Overview
Miner/Maximal Extractable Value (MEV) and transaction ordering attacks are among the most underreported vulnerability classes in smart contracts. Contracts that make decisions based on state that can be manipulated between the time a transaction is submitted and when it is mined are vulnerable to front-running. ChainProof needs a dedicated rule to surface these patterns.
Vulnerability Patterns to Detect
1. Commit-Reveal Scheme Absence in Auction/Lottery Contracts
function bid(uint256 amount) external {
require(amount > highestBid, "too low");
highestBid = amount;
highestBidder = msg.sender;
// Attacker in the mempool sees this tx and front-runs with amount + 1
}
2. Approval Front-Running (ERC-20)
// Standard approve is vulnerable to front-run between approve(100) and approve(50)
// attacker drains the original 100 before the 50 lands
function approve(address spender, uint256 amount) external {
allowance[msg.sender][spender] = amount;
}
3. Block Timestamp or Block Number Dependence for Randomness
function random() internal view returns (uint256) {
return uint256(keccak256(abi.encodePacked(block.timestamp, block.difficulty)));
// Miners can manipulate block.timestamp within ~15 second window
}
4. Sandwich Attack Surface in AMM Interactions
Contracts calling external AMMs with no slippage parameter (amountOutMin == 0).
uniswapRouter.swapExactTokensForTokens(amountIn, 0, path, recipient, deadline);
// amountOutMin = 0 means accept any output — sandwich attacker extracts full slippage
Detection Heuristics
- Detect block.timestamp or block.difficulty used in keccak256 hash for randomness
- Detect AMM swap calls with hardcoded 0 for amountOutMin
- Detect standard ERC-20 approve without increaseAllowance alternative
- Detect auction/bidding patterns without a commit-reveal structure
Acceptance Criteria
References
Overview
Miner/Maximal Extractable Value (MEV) and transaction ordering attacks are among the most underreported vulnerability classes in smart contracts. Contracts that make decisions based on state that can be manipulated between the time a transaction is submitted and when it is mined are vulnerable to front-running. ChainProof needs a dedicated rule to surface these patterns.
Vulnerability Patterns to Detect
1. Commit-Reveal Scheme Absence in Auction/Lottery Contracts
2. Approval Front-Running (ERC-20)
3. Block Timestamp or Block Number Dependence for Randomness
4. Sandwich Attack Surface in AMM Interactions
Contracts calling external AMMs with no slippage parameter (amountOutMin == 0).
Detection Heuristics
Acceptance Criteria
References