1. Proceedings
  2. I3M
  3. 2022
  4. EMSS
  5. 10.46354/i3m.2022.emss.041

Simulation of Front-Running Attacks and Privacy Mitigations in Ethereum Blockchain 

  • Zachary Stucke ,
  • Theodoros Constantinides, 
  • John Cartlidge
  • a,b,c  Department of Computer Science, University of Bristol, Bristol, UK 
Cite as
Stucke Z., Constantinides T., and Cartlidge J. (2022).,Simulation of Front-Running Attacks and Privacy Mitigations in Ethereum Blockchain. Proceedings of the 34th European Modeling & Simulation Symposium (EMSS 2022). , 041 . DOI: https://doi.org/10.46354/i3m.2022.emss.041

Abstract

Transactions sent to a public blockchain network, such as Ethereum, are initially held in the mempool before they are accepted in a block. While waiting in the mempool, these ‘in-flight’ transactions are publicly visible and vulnerable to front-running attacks, such that malicious parties use information in the transaction for their own gain and at a direct cost to the transaction owner. In this work, we introduce open-source simulation software for identifying and mitigating these attacks on Ethereum blockchains. Designed for education and research, the software introduces simple smart contracts that elaborate front-running vulnerabilities such as displacement attacks, sandwich attacks, and priority gas auctions. Users can run these attacks in a safe environment, monitor the detailed mechanics of attacks, and mitigate attacks using the MEV-geth protocol for in-flight transaction privacy.

References

  1. Baum, C., Chiang, J. H., David, B., Frederiksen, T. K., and Gentile, L. (2021). Sok: Mitigation of front-running in decentralized finance. Cryptology ePrint Archive, Paper 2021/1628. https://eprint.iacr.org/2021/1628. 
  2. Cartlidge, J., Smart, N. P., and Talibi Alaoui, Y. (2019). Mpc joins the dark side. In ACM Asia Conference on Com puter and Communications Security, Asia CCS ’19, page 148–159. https://doi.org/10.1145/3321705.3329809.
  3. Cartlidge, J., Smart, N. P., and Talibi Alaoui, Y. (2021). Multi-party computation mechanism for anonymous equity block trading: A secure implementation of Turquoise Plato Uncross. Intelligent Systems in Account ing, Finance and Management, 28(4):239–267. https:  https: //doi.org/10.1002/isaf.1502.
  4. Daian, P., Goldfeder, S., Kell, T., Li, Y., Zhao, X., Bentov, I., Breidenbach, L., and Juels, A. (2020). Flash boys 2.0: Frontrunning in decentralized exchanges, miner extractable value, and consensus instability. In IEEE Symposium on Security and Privacy (SP), pages 910–927. https://doi.org/10.1109/SP40000.2020.00040.
  5. Eskandari, S., Moosavi, S., and Clark, J. (2020). Sok: Transparent dishonesty: Front-running attacks on blockchain. In Financial Cryptography and Data Secu rity, volume 11599 of LNCS, pages 170–189. https: 
    //doi.org/10.1007/978-3-030-43725-1_13. 
  6. Heimbach, L. and Wattenhofer, R. (2022a). Eliminating sandwich attacks with the help of game theory. In ACM Asia Conference on Computer and Communications Secu rity, ASIA CCS ’22, page 153–167. https://doi.org/10. 
    1145/3488932.3517390. 
  7. Heimbach, L. and Wattenhofer, R. (2022b). Sok: Preventing transaction reordering manipulations in decen tralized finance. arXiv. https://arxiv.org/abs/2203. 11520. 
  8. Kelkar, M., Zhang, F., Goldfeder, S., and Juels, A. (2020). Order-fairness for byzantine consensus. In Ad vances in Cryptology – CRYPTO 2020, volume 12172 of LNCS, pages 451–480. https:doi.org//10.1007/ 978-3-030-56877-1_16.
  9. Massacci, F. and Ngo, C. N. (2021). Distributed financial exchanges: Security challenges and design principles. IEEE Security & Privacy, 19(1):54–64. https://doi.org/ 10.1109/MSEC.2020.2994826.
  10. Qin, K., Zhou, L., and Gervais, A. (2022). Quantifying blockchain extractable value: How dark is the forest? In IEEE Symposium on Security and Privacy (SP). Preprint available: https://arxiv.org/abs/2101.05511.
  11. Stucke, Z. (2022). Generalised front-running at tacks in blockchain: Building, formalising and mitigating generalised front-running techniques in blockchain environments. Bachelor’s the sis, Department of Computer Science, University of Bristol, UK. https://github.com/zakstucke/ ethereum-front-running/blob/main/StuckeBSc.pdf. 
  12. Varun, M., Palanisamy, B., and Sural, S. (2022). Mitigating frontrunning attacks in ethereum. In ACM International Symposium on Blockchain and Secure Critical Infrastruc ture, BSCI ’22, page 115–124. https://doi.org/10.1145/ 3494106.3528682. 
  13. Zhou, L., Qin, K., Cully, A., Livshits, B., and Gervais, A. (2021). On the just-in-time discovery of profit generating transactions in DeFi protocols. In IEEE Symposium on Security and Privacy (SP), page 919–936. https://doi.org/10.1109/SP40001.2021.00113.