Abstract
We consider front-running to be a course of action where an entity benefits from prior access to privileged market information about upcoming transactions and trades. Front-running has been an issue in financial instrument markets since the 1970s. With the advent of the blockchain technology, front-running has resurfaced in new forms we explore here, instigated by blockchain’s decentralized and transparent nature. In this paper, we draw from a scattered body of knowledge and instances of front-running across the top 25 most active decentral applications (DApps) deployed on Ethereum blockchain. Additionally, we carry out a detailed analysis of Status.im initial coin offering (ICO) and show evidence of abnormal miner’s behavior indicative of front-running token purchases. Finally, we map the proposed solutions to front-running into useful categories.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
A block in the stock market is a large number of shares, 10 000 or more, to sell which will heavily change the price.
- 2.
Securities Exchange Act Release No. 14156, November 19, 1977, (Letter from George A. Fitzsimmons, Secretary, Securities, and Exchange Commission to Joseph W. Sullivan, President CBoE).
- 3.
List of decentralized applications https://DAppradar.com/DApps.
- 4.
Also known as ForkDelta for the user interface: https://forkdelta.app/.
- 5.
As there are no automated function calls in Ethereum, this incentive model –known as Action Callback [52]– is used to encourage users to call these functions.
- 6.
- 7.
The first winner of Fomo3D, won 10,469 Ether https://etherscan.io/tx/0xe08a519c03cb0aed0e04b33104112d65fa1d3a48cd3aeab65f047b2abce9d508.
- 8.
Also known as Block Stuffing Attack [59].
- 9.
- 10.
Note that we do not have an authoritative copy of the mempool over time, however, the probability of these transactions being broadcasted to the network and exclusively get mined by the same pool as the sender is low.
- 11.
Official Go implementation https://github.com/ethereum/go-ethereum.
- 12.
- 13.
- 14.
- 15.
F2Pool address was identified by their mining reward deposit address https://etherscan.io/address/0x61c808d82a3ac53231750dadc13c777b59310bd9.
- 16.
Sometimes the pool is called a ‘queue.’ It is important to note is a misnomer as queues enforce a first-in-first-out sequence.
- 17.
This is analogous to behavior in traditional financial markets where high-frequency traders will make and cancel orders at many price points (flash orders or pinging). If they can cancel faster than someone can execute it—someone who has only seen the order and not the cancellation—then the victim reveals their price information.
- 18.
Also known as batch auctions [63].
References
Account types, gas, and transactions. Ethereum homestead 0.1 documentation. http://ethdocs.org/en/latest/contracts-and-transactions/account-types-gas-and-transactions.html#what-is-gas. Accessed 14 June 2018
96th Congress 1st Session, report of the special study of the options markets to the securities and exchange commission (1978)
Im-2110-3. Front running policy. Financial Industry Regulatory Authority (2002)
SSAC advisory on domain name front running. ICANN Advisory Committee, 10 2007. Accessed 15 Aug 2018
Front running of block transactions. Financial Industry Regulatory Authority (2012)
Notice of filing of proposed rule change to adopt FINRA rule 5270 (front running of block transactions) in the consolidated FINRA rulebook. Securities and Exchange Commission (2012)
Security review of 0x smart contracts. ConsenSys-Diligence (2017)
The status network, a strategy towards mass adoption of Ethereum. Status Team (2017). Accessed 10 June 2018
Cryptokitties. Cryptokitties team (2018). Accessed 31 Aug 2018
Anonymous. How the first winner of Fomo3D won the jackpot? (2018). https://winnerfomo3d.home.blog/. Accessed 9 Sept 2018
Bamert, T., Decker, C., Elsen, L., Wattenhofer, R., Welten, S.: Have a snack, pay with bitcoins. In: 2013 IEEE Thirteenth International Conference on Peer-to-Peer Computing (P2P), pp. 1–5. IEEE (2013)
