Nice work, but honestly I'm not sure why they bother.
The article states that the purpose of these smart contracts is:
"Stake your tokens with us and you could be the next cryptocurrency millionaire"
That's an obvious scam. Anyone who gave real money to such a cause has already lost it. So why is the author giving away his time to help the scammers?
'Yield farming' has been very popular the past few months. Compound Finance was the first to kick off the hype by giving away their governance tokens to people that used their platform. You can compare it to Facebook giving you some of their stock by being an active user.
The end game of those governance tokens is for them to control the whole platform, so absolutely no changes can be made to the platform without being voted in by the token holders. All of this is enforced trustlessly on the blockchain through smart contracts. As a token holder you really own part of the platform.
This is a very powerful concept, so a lot of people are interested in buying those governance tokens outright. So what you can do is put your money in one of those platforms, receive governance tokens and sell them to people that want to buy them outright. You can make quite good money doing this.
Now a lot of projects popped up that basically had nothing to offer, yet people were still buying their governance tokens, meaning you could still make money by putting your money in there and selling those tokens to those people quick before those tokens became worthless, basically an advanced game of chicken.
So what I'm saying is not all of those 'stake your money and receive tokens' are outright scams. There are some very legitimate projects being built that give away governance tokens. Uniswap comes to mind, the most popular decentralized exchange, doing over half a billion in volume yearly. There's of course a lot more nuance and not everything works as it should yet, but there's a lot of interesting stuff being built every day.
I just don't understand the entire article - who is this guy? What is he doing? Why is he doing it? What are the dozens of different acronyms in this article and what do they mean? Who owns the 9.6M dollars and where was it at the risk of going?
Maybe this is a good article for someone deep into crypto, but for myself, as a casual morning read - I have no idea what happened.
Yes, if you're an enthusiast, it seems like good, technical fun.
But I have no idea how an "investor" could read this and think they can price the risk correctly. This isn't even the wild west of finance--this is intergalactic space.
I still don't understand what's happening at the core of this and the other dark forest post from a few weeks ago. How exactly are these bots front-running/stealing the ethereums?
My understanding:
-these bots scan the smart contracts that are waiting to be executed by the miners
-the bots find vulnerabilities (another grey area in my mind) in the contract
-the bots adjust the destination address of where the contract is supposed to send the the ethereums
-then the bots continually execute the vulnerable smart contract code
Imagine that everyone agreed that just one slow computer would handle banking, contracts, and the stock markets for the entire world. This gets rid of any pesky concurrency issues. To move money from person to person, or to execute contracts or programs, you write up a sticky note with what you want to have done, sign it, and attach some money to it. Once every couple minutes, the computer administrators come out, collect a couple notes with the most money on them, and feed those into the computer.
The Dark Forest attack is possible because everyone can see all the notes on the board waiting to be processed, and everyone can simulate exactly, precisely what the really slow computer will do with a given note.
Suppose you found someone wanting to sell TSLA stock for $5 and someone wanting to buy it for $400. You would write up a note to buy it for $5 and sell it for $400, and stick it on the board. However, the moment you put the note on the board, the attackers and their automated telescopes have simulated that this note results in the holder having $395 more than they started with, and gave nothing away in return. The attacker then simulates an alternate future in which they post the note instead, and verify that they get the money. It works! So the attacker copies your note, signs it themselves, puts a much bigger wad of cash on it than you did, and slaps it up on the board.
When the operators come out, they collect the attackers note first (more cash) and by the time your note is run, the opportunity is no longer there.
It's much simpler than that. (Also, you appear to have a few concepts mixed up. For instance, one doesn't execute smart contracts, but rather transactions. Smart contracts just sit there until someone sends a transaction to one, at which point it executes that transaction.)
What the bot does is that it checks each transaction that is waiting to be executed and simulates sending that transaction itself on a private blockchain forked from the real network. If the simulation results in a profit, it frontruns that transaction -- i.e., it sends the transaction itself for real, but bidding a higher price than the original sender did, so that its transaction will get executed rather than the the original transaction it's copying.
It doesn't need to perform any sort of vulnerability scan; it just mimics other people exploiting arbitrage or vulnerabilities and pays more to get there first.
