Advertisement

SoK: Transparent Dishonesty: Front-Running Attacks on Blockchain

  • Shayan EskandariEmail author
  • Seyedehmahsa Moosavi
  • Jeremy ClarkEmail author
Conference paper
  • 41 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11599)

Abstract

We consider front-running to be a course of action where an entity benefits from prior access to privileged market information about upcoming transactions and trades. Front-running has been an issue in financial instrument markets since the 1970s. With the advent of the blockchain technology, front-running has resurfaced in new forms we explore here, instigated by blockchain’s decentralized and transparent nature. In this paper, we draw from a scattered body of knowledge and instances of front-running across the top 25 most active decentral applications (DApps) deployed on Ethereum blockchain. Additionally, we carry out a detailed analysis of Status.im initial coin offering (ICO) and show evidence of abnormal miner’s behavior indicative of front-running token purchases. Finally, we map the proposed solutions to front-running into useful categories.

Notes

Acknowledgements

The authors thank the Autorité des Marchés Financiers (AMF) for sponsoring this research through the Education and Good Governance Fund (EGGF), as well as NSERC through a Discovery Grant.

References

  1. 1.
    Account types, gas, and transactions. Ethereum homestead 0.1 documentation. http://ethdocs.org/en/latest/contracts-and-transactions/account-types-gas-and-transactions.html#what-is-gas. Accessed 14 June 2018
  2. 2.
    96th Congress 1st Session, report of the special study of the options markets to the securities and exchange commission (1978)Google Scholar
  3. 3.
    Im-2110-3. Front running policy. Financial Industry Regulatory Authority (2002)Google Scholar
  4. 4.
    SSAC advisory on domain name front running. ICANN Advisory Committee, 10 2007. Accessed 15 Aug 2018Google Scholar
  5. 5.
    Front running of block transactions. Financial Industry Regulatory Authority (2012)Google Scholar
  6. 6.
    Notice of filing of proposed rule change to adopt FINRA rule 5270 (front running of block transactions) in the consolidated FINRA rulebook. Securities and Exchange Commission (2012)Google Scholar
  7. 7.
    Security review of 0x smart contracts. ConsenSys-Diligence (2017)Google Scholar
  8. 8.
    The status network, a strategy towards mass adoption of Ethereum. Status Team (2017). Accessed 10 June 2018Google Scholar
  9. 9.
    Cryptokitties. Cryptokitties team (2018). Accessed 31 Aug 2018Google Scholar
  10. 10.
    Anonymous. How the first winner of Fomo3D won the jackpot? (2018). https://winnerfomo3d.home.blog/. Accessed 9 Sept 2018
  11. 11.
    Bamert, T., Decker, C., Elsen, L., Wattenhofer, R., Welten, S.: Have a snack, pay with bitcoins. In: 2013 IEEE Thirteenth International Conference on Peer-to-Peer Computing (P2P), pp. 1–5. IEEE (2013)Google Scholar
  12. 12.
    Beaver, D., Haber, S.: Cryptographic protocols provably secure against dynamic adversaries. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 307–323. Springer, Heidelberg (1993).  https://doi.org/10.1007/3-540-47555-9_26CrossRefGoogle Scholar
  13. 13.
    Bogatyy, I.: Implementing Ethereum trading front-runs on the Bancor exchange in Python (2017). https://hackernoon.com/front-running-bancor-in-150-lines-of-python-with-ethereum-api-d5e2bfd0d798. Accessed 13 Aug 2018
  14. 14.
    Bonneau, J., Felten, E.W., Goldfeder, S., Kroll, J.A., Narayanan, A.: Why buy when you can rent? Bribery attacks on bitcoin consensus (2016)Google Scholar
  15. 15.
    Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Breidenbach, L., Daian, P., Tramer, F., Juels, A.: Enter the hydra: towards principled bug bounties and exploit-resistant smart contracts. In: 27th USENIX Security Symposium (USENIX Security 18). USENIX Association (2018)Google Scholar
  17. 17.
    Breidenbach, L., Daian, P., Juels, A., Tramer, F.: To sink frontrunners, send in the submarines (2017). http://hackingdistributed.com/2017/08/28/submarine-sends/. Accessed 28 Aug 2018
