Feature Request: Add new detector for Inadequate Protection Against Front-Running

[ThomasHeim11]

Consider opening a discussion instead of an issue for this.

Try answering the follows:

Is your feature request related to a problem? Please describe.
Smart contracts frequently lack protection against front-running attacks, making them vulnerable to transaction ordering manipulation. When working with DeFi protocols, developers often implement functions for swaps, trades, or price-sensitive operations without considering the implications of transaction ordering. This leads to value extraction through sandwich attacks, auction/marketplace manipulation, and MEV exploitation. Currently, Aderyn lacks a dedicated detector for identifying these vulnerable patterns.

Describe the solution you'd like
Id like to add a new low-severity detector that identifies functions susceptible to front-running attacks by checking for:

1. External/public functions with names indicating price-sensitive operations (swap, trade, price, buy, sell, etc.)
2. Absence of protection mechanisms like:

• Deadline parameters and timestamp checks
• Min/max output value thresholds
• Slippage protection parameters
• Batch processing or commit-reveal patterns

The detector would provide specific guidance on how to implement these protections in the issue description and generate meaningful warnings to help developers secure their contracts.

I've already implemented and tested this detector locally. The implementation:

• Targets only public/external functions
• Uses pattern matching to identify potentially vulnerable function names
• Inspects function code for protection mechanisms
• Produces helpful guidance for fixing the issues

Additional context
Here are examples of code that would be flagged vs. protected implementations:
Vulnerable (would be flagged):

function swap(address tokenIn, address tokenOut, uint amount) public {
    uint currentPrice = getPrice(tokenIn, tokenOut);
    uint amountOut = amount * currentPrice;
    
    // No protection mechanisms
    transferFrom(msg.sender, address(this), tokenIn, amount);
    transfer(msg.sender, tokenOut, amountOut);
}

Protected (would pass):

function swap(
    address tokenIn, 
    address tokenOut, 
    uint amount, 
    uint minAmountOut,
    uint deadline
) public {
    require(block.timestamp <= deadline, "Swap expired");
    
    uint currentPrice = getPrice(tokenIn, tokenOut);
    uint amountOut = amount * currentPrice;
    
    require(amountOut >= minAmountOut, "Slippage too high");
    
    transferFrom(msg.sender, address(this), tokenIn, amount);
    transfer(msg.sender, tokenOut, amountOut);
}

[TilakMaddy]

I love the idea mate. I agree, Aderyn doesn't handle this kind of stuff yet. But I have a plan

We're working the internals (by creating cross function CFG, DFG symbol resolution, and other compiler stuff) in order to write more robust rules that can accommodate this kind of detector. At the moment, we can work around but that would be rather dull. However, once that is done, 100% we can have this....(whatever you described)