nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

SoK: Transparent Dishonesty: Front-Running Attacks on Blockchain

verfasst von : Shayan Eskandari, Seyedehmahsa Moosavi, Jeremy Clark

Erschienen in: Financial Cryptography and Data Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

We consider front-running to be a course of action where an entity benefits from prior access to privileged market information about upcoming transactions and trades. Front-running has been an issue in financial instrument markets since the 1970s. With the advent of the blockchain technology, front-running has resurfaced in new forms we explore here, instigated by blockchain’s decentralized and transparent nature. In this paper, we draw from a scattered body of knowledge and instances of front-running across the top 25 most active decentral applications (DApps) deployed on Ethereum blockchain. Additionally, we carry out a detailed analysis of Status.im initial coin offering (ICO) and show evidence of abnormal miner’s behavior indicative of front-running token purchases. Finally, we map the proposed solutions to front-running into useful categories.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Building Executable Secure Design Models for Smart Contracts with Formal Methods

Nächstes Kapitel Trustee: Full Privacy Preserving Vickrey Auction on Top of Ethereum

A block in the stock market is a large number of shares, 10 000 or more, to sell which will heavily change the price.

Securities Exchange Act Release No. 14156, November 19, 1977, (Letter from George A. Fitzsimmons, Secretary, Securities, and Exchange Commission to Joseph W. Sullivan, President CBoE).

List of decentralized applications https://DAppradar.com/DApps.

Also known as ForkDelta for the user interface: https://forkdelta.app/.

As there are no automated function calls in Ethereum, this incentive model –known as Action Callback [52]– is used to encourage users to call these functions.

https://exitscam.me/play.

The first winner of Fomo3D, won 10,469 Ether https://etherscan.io/tx/0xe08a519c03cb0aed0e04b33104112d65fa1d3a48cd3aeab65f047b2abce9d508.

Also known as Block Stuffing Attack [59].

https://twitter.com/ensbot.

Note that we do not have an authoritative copy of the mempool over time, however, the probability of these transactions being broadcasted to the network and exclusively get mined by the same pool as the sender is low.

Official Go implementation https://github.com/ethereum/go-ethereum.

https://cloud.google.com/bigquery/.

https://www.tableau.com/.

http://bit.ly/madibaFrontrunning.

F2Pool address was identified by their mining reward deposit address https://etherscan.io/address/0x61c808d82a3ac53231750dadc13c777b59310bd9.

Sometimes the pool is called a ‘queue.’ It is important to note is a misnomer as queues enforce a first-in-first-out sequence.

This is analogous to behavior in traditional financial markets where high-frequency traders will make and cancel orders at many price points (flash orders or pinging). If they can cancel faster than someone can execute it—someone who has only seen the order and not the cancellation—then the victim reveals their price information.

Also known as batch auctions [63].

Account types, gas, and transactions. Ethereum homestead 0.1 documentation. http://ethdocs.org/en/latest/contracts-and-transactions/account-types-gas-and-transactions.html#what-is-gas. Accessed 14 June 2018

96th Congress 1st Session, report of the special study of the options markets to the securities and exchange commission (1978)

Im-2110-3. Front running policy. Financial Industry Regulatory Authority (2002)

SSAC advisory on domain name front running. ICANN Advisory Committee, 10 2007. Accessed 15 Aug 2018

Front running of block transactions. Financial Industry Regulatory Authority (2012)

Notice of filing of proposed rule change to adopt FINRA rule 5270 (front running of block transactions) in the consolidated FINRA rulebook. Securities and Exchange Commission (2012)

Security review of 0x smart contracts. ConsenSys-Diligence (2017)

The status network, a strategy towards mass adoption of Ethereum. Status Team (2017). Accessed 10 June 2018

Cryptokitties. Cryptokitties team (2018). Accessed 31 Aug 2018

10.

Anonymous. How the first winner of Fomo3D won the jackpot? (2018). https://winnerfomo3d.home.blog/. Accessed 9 Sept 2018

11.

Bamert, T., Decker, C., Elsen, L., Wattenhofer, R., Welten, S.: Have a snack, pay with bitcoins. In: 2013 IEEE Thirteenth International Conference on Peer-to-Peer Computing (P2P), pp. 1–5. IEEE (2013)

12.

Beaver, D., Haber, S.: Cryptographic protocols provably secure against dynamic adversaries. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 307–323. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-47555-9_26CrossRef

13.

