Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges

Blockchains, and specifically smart contracts, have promised to create fair and transparent trading ecosystems. Unfortunately, we show that this promise has not been met. We document and quantify the widespread and rising deployment of arbitrage bots in blockchain systems, specifically in decentralized exchanges (or "DEXes"). Like high-frequency traders on Wall Street, these bots exploit inefficiencies in DEXes, paying high transaction fees and optimizing network latency to frontrun, i.e., anticipate and exploit, ordinary users' DEX trades. We study the breadth of DEX arbitrage bots in a subset of transactions that yield quantifiable revenue to these bots. We also study bots' profit-making strategies, with a focus on blockchain-specific elements. We observe bots engage in what we call priority gas auctions (PGAs), competitively bidding up transaction fees in order to obtain priority ordering, i.e., early block position and execution, for their transactions. PGAs present an interesting and complex new continuous-time, partial-information, game-theoretic model that we formalize and study. We release an interactive web portal, this http URL, to provide the community with real-time data on PGAs. We additionally show that high fees paid for priority transaction ordering poses a systemic risk to consensus-layer security. We explain that such fees are just one form of a general phenomenon in DEXes and beyond---what we call miner extractable value (MEV)---that poses concrete, measurable, consensus-layer security risks. We show empirically that MEV poses a realistic threat to Ethereum today. Our work highlights the large, complex risks created by transaction-ordering dependencies in smart contracts and the ways in which traditional forms of financial-market exploitation are adapting to and penetrating blockchain economies.

[1]  M. Shubik The Dollar Auction game: a paradox in noncooperative behavior and escalation , 1971 .

[2]  Nick Szabo,et al.  Formalizing and Securing Relationships on Public Networks , 1997, First Monday.

[3]  David Levine,et al.  Winner determination in combinatorial auction generalizations , 2002, AAMAS '02.

[4]  A. Cabrales,et al.  Equilibrium selection through incomplete information in coordination games: an experimental study , 2007 .

[5]  R. Aumann,et al.  Unraveling in Guessing Games : An Experimental Study , 2007 .

[6]  Dan Bernhardt,et al.  Front-running dynamics , 2008, J. Econ. Theory.

[7]  Sunny King,et al.  PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake , 2012 .

[8]  Henry G. Berg,et al.  Hanson's Automated Market Maker , 2012 .

[9]  Ronald L. Rivest,et al.  FlipIt: The Game of “Stealthy Takeover” , 2012, Journal of Cryptology.

[10]  M. Lewis Flash Boys: A Wall Street Revolt , 2014 .

[11]  Joshua A. Kroll,et al.  On Decentralizing Prediction Markets and Order Books , 2014 .

[12]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[13]  Jae Kwon,et al.  Tendermint : Consensus without Mining , 2014 .

[14]  Eric Budish,et al.  The High-Frequency Trading Arms Race: Frequent Batch Auctions as a Market Design Response , 2015 .

[15]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[16]  Elaine Shi,et al.  The Ring of Gyges: Investigating the Future of Criminal Smart Contracts , 2016, CCS.

[17]  Fan Zhang,et al.  Town Crier: An Authenticated Data Feed for Smart Contracts , 2016, CCS.

[18]  S. Matthew Weinberg,et al.  On the Instability of Bitcoin Without the Block Reward , 2016, CCS.

[19]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[20]  Viktor Manahov Front‐Running Scalping Strategies and Market Manipulation: Why Does High‐Frequency Trading Need Stricter Regulation? , 2016 .

[21]  Elaine Shi,et al.  Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[22]  Feng Hao,et al.  A Smart Contract for Boardroom Voting with Maximum Voter Privacy , 2017, IACR Cryptol. ePrint Arch..

[23]  Silvio Micali,et al.  Algorand: Scaling Byzantine Agreements for Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[24]  Neil Gandal,et al.  Price Manipulation in the Bitcoin Ecosystem , 2017 .

[25]  Vitalik Buterin,et al.  Casper the Friendly Finality Gadget , 2017, ArXiv.

[26]  Andrew Miller,et al.  Pisa: Arbitration Outsourcing for State Channels , 2019, IACR Cryptol. ePrint Arch..

[27]  Michele Marchesi,et al.  The ICO phenomenon and its relationships with ethereum smart contract environment , 2018, 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE).

[28]  Iddo Bentov,et al.  Paralysis Proofs : Secure Dynamic Access Structures for Cryptocurrencies and More , 2018 .

[29]  Emin Gün Sirer,et al.  Majority is not enough , 2013, Financial Cryptography.

[30]  Understanding Gambling Behavior and Risk Attitudes Using Massive Online Casino Data , 2018 .

[31]  Joseph Bonneau,et al.  Hostile Blockchain Takeovers (Short Paper) , 2018, Financial Cryptography Workshops.

[32]  Philipp Jovanovic,et al.  OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[33]  Elaine Shi,et al.  Snow White: Robustly Reconfigurable Consensus and Applications to Provably Secure Proof of Stake , 2019, Financial Cryptography.

[34]  Jeremy Clark,et al.  SoK: Transparent Dishonesty: Front-Running Attacks on Blockchain , 2019, Financial Cryptography Workshops.