This is an example of a blind mempool injection
Some people assume that Flashbots protects them from MEV, and in a lot of cases it does. However, if an attacker anticipates your transaction they might still be able to execute a backrunning attack at no cost.
Method
They can do so by exploiting the economic optimisation implemented by flashbot builders. Flashbots Builders receive many bundles, and observe the public mempool. Their task is to come up with the most profitable block (for the validator) given all of those bundles and public transactions.
This behaviour is very nice, as it allows us to create a somewhat reliable backrunning functionality by injecting bundles that give a high reward if and only if our bundle is placed (right) after another one!
Here is an example blind backrunning approach:
- Create a smart contract that has three functions:
backrun()- a function which executes the backrunning transaction.require_succesfull_backrun()- a function which only succeeds if the backrun executed succesfully and at a profit.execute()- a function that first callsbackrun()and then callsrequire_successfull_backrun(), sending some of the proceeds to the coinbase address.
- Deploy
- Submit a bundle calling
execute()for every block
Info
Note that the builder will not include your transaction unless it succeeds (according to https://docs.flashbots.net/ at the time of writing this note). Therefore, you’ll be able to execute this attack stealthily until the first success!
Limitations
This attack only works if we can reliably detect successful backrunning from the EVM, similar to the Flashbots Blind Frontrunning Attack.