Editor's Note: This article comes fromChain news (ID: chainnewscom), Author: Li Hua, reproduced by Odaily with authorization.
Chain news (ID: chainnewscom)
Chain news (ID: chainnewscom)
, Author: Li Hua, reproduced by Odaily with authorization.
image description
The slogan of "Edge of Tomorrow": Reincarnation of life and death
In the blockchain, someone also knows what will happen. Not only do they know what the future holds, but they can, like the aliens in Edge of Tomorrow, act on that information to generate a future to their advantage.
secondary title
The beginning and end of the flash loan incident
The way hackers make money in the flash loan incident is the same as yours and mine: buy low and sell high. The only difference is that hackers know where the lows are and where the highs are. Why does he know? Because the person who is about to raise the price is himself.
A simulated attack process just to illustrate the principle is as follows: borrow 60 ETH through the flash loan function of dYdX, then mortgage 40 ETH on Compound to lend 1 BTC, and then use the remaining 20 ETH to buy in bZx with 5 times leverage BTC, the liquidity of this leveraged transaction is provided by Uniswap, causing the price of BTC to ETH on Uniswap to skyrocket. Lose the initial borrowed 60 ETH and make a profit of 20 ETH. (For the real process, you can read references 1 and 2 at the end of the article)
image description
Picture from CryptoLaboratory
It can be considered that the hacker has two avatars, the first clone pulls the market (20 ETH × 5 = 100 ETH), and the second clone makes a profit (40 ETH). In this process, the money earned by the second clone and the money earned by the Uniswap market maker are added It should be equal to the money lost by the avatar, that is to say, in general, the hacker lost money, but due to bZx’s contract loopholes, the bZx did not explode the position of the avatar in time, causing bZx’s depositors to bear the loss together, and this is precisely The reason why hacking can be established. The role of the flash loan in the whole incident was only to provide initial funds, allowing hackers to complete the attack at no cost and with zero risk.
However, this attack itself is not the core of this article. This example is described because it clearly shows one thing: if you know that someone will buy in large quantities in the future (there will be large price fluctuations in the market), you can "Ambush" before buying to realize profit. Visually speaking, if A plans to buy a large amount of ETH, and B knows A's purchase intention, he can buy ETH at the current price before A, and then sell it at a higher price to earn the difference.
In traditional financial markets, this behavior is Front Running (front running). Front Running means that if a large transaction that will affect asset prices is known in advance from non-public information, it can be bought and sold first to obtain profits.
The trader believes that the customer's purchase or sale will change the market price before executing the customer's trading order, so he first buys and sells for his own account;
The act of buying and selling stocks before a brokerage publishes a research report that is widely disseminated.
In the decentralized trading market on the chain, Front Running is similar to the first situation above, which is to complete its own transaction first after knowing the purchase intention of the other party. This kind of behavior is illegal in the traditional financial market because it uses non-public information, but it is difficult to identify it as illegal on the blockchain because it uses "public" information.
Due to the particularity of blockchain time, the future on the blockchain can be "seen" before it happens, that is to say, we know that a transaction will happen before it happens, just like executing a customer transaction The entrusted dealer knows that buying and selling will happen.
secondary title
Time specificity of blockchain
Blockchain is a distributed system, and one of its biggest problems is that participants cannot reach a consensus on physical time. However, in order to determine the order of transactions and avoid double spending, it is very important for network participants to reach a consensus on time. Therefore, Satoshi Nakamoto combined the proof of work with the principle of the longest chain to realize the timestamp service: use the order of blocks Represents the order of time, and participants only need to agree on the block order. A block can be thought of as the basic unit of time on the blockchain.
So, how to convert the minute and second time unit of a transaction into the block time unit?
After a transaction is submitted, it enters a place called a transaction pool, where there are many other transactions. Miners will select transactions from the transaction pool to package into the next block. These transactions have a default priority. Physical time is a factor that determines the order, but it is not the most important factor. For example, miner fees are far more important than physical time. Only the transactions that are selected to enter the next block will be converted from the time unit of minutes and seconds to the unit of block time, and only after this conversion is completed, the transaction will actually take place on the blockchain.
Who can see the trading intent revealed? The most typical is the miner. Miners are the ones who package the transactions. They can not only see the transactions, but even know which transactions will enter the next block and the order of these transactions in the same block. From a technical point of view, miners can insert their own transactions into appropriate positions by intervening in the order of transactions. When it comes to Front Running, no one has an advantage over miners.
