[en] Decentralized exchanges (DEXs) allow parties to participate in financial markets while retaining full custody of their funds. However, the transparency of blockchain-based DEX in combination with the latency for transactions to be processed, makes market-manipulation feasible. For instance, adversaries could perform front-running — the practice of exploiting (typically non-public) information that may change the price of an asset for financial gain.
In this work we formalize, analytically exposit and empirically evaluate an augmented variant of front- running: sandwich attacks, which involve front- and back-running victim transactions on a blockchain-based DEX. We quantify the probability of an adversarial trader being able to undertake the attack, based on the relative positioning of a transaction within a blockchain block. We find that a single adversarial trader can earn a daily revenue of over several thousand USD when performing sandwich attacks on one particular DEX — Uniswap, an exchange with over 5M USD daily trading volume by June 2020. In addition to a single-adversary game, we simulate the outcome of sandwich attacks under multiple competing adversaries, to account for the real-world trading environment.
Disciplines :
Computer science
Author, co-author :
Zhou, Liyi; Imperial College London
Qin, Kaihua; Imperial College London
FERREIRA TORRES, Christof ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN
Le, Duc v; Purdue University - Purdue
Gervais, Arthur; Imperial College London
External co-authors :
yes
Language :
English
Title :
High-Frequency Trading on Decentralized On-Chain Exchanges
Publication date :
2021
Event name :
42nd IEEE Symposium onSecurity and Privacy
Event date :
from 23-05-2021 to 27-05-2021
Main work title :
IEEE Symposium on Security and Privacy, 23-27 May 2021
Implementing Ethereum trading front-runs on the Bancor exchange in Python, 2019.
Kyber: An on-chain liquidity protocol. Technical report, Kyber Network, April 2019.
NASDAQ Glossary, 2019.
James J Angel and Douglas McCabe. Fairness in financial markets: The case of high frequency trading. Journal of Business Ethics, 112(4):585-595, 2013.
Guillermo Angeris, Hsien-Tang Kao, Rei Chiang, Charlie Noyes, and Tarun Chitra. An analysis of uniswap markets. arXiv preprint arXiv:1911.03380, 2019.
Jakob Arnoldi. Computer algorithms, market manipulation and the institutionalization of high frequency trading. Theory, Culture & Society, 33(1):29-52, 2016.
Matthew Baron, Jonathan Brogaard, Bj¨orn Hagstr¨omer, and Andrei Kirilenko. Risk and return in high-frequency trading. Journal of Financial and Quantitative Analysis, 54(3):993- 1024, 2019.
Donald Beaver and Stuart Haber. Cryptographic protocols provably secure against dynamic adversaries. In Workshop on the Theory and Application of of Cryptographic Techniques, pages 307-323. Springer, 1992.
Iddo Bentov, Yan Ji, Fan Zhang, Lorenz Breidenbach, Philip Daian, and Ari Juels. Tesseract: Real-time cryptocurrency exchange using trusted hardware. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pages 1521-1538, 2019.
Bitinfocharts. Ethereum block time.
Joseph Bonneau, EdwardWFelten, Steven Goldfeder, Joshua A Kroll, and Arvind Narayanan. Why buy when you can rent? bribery attacks on bitcoin consensus. 2016.
Joseph Bonneau, Andrew Miller, Jeremy Clark, Arvind Narayanan, Joshua A Kroll, and Edward W Felten. Sok: Research perspectives and challenges for bitcoin and cryptocurrencies. In Security and Privacy (SP), 2015 IEEE Symposium on, pages 104-121. IEEE, 2015.
Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, and Howard Wu. Zexe: Enabling decentralized private computation. Cryptology ePrint Archive, Report 2018/962, 2018. https://eprint.iacr.org/2018/962.
Lorenz Breindenbach, Phil Daian, Florian Tram`er, and Ari Juels. Enter the hydra: Towards principled bug bounties and exploit-resistant smart contracts. In 27th USENIX Security Symposium (USENIX Security 18), pages 1335-1352, 2018.
Benedikt B¨unz, Shashank Agrawal, Mahdi Zamani, and Dan Boneh. Zether: Towards privacy in a smart contract world. IACR Cryptol. ePrint Arch., 2019:191, 2019.
Raymond Cheng, Fan Zhang, Jernej Kos, Warren He, Nicholas Hynes, Noah Johnson, Ari Juels, Andrew Miller, and Dawn Song. Ekiden: A platform for confidentiality-preserving, trustworthy, and performant smart contracts. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P), pages 185-200. IEEE, 2019.
Securities Commission and Exchange. SEC Enforcement Action Against EtherDelta. Technical report.
Philip Daian, Steven Goldfeder, Tyler Kell, Yunqi Li, Xueyuan Zhao, Iddo Bentov, Lorenz Breidenbach, and Ari Juels. Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges. arXiv preprint arXiv:1904.05234, 2019.
Christian Decker and Roger Wattenhofer. Information propagation in the bitcoin network. In Conference on Peer-to-Peer Computing, pages 1-10, 2013.
DutchX, July 2019. accessed 12 November, 2019, https:// github.com/gnosis/dx-docs.
