Front-running Ethereum miners are suffering from a bout of food poisoning.
Maximal Extractable Value (MEV) – the practice of manipulating a transaction queue to squeeze profits from other unsuspecting traders – is making a hot splash in Ethereum’s decentralized finance (DeFi) markets. But players in the know aren’t always as safe as they might think, as evidenced by one trader who netted 130 ETH worth an estimated $250,000 by preying on the predators.
Friday, bot trader and LocalCoin Swap CTO Nathan Worsley released two token contracts named “Salmonella” and “Listeria” on the Ethereum blockchain with the intention of luring unsuspecting bot traders into an ambush. Mining pool Ethermine – which only publicly announced its MEV strategy last Wednesday – became entangled in the token trap, netting Worsley a quarter-million dollars after a few hours’ work.
Ethermine, Worsley and other MEV trailers are playing the blockchain equivalent of high-frequency trading (HFT) strategies that recently came into the public spotlight with the Robinhood, r/WallStreetBets and Melvin Capital spectacle.
Trades on decentralized exchanges (DEX) are sitting ducks while they remain idle in the processing queue. A small cohort of developers can and do take advantage of this lag time between hitting the trade button and the trade executing on-chain by front-running, back running or, in this case, “sandwiching” a transaction.
Worsley’s gambit was a “poisoned” sandwich trade. In a sandwich, a transaction is both front-run and back-run (the bread), which causes price slippage for the transaction in between (the meat, or perhaps cheese).
“In layman’s terms, you see that someone will buy an asset, so you buy it first to artificially inflate the price, before selling afterwards at a profit,” Worsely explained in a post mortem.
A ‘poisoned’ sandwich for front-running bots
Nimble solo bot traders can take advantage of large players moving into the market. One method Worsley developed was poisoning a sandwich trade.
Worsley deployed a proprietary token contract with tweaked parameters, including notifications if anyone was trying to trade with the toxic contract. Additionally, the contract would return only 10% of the asked-for tokens in the Uniswap pool Worsely setup.
“It has some special logic to detect when anyone other than the specified owner is transacting it, and in these situations it only returns 10% of the specified amount – despite emitting event logs which match a trade of the full amount,” he said.
Worsley then sent out transactions with a both a low transaction fee and high slippage. Ethermine’s bots raced ahead to take advantage of the slippage as Worsley’s bait lingered in the transaction queue.
“Instead of giving them a juicy payout, the token itself in the trade exploits the sandwich trader by giving them only a fraction of the tokens they thought the swap would yield,” Worsley explained. “After this happens, the ‘sell’ order of the sandwich trader now fails, and they are left holding the Salmonella token. Instead of making a bunch of ETH in profit from my bait, they are instead left with a stomach full of Salmonella.”
Worsley remains unapologetic about his MEV strategy, telling CoinDesk DeFi is merely a game of poker.
“Nothing against Ethermine or the other traders personally, but this is a game of high-stakes poker and they sat down at the table intending to take all of my chips. Maybe next time they will be the ones walking home with all my chips. That’s the game,” he said.