In addition to miners, each of us can also see the transaction intent. Because the transaction is first broadcast to the network and then enters the transaction pool, and everyone can listen to the transaction broadcast. For traders and trading robots on DEX, they only need to monitor the transaction situation on DEX. After discovering the transaction intention, they can make their transactions rank in the front by increasing the transaction fee, so as to complete Front Running and realize risk-free profit .
But Front Running is obviously unfair. It destroys the trading strategies of normal traders and damages their trading interests. An inaccurate but illustrative example: You plan to buy 100ETH from the market, and the possible average price is 270 USD/ETH; but the trading robot finds out your trading intention and buys it first, and it buys it at 270 USD/ETH , and you may have to buy it at the raised price of $280/ETH, which costs an extra $1,000.
secondary title
Flash Boys on DEX
In 2019, Philip Diane, an active blockchain researcher at Cornell University, published a paper with colleagues called "Flash Boys 2.0: Front-running, Transaction Reordering, and Unstable Consensus in Decentralized Exchanges." , analyzing the situation that trading robots on the blockchain perform front-running transactions by increasing transaction fees and reducing network delays.
Flash Boys comes from the book "Flash Boys: A Wall Street Uprising" by Michael Lewis, the author of "Big Short", and refers to a group of high-frequency traders on Wall Street.
image description
The Flash Boys: A Wall Street Uprising by Michael Lewis
Front Running on the blockchain will be compared with High Frequency Trading because they have certain similarities.
How profitable is high frequency trading? We can find an interesting avenue to push back: Lewis once talked about a guy who worked for Citadel Securities, who was paid $90 million a year, but then left angrily because he felt the company was not paying him enough.
Both high-frequency trading and Front Running on the blockchain include two basic components: discovering transaction intentions and completing transactions first. It's just that the former discovers the transaction intention through "bait", and the latter discovers the transaction intention through monitoring; the former advances its own transaction through better technology, and the latter advances its own transaction through higher transaction fees.
The difference between the two is that the time window for high-frequency trading is very small, and everyone races in nanoseconds, which has extremely high requirements for the high-frequency trading system; while Front Running on the blockchain is basically Only affected by transaction fees, the more money you pay, the more you can get ahead.
Overall, in terms of transaction methods, Front Running on the blockchain is closer to high-frequency transactions in traditional financial markets, except that more "straight" network cables are replaced with higher transaction fees. In terms of nature, degree of unfairness, and harm to the market, it is closer to Front Running in the traditional financial market, but this kind of transaction on the blockchain is not illegal, so it cannot be banned .
secondary title
solution
It is difficult for the DEX protocol of the Dutch auction mode to have Front Running. The typical representative is DutchX. The competition between transactions is mainly based on price rather than "time", and these transactions are all executed at the same price, and Front Running is unprofitable. However, due to the long time to complete Dutch auctions, the time-sensitive trading needs cannot be met through DutchX.
References
《The DEX protocol of the automated market-making mode is more difficult to block Front Running, such as Uniswap, which automatically adjusts the price according to the available liquidity. The size of the transaction has a greater impact on the quotation, and the order of the transaction determines the transaction price. In order to reduce the damage caused by Front Running, the method adopted by Uniswap is to allow users to specify the maximum price of the transaction, so that users may not be able to complete the transaction, but they will not complete the transaction at an unacceptably high price. However, this is an expedient measure, and the real solution to the problem needs to be further explored.Currently, the most widely used DEX protocol based on the order book model is based on the difficulty of fighting Front Running between the first two types of protocols. The impact of Front Running can be reduced through the design of DEX: the method that has been applied is to introduce some centralization, such as the administrator completing the order matching off the chain, and restricting only the administrator to finally submit to the chain for settlement; The approach under development is to use zero-knowledge proofs to hide a trader's trading intentions. According to the existing experience, using cryptography to solve the problems on the blockchain seems to be an ideal way.
《PeckShield:Front Running is a common problem faced by DEX, and it is also an important reason that prevents DEX from becoming a mainstream choice. But with the development of technology, it is possible for us to circumvent or control Front Running. This article discusses the problems of DEX, but these problems cannot be used to prove that DEX is not a good choice, we discuss it precisely because it is worth discussing.Arbitrage logic, profit and loss analysis and sensitivity test of Bzx flash loan event
《Flash loan:", Author: Natural;Analysis of hard core technology, the whole story of the bZx protocol being attacked by hackers
《", Author: PeckShield;Flash loan:
