New research from the cryptocurrency wallet ZenGo has shed additional light on front-running attacks happening on the Ethereum blockchain.
First outlined in “Ethereum Is a Dark Forest,” DeFi investors Dan Robinson and Georgios Konstantopoulos called attention to a variety of attacks by bots that were roving the Ethereum blockchain in search of prey.
The new report from ZenGo outlines how the researchers identified and isolated generalized front-running bots while evaluating their efficiency and how likely a transaction is to get hunted down, while also testing how to evade them.
“Front-running in general is not something new on Ethereum,” said Alex Manuskin, a blockchain researcher at ZenGo, who conducted the research. “The novelty here is that we looked at bots that seek any profit, even in contracts they have never seen before, and even if these contracts are quite complex, and perform several internal calls to other contracts.”
The ZenGo report described front-running as the “act of getting a transaction first in line in the execution queue, right before a known future transaction occurs.”
An exchange bid is an example of front-running. If someone is about to buy a large amount of ETH on Uniswap, to such an extent that it would drive the price higher, one way to cash in would be to buy ETH right before the large purchase goes through, then sell immediately after.
Ethereum front-running happens because bots are able to bid “a slightly higher gas price on a transaction, incentivizing miners to place earlier in the order when constructing the block. The higher paying transactions are executed first. Thus if two transactions making a profit from the same contract call are placed in the same block, only the first takes the profit,” the researchers wrote.
“Under the surface of every transaction that finds its way to the blockchain, there are fierce wars over every bit of profit,” said Manuskin. “If you happened to come across an arbitrage opportunity, or even notice an error in some contract, it is very likely that it will be hard to extract this value without either operating a bot yourself to fend off the front-runners, connecting to and paying a miner to conceal your golden goose transaction, or making the transaction complex enough for the front-runners to not notice.”
Luring a bot
The researchers set out to attract a generalized front-running bot. In order to achieve this, they had to put enough funds into their honeypot transaction to make it attractive to such a bot.
“This time, we had a hit,” the researchers wrote. “The transaction was pending for ~3 minutes before it was mined, without getting value from the honeypot contract. Looking at the contract’s internal transaction, we could see the funds went to someone else.
The front-runner’s transaction had used slightly more gwei, the smallest unit of ether, (0.000001111 gwei more, to be precise) and was mined in the same block as their attempted abstraction.
Crypto markets are lit markets, by definition. So predators can see the prey coming. The prey can see them, too – but the prey cannot escape. When you submit an Ethereum) transaction, it must wait in that mempool until a miner picks it up. It has nowhere else to go. So it is, to coin a phrase, a “sitting duck.” Every predator in the pool can see it. It inevitably gets replicated, front-run or otherwise stolen. The wonder is that any legitimate transactions ever get verified at all.
Once they’d identified the bot, they were able to track how much it had pulled in since the start of its operations. Using Dune Analytics, they estimated the bot started operating in May of 2018, and surmised it had raked in about $10,000 in ETH in total. While that may not seem initially like a high amount, remember, one individual can create any number of bots to act on their behalf.
Another bot, which the researchers attracted with a slightly larger honeypot transaction, was more sophisticated. When the researchers tried to extract the funds from their bait transaction, they obscured their call by means of a proxy contract. This type of contract function involves a totally separate contract and does not publish to the public blockchain
They “deployed the ProxyTaker contract and called the appropriate function in an attempt to extract our funds.”
The transaction was quickly front-run by another bot.
“This time it was far more impressive,” they wrote. “Not only was the bot able to detect our extraction transaction, but it identified it from within an internal call, from a completely different contract! Accomplishing this in a record-breaking time. Our extraction transaction was mined in a few seconds (and so was the bot’s).”
This bot was much more sophisticated and focused not just on ETH transactions; rather, it performed a variety of arbitrage transactions involving multiple currencies.
Viewing the account collecting the funds, the researchers found it was much more successful than the previous bot and was holding 300 ETH, or $180K at the time of publication.
Results from tracking the bot
The research shed light on the methods of some fairly sophisticated bots combing the blockchain for profitable transactions, though other bots may have varying behavior parameters.
“Factors such as potential upside, communication patterns, and minimum complexity (e.g., gas limit), among others, likely impact the way they operate,” they wrote.
Manuskin said that there is still a lot of research that needed to be done, but he did have some high-level takeaways.
“Generalized front-runners are more prominent than one might think,” he said. “Any contract call that can bring profit to anyone who calls it is very likely to be front-run by these generalized front-runners.”
Additionally, he found that avoiding detection by the front-runners is possible, but is not easy.
“Each operates differently and might be triggered by different factors of the transaction,” he said. “The bots themselves are in competition with each other over who gets the reward. This is only the tip of the iceberg in the full picture of the bots out there, which makes it even more interesting.”