Skip to main content

SoK: Transparent Dishonesty: Front-Running Attacks on Blockchain

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11599))

Included in the following conference series:

Abstract

We consider front-running to be a course of action where an entity benefits from prior access to privileged market information about upcoming transactions and trades. Front-running has been an issue in financial instrument markets since the 1970s. With the advent of the blockchain technology, front-running has resurfaced in new forms we explore here, instigated by blockchain’s decentralized and transparent nature. In this paper, we draw from a scattered body of knowledge and instances of front-running across the top 25 most active decentral applications (DApps) deployed on Ethereum blockchain. Additionally, we carry out a detailed analysis of Status.im initial coin offering (ICO) and show evidence of abnormal miner’s behavior indicative of front-running token purchases. Finally, we map the proposed solutions to front-running into useful categories.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    A block in the stock market is a large number of shares, 10 000 or more, to sell which will heavily change the price.

  2. 2.

    Securities Exchange Act Release No. 14156, November 19, 1977, (Letter from George A. Fitzsimmons, Secretary, Securities, and Exchange Commission to Joseph W. Sullivan, President CBoE).

  3. 3.

    List of decentralized applications https://DAppradar.com/DApps.

  4. 4.

    Also known as ForkDelta for the user interface: https://forkdelta.app/.

  5. 5.

    As there are no automated function calls in Ethereum, this incentive model –known as Action Callback [52]– is used to encourage users to call these functions.

  6. 6.

    https://exitscam.me/play.

  7. 7.

    The first winner of Fomo3D, won 10,469 Ether https://etherscan.io/tx/0xe08a519c03cb0aed0e04b33104112d65fa1d3a48cd3aeab65f047b2abce9d508.

  8. 8.

    Also known as Block Stuffing Attack [59].

  9. 9.

    https://twitter.com/ensbot.

  10. 10.

    Note that we do not have an authoritative copy of the mempool over time, however, the probability of these transactions being broadcasted to the network and exclusively get mined by the same pool as the sender is low.

  11. 11.

    Official Go implementation https://github.com/ethereum/go-ethereum.

  12. 12.

    https://cloud.google.com/bigquery/.

  13. 13.

    https://www.tableau.com/.

  14. 14.

    http://bit.ly/madibaFrontrunning.

  15. 15.

    F2Pool address was identified by their mining reward deposit address https://etherscan.io/address/0x61c808d82a3ac53231750dadc13c777b59310bd9.

  16. 16.

    Sometimes the pool is called a ‘queue.’ It is important to note is a misnomer as queues enforce a first-in-first-out sequence.

  17. 17.

    This is analogous to behavior in traditional financial markets where high-frequency traders will make and cancel orders at many price points (flash orders or pinging). If they can cancel faster than someone can execute it—someone who has only seen the order and not the cancellation—then the victim reveals their price information.

  18. 18.

    Also known as batch auctions [63].

References

  1. Account types, gas, and transactions. Ethereum homestead 0.1 documentation. http://ethdocs.org/en/latest/contracts-and-transactions/account-types-gas-and-transactions.html#what-is-gas. Accessed 14 June 2018

  2. 96th Congress 1st Session, report of the special study of the options markets to the securities and exchange commission (1978)

    Google Scholar 

  3. Im-2110-3. Front running policy. Financial Industry Regulatory Authority (2002)

    Google Scholar 

  4. SSAC advisory on domain name front running. ICANN Advisory Committee, 10 2007. Accessed 15 Aug 2018

    Google Scholar 

  5. Front running of block transactions. Financial Industry Regulatory Authority (2012)

    Google Scholar 

  6. Notice of filing of proposed rule change to adopt FINRA rule 5270 (front running of block transactions) in the consolidated FINRA rulebook. Securities and Exchange Commission (2012)

    Google Scholar 

  7. Security review of 0x smart contracts. ConsenSys-Diligence (2017)

    Google Scholar 

  8. The status network, a strategy towards mass adoption of Ethereum. Status Team (2017). Accessed 10 June 2018

    Google Scholar 

  9. Cryptokitties. Cryptokitties team (2018). Accessed 31 Aug 2018

    Google Scholar 

  10. Anonymous. How the first winner of Fomo3D won the jackpot? (2018). https://winnerfomo3d.home.blog/. Accessed 9 Sept 2018

  11. Bamert, T., Decker, C., Elsen, L., Wattenhofer, R., Welten, S.: Have a snack, pay with bitcoins. In: 2013 IEEE Thirteenth International Conference on Peer-to-Peer Computing (P2P), pp. 1–5. IEEE (2013)

    Google Scholar 

  12. Beaver, D., Haber, S.: Cryptographic protocols provably secure against dynamic adversaries. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 307–323. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-47555-9_26

    Chapter  Google Scholar 

  13. Bogatyy, I.: Implementing Ethereum trading front-runs on the Bancor exchange in Python (2017). https://hackernoon.com/front-running-bancor-in-150-lines-of-python-with-ethereum-api-d5e2bfd0d798. Accessed 13 Aug 2018