Beaver, D., Haber, S.: Cryptographic protocols provably secure against dynamic adversaries. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 307–323. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-47555-9_26
Bogatyy, I.: Implementing Ethereum trading front-runs on the Bancor exchange in Python (2017). https://hackernoon.com/front-running-bancor-in-150-lines-of-python-with-ethereum-api-d5e2bfd0d798. Accessed 13 Aug 2018
Bonneau, J., Felten, E.W., Goldfeder, S., Kroll, J.A., Narayanan, A.: Why buy when you can rent? Bribery attacks on bitcoin consensus (2016)
Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)
Breidenbach, L., Daian, P., Tramer, F., Juels, A.: Enter the hydra: towards principled bug bounties and exploit-resistant smart contracts. In: 27th USENIX Security Symposium (USENIX Security 18). USENIX Association (2018)
Breidenbach, L., Daian, P., Juels, A., Tramer, F.: To sink frontrunners, send in the submarines (2017). http://hackingdistributed.com/2017/08/28/submarine-sends/. Accessed 28 Aug 2018
Breidenbach, L., Kell, T., Gosselin, S., Eskandari, S.: Libsubmarine: defeat front-running on Ethereum (2018). https://libsubmarine.org/. Accessed 7 Dec 2018
Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy (SP), vol. 00, pp. 319–338 (2018)
Buti, S., Rindi, B., Werner, I.M.: Diving into dark pools (2011)
Cheng, R., et al.: Ekiden: a platform for confidentiality-preserving, trustworthy, and performant smart contract execution. arXiv preprint arXiv:1804.05141 (2018)
Clark, J., Bonneau, J., Felten, E.W., Kroll, J.A., Miller, A., Narayanan, A.: On decentralizing prediction markets and order books. In: Workshop on the Economics of Information Security, State College, Pennsylvania (2014)
E. Discussion: Handling frontrunning in the permanent registrar (2018)
distribuyed: A comprehensive list of decentralized exchanges (DEX) of cryptocurrencies, tokens, derivatives and futures, and their protocols (2018). https://distribuyed.github.io/index/. Accessed 24 Sept 2018
Edelman, B.: Front-running study: testing report (2009)
Entriken, W., Shirley, D., Evans, J., Sachs, N.: ERC-721 non-fungible token standard (2018). https://github.com/ethereum/EIPs/blob/master/EIPS/eip-721.md. Accessed 31 Aug 2018
Ethereum: worker.go - commitnewwork() (2018). Accessed 7 Dec 2018
Financial Times: Barclays trader charged with front-running by us authorities (2018)
Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_10
Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoins peer-to-peer network. In: USENIX Security, pp. 129–144. USENIX Association, Washington, D.C. (2015)
Hertzog, E., Benartzi, G., Benartzi, G.: Bancor protocol (2017)
initc3.org: Frontrun me (2018). http://frontrun.me/
G. Issue: Method ‘decreaseapproval’ in unsafe (2017)
Johnson, N.: Ethereum domain name service - specification (2016)
Kalodner, H.A., Carlsten, M., Ellenbogen, P., Bonneau, J., Narayanan, A.: An empirical study of Namecoin and lessons for decentralized namespace design. In: WEIS. Citeseer (2015)
Karame, G.O., Androulaki, E., Capkun, S.: Double-spending fast payments in bitcoin. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 906–917. ACM (2012)
Koch, M.B.: Exploring CryptoKitties - part 2: the CryptoMidwives (2018)
Kosba, A., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 839–858. IEEE (2016)
Malinova, K., Park, A.: Market design with blockchain technology (2017)
Marcus, Y., Heilman, E., Goldberg, S.: Low-resource eclipse attacks on Ethereum’s peer-to-peer network. Cryptology ePrint Archive, Report 2018/236 (2018). https://eprint.iacr.org/2018/236
Markham, J.W.: Front-running-insider trading under the commodity exchange act. Cath. UL Rev. 38, 69 (1988)
Maxwell, G.: Confidential transactions (2015). https://people.xiph.org/~greg/confidential_values.txt. Accessed 9 May 2016
McCorry, P., Hicks, A., Meiklejohn, S.: Smart contracts for bribing miners. IACR Cryptology ePrint Archive, 2018:581 (2018)
McCorry, P., Shahandashti, S.F., Hao, F.: A smart contract for boardroom voting with maximum voter privacy. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 357–375. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70972-7_20
