DeFi incidents stemming from various smart contract vulnerabilities have culminated in financial damages exceeding 3 billion USD. The attacks causing such incidents commonly commence with the deployment of adversarial contracts, subsequently leveraging these contracts to execute adversarial transactions that exploit vulnerabilities in victim contracts. Existing defense mechanisms leverage heuristic or machine learning algorithms to detect adversarial transactions, but they face significant challenges in detecting private adversarial transactions. Namely, attackers can send adversarial transactions directly to miners, evading visibility within the blockchain network and effectively bypassing the detection. In this paper, we propose a new direction for detecting DeFi attacks, i.e., detecting adversarial contracts instead of adversarial transactions, allowing us to proactively identify potential attack intentions, even if they employ private adversarial transactions. Specifically, we observe that most adversarial contracts follow a similar pattern, e.g., anonymous fund source, closed-source, frequent token-related function calls. Based on this observation, we build a machine learning classifier that can effectively distinguish adversarial contracts from benign ones. We build a dataset consists of features extracted from 304 adversarial contracts and 13,000 benign contracts. Based on this dataset, we evaluate different classifiers, the results of which show that our method for identifying DeFi adversarial contracts performs exceptionally well. For example, the F1-Score for LightGBM-based classifier is 0.9434, with a remarkably low false positive rate of only 0.12%.

翻译：由各类智能合约漏洞引发的DeFi事件已造成超30亿美元的经济损失。此类攻击通常始于部署对抗合约，随后利用这些合约执行攻击交易，以利用受害者合约中的漏洞。现有防御机制采用启发式或机器学习算法检测攻击交易，但在检测私有攻击交易时面临重大挑战。具体而言，攻击者可直接向矿工发送攻击交易，规避区块链网络中的可见性并有效绕过检测。本文提出了一种检测DeFi攻击的新方向：检测对抗合约而非攻击交易。即便攻击者采用私有攻击交易，该方法也能主动识别潜在攻击意图。具体地，我们观察到大多数对抗合约遵循相似模式，例如匿名资金来源、闭源、频繁的代币相关函数调用。基于该观察，我们构建了一个机器学习分类器，可有效区分对抗合约与良性合约。我们构建了一个包含304个对抗合约和13000个良性合约特征的数据集，并基于该数据集评估了不同分类器。结果表明，我们识别DeFi对抗合约的方法性能优异，例如基于LightGBM的分类器F1分数达0.9434，假阳性率仅为0.12%。