Similarly, it doesn't need to adjust any destination addresses. It's just looking for arbitrage opportunities or vulnerabilities that will direct ether to the sender. Smart contracts are entirely capable of getting the address of the message sender, and using that as a destination to send ether to. So the bot doesn't need to adjust the transaction data at all, which would be substantially more complicated.
You put your gold in a box and stuck it in the ground in a ranch in the middle of nowhere. No one knows there is gold in a box in the ground so it's safe. But people know that other people but gold in boxes and stick it in the ground.
One day you go to get it so you load up your pickup with gold digging equipment and drive to the ranch. On the way are spotters. They see your truck has gold digging equipment. They see that the road you're going down leads to the ranch. It's obvious what you're going to do.
They load up their faster Ford Ranger and blaze down the road. You can't catch up. They have a faster car. You get there. They have taken your gold.
If you hadn't gone there, the gold was relatively safe. Maybe some day someone happens on it but realistically probably not.
But you went. By looking for it you revealed you were looking and you revealed where you were looking.
My understanding of the front-running issue in these two cases is that a human being found vulnerabilities in particular smart contracts, which would allow anyone to claim the value protected by a particular contract. The human beings wanted to use these vulnerabilities to transfer the value somewhere, such as to an escrow account or to the original owners of that value. However, since the vulnerabilities allow anyone to do this, the front-runners could take this value for themselves by noticing the humans' attempt to execute the transactions, and then more quickly executing the exact same transaction with a different destination.
You can't take advantage of a "normal" cryptocurrency transaction this way because the "normal" transaction is like a super-minimal smart contract that's designed to pay only one hard-coded recipient. Therefore, that transaction either happens or doesn't happen, but its recipient can't be altered. Nor can you take advantage of a non-vulnerable smart contract this way, because the non-vulnerable smart contract can't be triggered to perform an action that its creators would consider inappropriate. But for a vulnerable smart contract, there's a series of events that would cause it to send value to an arbitrary address (and not in exchange for some other adequate compensatory value). It's this case where the front-runners want to find a way to swap in their own addresses for these transactions, and that's also why obfuscation could deter that -- making it hard for the front-runners to notice that that was possible.
Basically a human realizes that smart contract X is broken, and tries to enlist others to fix it. However, given the decentralized and generally shady nature of crypto, the process of disclosure also means a bad actor could get wind of the bug before it's addressed, and use the exploit to steal all of the money.
Thus, you have white hats racing to siphon money out of a buggy, immutable contract which also happens to be worth millions of real dollars. It'd be funny if there wasn't so much real money involved.
I love that they're continuing the Dark Forest analogy! Makes me also realize I never want to dip my toe in crypto like that. It's like an amateur going up to an entirely unregulated wall street and expecting to earn some quick cash.
Amateur has nothing to do with that. Ethereum, and "smart contracts" in general, are built on such shaky foundations that unless shakiness is what you're looking for, you have nothing of interest to find there.
The word you want here is "ethereum" not "crypto". Crypto is cryptography, and even if you want to redefine it as 'cryptocurrency' the sheer reckless yolo incompetence and scammyness of ethereum is not especially representative.
interesting read - seems like the solution to the dark forest is equivalent to a dark pool in traditional finance?
the logical conclusion is that within a few months we'll have dark pools run by miners who will process your transactions without broadcasting to mempool, in exchange for an increased gas fee. and, within a year, we'll find out that some dark pools sold order flow to those HFT's anyways, a la UBS https://sites.law.berkeley.edu/thenetwork/2015/01/29/ubs-dar...
All this research into smart contracts and crytpocurrency may seem pointless and a waste of time. It is very risky to dabble in, and I don't think assigning value to these "bitcoins," or whatever they may be called, will be the lasting effect of all this research. Perhaps some new programming language, or something we haven't even thought of, could be the result of these people working on the outer edges of current knowledge.
Love whitehat crypto postmortems like this. They always read like heist movies.
Curious about the use of SparkPool to bypass the mempool and get the transactions minted directly into a block. It looks like anyone can sign up and contribute their hashrate to SparkPool. Is there a risk of malicious miners running workers in their competitors' pools and then frontrunning?
