Consider opening a discussion instead of an issue for this.
Try answering the follows:
Is your feature request related to a problem? Please describe.
Smart contracts frequently lack protection against front-running attacks, making them vulnerable to transaction ordering manipulation. When working with DeFi protocols, developers often implement functions for swaps, trades, or price-sensitive operations without considering the implications of transaction ordering. This leads to value extraction through sandwich attacks, auction/marketplace manipulation, and MEV exploitation. Currently, Aderyn lacks a dedicated detector for identifying these vulnerable patterns.
Describe the solution you'd like
Id like to add a new low-severity detector that identifies functions susceptible to front-running attacks by checking for:
- External/public functions with names indicating price-sensitive operations (swap, trade, price, buy, sell, etc.)
- Absence of protection mechanisms like:
- Deadline parameters and timestamp checks
- Min/max output value thresholds
- Slippage protection parameters
- Batch processing or commit-reveal patterns
The detector would provide specific guidance on how to implement these protections in the issue description and generate meaningful warnings to help developers secure their contracts.
I've already implemented and tested this detector locally. The implementation:
- Targets only public/external functions
- Uses pattern matching to identify potentially vulnerable function names
- Inspects function code for protection mechanisms
- Produces helpful guidance for fixing the issues
Additional context
Here are examples of code that would be flagged vs. protected implementations:
Vulnerable (would be flagged):
function swap(address tokenIn, address tokenOut, uint amount) public {
uint currentPrice = getPrice(tokenIn, tokenOut);
uint amountOut = amount * currentPrice;
// No protection mechanisms
transferFrom(msg.sender, address(this), tokenIn, amount);
transfer(msg.sender, tokenOut, amountOut);
}Protected (would pass):
function swap(
address tokenIn,
address tokenOut,
uint amount,
uint minAmountOut,
uint deadline
) public {
require(block.timestamp <= deadline, "Swap expired");
uint currentPrice = getPrice(tokenIn, tokenOut);
uint amountOut = amount * currentPrice;
require(amountOut >= minAmountOut, "Slippage too high");
transferFrom(msg.sender, address(this), tokenIn, amount);
transfer(msg.sender, tokenOut, amountOut);
}
Consider opening a discussion instead of an issue for this.
Try answering the follows:
Is your feature request related to a problem? Please describe.
Smart contracts frequently lack protection against front-running attacks, making them vulnerable to transaction ordering manipulation. When working with DeFi protocols, developers often implement functions for swaps, trades, or price-sensitive operations without considering the implications of transaction ordering. This leads to value extraction through sandwich attacks, auction/marketplace manipulation, and MEV exploitation. Currently, Aderyn lacks a dedicated detector for identifying these vulnerable patterns.
Describe the solution you'd like
Id like to add a new low-severity detector that identifies functions susceptible to front-running attacks by checking for:
The detector would provide specific guidance on how to implement these protections in the issue description and generate meaningful warnings to help developers secure their contracts.
I've already implemented and tested this detector locally. The implementation:
Additional context
Here are examples of code that would be flagged vs. protected implementations:
Vulnerable (would be flagged):
Protected (would pass):