Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
@bertcmiller ⚡️🤖 Profile picture
@bertcmiller
Apr 22, 2021 15 tweets 6 min read Read on X
Scrolly
An Ethereum Uncle Bandit strikes again, this time for 145 ETH

However this time the bandit left a trail to their identity, and you'll learn who it is in this MEV story 🧵👇🏻

h/t @AlchemyPlatform for the artwork
If you haven't read about the OG uncle bandit then that would be a good place to start.

I won't repeat all the mechanisms of this attack here, but I made a previous thread on it:


Alchemy also had a good writeup: medium.com/alchemy-api/un…
Our investigation starts with this massive - but otherwise innocuous - Flashbots transaction that has 0 gas price and a payment of 80 ETH to a miner. Makes sense.

It looked at first like someone sniping a new token on Uniswap.
Token snipers watch the mempool for new tokens on Uniswap. If they find a new token they'll use Flashbots to place a huge buy transaction immediately after the token is listed. Then they dump them later.

Here's an old thread about a different token sniper
I expected to find a new token listing right before this bot's buy, but I realized immediately something was off.

There was no token listing and in fact the token sniper with the 80 ETH Flashbots transaction actually got rekt by a sandwich bot with 1 gwei txs!

What happened?!
This time I knew what to look for. There was an uncle block right before, so I pulled up the tx data from Alchemy again, and searched for the Flashbots transaction's hash. Immediate hit.

An uncle bandit struck again, this time for much more ETH.

etherscan.io/uncle/0x80f883…
Last time it was a sandwich bot that was uncle bandit'd, this time is a token sniper

In a stroke of bad luck the uncle block included the token sniping bundle, but the non-uncle block only included the token listing.

Due to this the token sniper's buy would be valid next block
Here's the 🥪 transactions

🥪 buy token with 200 ETH
Token sniper's 68 ETH buy further increased the price
🥪 sells token for 245 ETH

🥪 profit = 45 ETH
The funny thing about this is the uncle bandit made the launch of this new token somewhat more fair

Normally the sniper would get a ton of tokens for very cheap, but the 🥪 buy drove the price up and meant the sniper got few tokens

Then the 🥪 sell brought the price back down
But wait, there's one more thing... Haven't I seen this 🥪 bot's address before?

It turns out the sandwich bot is Ethermine's

You can figure that out by looking at their transaction history and also this was an Ethermine block with 1 gwei transactions

The unfortunate thing for the token sniper is that their transaction paid the miner 80 ETH. And since the miner was Ethermine they paid the party that rekt them.

So Ethermine's take home here: 80 + 45 = 125 ETH or about 1/3rd of a million dollars.
To be clear about this Ethermine was using public data that others could have gotten.

Other non-miner bot operators could have sandwiched it using Flashbots. This probably would have happened eventually had Ethermine not done so first.
However Ethermine runs their own bot and doesn't accept bundles from others. Since they mined a block immediately after the uncle there was no chance for a Flashbots bot to capture this MEV.

Of course we hope that changes and Ethermine joins Flashbots sometime soon.
Lastly the token sniper and other Flashbots bot operators can defend against this happening by using a contract that checks the block # or block parent hash. There are many other bots that do this now.
That is the end of our story today.

As always check out Flashbots' Github to learn more and get involved if you're interested in mitigating MEV's negative externalities:

github.com/flashbots/pm

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with @bertcmiller ⚡️🤖

@bertcmiller ⚡️🤖 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @bertcmiller

@bertcmiller ⚡️🤖 Profile picture
Nov 26, 2024
Excited to introduce BuilderNet - a big step towards decentralized block building, which shares gas fees and MEV with users and runs on TEEs!

Image
Today 95% of blocks on Ethereum are built by just two parties. This centralization threatens Ethereum's neutrality and resilience.

BuilderNet provides a decentralized, neutral, and open alternative, and the first release is live today. Image
The first release is a big step towards decentralized building by introducing "multioperator" building - where many parties can operate the same builder in a TEE, which users can verify. The initial operators are the Beaverbuild, Flashbots, and Nethermind teams.
Read 10 tweets
@bertcmiller ⚡️🤖 Profile picture
Sep 12, 2024
The most vain searcher on-chain and all the ways they flex 🧵
We're looking at 'bigbrainchad.eth' from the dark forest; a bot that exploits contracts the block after they become vulnerable

Beyond the name and the MEV extraction, they flex on chain in a few ways that you might not have ever seen before
To start, all their transaction hashes start with 0xbeef - a flex I've seen any of the other mempool monsters do where they proof-of-work style mine a transaction hash prefix!

So not only do they extract MEV, they also take the time to mine a vanity hash

Image
Read 7 tweets
@bertcmiller ⚡️🤖 Profile picture
Dec 6, 2023
A brief thread on a novel MEV searching strategy, where we chase the trail of a mysterious bot backrunning private flow and reveal how they do it.
@blairmarshall pointed out a bot that appears to have private access to user orderflow that was landing bottom-of-the-block blocks on the Flashbots builder. That didn't make sense to me. We don't run backrunning bots! So we investigated.
Here is an example.

In block 18728532 a user makes a trade at the top of the block. They sell about 3 ETH worth of Truebit and it seems using a private mempool too.

etherscan.io/txs?block=1872…

Image
Image
Read 13 tweets
@bertcmiller ⚡️🤖 Profile picture
May 10, 2023
jaredfromsubway.eth's alpha and how to stop him
jaredfromsubway.eth is a prolific sandwich bot who went viral a few weeks back

They famously were sandwiching a TON of $PEPE traders and are frequently one of the top consumers of gas on the network

Why are they dominating sandwiches? What's their edge?

Keep scrolling, anon.
FIRST, most MEV bots go from ETH -> memecoin -> ETH, atomically making profit and holding only ETH

Jared holds memecoins and will sandwich memecoin -> ETH trades. There is very little competition for this.

Let's look at an example.
Read 13 tweets
@bertcmiller ⚡️🤖 Profile picture
May 2, 2023
Introducing simple-blind-arbitrage: an open source bot that blindly but atomically backruns private transactions from MEV-Share Matchmakers.

github.com/flashbots/simp…
simple-blind-arbitrage works by calculating and executing the optimal arbitrage on-chain.

It only requires the pools to attempt to arb as inputs, and does the rest in a smart contract. Image
How does it know which pools to try to arb? By listening to the Flashbots MEV-Share Matchmaker.

The Matchmaker keeps most tx details private to prevent frontrunning, but it shares the pools users are trading on.

Watch it from your browser here: mev-share.flashbots.net Image
Read 9 tweets
@bertcmiller ⚡️🤖 Profile picture
Mar 12, 2023
MEV-Boost payments were at an alltime high yesterday, totaling 7691 ETH (!) which is nearly double the previous ATH of 3928 ETH during the FTX fiasco this fall.

A few statistics on MEV on Ethereum yesterday in this thread

(h/t @nero_eth for the data)
You can't compare stats these 1:1, but the ATH for daily miner profit from mev-geth was 6397 ETH in June 2021. That's the *profit* of running mev-geth vs a vanilla mempool mining client.

A similar metric here would be the difference in payment for validators from running mev-boost or not. There's not a great up to date estimate of this out there I think

You could derive it by looking at the value of the mempool builder we submit (0xa1defa) and the winning block
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(