New Research Sheds Light on the Front-Running Bots in Ethereum’s Dark Forest

New research from the ZenGo cryptocurrency wallet has shed additional light on front-running attacks on the Ethereum blockchain.

DeFi investors Dan Robinson and Georgios Konstantopoulos, who were first described in “Ethereum is a dark forest”, drew attention to a multitude of attacks by bots that roamed the Ethereum blockchain in search of prey.

ZenGo’s new report describes how the researchers identified and isolated generalized front-running bots while assessing their effectiveness and the likelihood of a transaction being hunted, and testing how to bypass them.

“Front running in general is nothing new to Ethereum,” said Alex Manuskin, a blockchain researcher at ZenGo who conducted the research. “What’s new is that we’ve looked at bots that want to make a profit, even on contracts they have never seen before, and even if those contracts are quite complex and make multiple internal calls to other contracts.”

Front run

In the ZenGo report, front running was described as “the process of placing a transaction first in the execution queue before a known future transaction occurs”.

An exchange offer is an example of front running. If someone is about to buy a large amount of ETH from Uniswap and it makes the price higher, one way to make money is to buy ETH right before the big buy and sell it immediately afterwards.

Ethereum’s front-running occurs because bots are able to “bid a slightly higher price of gas on a transaction, which encourages miners to place earlier in order when building the block. The higher paying transactions are executed first. So if two transactions that generate a profit with the same contract call are placed in the same block, only the first takes the profit, ”the researchers write.

“Under the surface of every transaction that finds its way onto the blockchain, there are fierce wars for profit,” said Manuskin. “If you’ve stumbled upon an arbitrage opportunity or even noticed a flaw in a contract, chances are it’s hard to extract that value without running a bot yourself to fend off the top performers, dealing with and To connect Pay a miner to hide your Golden Goose transaction, or make the transaction so complex that the top performers won’t notice. “

Lure a bot

The researchers set out to attract a generalized front-running bot. To do this, they had to put enough money into their honeypot transaction to make it attractive to such a bot.

“This time we had a hit,” the researchers wrote. “The transaction was pending for about 3 minutes before it was mined without receiving the value of the honeypot contract. Looking at the internal transaction of the contract, we could see that the funds went to someone else.

The front runner’s transaction had a little more Gwei, using the smallest unit of ether (0.000001111 Gwei more to be precise), and was mined in the same block as its attempted abstraction.

By definition, crypto markets are illuminated markets. This is how predators can see the prey coming. The prey can see them too – but the prey cannot escape. When you submit an Ethereum transaction, it has to wait in this mempool until a miner picks it up. There is nowhere else to go. In order to coin a sentence, it is a “sitting duck”. Any predator in the pool can see it. It inevitably gets replicated, run from scratch, or otherwise stolen. The wonder is that legitimate transactions are ever verified

Frances Coppola

After identifying the bot, they were able to track how much it had withdrawn since its operations began. Using Dune Analytics, they estimated that the bot had started operations in May 2018 and suspected that it had grossed around $ 10,000 in total at ETH. Remember that a person can create any number of bots to act on their behalf.


Source: Dune Analytics

Another bot that the researchers attracted with a slightly larger honeypot transaction was more sophisticated. When the researchers tried to get the money out of their bait transaction, they covered their call with a proxy contract. This type of contract function involves a completely separate contract and is not published on the public blockchain

They “provided the ProxyTaker contract and called the appropriate function to extract our funds.”

The transaction was quickly carried out by another bot.

“It was much more impressive this time,” they wrote. “Not only was the bot able to detect our extraction transaction, but also identify it within an internal call from a completely different contract! To achieve this in record time. Our extraction transaction was dismantled in a few seconds (and that of the bot too). “

This bot was much more sophisticated and didn’t just focus on ETH transactions. Rather, various arbitrage transactions have been conducted with multiple currencies.

When the researchers looked at the account the funds were raised on, they found that it was much more successful than the previous bot and owned 300 ETH, or $ 180,000 at the time of publication.

Results from tracking the bot

Research sheds light on the methods of some fairly sophisticated bots combing the blockchain for profitable transactions, although other bots may have different behavioral parameters.

“Factors such as potential benefits, communication patterns, and minimal complexity (such as gas limits) are likely to affect how they work,” they write.

Manuskin said there is still a lot of research to be done, but he has some high-profile food stalls.

“Generalized front-runners are more prominent than you think,” he said. “Any contract call that can make a profit to anyone who calls it is very likely to be led by these general front-runners.”

Additionally, he found that avoiding the frontrunners’ detection is possible, but not easy.

“Everyone works differently and can be triggered by different factors in the transaction,” he said. “The bots themselves compete for the reward. This is just the tip of the iceberg in the bigger picture of the bots out there, which makes it even more interesting. “