Ethereum
$2,944.86 -5.91%
ETH · 206w

Front-running Bancor in 150 lines of Python with Ethereum API

Front-running Bancor in 150 lines of Python with Ethereum API Launching the attack: the green letters look just like on TV

This post is a deep-dive into a game-theoretic security flaw in Bancor, a high-profile smart contract on the Ethereum blockchain. The full code can be found at https://github.com/bogatyy/bancor.

Imagine trying to hack Bank of America — except you can read all of their code in advance, all of their transactions are public, and if you steal the money it’s irreversible. Sounds like a paranoid worst-case scenario? Well, this is exactly the setup Ethereum smart contract developers have to deal with every day. Bitcoin and the blockchain technology unlocked tremendous possibilities in international payments, and the Ethereum further magnified it by allowing to manage these payments through programs called smart contracts. However, smart contracts also give hackers a much easier setup for attacks.

Front-running is one such attack. The term originated in the stock market, back in the days when trades were executed on paper, carried by hand between the trading desks. A broker would receive an order from a client to buy a certain stock, but then place a buy order for themselves in front. That way the broker benefits from the price increase at the expense of their client. Naturally, the practice is unfair and was outlawed.

On the blockchain, the problem becomes a lot more severe. First, all the transactions are broadcast publicly. More importantly, blockchain participants across the world are not bound by the same relationship as a broker and their client, so attackers can exploit their knowledge of a pending transaction with impunity.

If you squint hard enough, you can imagine these guys trying to front-run each other

Several months ago, researchers at Cornell uncovered that Bancor, an ICO that spectacularly raised over $150M in funding over a few minutes, was vulnerable to front-running. They pointed out that miners wou...

Continue on medium.com
Recent news
ETH -5.91% · theblockcrypto.com · 5h

China committing financial suicide..again.

Sparkpool said more details about the suspension will be released shortly but the decision is in response to China's latest regulatory policy
ETH -5.91% · cnbc.com · 13h

China bans crypto again

China's central bank renewed its tough talk on bitcoin, calling all digital currency activities illegal and vowing to crack down on the market.
27