Front Running a Solidity smart contract

When a transaction is submitted to the block chain it is broadcasted to the memory pool and is waiting for inclusion into the next block. Miners are querying the transaction pool to collate transactions for the next block. They typically include the transactions with the highest fee first in the next block as they are incentivized to do so. Since all transactions are visible in the transaction pool (mempool), observers of the network can see and react to an transaction before it is included in the next block. This is called front running.

An example of how a transaction can be exploited and front run.

  • Decentralized exchange transactions can be seen in the transaction pool
  • A bad actor can have a process monitor the transaction pool
  • If the process finds a transaction it deems as profitable it can copy the transaction and submit it with a higher gas fee.
  • This will result in the bad actors transaction being included in the next block ahead of the first transaction

Protecting against front running is difficult, as it would come down to the specific contract itself or transaction itself. Sometimes you need to think about how to hide a transaction.

Here is a good article on front running in the mempool.

Below is a video that shows a Javascript Bot running in Node JS monitoring the Ethereum transaction pool (memory pool) and front running transactions. It is very interesting to see in action.

Next Review – Arithmetic Overflow and underflow

Leave a Reply