How Crypto Gets Hacked - The Flash Boys of Crypto
How Flash Bots Infest the Dark Forest of Ethereum
Disclaimer: I’ll be talking about individual crypto projects in this series but this is for informational purposes only and not a solicitation to buy or sell any cryptoassets.
Do your own due diligence.
In August of 2020, crypto researcher Dan Robinson posted a story about his attempt to recover funds stuck in a Uniswap contract. He knew the funds were just sitting there and anyone who noticed it could take them:
When anyone calls the
burnfunction on a Uniswap core contract, the contract measures its own liquidity token balance and burns it, giving the withdrawn tokens to the address specified by the caller. This is a core part of the intended behavior of Uniswap v2 (the basic mechanism is described in section 3.2 of the Uniswap v2 whitepaper).
I found the contract. The liquidity tokens were still there—and were worth around $12,000.
In theory, he could have just called the
burn function himself and then returned the funds to the original owner, no harm done. But he knew it wouldn’t be that easy because of arbitrage bots that operated on the Ethereum network. Much like the “Flash Boys” in Michael Lewis’ book on the subject, these bots monitor pending transactions on decentralized exchanges and swoop in before the original buyer or seller, forcing them to pay higher prices. In this case, because there was no one else on the other end of the transaction, a bot could just take all the funds and send them to another address.
Dan called this the “Dark Forest” of Ethereum, a concept popularized by a science fiction book by the same name. A “Dark forest” is an environment where detection means destruction because there are always apex predators out there waiting to pick you off. All transactions can be seen by anyone on the blockchain, so there is nowhere to hide your transaction data. In a world of flash loans, rugpulls, scams, and 51% attacks, the crypto space can be a ruthless place for anyone who makes a mistake.
Dan contacted some smart-contract engineers to help him retrieve the funds in limbo, but he and his team were ultimately unsuccessful. They made several rejected attempts before a flash bot noticed the attempts and swiped the funds.
This was the first time many Ethereum users found out about flash bots and the problems they were causing, but a detailed research report about the frontrunning bots came out from Cornell a year before.
The paper from 2019, “Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges,” detailed the different ways these arbitrage bots are able to take advantage of the Priority Gas Auctions (PGA’s).
You may have heard of users having to pay “gas fees” on Ethereum. These are the fees paid to the miners who verify transactions on the network, and they are always looking for the most profit (highest fees). Because all blockchain transactions can be observed by anyone at any time in the memory pool (mempool), there is no way to hide the transaction. On top of that, there are only so many transactions/second the network can handle, so transactions may be pending for longer than anticipated. Using full visibility of the blockchain and long wait times, flash bots are able to bid up the gas fee and the bot can frontrun the original transaction.
Most of these flash bots have single use cases, looking for specific types of transactions to find an arbitrage opportunity. What Dan was most concerned about were the “generalized frontrunner” bots. These are predetermined algorithms who will copy the transaction you are trying to make and simply change the addresses to their own. By changing the addresses and paying higher gas fees, they can effectively frontrun any type of transaction in DeFi. Dan believed a generalized frontrunner is what noticed him during his white hack and took the funds.
Another paper came out in September 2020, just after Dan’s white hat hacker attempt.
This one was called “High-Frequency Trading on Decentralized On-Chain Exchanges,” and described a particular type of flash bot attack they call a “sandwich attack.”
They explained how a flash bot commits this attack:
Step 1: Detects a victim’s transaction, which transacts asset X to Y.
Step 2: Front run the victim with some action, for example, transacts asset X to Y.
Step 3: Let the victim execute the transaction. As a result of step 2, now the victim suffers a higher slippage. In other words, the victim is trading at a price that is a lot worse than the expected price.
Step 4: Back run the victim with some action, for example, transacts asset Y to X. Step 2 and 4 together should form a risk-free arbitrage.
Sounds a lot like what the Flash Boys in traditional finance do too. Except you’re not selling it back to the buyer, you’re selling it back into the pool for a higher price.
So we know there’s a problem here, and we know bots are using the way the AMM’s (automated market makers) work against them, so is there anything you can do to stop it? Is anyone safe?
The answer is: no, not really.
The idea of the sandwich attack is not new. The concept and possible effects on all the market members have been discussed since the idea of decentralized finance came up. Automated Market Maker (AMM) seems to be the best decision for decentralized trading, yet leaving a lot of loopholes for malicious attacks. As DeFi attracts more and more people, the protection of inexperienced traders should become the number one priority for blockchain professionals. Yet, the very concept of decentralization implies that there can never be an authorized third party guaranteeing safety, security, and reparations to the casualties.
Remember, this is crypto. This is DeFi. If you lose your money it’s your fault for not knowing how to read code and knowing the dangers. This is a feature, not a bug.
So what is the crypto community doing to stop this hard problem?
The site MEV.explore has been tracking the “maximum extractable value” committed by flash bots on Ethereum. They define MEV as profiting from transactions before they have been processed by the blockchain. They explain how they track MEV in a Medium post, adding that:
“We believe the actual MEV extracted to be higher than our measure given our incomplete protocol and transaction type coverage in our data collection process.”
They explain that not only is this extracting value from various DeFi protocols, but it’s also creating more congestion and raising the gas fee prices overall. Which are two of the biggest problems commonly cited with using the Ethereum network.
The plan is that the upcoming Ethereum upgrade to ETH 2.0 will increase network scalability by creating more stable fees and increasing transaction speeds. But MEV and flash bots will still continue to be a problem.
So if they aren’t going away, what can you do?
The Defiant came up with a new solution to mitigate the impact of MEV: improve fairness:
In practice, such an approach would add a distributed ‘guardian’ protocol that verifies incoming transactions for potential fairness issues, delays transactions that might be in violation of the policies, and adds a proof to the transactions that their scheduling is valid. This can be integrated into the blockchain itself, run as a separate add on (in the same way as Casper is an add on for Ethereum to add finality), or run independently aside the blockchain, even as a third party service that can be used by an individual smart contract.
And while ‘first come, first serve, (i.e., if all honest validators saw a transaction first, it should be scheduled first) can be shown to be impossible to always achieve, there are workarounds to achieve it most of the time and provide an acceptable level of fairness where it’s not possible. This fairness approach also can be combined with other approaches, such as dedicated fair mining pools, or the concept of causal order (also known as commit and reveal), where the content of a transaction is encrypted during some of the processing.
If you can’t kill ‘em, manage them to death.
I hope that Ethereum and DeFi is able to remedy these issues. Without scaleable solutions and a way to combat extractive flash bots, I don’t know if traditional finance is ever going to trust large sums of money in this new environment.
Then again, high frequency traders and payment for order flow exist already in traditional markets. So maybe they will look past small inefficiencies in crypto trading like they do when trading in the stock market.
Only time will tell.
Thanks for reading.