Published in · 2 min read · Jan 16, 2022
--
Before adding the transactions to the block, there is something called a transaction pool(mempool) wherein all the transactions reside, the miner based on each transaction's gas fees decides the order in which those transactions get executed.
The attacker can execute something called the Front-Running Attack wherein, they basically prioritize their transaction over other users by setting higher gas fees. Let's understand with an example, how this is bad.
The Attack
Below is a FindThisHash contract wherein, by guessing the correct hash the user is rewarded 10 ether. Suppose a user Bob was able to find the solution, he will input his solution and call the solve function. Now, the malicious user Eve keeps track of the transaction pool for Bob’s transaction — finds the solution, and initiates a new transaction with higher gas fees for solve function.
The miners looking for transactions to add to the block choose Eve’s transaction as it has higher gas fees. As a result, Eve’s transaction executes first and the 10 ether are deposited to Eve’s account.
How can we stop this?
One thing to keep in mind is that even if the smart contract is bug-free if there are incentives for reordering the transactions then a possible Front Running is possible. Using a submarine send, which uses a commit-reveal scheme, one can hide the actual answer and reveal it at a later stage.
Hope you enjoyed reading it
Ciao!!!