AFAIK only the pool operator can see the full set of transactions for the block being mined. Pool workers only get to see the block header for the new block. This header only contains the hashed root of the transaction tree, and so they are unable to front-run private transactions in this way.
Makes me think of salvage operations, and then raises the question of how do people get paid? They're providing a valuable service. I think in shipping there are both conventions and an ability to quickly negotiate that allows contracting for a salvage ship to rush to the aid of a grounded or sinking container vessel.
Yes, there are. It's the Lloyds Open Form.[1] "No Cure - No Pay". This is the standard deal for salvage operations, and is well over a century old. It's very simple, since it's intended to be executed by someone on a sinking ship. It's sufficient for the captain of a ship in trouble to contact a "salvor" and say they accept the standard Lloyds Open Form. A message "ACCEPT SALVAGE SERVICES ON BASIS LLOYDS STANDARD FORM LOF 90 NO CURE NO PAY ACKNOWLEDGE" is enough.
Contractors’ basic obligation: The Contractors identified in Box 1 hereby agree to use their best endeavours to salve the property specified in Box 2 and to take the property to the places stated in Box 3 or to such other place as may hereafter be agreed. If no place is inserted in Box 3 and in the absence of any subsequent agreement as to the place where the property is to be taken the Contractors shall take the property to a place of safety.
The Contractors’ remuneration and/or special compensation shall be determined by arbitration in London in the manner prescribed by Lloyd’s Salvage Arbitration Clauses in force at the date of this agreement.
That's the deal.
You need some agreed way to resolve how much the job is worth for this to work. The Lloyds Open Form is an agreement to do the job and discuss later how much it's worth. That's generally settled by insurance adjusters. It's much like the aftermath of auto accidents.
How much does the salvor get? 15% - 35% of the recovered value, reports Lloyds.[2] Of course, salvors work under tough conditions. They have to have equipment and people ready 24/7 to go somewhere and do something. That's expensive. Some classic worldwide names exited in the past decade. Mammoet and Titan both dropped out.
All this is against accidental losses, not against an adversary. Where there's an opponent, it's a much tougher problem. Marine salvage is vs. the ocean. Whether this model can be made to fit programmed contract problems or ransomware is a big question. One worth pursuing.
The people helping here did it for compensation in the form of good will with key players and/or potential future customers of their respective crypto products.
If you're going to use two similar looking services for something using ETH, do you go with the one by some no-name or the one created and championed by community heros?
"Smart contracts" has always seem incredible dumb to me. Code that controls how money being transferred that cannot be updated or changed even if a bug is found.
Awesome design. It is like the opposite of what I would want to control my money in any transaction.
Very interesting story, it really does sound like a scifi thriller to me.
It also makes me wonder what type of legal battle would ensue if a blackhat were to have taken all of these funds instead, I'm not sure I've seen any public high-profile cases like that yet.
I offer that anyone who did the work that these researchers did would have also been “rightful owners” of that money.
This is the consequence of programmable money; there’s no getting around it, and, in my opinion, people shouldn’t want to. Rescuing people and brands who don’t put the effort into security from the consequences of their own mistakes isn’t a net benefit.
I'm all for anonymous teams, but look at the hoops this person had to jump through just to get in touch with them to report the bug.
When you're anonymous, all you have is your brand, and theirs should have burned to the ground for this entirely preventable error.
I agree with this. The whole "value" proposition of cryptocurrency is that there is no governing authority, no undo, no takebacks, the code is the only law. If that's _not_ what you want, you should 100% be using a bank instead.
All that "rescuing" people who have fucked up does is make the system seem more artificially reliable than it is. Providing a failsafe to people who have very deliberately and explicitly eschewed failsafes (at extreme effort and by subverting the system itself, no less) seems rather pointless and paternalistic.
i tried writing some toy Ethereum smart contracts circa 2016. at that time it was immensely difficult to write them in a secure way -- even a simple "hello world" level Solidity contract could easily have exploitable bugs if you don't code in an extremely defensive style.
i'm told things have improved since then -- can anyone who's used Solidity more recently comment on this? is it true?
this, plus the fact that putting information from the real world onto the blockchain unavoidably requires some trust, seemed like the two big problems then, and it seems like they haven't really been fixed.
