I woke up yesterday to a searcher extremely distraught because apparently only 1 of 3 transactions in their bundle landed on-chain.
What's worse is someone else's transaction seemed to have been added instead of their own.
A quick look and the searcher seemed to be right.
Only the "buy" part of a sandwich bundle they submitted had landed on-chain, and right after that buy someone else had inserted a 7 gas tx arb-ing it
Check the images for a bit more info
This was a reaaaally big deal!
Bundles are groups of transactions Flashbots users submit. Those transactions must be included in the order submitted, and either the whole bundle is included, or nothing is.
A bundle should never be split up, and no one else should sneak in too!
Interestingly if true this would strongly mirror the 🥪baiting attacks of last week
Someone was taking a 🥪and stopping them from selling somehow. Thus the 🥪-er was left holding some token and their ETH is now potentially vulnerable in a Uniswap pool.
So how did this searcher's bundle get leaked or broken up?! And where did the arb come from?!
Recall that in Ethereum occasionally two blocks are mined at roughly the same time, and only one block can be added to the chain. The other gets "uncled" or orphaned.
For the most part people don't pay much attention to uncled blocks.
But anyone can access transactions in an uncled block and some of the transactions may not have ended up in the non-uncled block.
In a way some transactions end up in a sort of mempool like state: they are now public as a part of the uncled block and perhaps still valid too.
The distraught searcher was certain their bundle had been leaked but we had a different hypothesis.
What if their bundle was included an uncled block but NOT the non-uncled block and someone selectively took one of their transactions from that and included it in their bundle?
If true there should be evidence of this on-chain.
Quickly we began to chase that down. First thing of note was an uncled block was in the right place and it was mined by a Flashbots miner: etherscan.io/uncle/0xa773e5…
But that could be coincidental and no one on the team even knew how to get uncle transaction data (there's no Etherscan for it as far as I can tell)! It took us awhile to figure out how to confirm this.
There was a method we could use to get uncle block's transaction data. I plugged in the uncle block's hash & ctrl+f'd the searcher's buy transaction's hash.
Immediate hit. Their buy transaction hash was at the top of the uncled block. My jaw dropped.
Last night someone used an *extremely* clever mechanism to take a hundred ETH from sandwich bots
Then a 2nd person jumped in and made 300 MORE ETH by exploiting other sandwich bots
Long thread on how 👇🏻
To understand how this happened you need to know a bit about Flashbots
You can think of Flashbots as a way for users to directly communicate their transaction ordering preferences to to miners via "bundles" of transactions
Instead of users paying transaction fees via gas prices, using Flashbots users pay fees via a smart contract call (block.coinbase.transfer) which transfers ETH to a miner
Here's a screenshot of a random arb that does this, note the 0 gas price & 0.075 ETH transfer to Spark Pool
So this one is interesting! A bot has been backrunning new token listings, effectively paying premium to miners to buy newly listed tokens before anyone else can
And a new token fought back yesterday, trapping the bot for $200k while benefiting from their buy. Here's how 👇🏻
For weeks this bot has been monitoring the Ethereum mempool for new pairs being created on Uniswap. If it finds one it the bot places a buy transaction immediately behind the initial liquidity. That way they can buy a new token before anyone else.
They've been paying miners huge amounts for the right to do this! You can see here a few of the top Flashbots bundles of all time are from this bot. In total they've paid 340 ETH to miners.
Side note: this is from a dashboard Flashbots is making public soon.
I think we're seeing the sunsetting of a golden age for global tech platforms. Countries won't accept SV exerting control, and will seek to regulate or replace the incumbents.
With the benefit of hindsight TikTok was just the opening shot for what is to come.
It will take a few years but there will be another golden age for global tech platforms as decentralized alternatives necessarily arise.
Although payments and the SWIFT network might be an instructive analogy. Other countries, including America's allies, have long bristled against the way the American state uses the financial system to exert power. But no one has broken away yet.