Samneet Chepal

Samneet Chepal

15-12-2021

22:00

1. Spent the past few weeks going down a rabbit hole learning about MEV and Flashbots — very cool stuff! I was surprised to learn that beneath the surface, Ethereum is lurking with sniper bots waiting for any opportunity to make money. Here’s a TLDR on some research + findings.

3. Whenever a tx is made on ETH, before it is fully mined it sits in a pending pool of txs called the mempool. The mempool is public - this is a problem b/c snipers are looking through these unconfirmed txs for opportunities to re-arrange the txs in the block for their benefit.

4. Suppose XYZ token is $100 on Uniswap but $120 on Sushiswap. A simple arb is to buy XYZ on Uniswap and sell on Sushiswap for $20 profit. When this tx hits the public mempool, a sniper bot will notice this trade and immediately jump at the opportunity to front-run the trader.

5. The sniper will copy the trader’s tx but bribe the miner with a higher tx fee. If the trader paid a $5 tx fee, the sniper may pay a $10 fee. Ironically the sniper may get sniped by another bot willing to pay a $15 tx fee.

6. The max tx fee a sniper would pay to the miner would essentially be the arb profit ($20). This is what we refer to as Maximal Extractable Value (MEV).

7. It’s important to note that only one bot can capture this trade — all other bots will have their trades fail. These failed txs take up space in the block which crowds out users. Furthermore, this competitive gas bidding pushes the price of gas up for everyone in the network.

8. Flashbots is arguably the best solution out there to reduce the impact of these snipers. Rather than relaying txs directly to the mempool, users are able to send their txs directly to miners and avoid the limelight of snipers.

9. Txs are sent as bundles through a Flashbots relayer which are then sent off to miners directly without hitting the public mempool. From there miners can choose to accept a Flashbots bundle just like any normal Ethereum tx.

10. Users are able to preserve their pre-tx privacy which is key to avoid getting front-runned. If you’re not revealing your trade before it becomes finalized then there’s no way for a sniper to front-run you. In this case, the tx data is only published after it is fully mined.

11. At the same time this brings forth a more efficient market for gas auctions — rather than bots outbidding each other, gas fees are paid based on market demand.

12. If the trader from above relayed his tx through a Flashbots relayer he would bypass the public mempool. As a result, a sniper bot would not be able to detect his trade until it's fully mined into the blockchain at which point it would be too late to copy the trade.

13. Another example - consider a dev who accidentally uploaded his ETH private key to a public repo on Github. Within minutes bots would immediately sweep his entire ETH balance. The dev also had a valuable NFT stored in this particular address which the bot did not detect.

14. Here’s the problem - in order to transfer the NFT to a safe address, the dev needs to send ETH in the exploited address to pay for the gas fees. The moment any new ETH touches the exploited address, bots will step in and withdraw these funds - ie: the NFT is stuck.

15. The dev can use a sponsored tx using Flashbots to save his NFT. This involves making a tx from account A but paying for the tx fees using account B. He would submit 2 txs in a bundle - one paying for the fees to transfer the NFT and the other actually transferring the NFT.

16. Both of these txs are submitted in a bundle to the Flashbots relayer which will pass along these txs to a miner. These txs remain hidden from the mempool and will only be revealed until after miners include these txs in a block.

17. Let’s consider another example but this time we’re the exploiter. Suppose there’s a broken smart contract which allows anyone to withdraw funds from the contract.

18. A naive exploiter would simply run the `withdraw` function of this smart contract through a normal tx, however, this will likely get front-runned by other snipers.

19. This is where things get really scary/interesting... As shown in the animation below, when the naive exploiter calls the `withdraw` function this tx call data will be publicly available in the mempool.

20. The tx hex data (ie: 0x3ccfd60b) will be available for any sniper to see. Despite not knowing what this call data may be, sophisticated snipers may still front-run by replicating the original trade w/ same tx hex data but just paying higher tx fees so they get priority.

21. As a result, the exploiter is better off submitting the tx through the Flashbots relayer where the tx will be submitted directly to miners.

22. Overall, I think new protocols will need to think carefully about how they protect their users from MEV. @mistXlabs, @Keeper_DAO, @MEVprotection and Flashbots are several solutions out there and I expect more to emerge as this space grows further.

23. Shoutout to @paradigm's awesome testnet faucet (thank you @_anishagnihotri!) - this was used extensively for testing Flashbot relaying txs on the Goerli network.

24. A special thank you to goofyballer (anon in Flashbots discord) for technical coding help and @ishanvermaiv and @bertcmiller for proof-reading and providing valuable feedback + teaching me more about this niche.



Follow us on Twitter

to be informed of the latest developments and updates!


You can easily use to @tivitikothread bot for create more readable thread!
Donate 💲

You can keep this app free of charge by supporting 😊

for server charges...