Well, what are the fixes? Writing "smart contracts" is not meant to be for anybody but very seasoned developers. Also if you write a contract and do not get it audited by 3rd parties than nobody will (or should) take for anything other than a toy application. That's just the nature of writing immutable code that potentially transfers a value.
About Solidity in particular - I think most people would say it's not the best. There are endeavors to develop better languages but Solidity has become quiet deeply entrenched in the Ethereum world. Everybody is busy with much more pressing issues - like scalability.
One of my good friends has a saying, "Humans are really good at optimizing the hell out of the wrong thing." I can't help but think that when reading about any sort of heroics involving blockchain.
This is all very interesting to read about, but in the same way epic battles in Eve Online are interesting to read about but not participate in. I hope the author doesn't think this article is functioning as an enticement to use ETH myself, because it's only confirming for me that I never, ever want any of my money near that shambling wreck.
I quickly want to point out that we've recently seen a surge in uniswap/bancor based "liquidity pools" (all projects copying each other). The main idea here is that you can lock up your crypto in a smart contract - which is considered "secure" as to no one can steal it (audited code by reputable companies and such). If true the risk is very small with things like impermanent loss, which doesn't apply to all pools.
The idea here is that your money is provided liquidity and you'll get paid a portion of the fees as well as some new token which can have a very high value (for a fleeting moment).
This is important to realize when looking at the crazy marketing around these projects, if it's based on uniswap you can reasonably sure your principal won't get stolen - regardless of the scammy and weird marketing.
I was wondering why the article kept repeating details in re-worded ways as if they happened to other people. I didn't even realize that different parts were by different authors.
Nice read! That’s why I respect whitehat hackers, to be tempted by ~10million and then proceed doing the right thing. I wonder if they got a reward/bounty for managing to save all this ETH.
cryptocurreny != investment scam.
It's just another way to transfer and store value.
Interacting with automated contracts is an interesting extension to that system which can make things alot more complex.
The 'dark forest' comes from a kind of man-in-the-middle attack where anyone can see the order book and exploit it, by putting their own slightly better orders in. Hence the need for co-operation with a closed order book (miner) to get the transaction in safely.
pavlov|5 years ago
The article states that the purpose of these smart contracts is:
"Stake your tokens with us and you could be the next cryptocurrency millionaire"
That's an obvious scam. Anyone who gave real money to such a cause has already lost it. So why is the author giving away his time to help the scammers?
daanavitch|5 years ago
The end game of those governance tokens is for them to control the whole platform, so absolutely no changes can be made to the platform without being voted in by the token holders. All of this is enforced trustlessly on the blockchain through smart contracts. As a token holder you really own part of the platform.
This is a very powerful concept, so a lot of people are interested in buying those governance tokens outright. So what you can do is put your money in one of those platforms, receive governance tokens and sell them to people that want to buy them outright. You can make quite good money doing this.
Now a lot of projects popped up that basically had nothing to offer, yet people were still buying their governance tokens, meaning you could still make money by putting your money in there and selling those tokens to those people quick before those tokens became worthless, basically an advanced game of chicken.
So what I'm saying is not all of those 'stake your money and receive tokens' are outright scams. There are some very legitimate projects being built that give away governance tokens. Uniswap comes to mind, the most popular decentralized exchange, doing over half a billion in volume yearly. There's of course a lot more nuance and not everything works as it should yet, but there's a lot of interesting stuff being built every day.
gambiting|5 years ago
Maybe this is a good article for someone deep into crypto, but for myself, as a casual morning read - I have no idea what happened.
rsync|5 years ago
Forgive me - I thought that was tongue in cheek ? I thought the op was humorously paraphrasing some current, popular trend in ethereum contracts ?
No ? That's the actual function of these contracts ?
Can someone point me to one of these in the wild where I can see the actual pitch / advertisement ?
