Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
@bertcmiller ⚡️🤖 Profile picture
@bertcmiller
Jul 31, 2021 19 tweets 8 min read Read on X
Scrolly
Fatal flaws in a bot, a sort of on-chain virus, a trojan horse token, and arbitrage gone wrong

Join me in looking at the latest MEV bot exploit in this thread 👇🏻
The victim today tried to arbitrage the CHUM token (!) for ~0.01 ETH in profit, but in the process had 30 WETH transferred out of their wallet.

They only interacted with Uniswap v2 pools, how did this happen!?
Searchers optimize their contracts to the extreme to do very specific things very efficiently.

However, occasionally they have a need to do random things & add in functions that can be used for to execute basically any arbitrary transaction in a contract

The Flashbots simple arb example has one of these! It can execute arbitrary transactions on behalf of the owner, and only the owner.

This is validated by checking who is calling this function with msg.sender, which is important to this story.

github.com/flashbots/simp…
Decompiling their contract, the victim uses tx.origin to ensure that transactions calling some functions originated with their account.

Including a function that made arbitrary calls.

As with the THORChain saga this is very dangerous.
Still, for almost any interaction on-chain it was fine.

To make an arbitrary call with this victim's contract you would need them to originate the transaction somehow and inject your desired transaction in their's, like a virus!

How might you bait them into doing so?
Well, the victim was an arbitrage bot! The answer was to bait them by deploying a new token and creating a fake arb to get them to interact with that token.

Thus the CHUM token and two Uniswap v2 pools were borne.
But how does CHUM work? Let's go through it end to end.

First, the victim tried to swap on the Uniswap v2 pool

Then, the Uniswap v2 pool transferred CHUM back to the victim, in doing so triggering some special logic
What happens now?

This was hard to piece together but I think I got it with 3 clues.

1st, you can see in CHUM decompiled that it checks for certain addresses as well as using block.coinbase and making calls.

This is CHUM targeting the victim & maybe avoiding simulation.
Second, looking @ CHUM's transactions we can see transactions with input data that contains the address for WETH, as well as the attacker's address (3a28...), and what looks to be numbers.

Looks to me like a custom payload that transfers WETH to the attacker, a sort of virus.
Lastly, we can also see in a trace of the execution that CHUM is calling another contract (!) "0x33..." that is hard to spot on Etherscan.

With these I think we can construct what happened.
The attacker first injects the on-chain virus designed to transfer WETH out of the victim into CHUM

Victim arbs CHUM and the Uniswap pool calls transfer on CHUM as part of the swap

CHUM calls then contract 0x33 with the WETH transfer virus
0x33 then calls the victim's contract with the WETH transfer virus, attempting to execute it

The victim's contract checks to see that the victim started the transaction and this condition passes.

The victim's contract executes the virus.

The attacker is sent 30 WETH.
The attacker then IMMEDIATELY updated their WETH transfer virus and repeated this twice more for 35 WETH in total.

They were watching closely.
This was a highly targeted attack pointed at a specific bot's contract. It would only work for bots with a specific function AND if the bot used tx.origin as a safety check.

I have to wonder how they even found that vulnerability amongst hundreds of other bots.
Still, it was relatively easy to defend against. First, you shouldn't use tx.origin as a safety check.

Second, you should check that your transaction has made a project before paying the miner!
That is it for today everyone.

Check out our Github to learn more and get involved if you're interested in mitigating MEV's negative externalities:

github.com/flashbots/pm
Huge shout to the Flashbots team who I am eternally grateful to for their tireless and excellent work

@phildaian @tzhen @epheph @ObadiaAlex @thegostep @jparyani @fiiiu_ @tkstanczak
@taarushv @LukeYoungblood @sui414
Profit***

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with @bertcmiller ⚡️🤖

@bertcmiller ⚡️🤖 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @bertcmiller

@bertcmiller ⚡️🤖 Profile picture
Nov 26, 2024
Excited to introduce BuilderNet - a big step towards decentralized block building, which shares gas fees and MEV with users and runs on TEEs!

