DeFi investors Dan Robinson and Georgios Konstantopoulos first brought attention to a range of assaults by bots that were prowling the Ethereum blockchain in search of victims in “Ethereum Is a Dark Forest.”
Read More: front run bot
In the recently released study from ZenGo, the researchers describe how they found and segregated generic front-running bots, assessed their effectiveness, determined the likelihood that a transaction will be investigated, and tested ways to avoid them.
The study’s lead researcher, blockchain researcher at ZenGo Alex Manuskin, said that “front-running in general is not something new on Ethereum.” The innovative aspect of our study is that we examined bots that aim to maximize profits from contracts they have never seen before, regardless of how complicated these contracts are and how many internal calls they make to other contracts.
leading the pack
“The act of getting a transaction first in line in the execution queue, right before a known future transaction occurs” is how the ZenGo report defined front-running.
A front-running bid is an exchange bid. One strategy to profit from someone about to make a large purchase of Ethereum on Uniswap is to acquire Ethereum just before the transaction completes and then sell it straight away if it causes the price to rise.
See also: DeFi Is Having Issues with Front-Running. The Potential Fix for Sparkpool Will Launch This Month
Because bots can bid “a slightly higher gas price on a transaction, incentivizing miners to place earlier in the order when constructing the block,” Ethereum front-running occurs. The transactions with bigger payouts are carried out first. Therefore, only the first transaction in a block that benefits from the same contract call obtains the reward, according to the researchers’ writing.
“Under the surface of every transaction that finds its way to the blockchain, there are fierce wars over every bit of profit,” said Manuskin. It is highly likely that it will be difficult to extract this value if you happen upon an arbitrage opportunity or even spot a mistake in a contract. You will either need to connect to a miner and pay them to hide your golden goose transaction, run a bot yourself to thwart the front-runners, or make the transaction complicated enough so that the front-runners miss it.
attracting a bot
The goal of the research was to draw in a front-running bot that was universal. They needed to invest enough money in their honeypot transaction for such a bot to find it appealing in order to do this.
“This time, we had a hit,” the researchers wrote. Before the transaction was mined, it was waiting for almost three minutes without receiving any value from the honeypot contract. The money transferred to someone else, as we could tell from the internal transaction of the contract.
The leading transaction was mined in the same block as their attempted abstraction, but it utilized 0.000001111 gwei—the smallest unit of ether—a little bit more.
After identifying the bot, they were able to monitor the amount of money it had taken in since it had begun to function. They believed the bot began running in May 2018 and that it had earned around $10,000 in ETH overall using Dune Analytics. Even while it might not seem like a lot at first, keep in mind that anybody can make any number of bots to function on their behalf.
With a little bigger honeypot transaction, the researchers were able to attract a more sophisticated bot. The researchers used a proxy contract to hide their call when they attempted to withdraw the money from their bait transaction. This kind of contract function doesn’t publish to the public blockchain and uses an entirely other contract.
“In an attempt to extract our funds, they deployed the ProxyTaker contract and called the appropriate function.”
Another bot swiftly front-ran the transaction.
They wrote, “It was much more impressive this time.” The bot was able to recognize our extraction transaction not just from a separate contract, but even from within an internal call! Doing this in a time that breaks records. The bot and our extraction transaction were both mined in a matter of seconds.
This bot was far more advanced and conducted a wide range of arbitrage trades involving many currencies rather than focusing only on ETH transactions.
When the researchers looked at the account that was collecting the money, they saw that it was holding 300 ETH, or $180,000, at the time of publication—much more successful than the previous bot.
Findings from the bot’s tracking
Though other bots may have different behavior criteria, the research provided insight into the workings of some pretty sophisticated bots that search the blockchain for profitable transactions.
They stated that “a number of factors, including but not limited to minimum complexity (e.g., gas limit), communication patterns, and potential upside, likely impact the way they operate.”
Although Manuskin acknowledged that much more study is still needed, he did identify several important conclusions.
“It’s surprising how many people are aware of generalized front-runners,” he remarked. “These generalized front-runners are very likely to lead any contract call that has the potential to profit anyone who calls it.”
He also discovered that it is not simple to stay hidden from the front-runners, but it is doable.
“Each operates differently and might be triggered by different factors of the transaction,” he added. The bots themselves are fighting to see who gets to keep the reward. It gets much more fascinating when you realize that this is only the beginning of the bot problem.