  18. 18.
    Breidenbach, L., Kell, T., Gosselin, S., Eskandari, S.: Libsubmarine: defeat front-running on Ethereum (2018). https://libsubmarine.org/. Accessed 7 Dec 2018
  19. 19.
    Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy (SP), vol. 00, pp. 319–338 (2018)Google Scholar
  20. 20.
    Buti, S., Rindi, B., Werner, I.M.: Diving into dark pools (2011)Google Scholar
  21. 21.
    Cheng, R., et al.: Ekiden: a platform for confidentiality-preserving, trustworthy, and performant smart contract execution. arXiv preprint arXiv:1804.05141 (2018)
  22. 22.
    Clark, J., Bonneau, J., Felten, E.W., Kroll, J.A., Miller, A., Narayanan, A.: On decentralizing prediction markets and order books. In: Workshop on the Economics of Information Security, State College, Pennsylvania (2014)Google Scholar
  23. 23.
    E. Discussion: Handling frontrunning in the permanent registrar (2018)Google Scholar
  24. 24.
    distribuyed: A comprehensive list of decentralized exchanges (DEX) of cryptocurrencies, tokens, derivatives and futures, and their protocols (2018). https://distribuyed.github.io/index/. Accessed 24 Sept 2018
  25. 25.
    Edelman, B.: Front-running study: testing report (2009)Google Scholar
  26. 26.
    Entriken, W., Shirley, D., Evans, J., Sachs, N.: ERC-721 non-fungible token standard (2018). https://github.com/ethereum/EIPs/blob/master/EIPS/eip-721.md. Accessed 31 Aug 2018
  27. 27.
    Ethereum: worker.go - commitnewwork() (2018). Accessed 7 Dec 2018Google Scholar
  28. 28.
    Financial Times: Barclays trader charged with front-running by us authorities (2018)Google Scholar
  29. 29.
    Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46803-6_10CrossRefGoogle Scholar
  30. 30.
    Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoins peer-to-peer network. In: USENIX Security, pp. 129–144. USENIX Association, Washington, D.C. (2015)Google Scholar
  31. 31.
    Hertzog, E., Benartzi, G., Benartzi, G.: Bancor protocol (2017)Google Scholar
  32. 32.
    initc3.org: Frontrun me (2018). http://frontrun.me/
  33. 33.
    G. Issue: Method ‘decreaseapproval’ in unsafe (2017)Google Scholar
  34. 34.
    Johnson, N.: Ethereum domain name service - specification (2016)Google Scholar
  35. 35.
    Kalodner, H.A., Carlsten, M., Ellenbogen, P., Bonneau, J., Narayanan, A.: An empirical study of Namecoin and lessons for decentralized namespace design. In: WEIS. Citeseer (2015)Google Scholar
  36. 36.
    Karame, G.O., Androulaki, E., Capkun, S.: Double-spending fast payments in bitcoin. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 906–917. ACM (2012)Google Scholar
  37. 37.
    Koch, M.B.: Exploring CryptoKitties - part 2: the CryptoMidwives (2018)Google Scholar
  38. 38.
    Kosba, A., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 839–858. IEEE (2016)Google Scholar
  39. 39.
    Malinova, K., Park, A.: Market design with blockchain technology (2017)Google Scholar
  40. 40.
    Marcus, Y., Heilman, E., Goldberg, S.: Low-resource eclipse attacks on Ethereum’s peer-to-peer network. Cryptology ePrint Archive, Report 2018/236 (2018). https://eprint.iacr.org/2018/236
  41. 41.
    Markham, J.W.: Front-running-insider trading under the commodity exchange act. Cath. UL Rev. 38, 69 (1988)Google Scholar
  42. 42.
    Maxwell, G.: Confidential transactions (2015). https://people.xiph.org/~greg/confidential_values.txt. Accessed 9 May 2016
  43. 43.
    McCorry, P., Hicks, A., Meiklejohn, S.: Smart contracts for bribing miners. IACR Cryptology ePrint Archive, 2018:581 (2018)Google Scholar
  44. 44.
    McCorry, P., Shahandashti, S.F., Hao, F.: A smart contract for boardroom voting with maximum voter privacy. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 357–375. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70972-7_20CrossRefGoogle Scholar
  45. 45.
    Medvedev, E.: Python scripts for ETL (extract, transform and load) jobs for Ethereum blocks (2018). https://github.com/medvedev1088/ethereum-etl
