Share this page!

Maybe Scrolly?
Robert Miller Profile picture
Twitter logo
22 Apr, 15 tweets, 6 min read
An Ethereum Uncle Bandit strikes again, this time for 145 ETH

However this time the bandit left a trail to their identity, and you'll learn who it is in this MEV story ๐Ÿงต๐Ÿ‘‡๐Ÿป

h/t @AlchemyPlatform for the artwork
If you haven't read about the OG uncle bandit then that would be a good place to start.

I won't repeat all the mechanisms of this attack here, but I made a previous thread on it:


Alchemy also had a good writeup: medium.com/alchemy-api/unโ€ฆ
Our investigation starts with this massive - but otherwise innocuous - Flashbots transaction that has 0 gas price and a payment of 80 ETH to a miner. Makes sense.

It looked at first like someone sniping a new token on Uniswap.
Token snipers watch the mempool for new tokens on Uniswap. If they find a new token they'll use Flashbots to place a huge buy transaction immediately after the token is listed. Then they dump them later.

Here's an old thread about a different token sniper
I expected to find a new token listing right before this bot's buy, but I realized immediately something was off.

There was no token listing and in fact the token sniper with the 80 ETH Flashbots transaction actually got rekt by a sandwich bot with 1 gwei txs!

What happened?!
This time I knew what to look for. There was an uncle block right before, so I pulled up the tx data from Alchemy again, and searched for the Flashbots transaction's hash. Immediate hit.

An uncle bandit struck again, this time for much more ETH.

etherscan.io/uncle/0x80f883โ€ฆ
Last time it was a sandwich bot that was uncle bandit'd, this time is a token sniper

In a stroke of bad luck the uncle block included the token sniping bundle, but the non-uncle block only included the token listing.

Due to this the token sniper's buy would be valid next block
Here's the ๐Ÿฅช transactions

๐Ÿฅช buy token with 200 ETH
Token sniper's 68 ETH buy further increased the price
๐Ÿฅช sells token for 245 ETH

๐Ÿฅช profit = 45 ETH
The funny thing about this is the uncle bandit made the launch of this new token somewhat more fair

Normally the sniper would get a ton of tokens for very cheap, but the ๐Ÿฅช buy drove the price up and meant the sniper got few tokens

Then the ๐Ÿฅช sell brought the price back down
But wait, there's one more thing... Haven't I seen this ๐Ÿฅช bot's address before?

It turns out the sandwich bot is Ethermine's

You can figure that out by looking at their transaction history and also this was an Ethermine block with 1 gwei transactions

The unfortunate thing for the token sniper is that their transaction paid the miner 80 ETH. And since the miner was Ethermine they paid the party that rekt them.

So Ethermine's take home here: 80 + 45 = 125 ETH or about 1/3rd of a million dollars.
To be clear about this Ethermine was using public data that others could have gotten.

Other non-miner bot operators could have sandwiched it using Flashbots. This probably would have happened eventually had Ethermine not done so first.
However Ethermine runs their own bot and doesn't accept bundles from others. Since they mined a block immediately after the uncle there was no chance for a Flashbots bot to capture this MEV.

Of course we hope that changes and Ethermine joins Flashbots sometime soon.
Lastly the token sniper and other Flashbots bot operators can defend against this happening by using a contract that checks the block # or block parent hash. There are many other bots that do this now.
That is the end of our story today.

As always check out Flashbots' Github to learn more and get involved if you're interested in mitigating MEV's negative externalities:

github.com/flashbots/pm

โ€ข โ€ข โ€ข

Missing some Tweet in this thread? You can try to force a refresh
ใ€€

Keep Current with Robert Miller

Robert Miller Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @bertcmiller

Robert Miller Profile picture
15 Apr
Alright everybody, join me as I relay a heist that took place across blocks yesterday and unveil a novel form of MEV.

Again it will be a long and semi-technical journey but I think it is worth it.
I woke up yesterday to a searcher extremely distraught because apparently only 1 of 3 transactions in their bundle landed on-chain.

What's worse is someone else's transaction seemed to have been added instead of their own.
A quick look and the searcher seemed to be right.

Only the "buy" part of a sandwich bundle they submitted had landed on-chain, and right after that buy someone else had inserted a 7 gas tx arb-ing it

Check the images for a bit more info
Read 22 tweets
Robert Miller Profile picture
11 Apr
If you liked Salmonella you're gonna love this

Last night someone used an *extremely* clever mechanism to take a hundred ETH from sandwich bots

Then a 2nd person jumped in and made 300 MORE ETH by exploiting other sandwich bots

Long thread on how ๐Ÿ‘‡๐Ÿป
To understand how this happened you need to know a bit about Flashbots

You can think of Flashbots as a way for users to directly communicate their transaction ordering preferences to to miners via "bundles" of transactions
Instead of users paying transaction fees via gas prices, using Flashbots users pay fees via a smart contract call (block.coinbase.transfer) which transfers ETH to a miner

Here's a screenshot of a random arb that does this, note the 0 gas price & 0.075 ETH transfer to Spark Pool
Read 20 tweets
Robert Miller Profile picture
10 Apr
So this one is interesting! A bot has been backrunning new token listings, effectively paying premium to miners to buy newly listed tokens before anyone else can

And a new token fought back yesterday, trapping the bot for $200k while benefiting from their buy. Here's how ๐Ÿ‘‡๐Ÿป
For weeks this bot has been monitoring the Ethereum mempool for new pairs being created on Uniswap. If it finds one it the bot places a buy transaction immediately behind the initial liquidity. That way they can buy a new token before anyone else.
They've been paying miners huge amounts for the right to do this! You can see here a few of the top Flashbots bundles of all time are from this bot. In total they've paid 340 ETH to miners.

Side note: this is from a dashboard Flashbots is making public soon.
Read 13 tweets
Robert Miller Profile picture
11 Jan
I think we're seeing the sunsetting of a golden age for global tech platforms. Countries won't accept SV exerting control, and will seek to regulate or replace the incumbents.

With the benefit of hindsight TikTok was just the opening shot for what is to come.
It will take a few years but there will be another golden age for global tech platforms as decentralized alternatives necessarily arise.
Although payments and the SWIFT network might be an instructive analogy. Other countries, including America's allies, have long bristled against the way the American state uses the financial system to exert power. But no one has broken away yet.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @bertcmiller has new unrolls!

Check out other threads from @bertcmiller!

Read all threads by @bertcmiller