This week a bot drained ~30 ETH from🥪 bots using clever baiting and a fake Uniswap pool
A thread on 🥪 bots, how they defend themselves, and the latest in breaking those defenses 👇🏻🧵
A thread on 🥪 bots, how they defend themselves, and the latest in breaking those defenses 👇🏻🧵
.@NathanWorsley_ created the first poison sandwich with salmonella. Over 200 days later people are still wrecking sandwich bots for fun and profit!
I'll briefly recap how salmonella works for those who are new
github.com/Defi-Cartel/sa…
I'll briefly recap how salmonella works for those who are new
github.com/Defi-Cartel/sa…
🥪 bots watch the mempool for users buying on DEXes and 🥪 them:
1.🥪bot buys an asset to push the price up
2. victim buys at an inflated price, pushes price up more
3. 🥪 bot dumps at a profit at the victim's expense
1.🥪bot buys an asset to push the price up
2. victim buys at an inflated price, pushes price up more
3. 🥪 bot dumps at a profit at the victim's expense
Thread failed to post, hold on folks
Those 3 txs (🥪buy, victim tx,🥪sell) make up a bundle 
~200 days ago the 1st 🥪 bots were rekt by the likes of @NathanWorsley_ and @code0x2, who deployed poisonous bait tokens now known as "salmonella"
https://twitter.com/bertcmiller/status/1381296074086830091
The core idea of salmonella is simple: get a 🥪 bot to buy a token & prevent them from selling
By doing so the 🥪 bot's ETH would be sitting in a Uniswap pool where it could be drained (e.g. by selling a premined portion of tokens in the next block)
By doing so the 🥪 bot's ETH would be sitting in a Uniswap pool where it could be drained (e.g. by selling a premined portion of tokens in the next block)
Here's one instance of a successful salmonella, where the 🥪 bot lost 100 ETH to an attacker!
There have been a few of these totaling well over $1m
There have been a few of these totaling well over $1m
https://twitter.com/bertcmiller/status/1381296106118725644/
However after the 1st salmonella 🥪 bots rushed to improve their defenses
Now most trade on a preapproved list of tokens they know are safe
Also, Flashbots updated to no longer mine reverting txs. So the sell txs of a 🥪 reverting would cause the whole bundle to not be mined.
Now most trade on a preapproved list of tokens they know are safe
Also, Flashbots updated to no longer mine reverting txs. So the sell txs of a 🥪 reverting would cause the whole bundle to not be mined.
Nonetheless, one clever searcher found a hole in the defenses of 🥪 bots this last week.
How'd they do it?
How'd they do it?
The most simple 🥪 bots look for tx direct to the Uniswap or Sushiswap router, but advanced bots go further
Many 🥪 bots look at aggregators which split liquidity to 🥪able DEXs, and 🥪 the parts of the trade which they can
Many 🥪 bots look at aggregators which split liquidity to 🥪able DEXs, and 🥪 the parts of the trade which they can
https://twitter.com/bertcmiller/status/1412740168566640644
One such aggregator is 1inch, which has a special quirk: the contract lets you specify which pools to trade on
The regular user never knows this, but this quirk was critical to baiting 🥪 bots.
The regular user never knows this, but this quirk was critical to baiting 🥪 bots.