Medvedev, E.: Python scripts for ETL (extract, transform and load) jobs for Ethereum blocks (2018). https://github.com/medvedev1088/ethereum-etl
Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from bitcoin. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 397–411. IEEE (2013)
Moosavi, S., Clark, J.: Ghazal: toward truly authoritative web certificates using ethereum. In: Zohar, A., et al. (eds.) FC 2018. LNCS, vol. 10958, pp. 352–366. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-662-58820-8_24
Nakamoto, S.: Bitcoin: A Peer-to-peer Electronic Cash System (2008)
Noether, S.: Ring signature confidential transactions for Monero. Cryptology ePrint Archive, Report 2015/1098 (2015). https://eprint.iacr.org/2015/1098
Petty, C.: A look at the Status.im ICO token distribution (2017). https://medium.com/the-bitcoin-podcast-blog/a-look-at-the-status-im-ico-token-distribution-f5bcf7f00907. Accessed 10 June 2018
Pierrot, C., Wesolowski, B.: Malleability of the blockchain’s entropy. Crypt. Commun. 10(1), 211–233 (2018)
Piqueras, E.: Generalized Ethereum frontrunners, an implementation and a cheat (2019)
Radner, R., Schotter, A.: The sealed-bid mechanism: an experimental study. J. Econ. Theor. 48(1), 179–220 (1989)
Rahimian, R.: Multiple withdrawal attack (2018)
Reitwiessner, C.: An update on integrating Zcash on Ethereum (ZoE) (2017). https://blog.ethereum.org/2017/01/19/update-integrating-zcash-ethereum/
Sasson, E.B., et al.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 459–474. IEEE (2014)
SECBIT: How the winner got Fomo3D prize – a detailed explanation (2018). https://medium.com/coinmonks/how-the-winner-got-fomo3d-prize-a-detailed-explanation-b30a69b7813f. Accessed 9 Dec 2018
Sirer, E.G., Daian, P.: Bancor is flawed (2017). http://hackingdistributed.com/2017/06/19/bancor-is-flawed/. Accessed 14 June 2018
Solmaz, O.: The anatomy of a block stuffing attack (2018). https://osolmaz.com/2018/10/18/anatomy-block-stuffing/
Ver, R., Wu, J.: Bitcoin cash planned network upgrade is complete (2018). Accessed 7 Dec 2018
Vermorel, J., Séchet, A., Chancellor, S., van der Wansem, T.: Canonical transaction ordering for bitcoin (2018). Accessed 7 Dec 2018
Vogelsteller, F., Buterin, V.: ERC-20 token standard (2015). https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20.md. Accessed 31 Aug 2018
Walther, T.: Multi-token batch auctions with uniform clearing prices (2018)
Warren, W.: Front-running, griefing and the perils of virtual settlement (2017). https://blog.0xproject.com/front-running-griefing-and-the-perils-of-virtual-settlement-part-1-8554ab283e97. Accessed 14 Aug 2018
Warren, W., Bandeali, A.: 0x: an open protocol for decentralized exchange on the Ethereum blockchain (2017). https://github.com/0xProject/whitepaper
Williamson, D.Z.J.: The AZTEC protocol (2018). https://github.com/AztecProtocol/AZTEC/
Zetzsche, D.A., Buckley, R.P., Arner, D.W., Föhr, L.: The ICO gold rush: it’s a scam, it’s a bubble, it’s a super challenge for regulators (2018)
Zhou, Y., Kumar, D., Bakshi, S., Mason, J., Miller, A., Bailey, M.: Erays: reverse engineering Ethereums opaque smart contracts. In: USENIX Security (2018)
Zhu, H.: Do dark pools harm price discovery? Rev. Financ. Stud. 27(3), 747–789 (2014)
Acknowledgements
The authors thank the Autorité des Marchés Financiers (AMF) for sponsoring this research through the Education and Good Governance Fund (EGGF), as well as NSERC through a Discovery Grant.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 International Financial Cryptography Association
About this paper
Cite this paper
Eskandari, S., Moosavi, S., Clark, J. (2020). SoK: Transparent Dishonesty: Front-Running Attacks on Blockchain. In: Bracciali, A., Clark, J., Pintore, F., Rønne, P., Sala, M. (eds) Financial Cryptography and Data Security. FC 2019. Lecture Notes in Computer Science(), vol 11599. Springer, Cham. https://doi.org/10.1007/978-3-030-43725-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-43725-1_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-43724-4
Online ISBN: 978-3-030-43725-1
eBook Packages: Computer ScienceComputer Science (R0)