July 2022 – Ethereum Front-running

Born out of information asymmetry and a commonplace in traditional finance, Front-running is the illegal practice in which market makers engage in security trades to exploit confidential knowledge of significant pending transactions to generate supernormal profits. One might think such practices cannot exist in the blockchain ecosystem based on the principles of transparency, eliminating the need for trust, but taking a slightly nuanced definition, Front-running is actually a highly pervasive problem plaguing several crypto markets.

What is Front-running? 

In the context of cryptocurrencies, Front-running happens when involved parties react to information on pending transactions and place their own trades to earn profits. Major crypto exchanges such as Coinbase and OpenSea have suffered from few explicit instances of front-running, but decentralized platforms and protocols built on the Ethereum network are by far the worst afflicted organizations in the ecosystem. 

In Ethereum, mempool contains the broadcasted transactions waiting to be confirmed and packaged into the next block. Block creators (miners) choose the transactions to be packed based on the gas price offered under the Ethereum architecture. After continuously scanning transactions in the mempool to find potential targets, front-running bots with automated scripts register transactions with high gas prices to get preferentially placed ahead of the target completing the attack. 

Front-running attacks can be categorized into three types: Displacement, Suppression, and Insertion.

Displacement Attacks

In a displacement attack, the attack transaction displaces the victim by offering a superior gas price, often 10 times higher than the network average. The order of transactions placed does not matter since the attack transaction is always before the victim transaction. These attacks are prevalent in puzzle games where the attacker can get the solution from the victim. A new transaction with a higher gas price will be placed by the attacker, which will be accepted first, thus nullifying the victim’s efforts.

Suppression Attacks

Suppression attacks, a.k.a Block Stuffing attacks, prevent the victim transaction from being mined in the same block through multiple transactions with high gas prices and calls to customs smart contracts, which fill up the block’s gas limit. These transactions are also known as suppression clusters. 

One of the most well-known instances of block stuffing would be when an attacker managed to secure 10,469 $ETH from the popular war of attrition game, Fomo3d, in 2019. The gambling game allows players to purchase keys. Each round begins with a time counter, and these keys extend the time counter. When the counter hits 0, the person who bought the last key wins. The attacker successfully filled 17 blocks with suppression clusters, essentially blocking other players from accessing the game.

Insertion Attacks

In the most prevalent form of front-running, insertion attacks, the victim transaction is sandwiched between the two transactions from the attacker, one with a higher gas price and the other with a lower gas price. The sandwich attacks are often used against whale transactions (large transactions), abusing the Automated Market Maker (AMM) mechanism utilized by several mainstream DEXs.

Front-running  AMMs through Sandwich Attacks

Consider a liquidity pool composed of $USDT and $ETH utilizing the constant product (CP) or the XYK AMM model, which mandates that the product of the quantities of $ETH and $USDT always remains constant. 

  • Let the current state of the pool be P1. A malicious front-running bot detects a large pending transaction that will swap 1 $ETH to gain $USDT. 
  • The bot then places an order to buy some $USDT at a higher gas price compared to the whale transaction, and thus the bot’s order is executed first, pushing the state of the liquidity pool to P2. (Attacker Buy Tx)
  • At P2, $USDT is relatively more expensive in terms of $ETH compared to P1, and thus the victim receives a lesser amount of $USDT for 1 $ETH, and the transaction further pushes the pool state to P3.  (Victim Tx)
  • The sell order was registered at a lower gas fee, ensuring that it would be executed only after the whale transaction. The bot sells $USDT at a higher price in the P3 state to turn a profit.

 Due to front-running, the victim suffers from significant price slippage.

Mitigation

Front-running is hugely detrimental to the Ethereum network, particularly the DEXs, and several protocols across the ecosystem are exploring multiple means which can serve as effective countermeasures.