Bogatyy, I.: Implementing Ethereum trading front-runs on the Bancor exchange in Python (2017). https://hackernoon.com/front-running-bancor-in-150-lines-of-python-with-ethereum-api-d5e2bfd0d798. Accessed 13 Aug 2018

14.

Bonneau, J., Felten, E.W., Goldfeder, S., Kroll, J.A., Narayanan, A.: Why buy when you can rent? Bribery attacks on bitcoin consensus (2016)

15.

Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)MathSciNetCrossRef

16.

Breidenbach, L., Daian, P., Tramer, F., Juels, A.: Enter the hydra: towards principled bug bounties and exploit-resistant smart contracts. In: 27th USENIX Security Symposium (USENIX Security 18). USENIX Association (2018)

17.

Breidenbach, L., Daian, P., Juels, A., Tramer, F.: To sink frontrunners, send in the submarines (2017). http://hackingdistributed.com/2017/08/28/submarine-sends/. Accessed 28 Aug 2018

18.

Breidenbach, L., Kell, T., Gosselin, S., Eskandari, S.: Libsubmarine: defeat front-running on Ethereum (2018). https://libsubmarine.org/. Accessed 7 Dec 2018

19.

Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy (SP), vol. 00, pp. 319–338 (2018)

20.

Buti, S., Rindi, B., Werner, I.M.: Diving into dark pools (2011)

21.

Cheng, R., et al.: Ekiden: a platform for confidentiality-preserving, trustworthy, and performant smart contract execution. arXiv preprint arXiv:1804.05141 (2018)

22.

Clark, J., Bonneau, J., Felten, E.W., Kroll, J.A., Miller, A., Narayanan, A.: On decentralizing prediction markets and order books. In: Workshop on the Economics of Information Security, State College, Pennsylvania (2014)

23.

E. Discussion: Handling frontrunning in the permanent registrar (2018)

24.

distribuyed: A comprehensive list of decentralized exchanges (DEX) of cryptocurrencies, tokens, derivatives and futures, and their protocols (2018). https://distribuyed.github.io/index/. Accessed 24 Sept 2018

25.

Edelman, B.: Front-running study: testing report (2009)

26.

Entriken, W., Shirley, D., Evans, J., Sachs, N.: ERC-721 non-fungible token standard (2018). https://github.com/ethereum/EIPs/blob/master/EIPS/eip-721.md. Accessed 31 Aug 2018

27.

Ethereum: worker.go - commitnewwork() (2018). Accessed 7 Dec 2018

28.

Financial Times: Barclays trader charged with front-running by us authorities (2018)

29.

Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_10CrossRef

30.

Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoins peer-to-peer network. In: USENIX Security, pp. 129–144. USENIX Association, Washington, D.C. (2015)

31.

Hertzog, E., Benartzi, G., Benartzi, G.: Bancor protocol (2017)

32.

initc3.org: Frontrun me (2018). http://frontrun.me/

33.

G. Issue: Method ‘decreaseapproval’ in unsafe (2017)

34.

Johnson, N.: Ethereum domain name service - specification (2016)

35.

Kalodner, H.A., Carlsten, M., Ellenbogen, P., Bonneau, J., Narayanan, A.: An empirical study of Namecoin and lessons for decentralized namespace design. In: WEIS. Citeseer (2015)

36.

Karame, G.O., Androulaki, E., Capkun, S.: Double-spending fast payments in bitcoin. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 906–917. ACM (2012)

37.

Koch, M.B.: Exploring CryptoKitties - part 2: the CryptoMidwives (2018)

38.

Kosba, A., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 839–858. IEEE (2016)

39.

Malinova, K., Park, A.: Market design with blockchain technology (2017)

40.

Marcus, Y., Heilman, E., Goldberg, S.: Low-resource eclipse attacks on Ethereum’s peer-to-peer network. Cryptology ePrint Archive, Report 2018/236 (2018). https://eprint.iacr.org/2018/236

41.

Markham, J.W.: Front-running-insider trading under the commodity exchange act. Cath. UL Rev. 38, 69 (1988)

42.

Maxwell, G.: Confidential transactions (2015). https://people.xiph.org/~greg/confidential_values.txt. Accessed 9 May 2016

43.

McCorry, P., Hicks, A., Meiklejohn, S.: Smart contracts for bribing miners. IACR Cryptology ePrint Archive, 2018:581 (2018)

44.

McCorry, P., Shahandashti, S.F., Hao, F.: A smart contract for boardroom voting with maximum voter privacy. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 357–375. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70972-7_20CrossRef

45.

