Flashbots Block Reward Sidechannel

This is an example of a blind mempool injection

Flashbots attempts to implement something they call pre-trade privacy.

“Pre-trade privacy: implies transactions only become publicly known after they have been included in a block. This excludes intermediaries such as relays & block builders.” - source

Ideally this implies that even a validator would be unable to determine the contents of a block, before committing that block.

Unfortunately, this disregards a sidechannel open to the validator, namely the reward of the block provided to it by the relayer.

They can exploit this to learn things about the contents of the assembled block.

Method

The block reward is a simple, slightly noisy, side channel.

Day to day transactions will lead to an average block reward $m$, with a standard deviation of $\sigma$. A validator can send themselves hidden messages by sending eth to themselves.

A simple approach would be to send $m\ast 3\sigma$ (m = 0 or 1) to themselves, which means in $98\%$ of blocks they get their message without interference from noise (assuming the block reward follows a normal distribution).

Info

This method is simple for the purposes of illustrating the approach. A smart attacker might use a more clever approach to improve their suceptability to noise in the block reward.

Attack Vector

A validator can use this technique in combination with Flashbots Blind Backrunning and Flashbots Blind Frontrunning Attack to sandwich victim transactions in their blocks.