Permissionless blockchains such as Bitcoin have excelled at financial services. Yet, adversaries extract monetary value from the mesh of decentralized finance (DeFi) smart contracts. Some have characterized the Ethereum peer-to-peer network as a dark forest, wherein broadcast transactions represent prey, which are devoured by generalized trading bots.While transaction (re)ordering and front-running are known to cause losses to users, we quantify how much value was sourced from blockchain extractable value (BEV). We systematize a transaction ordering taxonomy to quantify the USD extracted from sandwich attacks, liquidations, and decentralized exchange arbitrage. We estimate that over 2 years, those trading activities yielded 28.80M USD in profit, divided among 5, 084 unique addresses. While arbitrage and liquidations might appear benign, traders can front-run others, causing financial losses to competitors.To provide an example of a generalized trading bot, we show a simple yet effective automated transaction replay algorithm capable of replacing unconfirmed transactions without the need to understand the victim transactions' underlying logic. We estimate that our transaction replay algorithm could have yielded a profit of 51, 688.33 ETH (17.60M USD) over 2 years on past blockchain data.We also find that miners do not broadcast 1.64% of their mined transactions and instead choose to mine them privately. Privately mined and non-shared transactions, cannot be front-run by other traders or miners. We show that the largest Ethereum mining pool performs arbitrage and seemingly tries to cloak its private transaction mining activities. We therefore provide evidence that miners already extract Miner Extractable Value (MEV), which could destabilize the blockchain consensus security, as related work has shown.
Credit allows a lender to loan out surplus capital to a borrower. In the traditional economy, credit bears the risk that the borrower may default on its debt, the lender hence requires an upfront collateral from the borrower, plus interest fee payments.Due to the atomicity of blockchain transactions, lenders can offer flash loans, i.e. loans that are only valid within one transaction and must be repaid by the end of that transaction. This concept has lead to a number of interesting attack possibilities, some of which have been exploited recently (February 2020).This paper is the first to explore the implication of flash loans for the nascent decentralized finance (DeFi) ecosystem. We analyze two existing attacks vectors with significant ROIs (beyond 500k%), and then go on to formulate finding flash loan-based attack parameters as an optimization problem over the state of the underlying Ethereum blockchain as well as the state of the DeFi ecosystem. Specifically, we show how two previously executed attacks can be "boosted" to result in a profit of 829.5k USD and 1.1M USD, respectively, which is a boost of 2.37× and 1.73×, respectively.
Decentralized exchanges (DEXs) allow parties to participate in financial markets while retaining full custody of their funds. However, the transparency of blockchain-based DEX in combination with the latency for transactions to be processed, makes market-manipulation feasible. For instance, adversaries could perform front-running -the practice of exploiting (typically non-public) information that may change the price of an asset for financial gain.In this work we formalize, analytically exposit and empirically evaluate an augmented variant of frontrunning: sandwich attacks, which involve front-and back-running victim transactions on a blockchain-based DEX. We quantify the probability of an adversarial trader being able to undertake the attack, based on the relative positioning of a transaction within a blockchain block. We find that a single adversarial trader can earn a daily revenue of over several thousand USD when performing sandwich attacks on one particular DEX -Uniswap, an exchange with over 5M USD daily trading volume by June 2020. In addition to a single-adversary game, we simulate the outcome of sandwich attacks under multiple competing adversaries, to account for the real-world trading environment.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.