Share this page!

Robert Miller Profile picture
Twitter logo
8 Oct, 5 tweets, 1 min read
MEV isn't for the faint of heart

Here's a searcher whose contract had a bug and got exploited, losing them $1m in a single transaction (!)

etherscan.io/tx/0xcc25b53fd…
The above searcher wrote their contract in Yul and had a function for token approvals that they didn't have the appropriate checks on.

The attacker reverse engineered the decompiled assembly, found the never used approve function, and figured out the custom data input format.
I'm starting to think there might be one or two sharks out there that are doing this full time.

What a job that would be: decompiled assembly bug finder

... starting salary $5m/year
Anyway, there's nothing really to dig into here. Just a straightforward bug in a contract (not requiring the caller of a function was the owner) and an attacker who threaded a needle somehow to find that.
I should make a hall of fame for this or something

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Robert Miller

Robert Miller Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @bertcmiller

Robert Miller Profile picture
6 Oct
Announcing Flashbots Protect: a suite of tools that makes it easier to use Flashbots for frontrunning protection

The first two Protect products are an API for developers and an RPC endpoint for end users

A brief thread about these products

medium.com/flashbots/anno…
It's always been possible to submit transactions to Flashbots for frontrunning protection. But it hasn't always been easy to do so.

The Flashbots Auction is powerful but submitting transactions has required new tools and new ways of thinking about those transactions.
For example the Flashbots Auction uses "bundles" and not transactions as the relevant object

As you can see in this image, bundles include transactions, but have other fields too

That means you can't natively send transactions to Flashbots, you need to wrap them in bundles Image
Read 11 tweets
Robert Miller Profile picture
30 Sep
This week a bot drained ~30 ETH from🥪 bots using clever baiting and a fake Uniswap pool

A thread on 🥪 bots, how they defend themselves, and the latest in breaking those defenses 👇🏻🧵
.@NathanWorsley_ created the first poison sandwich with salmonella. Over 200 days later people are still wrecking sandwich bots for fun and profit!

I'll briefly recap how salmonella works for those who are new

github.com/Defi-Cartel/sa…
🥪 bots watch the mempool for users buying on DEXes and 🥪 them:
1.🥪bot buys an asset to push the price up
2. victim buys at an inflated price, pushes price up more
3. 🥪 bot dumps at a profit at the victim's expense
Read 27 tweets
Robert Miller Profile picture
27 Sep
Rediscovered what I think is the biggest on-chain arb of all time: a 1200+ ETH arb

etherscan.io/tx/0xb72689042…
Transaction fee of ~$130 too. Insane.
Would love if someone could prove me wrong and has a bigger arb to share
Read 4 tweets
Robert Miller Profile picture
27 Sep
Today Flashbots is releasing v0.4 and introducing mega bundles to the Flashbots Network

Mega bundles will let us innovate faster, support more bundles and will lead to new searcher strategies and more miner revenue

A thread on mega bundles 🧵👇🏻
Flashbots is an open MEV marketplace. On 1 side of the market users submit "bundles" of txs. On the other miners run an auction & place the highest gas price bundles at the top of blocks.

This allows miners of any size to extract MEV, which is important for economic security.
In the early days of Flashbots only 1 bundle could be included in a block. That greatly limited our impact.

Our v0.2 release introduced multiple bundles per block through a merging process & gave miners control the number bundles they wanted to include

Read 16 tweets
Robert Miller Profile picture
8 Sep
Let’s get a few things straight.

Eden's lead investor - @multicoincap - is lying about Flashbots and Eden.

🧵
Contrary to Multicoin's claims, minimizing MEV is core to Flashbots' mission & products.

That shows from our funding of fairness and ethics research, work on MEV aware dApps, & 100s of users that have used Flashbots to skip the mempool & protect themselves from frontrunning.
More importantly, Multicoin is lying about Eden: it is not permissionless OR transparent.

Eden is a permissioned system with a multisig that has exclusive control over MEV payouts to miners. The Eden team alone decides whether miners are mining "Eden blocks" and should be paid.
Read 10 tweets
Robert Miller Profile picture
6 Sep
Dropping what is probably the most alpha packed thing I've written so far: an in-depth writeup of my strategy for a highly competitive MEV opportunity, the Synthetix Ether Collateral Liquidations, along with code

Blog post:
bertcmiller.com/2021/09/05/mev…

Repo:
github.com/bertmiller/sMEV
Blog post contains:
- My process from start the finish
- Explanation of why I made the design decisions I did
- How I sped up data collection
- A few gas optimizations
- Explanation of my economic strategy
- My novel bundle submission strategy
- Code snippets
- Many links
Repo contains:
- The only (I think?) open source example of how to backrun transactions
- Monitoring tools I made
- Contracts used for execution, including dydx flashloan
- Contract for data collection
- my somewhat embarrassing messy Hardhat testing env
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @bertcmiller has new unrolls!

Check out other threads from @bertcmiller!

Read all threads by @bertcmiller

:(