Ethereum Transaction mechanism

Bypassing the mechanism which enables block creators or miners to choose the transactions with the highest gas price could cull front-running immediately, and few solutions have emerged in the ecosystem based on the same principle. 

Sparkpool, which used to be a major mining pool based out of China, offered the Taichi Network, which allowed users to conduct “private transactions.” These orders never appear in the mempool and thus are immune to front-running attacks. Another example would be ArcherSwap, where traders can request miners directly to package their transactions in the mempool first through external rewards. While effective, these solutions result in uncertain transaction completion times and can dampen the network’s transparency.

Transaction Encryption and Confidentiality

Several members of the community have advocated for encryption of transaction data in the mempool using zero-knowledge-proof techniques rendering front-running bots useless. This approach comes with its own set of problems as it would increase transaction costs and can be conducive to blocking attacks. Another method would be to reduce transaction visibility through specialized Commit/Reveal schemes.

AMM Optimization

Large transactions result in excessive slippage and widen the profit margin for front-runners under the current AMM mechanism. Several protocols are developing enhanced market-making algorithms to reduce slippage, indirectly slashing the exposure to front-running. 

Mooniswap, introduced by 1INCH in 2020, but currently a part of its liquidity protocol, employed “virtual balances,” a feature derived from Buterin’s suggestion to improve resistance to front-running. This enabled the protocol to internalize a significant portion of slippage profits.

Ethereum2.0 and Front-running

While introducing the Proof-of-Stake (PoS) consensus mechanism to Ethereum, colloquially known as “The Merge,” will bring about several significant updates, the gas price architecture at the core of Ethereum will remain the same for block creators or validators. The value extracted from front-running activities is part of the Maximal extractable value (MEV). MEV refers to the maximum value that can be extracted from block production in excess of the standard block reward and gas fees by including, excluding, and changing the order of transactions in a block. Research firm Flashbots in a recent report stated that  MEV will still exist in the PoS era. More definitive statements regarding the extent and nature of front-running attacks after the Merge can only be made after greater research, but it can be said that Front-running will remain a significant concern for the Ethereum network for the foreseeable future.

Highlights from July

  1. Mapleblock X Fantom
    Fantom Foundation and Mapleblock Capital have partnered to support projects building on the Fantom blockchain. The partnership aims to provide a significant funding boost to the Fantom ecosystem, setting the stage for broader adoption for the Fantom community.
  1. Fantom – Past, Present and Future, a panel discussion with the Fantom Team
    The panel discussion covered the happenings of the Fantom ecosystem and the upcoming updates straight from the CEO Michael Kong. The VC partnership program was discussed at length and the impact it will create by giving direct access to funds and mentorships from the partnered VCs.
    You can access the recording here: Fantom X Mapleblock Twitter Space
  1. Exploring the Reef Ecosystem, QnA with Mapleblock and the Reef Chain Team.
    The QnA covered the founder of Mapleblock Capital (Vijay Garg) and the CEO of Reef Chain (Denko Mencheski) answering the questions about the growth of the Reef chain and the upcoming updates.
    You can access the recording here: Reef X Mapleblock Twitter Space

Disclaimer: This article is a summary of the writers opinions and research. Digital assets are a volatile asset class and readers should be aware of the potential risks of investing in blockchain projects. This is not investment advice & we will not accept liability for any loss or damage that may arise directly or indirectly from any such investments.

Author: Madhav Bajaj

References: 

https://dl.acm.org/doi/abs/10.1145/3494106.3528682

https://arxiv.org/abs/1904.05234?s=08

https://www.researchgate.net/publication/339890096_SoK_Transparent_Dishonesty_Front-Running_Attacks_on_Blockchain

https://consensys.github.io/smart-contract-best-practices/attacks/frontrunning/

https://medium.com/degate/an-analysis-of-ethereum-front-running-and-its-defense-solutions-34ef81ba8456

https://blog.enigma.co/preventing-dex-front-running-with-enigma-df3f0b5b9e78