On the Ethereum network, there are bots specialized in anticipating and copying pending transactions. The bots are an inheritance from Wall Street and its automated trading robots.
Unbelievably, a lot of money on the Ethereum network is on the waiting list, and some programmers can steal. In this space, known as the mempool, there are thousands of transactions and smart contracts with vulnerabilities. Most users do not know which they are, but DeFi programmers can detect them and take advantage of them thanks to automated bots. According to Dan Robinson, a researcher at Ethereum, “these bots inhabit a dark forest.”
In the article entitled “Ethereum is a dark forest”, Robinson describes a world that many people are unaware of. This is precisely the world of “Ethereum arbitrage bots”, which monitor the smart contracts on the Ethereum network to locate pending transactions, aiming to steal the money locked in transactions.
Robinson begins this story by stating that he was browsing a Uniswap Discord channel when he found a message that caught his attention. Someone needed to recover Uniswap tokens valued at about USD 12,000. These tokens were accidentally locked as they were sent to Uniswap’s liquidity token base contract.
The researcher initially thought that the user could not recover the money, but he realized that anyone could claim it. It would be enough to execute a Uniswap function called burn for the smart contract to detect the duplicate tokens and return their value to whoever conducted the burn function.
Trying to “Get Ahead” of Arbitrage Bots on Ethereum
Philip Daian described the bots that Robinson feared in the Flash Boys 2.0 paper. In this document, Daian explained how “Arbitrage Bots” or “High-Frequency Trading Bots” had migrated from Wallstreet to the Ethereum blockchain to exploit the inefficiencies of Decentralized Exchanges (DEXs).
Generalized Frontrunners, one particular species of these bots, scan the Ethereum mempool in search of stuck transactions that they can copy and modify to include the attacker’s address and spread to the network with a much higher fee. With this, they seek to make miners prioritize them over legitimate transactions and thus can get ahead of them.
The existence of arbitrage bots that haunt the mempool led Robinson to consider the situation as a time bomb, with the stuck funds undetected for more than 8 hours in the Ethereum mempool. Although he had never seen bots in action, he knew that saving the transaction would not be easy. If he had called the burn function, it would have alerted the arbitrage bots to the existence of the waiting transaction.
He decided to proceed carefully, together with collaborators, to build a strategy to save the funds from the transaction. Then they designed a smart contract composed of several transactions that would be triggered one after another to save the USD 12,000. In this way, potential bots would not be able to notice or do the sequence correctly.
However, it did not go as expected, since a bot detected the operation and stole the USD 12 thousand that were in the mempool.
By Willmen Blanco
