New study sheds light on how front-running bots work in the etherium blockchain
Cryptocurrency wallet developers ZenGo have published a study describing front-running attacks in the etherium blockchain.
The ZenGo report describes the term front-running as „the action of executing a transaction first in line before a known future transaction“.
Essentially, front-running is a game of first-in-first-out. For example, if someone is about to buy a large amount of ether (ETH) on Uniswap, which could cause the price to rise, one way to make money would be to buy ETH immediately before making a large purchase with an immediate sale after the order is executed.
„In general, front-running in ethereum is no longer news,“ said Alex Manuskin, one of the authors of the study, in a commentary for Coindesk. „What’s new here is that we’ve investigated bots Bitcoin Supersplit that are looking for any profit, even if those contracts are quite complex and perform several internal calls on other contracts.“
Front-running in ethereum is possible because bots can offer a slightly higher transaction fee, which encourages miners to give it priority when building a block. Transactions with a higher commission are executed first. „Thus, if there are two transactions that profit from the same contract request, only the first one profits,“ the researchers write.
„Under every transaction that hits the blockchain, there are fierce wars for every crumb of profit,“ said Manuskin. „If you happen to come across an arbitrage opportunity, or even notice a mistake in any contract, it’s very likely that you will find it difficult to profit from it yourself because of competition from bots.“
The researchers managed to get the attention of one such bot. To do so, they needed to invest a large enough amount of ETH in a decoy transaction to make it attractive to the bot.
„The transaction waited about 3 minutes and did not profit from the honeypot contract. By analysing the internal transactions of the contract, we saw that the profit went to another user with a higher commission,“ said Manuskin.
The researchers were then able to track how much the bot was able to earn since its launch. The researchers estimated that the bot launched in May 2018 and earned a total of around $10,000 in ETH. While this may not seem like a very impressive figure, the researchers point out that one person can create any number of bots to act on their behalf.
The research has shed light on how even more sophisticated bots work and, according to Manuskin, more research needs to be done in this area. He noted that hiding transactions from bots is possible, although it is a relatively difficult task.
„Each one works differently and can be triggered by different transaction factors,“ he said. „The bots themselves are competing with each other to see who gets the reward. This is just the tip of the iceberg in the complete picture of existing bots, which makes this area even more interesting.“