Share this page!

Maybe Scrolly?
Robert Miller Profile picture
Twitter logo
17 May, 6 tweets, 4 min read
Found a clever honey pot contract

At a glance it looks vulnerable: an admin provides a string that is used as a key. Anyone that calls a function w/ 1 ETH and the string takes away 30 ETH.

So just find the admin's transaction and copy the string, right?

etherscan.io/address/0xb58c…
Wrong. Hidden away in Etherscan is an internal call that updates the string. You can't see the update on Etherscan, but plugging this into ethtx.info makes it clear the correct string has been updated.

ethtx.info/mainnet/0x1ce4… ImageImageImage
Interestingly within hours of deployment a few people tried to exploit this honey pot. Looks like 3 ETH was trapped, and the creator made away with that and their initial 30 ETH. ImageImage
Should have explained this before, but this is what I meant by find the admin's transaction and plug in the string.

At first glance it must have looked like you just stumbled on a 30 ETH jackpot that someone sloppy deployed! Image
That string looks like the string that would "solve" the quiz and transfer you the 30 ETH...

Unless it is replaced with a sneaky internal call to new(), which is what happened in the transaction that was hidden away in the contract's internal transactions ImageImageImage
Went down a rabbit hole trying to figure out how long this fellow has been doing this honey pot. They've deployed this dozens of times and made way more ETH than I thought.

F in the chat for the people who lost 7 ETH on this one alone!

etherscan.io/address/0xfe25… Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Robert Miller

Robert Miller Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @bertcmiller

Robert Miller Profile picture
24 Jun
It's a golden age for searchers. Late enough that Flashbots and DeFi exists, but not so late that massive institutions are competing for MEV.
Even still the barrier to entry for the top strategies is getting higher very quickly. It's probably a few months of work to catch up to the best backrunning arb bots now.
It is funny to think about the early days of Flashbots when there was literally 1 market maker, 1 ESD bot, and 2 arb bots sending bundles. Unbelievably good opportunity to make money back then.
Read 4 tweets
Robert Miller Profile picture
22 Jun
Sorry everyone, long overdue, but its time for a new MEV thread

Today we look at the Flashbots auction and the searchers that were able to game it using a super clever exploit in how we priced and merged bundles

Let's go 👇🏻🧵
For our journey today you will need a deep knowledge of Flashbots bundles

Bundles are groups of transactions executed in the order they are provided. Either the entire bundle is executed, or none of it is

That allows users to express transaction preferences very granularly
For some time we could only support a single bundle per block, but recently Flashbots introduced the ability to merge independent bundles!

Here's a thread on that release
Read 17 tweets
Robert Miller Profile picture
9 Jun
A thread of all my MEV related threads in chronologic order 👇🏻
The Sandwich Baiting Wars
The first Uncle Bandit pulling off a multi-block heist and launching a new category of MEV strategies
Read 8 tweets
Robert Miller Profile picture
1 Jun
Yesterday Flashbots published MEV-SGX, our proposal for using secure enclaves to provide a private mempool and a sealed bid MEV auction.

Thread on how MEV-SGX works and why it matters 👇🏻
ethresear.ch/t/mev-sgx-a-se…
Flashbots' focus is to enable a permissionless, transparent, and fair ecosystem for MEV extraction.

To date we've made progress on this by releasing two products: Flashbots Alpha and MEV-Explore.
Flashbots Alpha is composed of MEV-Geth and MEV Relay

MEV-Geth is a client that allows users to communicate granular transaction order preferences through transaction "bundles"

MEV-Relay is a gateway that Flashbots runs today, for reasons we'll discuss below
Read 18 tweets
Robert Miller Profile picture
24 May
Today Flashbots releases v0.2 and introduces bundle merging. That means that Flashbots miners can now mine multiple bundles per block.

A thread digging into this huge release and what that means 👇🏻
Flashbots gives users a way to communicate their transaction ordering preferences to miners via "bundles."

Bundles are groups of transactions executed in the order they are provided. Either the entire bundle is executed, or none of it is.
Bundles are typically very sensitive to ordering: you don't want other transactions to come before you & make a transaction your bundle fail

How did we deal with that sensitivity? We limited bundles included to 1 per block placed at the top of the block
Read 15 tweets
Robert Miller Profile picture
13 May
Introducing the Flashbots Dashboard, a collection of real time metrics to give the community transparency on the Flashbots Network:

dashboard.flashbots.net

Thread 👇🏻
In January Flashbots released Flashbots Alpha v0.1, a proof of concept communication channel between miners and users that enables transparent and efficient MEV extraction.

Since then we've seen rapid adoption, and now over 30% of blocks on Ethereum are Flashblocks.
Flashbots has two types of direct users today: searchers & miners

Searchers are users who send transactions via Flashbots - today these are mostly bot operators extracting MEV

Miners are the block producers of Ethereum today, who want to extract MEV in a fair & transparent way
Read 12 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @bertcmiller has new unrolls!

Check out other threads from @bertcmiller!

Read all threads by @bertcmiller

:(