New research released last week claimed the Ethereum network is susceptible to “frontrunning” bots picking off traders on the network.
Frontrunners Running Amok
Called “Ethereum is a dark forest,” the paper was published by Paradigm researchers Dan Robinson and Georgios Konstantopoulos and focused on the rise of decentralized exchanges (DEXs) and bots on the Ethereum network.
They wrote that due to the design of Ethereum’s mempool – the so-called term for a set of unconfirmed transactions – a particular vulnerability allows arbitrage bots to monitor pending transactions in the Ethereum mempool and attempt to exploit profitable opportunities created by them.
For the uninitiated, arbitrage bots are tools that examine prices across exchanges and make trades in order to take advantage of discrepancies. Because the price of a cryptocurrency like Bitcoin tends to vary somewhat from exchange to exchange, bots that can move fast enough can beat exchanges that are delayed in updating their prices.
And with this predetermined algorithms come frontrunners. These are specialized bots that copy any available trade and profit on relevant transactions that ensue afterward. It is these that the researchers say are running on Ethereum and picking off the trades of retail users.
Bots Run on Contract within Seconds
Robinson said he noticed the occurrence while trying to gain some ETH stuck in a smart contract. But even after contacting engineers and working on deploying a smart contract to do so; they failed to regain their currency as frontrunners acted right before Robinson deployed his contract.
Even under time pressure, we should have stuck to the plan. If we had spent more time on the scripts, tweaked the contracts (perhaps changing the Getter contract to do nothing instead of reverting if called before being activated), or even synced our own node to avoid using Infura, we probably would have been able to get the transactions into the same block, said the researcher.
He added the team was trying to submit a transaction that looked like it would fail based on the current blockchain state, which Infura has reasonable protection against. But using their own node could have sidestepped that problem.
Meanwhile, Robinson concluded:
Better yet, if you happen to know a miner (we didn’t), you could have them include the transaction directly in a block, skipping the mempool—and the monsters—entirely.