Anticipating a sell-out initial coin offering (ICO), a crypto-enthusiast is patiently waiting to send a purchase over the blockchain when the ICO begins.
As soon as it does, he broadcasts the transaction over the network, but it doesn’t go through. He tries again. And again. Still nothing.
On Reddit, other users are furious. They lament. Why weren’t their transactions being picked up? Project corruption? Bigger whales?
New research suggests the biggest threat to a fair token sale may be miners.
Tasked with organizing the transactions that go into each block, miners, it seems, have found themselves in a powerful position in regards to ICOs – one that could be quite lucrative for them at the expense of users.
Defining the problem
The practice is called “frontrunning,” and it’s alleged to occur when mining pools detect large volumes of transactions being used for the purchase of new tokens. Rather than treat the transactions as any other, they instead cut the line.
And in ICOs where demand is high, transaction ordering can mean the difference between a successful bid at retail prices, and being stuck with a higher price tag later. That’s because if the token sells out while there’s still demand, the miners can then resell the tokens on a secondary market at a premium.
It’s an ingenious hack, but a tough one to pull off.
Everything has to be just right, the ICO can’t sell out in one block, and it can’t have too long a time frame for buys, either, like tokens that haven’t garnered much interest and so don’t sell out at all. The sweet spot: selling out in 20 to 30 blocks.
And that’s not all. Not only does the mining pool have to reorganize transactions so its own are in the next block to be found, it would also have to win the block race to verify that block. Because if they didn’t, the mining pool that verified the block would be able to see the reorganization and call fraud.
It’s risky. But yet, there’s evidence, or at least, speculation that it’s happened.
In June this year, it was alleged that China-based F2Pool created addresses to purchase tokens from the Status ICO, and that those addresses were the only ones mined in a block published by the pool.
Widespread or not, the idea that some ICOs not be fair has nonetheless sparked the interest of researchers, and Cornell’s Initiative for Cryptocurrencies and Contracts (IC3) has come up with a possible solution.
In a blog post released today, the noted blockchain research outfit will outline what it’s calling “submarine sends” – a potential solution to ICO frontrunning.
While technically dense, Phil Daian, an IC3 researcher who co-authored the paper with Lorenz Breidenbach, Ari Juels and Florian Tramer, explained the process more colloquially: submarine sends obfuscate transactions so they appear like any regular ethereum transaction going to a brand-new address.
Because miners aren’t able to see the amount being sent, what contract is being used and what the recipient address is, they’ll order the transaction in the block and lock it in. And only then will the specifics of the transaction be made public.
Daian told :
“Let’s say you’re on an exchange, and want to put in a market order of a half a bitcoin for the purchase of ether, and some miner puts in their transaction in front of you. They buy ether at a lower price, and then you buy ether at a higher price, and then the miner sells right away and makes a profit.”
And this is exasperated in ICOs that have caps on the amount of tokens being sold, since, after the ICO has closed, “tokens start trading right away at a higher price, driven up by scarcity,” according to Daian.
He pointed to the 0x ICO, saying that although it doesn’t seem like frontrunning was a problem there, the sought-after tokens sold for about five times their initial price on secondary markets after the ICO ended.
Daian, like many others in the community, don’t have much sympathy for miners, who already make thousands per successful block. But like most things in the cryptocurrency world, it’s hard to prove abuse.
“There’s some small scale examples where [miner frontrunning] looks pretty probable. But it’s always hard to prove anything in a system without real identity,” Daian said.
Spotting bad actors
Rick Dudley – an IT consultant and CEO of Vulcanize Inc., which provides consultancy and security audits for decentralized applications – seconded Daian’s comment with the caveat that it depends how flagrant the miners are when trying to take advantage of their position.
For instance, he described how in some ICO sales, frontrunning is possible to detect by observing the “mempool” (the area where transactions sit unconfirmed waiting to be put in blocks). Here, Dudley said, he’s observed situations in which transactions that were supposed to go into the next block were skipped over for transactions that seemed to suddenly appear out of thin air.
While the mining pool has plausible deniability (it could be that there was a bug in the system), if this transaction skipping continues to happen, Dudley said it’s an obvious warning sign of frontrunning.
During the F2Pool instance, it’s speculated that the mining pool developed software, not to reorder transactions, but to reject transactions that were not on their “whitelist,” and to only pick up transactions from specific addresses (ones it had created).
According to Daian, users were able to look inside those blocks and see that trend, especially since most of the blocks F2Pool mined were nearly empty.
Software that works off a whitelist, Daian continued, is much easier to build than the software necessary to reorder transactions.
“There’s a large amount of technical knowledge you’d need to have to do this. And most miners are not also programmers,” he said.
It would take both time and money to create something like this, and because volume is still relatively small, the reward isn’t big enough for most miners to saddle the burden, he said.
“If you wanted to quantify the problem, I wouldn’t say it’s a high percentage of ICOs that are being affected.”
Bigger problem ahead?
But if miner frontrunning hasn’t become a huge problem just yet, many suspect it could become one.
“There’s not enough volume going through the network to warrant a solution, but it’s a legitimate threat,” said Dudley.
But whether it’s a pressing issue affecting lots of users might not be at the heart of why this attack is important.
Indeed, the ability for miners (and other actors with other attacks) to game the system could signal immaturity in a market many have touted as a way to disrupt the venture capital industry. And there’s interest in finding solutions before the market matures.
Paper co-author Breidenbach seconded that sentiment, saying: “As volume increases, the important point is that this will happen in the future.”
The IC3 group has already written code aimed to tackle frontrunning, though it’s still experimental and not yet ready to be released to the public.
As for why the the researchers decided to outline their solution now, Breidenbach said:
“From a research perspective, we see this issue and want to propose solutions before it becomes a big problem.”