  46. 46.
    Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from bitcoin. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 397–411. IEEE (2013)Google Scholar
  47. 47.
    Moosavi, S., Clark, J.: Ghazal: toward truly authoritative web certificates using ethereum. In: Zohar, A., et al. (eds.) FC 2018. LNCS, vol. 10958, pp. 352–366. Springer, Heidelberg (2019).  https://doi.org/10.1007/978-3-662-58820-8_24CrossRefGoogle Scholar
  48. 48.
    Nakamoto, S.: Bitcoin: A Peer-to-peer Electronic Cash System (2008)Google Scholar
  49. 49.
    Noether, S.: Ring signature confidential transactions for Monero. Cryptology ePrint Archive, Report 2015/1098 (2015). https://eprint.iacr.org/2015/1098
  50. 50.
    Petty, C.: A look at the Status.im ICO token distribution (2017). https://medium.com/the-bitcoin-podcast-blog/a-look-at-the-status-im-ico-token-distribution-f5bcf7f00907. Accessed 10 June 2018
  51. 51.
    Pierrot, C., Wesolowski, B.: Malleability of the blockchain’s entropy. Crypt. Commun. 10(1), 211–233 (2018)MathSciNetCrossRefGoogle Scholar
  52. 52.
    Piqueras, E.: Generalized Ethereum frontrunners, an implementation and a cheat (2019)Google Scholar
  53. 53.
    Radner, R., Schotter, A.: The sealed-bid mechanism: an experimental study. J. Econ. Theor. 48(1), 179–220 (1989)MathSciNetCrossRefGoogle Scholar
  54. 54.
    Rahimian, R.: Multiple withdrawal attack (2018)Google Scholar
  55. 55.
    Reitwiessner, C.: An update on integrating Zcash on Ethereum (ZoE) (2017). https://blog.ethereum.org/2017/01/19/update-integrating-zcash-ethereum/
  56. 56.
    Sasson, E.B., et al.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 459–474. IEEE (2014)Google Scholar
  57. 57.
    SECBIT: How the winner got Fomo3D prize – a detailed explanation (2018). https://medium.com/coinmonks/how-the-winner-got-fomo3d-prize-a-detailed-explanation-b30a69b7813f. Accessed 9 Dec 2018
  58. 58.
    Sirer, E.G., Daian, P.: Bancor is flawed (2017). http://hackingdistributed.com/2017/06/19/bancor-is-flawed/. Accessed 14 June 2018
  59. 59.
    Solmaz, O.: The anatomy of a block stuffing attack (2018). https://osolmaz.com/2018/10/18/anatomy-block-stuffing/
  60. 60.
    Ver, R., Wu, J.: Bitcoin cash planned network upgrade is complete (2018). Accessed 7 Dec 2018Google Scholar
  61. 61.
    Vermorel, J., Séchet, A., Chancellor, S., van der Wansem, T.: Canonical transaction ordering for bitcoin (2018). Accessed 7 Dec 2018Google Scholar
  62. 62.
    Vogelsteller, F., Buterin, V.: ERC-20 token standard (2015). https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20.md. Accessed 31 Aug 2018
  63. 63.
    Walther, T.: Multi-token batch auctions with uniform clearing prices (2018)Google Scholar
  64. 64.
    Warren, W.: Front-running, griefing and the perils of virtual settlement (2017). https://blog.0xproject.com/front-running-griefing-and-the-perils-of-virtual-settlement-part-1-8554ab283e97. Accessed 14 Aug 2018
  65. 65.
    Warren, W., Bandeali, A.: 0x: an open protocol for decentralized exchange on the Ethereum blockchain (2017). https://github.com/0xProject/whitepaper
  66. 66.
    Williamson, D.Z.J.: The AZTEC protocol (2018). https://github.com/AztecProtocol/AZTEC/
  67. 67.
    Zetzsche, D.A., Buckley, R.P., Arner, D.W., Föhr, L.: The ICO gold rush: it’s a scam, it’s a bubble, it’s a super challenge for regulators (2018)Google Scholar
  68. 68.
    Zhou, Y., Kumar, D., Bakshi, S., Mason, J., Miller, A., Bailey, M.: Erays: reverse engineering Ethereums opaque smart contracts. In: USENIX Security (2018)Google Scholar
  69. 69.
    Zhu, H.: Do dark pools harm price discovery? Rev. Financ. Stud. 27(3), 747–789 (2014)CrossRefGoogle Scholar

Copyright information

© International Financial Cryptography Association 2020

Authors and Affiliations

  1. 1.Gina Cody School of Engineering and Computer ScienceConcordia UniversityMontrealCanada
  2. 2.ConsenSys DiligenceMontrealCanada

Personalised recommendations