Performing a Front Running Attack on the Blockchain

Photo by Andy Beales on Unsplash

Performing a Front Running Attack on the Blockchain

If you’re into DEFI or the Blockchain space, you’ve probably heard the term “Front running”.
This basically means “placing a trade or creating a transaction based on privileged info”.
When this attack is done on a blockchain, this could mean taking advantage of the process of verifying transactions on the blockchain to create transactions or perform actions that will benefit you(the attacker).

  • A user creates a transaction(to place a trade).
  • He broadcasts this transaction to the other nodes in the network
  • This transaction is not added to the blockchain immediately but kept in a pool(the mem pool).
  • All pending transactions are stored here, before verification & addition to the block.
  • Miners now verify these transaction stored in the mem pool.
  • They can select & verify the transactions in any order that suits them, but they’ll do this according to transactions that have the highest gas rewards. So transactions with the highest rewards will be verified first.

This is where a Front-running attacker comes in.
A Front-runner (probably using a bot) could check for high value transactions that will move the market.
Once he identifies this, the attacker places a trade that will benefit from this high value transaction and also attach a higher gas reward to his transaction.
This higher gas reward will make a miner to process the attacker's transaction before the high value transaction.
Since the high-value transaction is already pending and just a matter of time before it gets added to the blockchain, all the attacker has to do is wait.
Once the high-value transaction is processed, this will move the market possibly towards making a profit for the attacker.

This is basically how a frontrunning attack will work on a blockchain.

Obviously, you can see this isn't really a bug but an exploitation of a feature of the blockchain.

  • You(user) want to purchase a domain name.
  • An attacker sees this and places an order to purchase that domain and tips a gas fee higher than yours.
  • The miner validates their transaction before yours, making them the owner of the domain name before you.
  • Due to this attack, user cant get their desired domain name again and will have to pay the attacker’s price if they still want to purchase that domain.

This is another classic example of a front-running attack.

  • Your first instinct might be to attach high gas rewards to your transactions so that it will be non-profitable for an attacker to front-run your transaction. Of course, this solution is not scalable but can work in most cases.
  • Another solution will be to broadcast your high value transactions to a private miner. You can read more on this here

Heyy, Hope it was interesting😃
I’m Ebube, and I love to write about stuff I learn.
Helps the learning process, you know.