Medvedev, E.: Python scripts for ETL (extract, transform and load) jobs for Ethereum blocks (2018). https://github.com/medvedev1088/ethereum-etl

46.

Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from bitcoin. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 397–411. IEEE (2013)

47.

Moosavi, S., Clark, J.: Ghazal: toward truly authoritative web certificates using ethereum. In: Zohar, A., et al. (eds.) FC 2018. LNCS, vol. 10958, pp. 352–366. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-662-58820-8_24CrossRef

48.

Nakamoto, S.: Bitcoin: A Peer-to-peer Electronic Cash System (2008)

49.

Noether, S.: Ring signature confidential transactions for Monero. Cryptology ePrint Archive, Report 2015/1098 (2015). https://eprint.iacr.org/2015/1098

50.

Petty, C.: A look at the Status.im ICO token distribution (2017). https://medium.com/the-bitcoin-podcast-blog/a-look-at-the-status-im-ico-token-distribution-f5bcf7f00907. Accessed 10 June 2018

51.

Pierrot, C., Wesolowski, B.: Malleability of the blockchain’s entropy. Crypt. Commun. 10(1), 211–233 (2018)MathSciNetCrossRef

52.

Piqueras, E.: Generalized Ethereum frontrunners, an implementation and a cheat (2019)

53.

Radner, R., Schotter, A.: The sealed-bid mechanism: an experimental study. J. Econ. Theor. 48(1), 179–220 (1989)MathSciNetCrossRef

54.

Rahimian, R.: Multiple withdrawal attack (2018)

55.

Reitwiessner, C.: An update on integrating Zcash on Ethereum (ZoE) (2017). https://blog.ethereum.org/2017/01/19/update-integrating-zcash-ethereum/

56.

Sasson, E.B., et al.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 459–474. IEEE (2014)

57.

SECBIT: How the winner got Fomo3D prize – a detailed explanation (2018). https://medium.com/coinmonks/how-the-winner-got-fomo3d-prize-a-detailed-explanation-b30a69b7813f. Accessed 9 Dec 2018

58.

Sirer, E.G., Daian, P.: Bancor is flawed (2017). http://hackingdistributed.com/2017/06/19/bancor-is-flawed/. Accessed 14 June 2018

59.

Solmaz, O.: The anatomy of a block stuffing attack (2018). https://osolmaz.com/2018/10/18/anatomy-block-stuffing/

60.

Ver, R., Wu, J.: Bitcoin cash planned network upgrade is complete (2018). Accessed 7 Dec 2018

61.

Vermorel, J., Séchet, A., Chancellor, S., van der Wansem, T.: Canonical transaction ordering for bitcoin (2018). Accessed 7 Dec 2018

62.

Vogelsteller, F., Buterin, V.: ERC-20 token standard (2015). https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20.md. Accessed 31 Aug 2018

63.

Walther, T.: Multi-token batch auctions with uniform clearing prices (2018)

64.

Warren, W.: Front-running, griefing and the perils of virtual settlement (2017). https://blog.0xproject.com/front-running-griefing-and-the-perils-of-virtual-settlement-part-1-8554ab283e97. Accessed 14 Aug 2018

65.

Warren, W., Bandeali, A.: 0x: an open protocol for decentralized exchange on the Ethereum blockchain (2017). https://github.com/0xProject/whitepaper

66.

Williamson, D.Z.J.: The AZTEC protocol (2018). https://github.com/AztecProtocol/AZTEC/

67.

Zetzsche, D.A., Buckley, R.P., Arner, D.W., Föhr, L.: The ICO gold rush: it’s a scam, it’s a bubble, it’s a super challenge for regulators (2018)

68.

Zhou, Y., Kumar, D., Bakshi, S., Mason, J., Miller, A., Bailey, M.: Erays: reverse engineering Ethereums opaque smart contracts. In: USENIX Security (2018)

69.

Zhu, H.: Do dark pools harm price discovery? Rev. Financ. Stud. 27(3), 747–789 (2014)CrossRef

Titel: SoK: Transparent Dishonesty: Front-Running Attacks on Blockchain
verfasst von: Shayan Eskandari
Seyedehmahsa Moosavi
Jeremy Clark
Verlag: Springer International Publishing
Buch: Financial Cryptography and Data Security
Print ISBN: 978-3-030-43724-4

Electronic ISBN: 978-3-030-43725-1

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-43725-1_13

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"