Image
Today 95% of blocks on Ethereum are built by just two parties. This centralization threatens Ethereum's neutrality and resilience.

BuilderNet provides a decentralized, neutral, and open alternative, and the first release is live today. Image
The first release is a big step towards decentralized building by introducing "multioperator" building - where many parties can operate the same builder in a TEE, which users can verify. The initial operators are the Beaverbuild, Flashbots, and Nethermind teams.
Read 10 tweets
@bertcmiller ⚡️🤖 Profile picture
Sep 12, 2024
The most vain searcher on-chain and all the ways they flex 🧵
We're looking at 'bigbrainchad.eth' from the dark forest; a bot that exploits contracts the block after they become vulnerable

Beyond the name and the MEV extraction, they flex on chain in a few ways that you might not have ever seen before
To start, all their transaction hashes start with 0xbeef - a flex I've seen any of the other mempool monsters do where they proof-of-work style mine a transaction hash prefix!

So not only do they extract MEV, they also take the time to mine a vanity hash

Image
Read 7 tweets
@bertcmiller ⚡️🤖 Profile picture
Dec 6, 2023
A brief thread on a novel MEV searching strategy, where we chase the trail of a mysterious bot backrunning private flow and reveal how they do it.
@blairmarshall pointed out a bot that appears to have private access to user orderflow that was landing bottom-of-the-block blocks on the Flashbots builder. That didn't make sense to me. We don't run backrunning bots! So we investigated.
Here is an example.

In block 18728532 a user makes a trade at the top of the block. They sell about 3 ETH worth of Truebit and it seems using a private mempool too.

etherscan.io/txs?block=1872…

Image
Image
Read 13 tweets
@bertcmiller ⚡️🤖 Profile picture
May 10, 2023
jaredfromsubway.eth's alpha and how to stop him
jaredfromsubway.eth is a prolific sandwich bot who went viral a few weeks back

They famously were sandwiching a TON of $PEPE traders and are frequently one of the top consumers of gas on the network

Why are they dominating sandwiches? What's their edge?

Keep scrolling, anon.
FIRST, most MEV bots go from ETH -> memecoin -> ETH, atomically making profit and holding only ETH

Jared holds memecoins and will sandwich memecoin -> ETH trades. There is very little competition for this.

Let's look at an example.
Read 13 tweets
@bertcmiller ⚡️🤖 Profile picture
May 2, 2023
Introducing simple-blind-arbitrage: an open source bot that blindly but atomically backruns private transactions from MEV-Share Matchmakers.

github.com/flashbots/simp…
simple-blind-arbitrage works by calculating and executing the optimal arbitrage on-chain.

It only requires the pools to attempt to arb as inputs, and does the rest in a smart contract. Image
How does it know which pools to try to arb? By listening to the Flashbots MEV-Share Matchmaker.

The Matchmaker keeps most tx details private to prevent frontrunning, but it shares the pools users are trading on.

Watch it from your browser here: mev-share.flashbots.net Image
Read 9 tweets
@bertcmiller ⚡️🤖 Profile picture
Mar 12, 2023
MEV-Boost payments were at an alltime high yesterday, totaling 7691 ETH (!) which is nearly double the previous ATH of 3928 ETH during the FTX fiasco this fall.

A few statistics on MEV on Ethereum yesterday in this thread

(h/t @nero_eth for the data)
You can't compare stats these 1:1, but the ATH for daily miner profit from mev-geth was 6397 ETH in June 2021. That's the *profit* of running mev-geth vs a vanilla mempool mining client.

A similar metric here would be the difference in payment for validators from running mev-boost or not. There's not a great up to date estimate of this out there I think

You could derive it by looking at the value of the mempool builder we submit (0xa1defa) and the winning block
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(