Blockchain Safety: Front Running Attacks on Smart Contracts

Olszewski Aleksander Olszewski 2 mięce temu

The Front running term comes from the era when stock traders would literally run with their orders to get past their clients order. They uses non-public knowledge to exploit and manipulate the market price. Blockchain development transcribes the same problem in the web reality.

In blockchain, the transactions entering the pool, but not coded in the block might be manipulated, and a short moment might give hackers an attack vector.

Transaction-Ordering Attacks

Just a simple example, to help you grasp the idea:

Let’s imagine an ICO where the price of a token increases with every transaction. You know that an investor sent a buy request for 100,000,000 tokens. If you buy a number of tokens before him, you will get them at much lower price.

The request floats in the mempool for a while. During this moment, you send a quick buy request that will be finalized before the investor’s one - or as a miner, simply change the order of the transactions in the mining block.

And if you succeed, you end up with a number of tokens, that have now doubled their market price.

Running attacks on EIP-20

There’s a common attack vector on EIP-20 token - its approve() function is an agreement for sending a requested amount. The front running attack includes sending a second request after the first one to certify the transferFrom() request on a different amount.

Protecting from the attacks

In general, you should pay attention to the doubled requests, and take a closer look at how the processes that run simultaneously interfere with each other.

But to make sure your tokens are safe, you need a full scale Smart Contract security audit. The topic of protecting it from attacks is vast and requires an individual approach.

Looking for a blockchain software house?

Talk to our blockchain development team.


Posted in All, Blockchain on paź 25, 2018

Related posts