SiempreViernes|5 years ago
formerly_proven|5 years ago
ordinaryradical|5 years ago
But I have no idea how an "investor" could read this and think they can price the risk correctly. This isn't even the wild west of finance--this is intergalactic space.
antonvs|5 years ago
BEEdwards|5 years ago
I came out thinking why anyone would fuck with this gameable broken system, the more i learn about cypto the less I think of it.
unknown|5 years ago
[deleted]
snake_plissken|5 years ago
My understanding:
danielvf|5 years ago
The Dark Forest attack is possible because everyone can see all the notes on the board waiting to be processed, and everyone can simulate exactly, precisely what the really slow computer will do with a given note.
Suppose you found someone wanting to sell TSLA stock for $5 and someone wanting to buy it for $400. You would write up a note to buy it for $5 and sell it for $400, and stick it on the board. However, the moment you put the note on the board, the attackers and their automated telescopes have simulated that this note results in the holder having $395 more than they started with, and gave nothing away in return. The attacker then simulates an alternate future in which they post the note instead, and verify that they get the money. It works! So the attacker copies your note, signs it themselves, puts a much bigger wad of cash on it than you did, and slaps it up on the board.
When the operators come out, they collect the attackers note first (more cash) and by the time your note is run, the opportunity is no longer there.
Sniffnoy|5 years ago
What the bot does is that it checks each transaction that is waiting to be executed and simulates sending that transaction itself on a private blockchain forked from the real network. If the simulation results in a profit, it frontruns that transaction -- i.e., it sends the transaction itself for real, but bidding a higher price than the original sender did, so that its transaction will get executed rather than the the original transaction it's copying.
It doesn't need to perform any sort of vulnerability scan; it just mimics other people exploiting arbitrage or vulnerabilities and pays more to get there first.
Similarly, it doesn't need to adjust any destination addresses. It's just looking for arbitrage opportunities or vulnerabilities that will direct ether to the sender. Smart contracts are entirely capable of getting the address of the message sender, and using that as a destination to send ether to. So the bot doesn't need to adjust the transaction data at all, which would be substantially more complicated.
renewiltord|5 years ago
One day you go to get it so you load up your pickup with gold digging equipment and drive to the ranch. On the way are spotters. They see your truck has gold digging equipment. They see that the road you're going down leads to the ranch. It's obvious what you're going to do.
They load up their faster Ford Ranger and blaze down the road. You can't catch up. They have a faster car. You get there. They have taken your gold.
If you hadn't gone there, the gold was relatively safe. Maybe some day someone happens on it but realistically probably not.
But you went. By looking for it you revealed you were looking and you revealed where you were looking.
schoen|5 years ago
You can't take advantage of a "normal" cryptocurrency transaction this way because the "normal" transaction is like a super-minimal smart contract that's designed to pay only one hard-coded recipient. Therefore, that transaction either happens or doesn't happen, but its recipient can't be altered. Nor can you take advantage of a non-vulnerable smart contract this way, because the non-vulnerable smart contract can't be triggered to perform an action that its creators would consider inappropriate. But for a vulnerable smart contract, there's a series of events that would cause it to send value to an arbitrary address (and not in exchange for some other adequate compensatory value). It's this case where the front-runners want to find a way to swap in their own addresses for these transactions, and that's also why obfuscation could deter that -- making it hard for the front-runners to notice that that was possible.
drchopchop|5 years ago
Thus, you have white hats racing to siphon money out of a buggy, immutable contract which also happens to be worth millions of real dollars. It'd be funny if there wasn't so much real money involved.
ladberg|5 years ago
pron|5 years ago
nullc|5 years ago
huac|5 years ago
the logical conclusion is that within a few months we'll have dark pools run by miners who will process your transactions without broadcasting to mempool, in exchange for an increased gas fee. and, within a year, we'll find out that some dark pools sold order flow to those HFT's anyways, a la UBS https://sites.law.berkeley.edu/thenetwork/2015/01/29/ubs-dar...
superkuh|5 years ago
larzang|5 years ago
gabereiser|5 years ago
clay-dreidels|5 years ago
iameli|5 years ago
Curious about the use of SparkPool to bypass the mempool and get the transactions minted directly into a block. It looks like anyone can sign up and contribute their hashrate to SparkPool. Is there a risk of malicious miners running workers in their competitors' pools and then frontrunning?
bodski|5 years ago
kevinpet|5 years ago
Animats|5 years ago
Contractors’ basic obligation: The Contractors identified in Box 1 hereby agree to use their best endeavours to salve the property specified in Box 2 and to take the property to the places stated in Box 3 or to such other place as may hereafter be agreed. If no place is inserted in Box 3 and in the absence of any subsequent agreement as to the place where the property is to be taken the Contractors shall take the property to a place of safety.
