Smart contracts are susceptible to various vulnerabilities that can be exploited by hackers via developing adversarial contracts. Existing vulnerability detection techniques often concentrate solely on vulnerable contracts, neglecting adversarial contracts, which may weaken the effectiveness of vulnerability detection and fail to meet practical needs.

In this paper, we propose Skyeye, a novel technique that integrates adversarial and vulnerable contracts together to detect vulnerabilities and resulting imminent attacks. Skyeye works during the stage after adversarial contracts have been deployed but before attack transactions are initiated, providing a critical time window for emergency response to mitigate potential losses. Upon deployment of a smart contract, Skyeye detects whether it is adversarial, and then utilizes the probabilistic matching technique to localize victim contracts. By pairing adversarial and victim contracts, Skyeye comprehensively extracts complete attack behaviors. Furthermore, Skyeye leverages Large Language Model (LLM) to decide the types of vulnerabilities exploited by adversarial contracts. Our evaluation, conducted on 174 real-world adversarial contracts from 159 incidents resulting in financial losses totaling approximately $1.36 billion, demonstrates Skyeye’s effectiveness in detecting vulnerabilities and imminent attacks. Compared to state-of-the-art techniques, e.g., BlockWatchdog and Slither, Skyeye also reveals the superior performance.