This is an example of blind mempool injection, where an attacker is able to front-run a transaction submitted to the Flashbots private mempool.
Method
The method leverages the fact that builders are rational and will optimise for the highest fees.
An attacker will submit a bundle with a conditional reward ( implemented in solidity ): transaction before victim → Non-zero fee transaction after victim → Zero fee
Here is an example blind frontrunning approach:
- Create a smart contract that has three functions:
frontrun()- a function which executes the frontrunning transaction.require_succesfull_frontrun()- a function which only succeeds if the front executed successfully.execute()- a function that callsfrontrun()and callsrequire_successfull_frontrun()sending some fees to the coinbase address.
- Deploy
- Submit a bundle calling
execute()for every block that we expect to contain a victim bundle.
💡 a cleaner approach is possible since the introduction of mev-share
Limitations
The attacker has to be able to write a solidity function that checks whether the victim transaction has happened yet. If the attacker is not able to predict when the victim transaction is transmitted, then they’ll have to execute the attack every block. This can get prohibitively expensive depending on the attack vector.
Note that we don’t necessarily know that the victim transaction will happen after the frontrunning transaction. This is the primary limitation of the vector.
Note however that some information on events is leaked through the logsBloom feature, enabling this attack in various cases.
Combining this approach with Flashbots Blind Backrunning allows attackers to perform a sandwich attack. Note however that there be dragons here. Generally sandwich attacks involve opening (front) and closing (back) a position. The details of such an approach will be left as an exercise to the reader.