The Contractors’ remuneration and/or special compensation shall be determined by arbitration in London in the manner prescribed by Lloyd’s Salvage Arbitration Clauses in force at the date of this agreement.
That's the deal.
You need some agreed way to resolve how much the job is worth for this to work. The Lloyds Open Form is an agreement to do the job and discuss later how much it's worth. That's generally settled by insurance adjusters. It's much like the aftermath of auto accidents.
How much does the salvor get? 15% - 35% of the recovered value, reports Lloyds.[2] Of course, salvors work under tough conditions. They have to have equipment and people ready 24/7 to go somewhere and do something. That's expensive. Some classic worldwide names exited in the past decade. Mammoet and Titan both dropped out.
All this is against accidental losses, not against an adversary. Where there's an opponent, it's a much tougher problem. Marine salvage is vs. the ocean. Whether this model can be made to fit programmed contract problems or ransomware is a big question. One worth pursuing.
[1] https://www.lloyds.com/market-resources/lloyds-agency/salvag...
[2] https://www.tugadvise.com/wp-content/uploads/2015/10/lloyds-...
MacsHeadroom|5 years ago
If you're going to use two similar looking services for something using ETH, do you go with the one by some no-name or the one created and championed by community heros?
huac|5 years ago
ecmascript|5 years ago
Awesome design. It is like the opposite of what I would want to control my money in any transaction.
ve55|5 years ago
It also makes me wonder what type of legal battle would ensue if a blackhat were to have taken all of these funds instead, I'm not sure I've seen any public high-profile cases like that yet.
sneak|5 years ago
This is the consequence of programmable money; there’s no getting around it, and, in my opinion, people shouldn’t want to. Rescuing people and brands who don’t put the effort into security from the consequences of their own mistakes isn’t a net benefit.
I'm all for anonymous teams, but look at the hoops this person had to jump through just to get in touch with them to report the bug.
When you're anonymous, all you have is your brand, and theirs should have burned to the ground for this entirely preventable error.
lukev|5 years ago
All that "rescuing" people who have fucked up does is make the system seem more artificially reliable than it is. Providing a failsafe to people who have very deliberately and explicitly eschewed failsafes (at extreme effort and by subverting the system itself, no less) seems rather pointless and paternalistic.
currymj|5 years ago
i'm told things have improved since then -- can anyone who's used Solidity more recently comment on this? is it true?
this, plus the fact that putting information from the real world onto the blockchain unavoidably requires some trust, seemed like the two big problems then, and it seems like they haven't really been fixed.
vvpan|5 years ago
About Solidity in particular - I think most people would say it's not the best. There are endeavors to develop better languages but Solidity has become quiet deeply entrenched in the Ethereum world. Everybody is busy with much more pressing issues - like scalability.
wins32767|5 years ago
squeezingswirls|5 years ago
Analemma_|5 years ago
askmike|5 years ago
The idea here is that your money is provided liquidity and you'll get paid a portion of the fees as well as some new token which can have a very high value (for a fleeting moment).
This is important to realize when looking at the crazy marketing around these projects, if it's based on uniswap you can reasonably sure your principal won't get stolen - regardless of the scammy and weird marketing.
itronitron|5 years ago
AgentME|5 years ago
NKosmatos|5 years ago
unknown|5 years ago
[deleted]
stackzero|5 years ago
Interacting with automated contracts is an interesting extension to that system which can make things alot more complex.
The 'dark forest' comes from a kind of man-in-the-middle attack where anyone can see the order book and exploit it, by putting their own slightly better orders in. Hence the need for co-operation with a closed order book (miner) to get the transaction in safely.
vvpan|5 years ago
johannes1813|5 years ago
centimeter|5 years ago