{"id":27930,"date":"2020-08-31T11:44:11","date_gmt":"2020-08-31T08:44:11","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=27930"},"modified":"2025-08-27T00:00:20","modified_gmt":"2025-08-26T21:00:20","slug":"study-pending-ethereum-transactions-vulnerable-to-bots","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/study-pending-ethereum-transactions-vulnerable-to-bots\/","title":{"rendered":"Study: Pending Ethereum Transactions Vulnerable to Bots"},"content":{"rendered":"<p>Arbitrage bots monitor pending transactions in the Ethereum mempool and exploit arising opportunities to profit from its architecture, according to a blog post by Dan Robinson, a developer at the Paradigm hedge fund, in collaboration with colleague Georgios Konstantopoulos.<!--more--><\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Someone accidentally locked up some tokens in an Ethereum smart contract. <a href=\"https:\/\/twitter.com\/gakonst?ref_src=twsrc%5Etfw\">@gakonst<\/a> and I thought we\u2019d found a way to recover them.<\/p>\n<p>We learned that the mempool is a very creepy place.<a href=\"https:\/\/t.co\/8rC0jOCPn3\">https:\/\/t.co\/8rC0jOCPn3<\/a><\/p>\n<p>\u2014 Dan Robinson (@danrobinson) <a href=\"https:\/\/twitter.com\/danrobinson\/status\/1299403425659011072?ref_src=twsrc%5Etfw\">August 28, 2020<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Arbitrage bots typically search for certain types of transactions (for example, those related to trading on DEX or oracle updates) and attempt to execute them according to a pre-set algorithm that assumes copying and replacing the recipient address.<\/p>\n<p>Robinson conducted an experiment, attempting to conceal the transaction traces from bots to avoid revealing the link to the non-custodial exchange Uniswap. Despite help from Ethereum security engineers and smart-contract specialists, his plan failed and the bots intercepted the funds.<\/p>\n<p>In conclusion, Robinson warned miners that in the future they could become victims not only of bots but also of colleagues if they do not devote close attention to this vulnerability.<\/p>\n<p>Earlier, Blocknative researchers found that during the March market crash, attackers siphoned $8.3 million from the DeFi protocol Maker by manipulating the Ethereum mempool.<\/p>\n<p>Subscribe to ForkLog news on <a href=\"https:\/\/www.facebook.com\/forklog\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Facebook<\/a>!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Arbitrage bots monitor pending transactions in the Ethereum mempool and exploit arising opportunities to profit from its architecture, according to a blog post by Dan Robinson, a developer at the Paradigm hedge fund, in collaboration with colleague Georgios Konstantopoulos.<\/p>\n","protected":false},"author":1,"featured_media":27931,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[46,1127,167],"class_list":["post-27930","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-ethereum","tag-mempool","tag-research"],"aioseo_notices":[],"amp_enabled":true,"views":"16","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/27930","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=27930"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/27930\/revisions"}],"predecessor-version":[{"id":27932,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/27930\/revisions\/27932"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/27931"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=27930"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=27930"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=27930"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}