Paper 2024/1496

No Fish Is Too Big for Flash Boys! Frontrunning on DAG-based Blockchains

Jianting Zhang, Purdue University West Lafayette
Aniket Kate, Purdue University West Lafayette, Supra Research
Abstract

Frontrunning is rampant in blockchain ecosystems, yielding attackers profits that have already soared into several million. Most existing frontrunning attacks focus on manipulating transaction order (namely, prioritizing attackers' transactions before victims' transactions) $\textit{within}$ a block. However, for the emerging directed acyclic graph (DAG)-based blockchains, these intra-block frontrunning attacks may not fully reveal the frontrunning vulnerabilities as they introduce block ordering rules to order transactions belonging to distinct blocks. This work performs the first in-depth analysis of frontrunning attacks toward DAG-based blockchains. We observe that the current block ordering rule is vulnerable to a novel $\textit{inter-block}$ frontrunning attack, which enables the attacker to prioritize ordering its transactions before the victim transactions across blocks. We introduce three attacking strategies: $\textit{(i)}$ Fissure attack, where attackers render the victim transactions ordered later by disconnecting the victim's blocks. $\textit{(ii)}$ Speculative attack, where attackers speculatively construct order-priority blocks. $\textit{(iii)}$ Sluggish attack, where attackers deliberately create low-round blocks assigned a higher ordering priority by the block ordering rule. We implement our attacks on two open-source DAG-based blockchains, Bullshark and Tusk. We extensively evaluate our attacks in geo-distributed AWS and local environments by running up to $n=100$ nodes. Our experiments show remarkable attack effectiveness. For instance, with the speculative attack, the attackers can achieve a $92.86\%$ attack success rate (ASR) on Bullshark and an $86.27\%$ ASR on Tusk. Using the fissure attack, the attackers can achieve a $94.81\%$ ASR on Bullshark and an $87.31\%$ ASR on Tusk. We also discuss potential countermeasures for the proposed attack, such as ordering blocks randomly and reordering transactions globally based on transaction fees. However, we find that they either compromise the performance of the system or make the protocol more vulnerable to frontrunning using the existing frontrunning strategies.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
MEVFrontrunningDAG-based BFT
Contact author(s)
zhan4674 @ purdue edu
aniket @ purdue edu
History
2024-09-30: approved
2024-09-24: received
See all versions
Short URL
https://ia.cr/2024/1496
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/1496,
      author = {Jianting Zhang and Aniket Kate},
      title = {No Fish Is Too Big for Flash Boys! Frontrunning on {DAG}-based Blockchains},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1496},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1496}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.