  14. Bonneau, J., Felten, E.W., Goldfeder, S., Kroll, J.A., Narayanan, A.: Why buy when you can rent? Bribery attacks on bitcoin consensus (2016)

    Google Scholar 

  15. Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)

    Article  MathSciNet  Google Scholar 

  16. Breidenbach, L., Daian, P., Tramer, F., Juels, A.: Enter the hydra: towards principled bug bounties and exploit-resistant smart contracts. In: 27th USENIX Security Symposium (USENIX Security 18). USENIX Association (2018)

    Google Scholar 

  17. Breidenbach, L., Daian, P., Juels, A., Tramer, F.: To sink frontrunners, send in the submarines (2017). http://hackingdistributed.com/2017/08/28/submarine-sends/. Accessed 28 Aug 2018

  18. Breidenbach, L., Kell, T., Gosselin, S., Eskandari, S.: Libsubmarine: defeat front-running on Ethereum (2018). https://libsubmarine.org/. Accessed 7 Dec 2018

  19. Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy (SP), vol. 00, pp. 319–338 (2018)

    Google Scholar 

  20. Buti, S., Rindi, B., Werner, I.M.: Diving into dark pools (2011)

    Google Scholar 

  21. Cheng, R., et al.: Ekiden: a platform for confidentiality-preserving, trustworthy, and performant smart contract execution. arXiv preprint arXiv:1804.05141 (2018)

  22. Clark, J., Bonneau, J., Felten, E.W., Kroll, J.A., Miller, A., Narayanan, A.: On decentralizing prediction markets and order books. In: Workshop on the Economics of Information Security, State College, Pennsylvania (2014)

    Google Scholar 

  23. E. Discussion: Handling frontrunning in the permanent registrar (2018)

    Google Scholar 

  24. distribuyed: A comprehensive list of decentralized exchanges (DEX) of cryptocurrencies, tokens, derivatives and futures, and their protocols (2018). https://distribuyed.github.io/index/. Accessed 24 Sept 2018

  25. Edelman, B.: Front-running study: testing report (2009)

    Google Scholar 

  26. Entriken, W., Shirley, D., Evans, J., Sachs, N.: ERC-721 non-fungible token standard (2018). https://github.com/ethereum/EIPs/blob/master/EIPS/eip-721.md. Accessed 31 Aug 2018

  27. Ethereum: worker.go - commitnewwork() (2018). Accessed 7 Dec 2018

    Google Scholar 

  28. Financial Times: Barclays trader charged with front-running by us authorities (2018)

    Google Scholar 

  29. Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_10

    Chapter  Google Scholar 

  30. Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoins peer-to-peer network. In: USENIX Security, pp. 129–144. USENIX Association, Washington, D.C. (2015)

    Google Scholar 

  31. Hertzog, E., Benartzi, G., Benartzi, G.: Bancor protocol (2017)

    Google Scholar 

  32. initc3.org: Frontrun me (2018). http://frontrun.me/

  33. G. Issue: Method ‘decreaseapproval’ in unsafe (2017)

    Google Scholar 

  34. Johnson, N.: Ethereum domain name service - specification (2016)

    Google Scholar 

  35. Kalodner, H.A., Carlsten, M., Ellenbogen, P., Bonneau, J., Narayanan, A.: An empirical study of Namecoin and lessons for decentralized namespace design. In: WEIS. Citeseer (2015)

    Google Scholar 

  36. Karame, G.O., Androulaki, E., Capkun, S.: Double-spending fast payments in bitcoin. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 906–917. ACM (2012)

    Google Scholar 

  37. Koch, M.B.: Exploring CryptoKitties - part 2: the CryptoMidwives (2018)

    Google Scholar 

  38. Kosba, A., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 839–858. IEEE (2016)

    Google Scholar 

  39. Malinova, K., Park, A.: Market design with blockchain technology (2017)

    Google Scholar 

  40. Marcus, Y., Heilman, E., Goldberg, S.: Low-resource eclipse attacks on Ethereum’s peer-to-peer network. Cryptology ePrint Archive, Report 2018/236 (2018). https://eprint.iacr.org/2018/236

  41. Markham, J.W.: Front-running-insider trading under the commodity exchange act. Cath. UL Rev. 38, 69 (1988)

    Google Scholar 

  42. Maxwell, G.: Confidential transactions (2015). https://people.xiph.org/~greg/confidential_values.txt. Accessed 9 May 2016

  43. McCorry, P., Hicks, A., Meiklejohn, S.: Smart contracts for bribing miners. IACR Cryptology ePrint Archive, 2018:581 (2018)

    Google Scholar 

  44. McCorry, P., Shahandashti, S.F., Hao, F.: A smart contract for boardroom voting with maximum voter privacy. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 357–375. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70972-7_20

    Chapter  Google Scholar 

  45. Medvedev, E.: Python scripts for ETL (extract, transform and load) jobs for Ethereum blocks (2018). https://github.com/medvedev1088/ethereum-etl

