Combatting Front-Running in Smart Contracts: Attack Mining, Benchmark Construction and Vulnerability Detector Evaluation

Front-running attacks have been a major concern on the blockchain. Attackers launch front-running by inserting additional transactions before upcoming victim to manipulate transaction executions and make profits. Recent studies shown that are prevalent Ethereum blockchain caused millions of US dollars loss. Vulnerable smart contracts, programs invoked transactions, held responsible for attacks. Although techniques detect vulnerabilities proposed, their performance real-world vulnerable contracts is unclear. There no large-scale benchmark based real evaluate capabilities. This motivates us build consisting 513 with code labeled in 235 distinct contracts. We propose automated effectively collect localize corresponding at scale. Our experiments show our approaches effective, achieving higher recall finding precision pinpointing compared existing techniques. The evaluation seven state-of-the-art vulnerability detection reveals inadequacy detecting vulnerabilities, low most 6.04%. further analysis identifies four common limitations techniques: lack support inter-contract analysis, inefficient constraint solving cryptographic operations, improper patterns, token support.