Study: Pending Ethereum Transactions Vulnerable to Bots

Arbitrage bots monitor pending transactions in the Ethereum mempool and exploit arising opportunities to profit from its architecture, according to a blog post by Dan Robinson, a developer at the Paradigm hedge fund, in collaboration with colleague Georgios Konstantopoulos.

Someone accidentally locked up some tokens in an Ethereum smart contract. @gakonst and I thought we’d found a way to recover them.

We learned that the mempool is a very creepy place.https://t.co/8rC0jOCPn3

— Dan Robinson (@danrobinson) August 28, 2020

Arbitrage bots typically search for certain types of transactions (for example, those related to trading on DEX or oracle updates) and attempt to execute them according to a pre-set algorithm that assumes copying and replacing the recipient address.

Robinson conducted an experiment, attempting to conceal the transaction traces from bots to avoid revealing the link to the non-custodial exchange Uniswap. Despite help from Ethereum security engineers and smart-contract specialists, his plan failed and the bots intercepted the funds.

In conclusion, Robinson warned miners that in the future they could become victims not only of bots but also of colleagues if they do not devote close attention to this vulnerability.

Earlier, Blocknative researchers found that during the March market crash, attackers siphoned $8.3 million from the DeFi protocol Maker by manipulating the Ethereum mempool.

Subscribe to ForkLog news on Facebook!