  46. Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from bitcoin. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 397–411. IEEE (2013)

    Google Scholar 

  47. Moosavi, S., Clark, J.: Ghazal: toward truly authoritative web certificates using ethereum. In: Zohar, A., et al. (eds.) FC 2018. LNCS, vol. 10958, pp. 352–366. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-662-58820-8_24

    Chapter  Google Scholar 

  48. Nakamoto, S.: Bitcoin: A Peer-to-peer Electronic Cash System (2008)

    Google Scholar 

  49. Noether, S.: Ring signature confidential transactions for Monero. Cryptology ePrint Archive, Report 2015/1098 (2015). https://eprint.iacr.org/2015/1098

  50. Petty, C.: A look at the Status.im ICO token distribution (2017). https://medium.com/the-bitcoin-podcast-blog/a-look-at-the-status-im-ico-token-distribution-f5bcf7f00907. Accessed 10 June 2018

  51. Pierrot, C., Wesolowski, B.: Malleability of the blockchain’s entropy. Crypt. Commun. 10(1), 211–233 (2018)

    Article  MathSciNet  Google Scholar 

  52. Piqueras, E.: Generalized Ethereum frontrunners, an implementation and a cheat (2019)

    Google Scholar 

  53. Radner, R., Schotter, A.: The sealed-bid mechanism: an experimental study. J. Econ. Theor. 48(1), 179–220 (1989)

    Article  MathSciNet  Google Scholar 

  54. Rahimian, R.: Multiple withdrawal attack (2018)

    Google Scholar 

  55. Reitwiessner, C.: An update on integrating Zcash on Ethereum (ZoE) (2017). https://blog.ethereum.org/2017/01/19/update-integrating-zcash-ethereum/

  56. Sasson, E.B., et al.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 459–474. IEEE (2014)

    Google Scholar 

  57. SECBIT: How the winner got Fomo3D prize – a detailed explanation (2018). https://medium.com/coinmonks/how-the-winner-got-fomo3d-prize-a-detailed-explanation-b30a69b7813f. Accessed 9 Dec 2018

  58. Sirer, E.G., Daian, P.: Bancor is flawed (2017). http://hackingdistributed.com/2017/06/19/bancor-is-flawed/. Accessed 14 June 2018

  59. Solmaz, O.: The anatomy of a block stuffing attack (2018). https://osolmaz.com/2018/10/18/anatomy-block-stuffing/

  60. Ver, R., Wu, J.: Bitcoin cash planned network upgrade is complete (2018). Accessed 7 Dec 2018

    Google Scholar 

  61. Vermorel, J., Séchet, A., Chancellor, S., van der Wansem, T.: Canonical transaction ordering for bitcoin (2018). Accessed 7 Dec 2018

    Google Scholar 

  62. Vogelsteller, F., Buterin, V.: ERC-20 token standard (2015). https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20.md. Accessed 31 Aug 2018

  63. Walther, T.: Multi-token batch auctions with uniform clearing prices (2018)

    Google Scholar 

  64. Warren, W.: Front-running, griefing and the perils of virtual settlement (2017). https://blog.0xproject.com/front-running-griefing-and-the-perils-of-virtual-settlement-part-1-8554ab283e97. Accessed 14 Aug 2018

  65. Warren, W., Bandeali, A.: 0x: an open protocol for decentralized exchange on the Ethereum blockchain (2017). https://github.com/0xProject/whitepaper

  66. Williamson, D.Z.J.: The AZTEC protocol (2018). https://github.com/AztecProtocol/AZTEC/

  67. Zetzsche, D.A., Buckley, R.P., Arner, D.W., Föhr, L.: The ICO gold rush: it’s a scam, it’s a bubble, it’s a super challenge for regulators (2018)

    Google Scholar 

  68. Zhou, Y., Kumar, D., Bakshi, S., Mason, J., Miller, A., Bailey, M.: Erays: reverse engineering Ethereums opaque smart contracts. In: USENIX Security (2018)

    Google Scholar 

  69. Zhu, H.: Do dark pools harm price discovery? Rev. Financ. Stud. 27(3), 747–789 (2014)

    Article  Google Scholar 

Download references

Acknowledgements

The authors thank the Autorité des Marchés Financiers (AMF) for sponsoring this research through the Education and Good Governance Fund (EGGF), as well as NSERC through a Discovery Grant.

Author information

Authors and Affiliations

Authors

Corresponding authors

Correspondence to Shayan Eskandari or Jeremy Clark .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2020 International Financial Cryptography Association

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Eskandari, S., Moosavi, S., Clark, J. (2020). SoK: Transparent Dishonesty: Front-Running Attacks on Blockchain. In: Bracciali, A., Clark, J., Pintore, F., Rønne, P., Sala, M. (eds) Financial Cryptography and Data Security. FC 2019. Lecture Notes in Computer Science(), vol 11599. Springer, Cham. https://doi.org/10.1007/978-3-030-43725-1_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-43725-1_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-43724-4

  • Online ISBN: 978-3-030-43725-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics