","unstructured":"Zhuo Zhang, Zhiqiang Lin, Marcelo Morales, Xiangyu Zhang, and Kaiyuan Zhang. 2023. Your exploit is mine: Instantly synthesizing counterattack smart contract. In 32nd USENIX Security Symposium (USENIX Security 23). 1757\u20131774. https:\/\/dl.acm.org\/doi\/10.5555\/3620237.3620336"},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1109\/sp46215.2023.10179435"},{"key":"e_1_2_1_67_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Zhou Shunfan","year":"2020","unstructured":"Shunfan Zhou, Malte M\u00f6ser, Zhemin Yang, Ben Adida, Thorsten Holz, Jie Xiang, Steven Goldfeder, Yinzhi Cao, Martin Plattner, and Xiaojun Qin. 2020. An ever-evolving game: Evaluation of real-world attacks and defenses in ethereum ecosystem. In 29th USENIX Security Symposium (USENIX Security 20). 2793\u20132810. https:\/\/dl.acm.org\/doi\/10.5555\/3489212.3489369"}],"container-title":["Proceedings of the ACM on Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3729353","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T15:25:53Z","timestamp":1750346753000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3729353"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,19]]},"references-count":67,"journal-issue":{"issue":"FSE","published-print":{"date-parts":[[2025,6,19]]}},"alternative-id":["10.1145\/3729353"],"URL":"https:\/\/doi.org\/10.1145\/3729353","relation":{},"ISSN":["2994-970X"],"issn-type":[{"value":"2994-970X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,6,19]]}}}