Ǒguzhan Ersoy, Zhijie Ren, Zekeriya Erkin, and Reginald L Lagendijk. Transaction propagation on permissionless blockchains: incentive and routing mechanisms. In 2018 Crypto Valley Conference on Blockchain Technology (CVCBT), pages 20-30. IEEE, 2018.
Shayan Eskandari, Seyedehmahsa Moosavi, and Jeremy Clark. Sok: Transparent dishonesty: Front-running attacks on blockchain. In Andrea Bracciali, Jeremy Clark, Federico Pintore, Peter B. Ronne, and Massimiliano Sala, editors, Financial Cryptography and Data Security, pages 170-189, Cham, 2020. Springer International Publishing.
Prastudy Fauzi, Sarah Meiklejohn, Rebekah Mercer, and Claudio Orlandi. Quisquis: A new design for anonymous cryptocurrencies. 11921:649-678, 2019.
Juan Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol: Analysis and applications. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 281-310. Springer, 2015.
Adem Efe Gencer, Soumya Basu, Ittay Eyal, Robbert Van Renesse, and Emin G¨un Sirer. Decentralization in bitcoin and ethereum networks. arXiv preprint arXiv:1801.03998, 2018.
Arthur Gervais, Ghassan O Karame, Karl W¨ust, Vasileios Glykantzis, Hubert Ritzdorf, and Srdjan Capkun. On the security and performance of proof of work blockchains. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 3-16. ACM, 2016.
Arthur Gervais, Hubert Ritzdorf, Ghassan O Karame, and Srdjan Capkun. Tampering with the delivery of blocks and transactions in bitcoin. In Conference on Computer and Communications Security, pages 692-705. ACM, 2015.
Ethan Heilman, Alison Kendler, Aviv Zohar, and Sharon Goldberg. Eclipse attacks on bitcoin's peer-to-peer network. In 24th {USENIX} Security Symposium ({USENIX} Security 15), pages 129-144, 2015.
Sebastian Henningsen, Daniel Teunis, Martin Florian, and Bj¨orn Scheuermann. Eclipsing ethereum peers with false friends. In 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pages 300-309. IEEE, 2019.
Eyal Hertzog, Guy Benartzi, and Galia Benartzi. Bancor protocol. 2017.
Robert A Jarrow. Market manipulation, bubbles, corners, and short squeezes. Journal of financial and Quantitative Analysis, 27(3):311-336, 1992.
Ghassan O Karame, Elli Androulaki, and Srdjan Capkun. Double-spending fast payments in bitcoin. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 906-917. ACM, 2012.
Mahimna Kelkar, Fan Zhang, Steven Goldfeder, and Ari Juels. Order-fairness for byzantine consensus. Cryptology ePrint Archive, Report 2020/269, 2020. https://eprint.iacr.org/2020/ 269.
Seoung Kyun Kim, Zane Ma, Siddharth Murali, Joshua Mason, Andrew Miller, and Michael Bailey. Measuring Ethereum network peers. In Proceedings of the Internet Measurement Conference 2018, pages 91-104. ACM, 2018.
A Kosba, A Miller, E Shi, Z Wen, and C Papamanthou. Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. In IEEE Symposium on Security and Privacy, pages 839-858, 2016.
Aurora Labs. Idex: A real-time and high-throughput ethereum smart contract exchange. Technical report, January 2019.
Kevin Liao and Jonathan Katz. Incentivizing blockchain forks via whale transactions. In International Conference on Financial Cryptography and Data Security, pages 264-279. Springer, 2017.
Tom CW Lin. The new market manipulation. Emory LJ, 66:1253, 2016.
Xuan Luo, Wei Cai, Zehua Wang, Xiuhua Li, and CM Victor Leung. A payment channel based hybrid decentralized ethereum token exchange. In 2019 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), pages 48-49. IEEE, 2019.
MakerDao. Intro to the oasisdex protocol, September 2019. accessed 12 November, 2019, https://github.com/ makerdao/developerguides/blob/master/Oasis/intro-to-oasis/ intro-to-oasis-maker-otc.md.
Yuval Marcus, Ethan Heilman, and Sharon Goldberg. Lowresource eclipse attacks on ethereum's peer-to-peer network. IACR Cryptology ePrint Archive, 2018(236), 2018.
Vasilios Mavroudis and Hayden Melton. Libra: Fair Order- Matching for Electronic Financial Exchanges. arXiv preprint arXiv:1910.00321, 2019.
Patrick McCorry, Alexander Hicks, and Sarah Meiklejohn. Smart contracts for bribing miners. In International Conference on Financial Cryptography and Data Security, pages 3-18. Springer, 2018.
Albert J Menkveld. The economics of high-frequency trading: Taking stock. Annual Review of Financial Economics, 8:1-24, 2016.
Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. 2008.
Kaihua Qin, Liyi Zhou, Benjamin Livshits, and Arthur Gervais. Attacking the defi ecosystem with flash loans for fun and profit. arXiv preprint arXiv:2003.03810, 2020.
Eli Ben Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza. Zerocash: Decentralized anonymous payments from bitcoin. In Security and Privacy (SP), 2014 IEEE Symposium on, pages 459-474. IEEE, 2014.
Jiahua Xu and Benjamin Livshits. The anatomy of a cryptocurrency pump-and-dump scheme. In 28th USENIX Security Symposium (USENIX Security 19), pages 1609-1625, 2019.
