• Corpus ID: 231839835

Frontrunner Jones and the Raiders of the Dark Forest: An Empirical Study of Frontrunning on the Ethereum Blockchain

  title={Frontrunner Jones and the Raiders of the Dark Forest: An Empirical Study of Frontrunning on the Ethereum Blockchain},
  author={Christof Ferreira Torres and Ramiro Daniel Camino and Radu State},
Ethereum prospered the inception of a plethora of smart contract applications, ranging from gambling games to decentralized finance. However, Ethereum is also considered a highly adversarial environment, where vulnerable smart contracts will eventually be exploited. Recently, Ethereum’s pool of pending transaction has become a far more aggressive environment. In the hope of making some profit, attackers continuously monitor the transaction pool and try to frontrun their victims’ transactions by… 

Analyzing and Preventing Sandwich Attacks in Ethereum

A large-scale analysis of sandwich attacks for a time period of twelve months found that during this time there were at least 480’276 attacks leading to an accumulated profit of 64’217 ETH (189’311’716 USD) and it is shown that miners have recently begun to play a more active role in these value extractions which drastically changes the patterns the authors observe.

DETER: Denial of Ethereum Txpool sERvices

This work designs non-trivial measurement methods against blackbox mainnet nodes and conduct light probes to confirm that popular mainnet services are exploitable under DETER attacks and proposes mitigation schemes that reduce a DETER attack's success rate down to zero while preserving the miners' revenue.

A Note on Privacy in Constant Function Market Makers

It is shown that privacy is impossible with the usual implementations of CFMMs under most reasonable models of an adversary and some mitigating strategies are provided.

Behavior of Liquidity Providers in Decentralized Exchanges

Decentralized exchanges (DEXes) have introduced an innovative trading mechanism, where it is not necessary to match buy-orders and sell-orders to execute a trade. DEXes execute each trade

Mitigating Frontrunning Attacks in Ethereum

This paper proposes a model-based attack detection and prevention scheme that extracts specific features for each transaction and transforms each transaction into a feature vector which is analyzed by a machine learning model to detect if it is a frontrunning attack transaction or not in real time.

A flash(bot) in the pan: measuring maximal extractable value in private pools

This paper measures the popularity of Flashbots and evaluates if it is meeting its chartered goals and finds that Flashbots miners account for over 99.9% of the hashing power in the Ethereum network.

Impact and User Perception of Sandwich Attacks in the DeFi Ecosystem

It is found that due to users’ lack of technical background and insufficient notifications from the markets, many users were not aware of the existence and the impact of sandwich attacks and had a limited understanding of how to resolve the security issue.

SoK: Decentralized Finance (DeFi) Incidents

A common reference frame is introduced to systematically evaluate and compare DeFi incidents and investigates potential defenses, finding that 103 of the attacks are not executed atomically, granting a rescue time frame for defenders.

SoK: Decentralized Finance (DeFi) Attacks

A common reference frame is introduced to systematically evaluate and compare DeFi incidents, including both attacks and accidents, and investigates 77 academic papers, 30 audit reports, and 181 real-world incidents.

Security Evaluation of Smart Contracts based on Code and Transaction - A Survey

This research classify state-of-the-art analysis techniques for smart contract analysis into two categories, namely, code- based approaches and transaction-based approaches and elaborate on the key techniques adopted by these works respectively.



SoK: Transparent Dishonesty: Front-Running Attacks on Blockchain

This paper draws from a scattered body of knowledge and instances of front-running across the top 25 most active decentral applications (DApps) deployed on Ethereum blockchain and maps the proposed solutions to back-running into useful categories.

Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges

This work highlights the large, complex risks created by transaction-ordering dependencies in smart contracts and the ways in which traditional forms of financial-market exploitation are adapting to and penetrating blockchain economies.

High-Frequency Trading on Decentralized On-Chain Exchanges

This work formalizes, analytically exposit and empirically evaluate an augmented variant of front-running: sandwich attacks, which involve front- and back-running victim transactions on a blockchain-based DEX, and quantifies the probability of an adversarial trader being able to undertake the attack, based on the relative positioning of a transaction within a blockchain block.

Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts

This work presents the Hydra Framework, the first general, principled approach to modeling and administering bug bounties and boosting incentives for hackers to report bugs, and shows how Hydra contracts greatly amplify the power of bounties to incentivize bug disclosure by economically rational adversaries.


The blockchain paradigm when coupled with cryptographically-secured transactions has demonstrated its utility through a number of projects, with Bitcoin being one of the most notable ones, and Ethereum implements this paradigm in a generalised manner.

SoK: Decentralized Finance (DeFi)

A distinction between technical security and economic security is provided, connecting the latter with new models and thereby synthesizing insights from computer science, econom-ics and finance, and the open research challenges in the ecosystem across these security types are outlined.

Towards understanding flash loan and its applications in defi ecosystem

This work proposes ThunderStorm, a 3-phase transaction-based analysis framework, to systematically study Flash Loan on the Ethereum, which identifies Flash Loan transactions by applying observed transaction patterns, understands the semantics of the transactions based on primitive behaviors, and recovers the intentions of transactions according to advanced behaviors.

CALYPSO: Private Data Management for Decentralized Ledgers

This work enhances permissioned and permissionless blockchains with the ability to manage confidential data without forfeiting availability or decentralization and introduces on-chain secrets, a novel abstraction that enforces atomic deposition of an auditable trace whenever users access confidential data.

Tesseract: Real-Time Cryptocurrency Exchange Using Trusted Hardware

Tesseract achieves a best-of-both-worlds design by using a trusted execution environment and supports not only real-time cross-chain cryptocurrency trades, but also secure tokenization of assets pegged to cryptocurrencies.

Majority Is Not Enough: Bitcoin Mining Is Vulnerable

The Bitcoin cryptocurrency records its transactions in a public log called the blockchain, and conventional wisdom asserts that the mining protocol is incentive-compatible and secure against colluding minority groups.