An Ethereum Uncle Bandit strikes again, this time for 145 ETH
However this time the bandit left a trail to their identity, and you'll learn who it is in this MEV story 🧵👇🏻
h/t @AlchemyPlatform for the artwork
If you haven't read about the OG uncle bandit then that would be a good place to start.
I won't repeat all the mechanisms of this attack here, but I made a previous thread on it:
Alchemy also had a good writeup: medium.com/alchemy-api/un…
Our investigation starts with this massive - but otherwise innocuous - Flashbots transaction that has 0 gas price and a payment of 80 ETH to a miner. Makes sense.
It looked at first like someone sniping a new token on Uniswap.
Token snipers watch the mempool for new tokens on Uniswap. If they find a new token they'll use Flashbots to place a huge buy transaction immediately after the token is listed. Then they dump them later.
Here's an old thread about a different token sniper
I expected to find a new token listing right before this bot's buy, but I realized immediately something was off.
There was no token listing and in fact the token sniper with the 80 ETH Flashbots transaction actually got rekt by a sandwich bot with 1 gwei txs!
What happened?!
This time I knew what to look for. There was an uncle block right before, so I pulled up the tx data from Alchemy again, and searched for the Flashbots transaction's hash. Immediate hit.
An uncle bandit struck again, this time for much more ETH.
etherscan.io/uncle/0x80f883…
Last time it was a sandwich bot that was uncle bandit'd, this time is a token sniper
In a stroke of bad luck the uncle block included the token sniping bundle, but the non-uncle block only included the token listing.
Due to this the token sniper's buy would be valid next block
Here's the 🥪 transactions
🥪 buy token with 200 ETH
Token sniper's 68 ETH buy further increased the price
🥪 sells token for 245 ETH
🥪 profit = 45 ETH
The funny thing about this is the uncle bandit made the launch of this new token somewhat more fair
Normally the sniper would get a ton of tokens for very cheap, but the 🥪 buy drove the price up and meant the sniper got few tokens
Then the 🥪 sell brought the price back down
But wait, there's one more thing... Haven't I seen this 🥪 bot's address before?
It turns out the sandwich bot is Ethermine's
You can figure that out by looking at their transaction history and also this was an Ethermine block with 1 gwei transactions
The unfortunate thing for the token sniper is that their transaction paid the miner 80 ETH. And since the miner was Ethermine they paid the party that rekt them.
So Ethermine's take home here: 80 + 45 = 125 ETH or about 1/3rd of a million dollars.
To be clear about this Ethermine was using public data that others could have gotten.
Other non-miner bot operators could have sandwiched it using Flashbots. This probably would have happened eventually had Ethermine not done so first.
However Ethermine runs their own bot and doesn't accept bundles from others. Since they mined a block immediately after the uncle there was no chance for a Flashbots bot to capture this MEV.
Of course we hope that changes and Ethermine joins Flashbots sometime soon.
Lastly the token sniper and other Flashbots bot operators can defend against this happening by using a contract that checks the block # or block parent hash. There are many other bots that do this now.
That is the end of our story today.
As always check out Flashbots' Github to learn more and get involved if you're interested in mitigating MEV's negative externalities:
github.com/flashbots/pm
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.