To be a bit more clear this is how that works:
- User makes trade on an aggregator
- 1inch routes some of that trade to Uniswap
- 🥪 bot notices the 1inch trade
- 🥪 bot 🥪s the Uniswap portion of the 1inch trade
End result: 🥪 bots monitoring all DEX aggregator trades too
- User makes trade on an aggregator
- 1inch routes some of that trade to Uniswap
- 🥪 bot notices the 1inch trade
- 🥪 bot 🥪s the Uniswap portion of the 1inch trade
End result: 🥪 bots monitoring all DEX aggregator trades too
Amusingly it seems that many 🥪 bots watched 1inch but did NOT validate that the pools users were trading on were valid
If an attacker injected a trap into their 1inch trade they could get 🥪 bots to interact with it
One attacker, Kaiji, did exactly this
If an attacker injected a trap into their 1inch trade they could get 🥪 bots to interact with it
One attacker, Kaiji, did exactly this
Here's how the attack looked in practice
🥪 bots saw the 1inch trade & tried to sandwich it
1st they tried to buy tokens from the trap, sending 17 ETH
Then they tried to sell tokens, but got close to nothing and their 17 ETH was now in a place the attacker could get it
🥪 bots saw the 1inch trade & tried to sandwich it
1st they tried to buy tokens from the trap, sending 17 ETH
Then they tried to sell tokens, but got close to nothing and their 17 ETH was now in a place the attacker could get it
Note how weird this 🥪 looks. There are no tokens being traded here! It's only ETH. This fact confused me for awhile.
So how did the trap work?
Decompiling the trap I immediately noticed getReserves() and a standard Uniswap error message, which is what you'd expect to see in a Uniswap pool.
Interesting but this code revealed little.
etherscan.io/bytecode-decom…
Decompiling the trap I immediately noticed getReserves() and a standard Uniswap error message, which is what you'd expect to see in a Uniswap pool.
Interesting but this code revealed little.
etherscan.io/bytecode-decom…
Using a different tool to decompile, I notice block.coinbase was being called to check the miner of a block. That's an old trick used to throw off bot simulations!
https://twitter.com/bertcmiller/status/1381296097130377216
func_022c0d9f felt familiar. I realized that this was actually function selector for the Uniswap v2 pool swap() function
Selectors are pretty low level but the tl;dr is that functions are identified by hashing their names/inputs
So I *knew* this function was swap()
Selectors are pretty low level but the tl;dr is that functions are identified by hashing their names/inputs
So I *knew* this function was swap()
It was at this point it hit me that the trap was a fake Uniswap v2 pool.
The attacker had implemented the functions you'd need to interact with a v2 pool but with custom logic designed to take 🥪 bot's ETH instead
The attacker had implemented the functions you'd need to interact with a v2 pool but with custom logic designed to take 🥪 bot's ETH instead
A little later there was some conditional logic which looked for transactions from the attacker, which made sense. You don't want to trap yourself.
Still, I didn't have the whole picture... until the attacker kindly sent me their code
Here's the real swap() function. It simply checked to see if the caller was not the owner and if the miner was real (to throw off simulation).
If so it returned way less ETH.
Here's the real swap() function. It simply checked to see if the caller was not the owner and if the miner was real (to throw off simulation).
If so it returned way less ETH.
As far as I can tell it didn't even bother handling the other token in this Uniswap "pool," which explains why there weren't any tokens in the trades before.
In total the attacker made ~30 ETH with this bait.
In total the attacker made ~30 ETH with this bait.
Still yet the defenses against this are very simple:
- check the pools you interact with, even if they come from aggregators
- fail your sell transaction if you end up with less ETH than you started.
It is likely that victims weren't making this ETH check to save a bit of gas
- check the pools you interact with, even if they come from aggregators
- fail your sell transaction if you end up with less ETH than you started.
It is likely that victims weren't making this ETH check to save a bit of gas
Lastly, the attacker took to the Flashbots discord where they were a savage
Here's Kaizi talking to their victim 0x2 - who long ago salmonella'd other bots themselves 😅😂
Here's Kaizi talking to their victim 0x2 - who long ago salmonella'd other bots themselves 😅😂
That's all for today!
If you're interested in working on MEV we're hiring at Flashbots :)
If you're interested in working on MEV we're hiring at Flashbots :)
https://twitter.com/hudsonjameson/status/1443299394896474117
Continue here!
https://twitter.com/bertcmiller/status/1443532075936751621
• • •
Missing some Tweet in this thread? You can try to
force a refresh
