Many smart contracts implement game-theoretic elements.
Most also implement some form of automation, e.g. users deposit liquidity which gets used according to a given strategy. This strategy can be vulnerable when it provides too much of an advantage to a malicious user.
Letβs look at the difference between acceptable and unacceptable advantage to see how much is too much:
π Acceptable
Having a system where people have an advantage is not necessarily detrimental.
Take arbitrage, an example of actors exploiting their advantage (they know the actual value of an asset) at the expense of other participants.
Though people can exploit their knowledge to their advantage, this should not be seen as a vulnerability. After all, every participant in the system still benefits from their participation.
β Vulnerable
Youβve got a problem when one actor has such an advantage that other people are better off not participating.
Example:
Letβs assume that there is a smart contract that takes bets on the price of ETH after one day.
It uses a very sophisticated algorithm to do this computation: it always guesses the moving average of the ETH price over the last month. This might do okay for a while, sometimes winning, sometimes losing. However, what happens when the market crashes?
It will keep taking bets at the average value over the last month.
It will be giving away free gains.
While betters donβt know tomorrowβs price, they do know that tomorrowβs price is likely closer to the current price than anything else.
An attacker can exploit this by continuously making bets,** rarely losing** (the price could recover after all) and winning most of the time.