Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
@bertcmiller ⚡️🤖 Profile picture
@bertcmiller
May 17, 2021 6 tweets 4 min read Read on X
Scrolly
Found a clever honey pot contract

At a glance it looks vulnerable: an admin provides a string that is used as a key. Anyone that calls a function w/ 1 ETH and the string takes away 30 ETH.

So just find the admin's transaction and copy the string, right?

etherscan.io/address/0xb58c…
Wrong. Hidden away in Etherscan is an internal call that updates the string. You can't see the update on Etherscan, but plugging this into ethtx.info makes it clear the correct string has been updated.

ethtx.info/mainnet/0x1ce4… ImageImageImage
Interestingly within hours of deployment a few people tried to exploit this honey pot. Looks like 3 ETH was trapped, and the creator made away with that and their initial 30 ETH. ImageImage
Should have explained this before, but this is what I meant by find the admin's transaction and plug in the string.

At first glance it must have looked like you just stumbled on a 30 ETH jackpot that someone sloppy deployed! Image
That string looks like the string that would "solve" the quiz and transfer you the 30 ETH...

Unless it is replaced with a sneaky internal call to new(), which is what happened in the transaction that was hidden away in the contract's internal transactions ImageImageImage
Went down a rabbit hole trying to figure out how long this fellow has been doing this honey pot. They've deployed this dozens of times and made way more ETH than I thought.

F in the chat for the people who lost 7 ETH on this one alone!

etherscan.io/address/0xfe25… Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with @bertcmiller ⚡️🤖

@bertcmiller ⚡️🤖 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @bertcmiller

@bertcmiller ⚡️🤖 Profile picture
Nov 26, 2024
Excited to introduce BuilderNet - a big step towards decentralized block building, which shares gas fees and MEV with users and runs on TEEs!

Image
Today 95% of blocks on Ethereum are built by just two parties. This centralization threatens Ethereum's neutrality and resilience.

BuilderNet provides a decentralized, neutral, and open alternative, and the first release is live today. Image
The first release is a big step towards decentralized building by introducing "multioperator" building - where many parties can operate the same builder in a TEE, which users can verify. The initial operators are the Beaverbuild, Flashbots, and Nethermind teams.
Read 10 tweets
@bertcmiller ⚡️🤖 Profile picture
Sep 12, 2024
The most vain searcher on-chain and all the ways they flex 🧵
We're looking at 'bigbrainchad.eth' from the dark forest; a bot that exploits contracts the block after they become vulnerable

Beyond the name and the MEV extraction, they flex on chain in a few ways that you might not have ever seen before
To start, all their transaction hashes start with 0xbeef - a flex I've seen any of the other mempool monsters do where they proof-of-work style mine a transaction hash prefix!

So not only do they extract MEV, they also take the time to mine a vanity hash

Image
Read 7 tweets
@bertcmiller ⚡️🤖 Profile picture
Dec 6, 2023
A brief thread on a novel MEV searching strategy, where we chase the trail of a mysterious bot backrunning private flow and reveal how they do it.
@blairmarshall pointed out a bot that appears to have private access to user orderflow that was landing bottom-of-the-block blocks on the Flashbots builder. That didn't make sense to me. We don't run backrunning bots! So we investigated.
Here is an example.

In block 18728532 a user makes a trade at the top of the block. They sell about 3 ETH worth of Truebit and it seems using a private mempool too.

etherscan.io/txs?block=1872…

Image
Image
Read 13 tweets
@bertcmiller ⚡️🤖 Profile picture
May 10, 2023
jaredfromsubway.eth's alpha and how to stop him
jaredfromsubway.eth is a prolific sandwich bot who went viral a few weeks back

They famously were sandwiching a TON of $PEPE traders and are frequently one of the top consumers of gas on the network

Why are they dominating sandwiches? What's their edge?

Keep scrolling, anon.
FIRST, most MEV bots go from ETH -> memecoin -> ETH, atomically making profit and holding only ETH

Jared holds memecoins and will sandwich memecoin -> ETH trades. There is very little competition for this.

Let's look at an example.
Read 13 tweets
@bertcmiller ⚡️🤖 Profile picture
May 2, 2023
Introducing simple-blind-arbitrage: an open source bot that blindly but atomically backruns private transactions from MEV-Share Matchmakers.

github.com/flashbots/simp…
simple-blind-arbitrage works by calculating and executing the optimal arbitrage on-chain.

It only requires the pools to attempt to arb as inputs, and does the rest in a smart contract. Image
How does it know which pools to try to arb? By listening to the Flashbots MEV-Share Matchmaker.

The Matchmaker keeps most tx details private to prevent frontrunning, but it shares the pools users are trading on.

Watch it from your browser here: mev-share.flashbots.net Image
Read 9 tweets
@bertcmiller ⚡️🤖 Profile picture
Mar 12, 2023
MEV-Boost payments were at an alltime high yesterday, totaling 7691 ETH (!) which is nearly double the previous ATH of 3928 ETH during the FTX fiasco this fall.

A few statistics on MEV on Ethereum yesterday in this thread

(h/t @nero_eth for the data)
You can't compare stats these 1:1, but the ATH for daily miner profit from mev-geth was 6397 ETH in June 2021. That's the *profit* of running mev-geth vs a vanilla mempool mining client.

A similar metric here would be the difference in payment for validators from running mev-boost or not. There's not a great up to date estimate of this out there I think

You could derive it by looking at the value of the mempool builder we submit (0xa1defa) and the winning block
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(