research-article

Mitigating Frontrunning Attacks in Ethereum

Authors:

Maddipati Varun,

Balaji Palanisamy,

Shamik SuralAuthors Info & Claims

BSCI '22: Proceedings of the Fourth ACM International Symposium on Blockchain and Secure Critical Infrastructure

Pages 115 - 124

https://doi.org/10.1145/3494106.3528682

Published: 30 May 2022 Publication History

Abstract

With the rising popularity of Ethereum, there is also an uptick in the number of smart contract based decentralized applications (DApps). Consequently, Ethereum transaction volume is growing steadily over the last few years, but so are the various types of attacks on it. In Ethereum vulnerable smart contracts are always taken advantage of by adversaries. One of the primary ways of exploiting Ethereum with malicious intent is through frontrunning attacks that take advantage of the waiting time of transactions in the pending pool by adjusting the gas price. Attackers willing to execute such attacks constantly monitor the pending transaction pool and try to frontrun transactions. Mitigating such attacks is a critical step for ensuring secure DApp operations in Ethereum. In this paper, we propose a model-based attack detection and prevention scheme. We extract specific features for each transaction and transform each transaction into a feature vector which is then analyzed by a machine learning model to detect if it is a frontrunning attack transaction or not in real time. Extensive experiments on a large dataset of transactions establish the effectiveness of our approach.

References

[1]

Zeeshan Ahmad, Adnan Shahid Khan, Cheah Shiang, and Farhan Ahmad. 2021. Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies, Vol. 32 (01 2021). https://doi.org/10.1002/ett.4150

Digital Library

[2]

James Barton. 2020. How many ethereum smart contracts are there? https://coindiligent.com/how-many-ethereum-smart-contracts. [Online; accessed 21-December-2021].

[3]

Carsten Baum, James Hsin yu Chiang, Bernardo David, Tore Kasper Frederiksen, and Lorenzo Gentile. 2021. SoK: Mitigation of Front-running in Decentralized Finance. Cryptology ePrint Archive, Report 2021/1628. https://ia.cr/2021/1628.

[4]

Iddo Bentov, Yan Ji, Fan Zhang, Lorenz Breidenbach, Philip Daian, and Ari Juels. 2019. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. In International Conference on Financial Cryptography and Data Security. Springer, Berlin, 1521--1538.

[5]

Andreas Bogner. 2017. Seeing is understanding: anomaly detection in blockchains with visualized features. In Proceedings of the 2017 ACM International Symposium on Wearable Computers. ACM, USA, 5--8. https://doi.org/10.1145/3123024.3123157

Digital Library

[6]

Lorenz Breidenbach, Phil Daian, Florian Tramèr, and Ari Juels. 2018. Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts. In 27th USENIX Security Symposium. USENIX Association, Baltimore, MD, 1335--1352.

[7]

Vitalik Buterin. 2013. Ethereum White Paper.

[8]

Shi-Cho Cha, Jyun-Fu Chen, Chunhua Su, and Kuo-Hui Yeh. 2018. A Blockchain Connected Gateway for BLE-Based Devices in the Internet of Things. IEEE Access, Vol. 6 (2018), 24639--24649. https://doi.org/10.1109/ACCESS.2018.2799942

[9]

François Chollet et al. 2015. Keras. https://github.com/fchollet/keras

[10]

Philip Daian, Steven Goldfeder, Tyler Kell, Yunqi Li, Xueyuan Zhao, Iddo Bentov, Lorenz Breidenbach, and Ari Juels. 2020. Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability. In Proceedings of the 2020 IEEE Symposium on Security and Privacy. IEEE, USA, 910--927.

[11]

Robinson Dan and Konstantopoulos Georgios. 2020. Ethereum is a Dark Forest.

[12]

Shayan Eskandari, Mahsa Moosavi, and Jeremy Clark. 2019. SoK: Transparent Dishonesty: Front-Running Attacks on Blockchain. In International Conference on Financial Cryptography and Data Security. Springer, Berlin, 170--189.

[13]

Christian Esposito, Alfredo De Santis, Genny Tortora, Henry Chang, and Kim-Kwang Raymond Choo. 2018. Blockchain: A Panacea for Healthcare Cloud-Based Data Security and Privacy? IEEE Cloud Computing, Vol. 5, 1 (2018), 31--37. https://doi.org/10.1109/MCC.2018.011791712

[14]

Vegard Flovik. 2018. How to use machine learning for anomaly detection and condition monitoring. https://towardsdatascience.com/how-to-use-machine-learning-for-anomaly-detection-and-condition-monitoring-6742f82900d7. [Online; accessed 15-September-2021].

[15]

Keke Gai, Kim-Kwang Raymond Choo, Meikang Qiu, and Liehuang Zhu. 2018. Privacy-Preserving Content-Oriented Wireless Communication in Internet-of-Things. IEEE Internet of Things Journal, Vol. 5, 4 (2018), 3059--3067. https://doi.org/10.1109/JIOT.2018.2830340

[16]

Keke Gai, Yulu Wu, Liehuang Zhu, Meikang Qiu, and Meng Shen. 2019. Privacy-Preserving Energy Trading Using Consortium Blockchain in Smart Grid. IEEE Transactions on Industrial Informatics, Vol. 15, 6 (2019), 3548--3558. https://doi.org/10.1109/TII.2019.2893433

[17]

Keke Gai, Yulu Wu, Liehuang Zhu, Zijian Zhang, and Meikang Qiu. 2020. Differential Privacy-Based Blockchain for Industrial Internet-of-Things. IEEE Transactions on Industrial Informatics, Vol. 16, 6 (2020), 4156--4165. https://doi.org/10.1109/TII.2019.2948094

[18]

Ganache. 2021. Truffle Suite - Ganache. https://trufflesuite.com/docs/ganache/. [Online; accessed 20-December-2021].

[19]

Simon Haykin. 1994. Neural networks: a comprehensive foundation. Prentice Hall PTR, New Jersey, USA.

Digital Library

[20]

Erik Hedström and Philip Wang. 2021. Anomaly Detection using a Deep Learning Multi-layer Perceptron to Mitigate the Risk of Rogue Trading. Ph.D. Dissertation. KTH. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-301948

[21]

Ethan Heilman, Foteini Baldimtsi, and Sharon Goldberg. 2016. Blindly Signed Contracts: Anonymous On-Blockchain and Off-Blockchain Bitcoin Transactions., 43--60 pages. https://doi.org/10.1007/978-3-662-53357-4_4

[22]

Alyssa Hertig. 2021. What Is Ethereum? https://www.coindesk.com/learn/what-is-ethereum/. [Online; accessed 18-December-2021].

[23]

Sepp Hochreiter and Jürgen Schmidhuber. 1997. Long short-term memory. Neural Computation, Vol. 9, 8 (1997), 1735--1780.

Digital Library

[24]

H.S. Javitz and A. Valdes. 1991. The SRI IDES statistical anomaly detector. In Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy. IEEE, USA, 316--326. https://doi.org/10.1109/RISP.1991.130799

[25]

Mahimna Kelkar, Fan Zhang, Steven Goldfeder, and Ari Juels. 2020. Order-Fairness for Byzantine Consensus. In Proceedings of Crypto 2020. Springer, Berlin, 451--480. https://doi.org/10.1007/978-3-030-56877-1_16

Digital Library

[26]

Eleftherios Kokoris-Kogias, Enis Ceyhun Alp, Linus Gasser, Philipp Jovanovic, Ewa Syta, and Bryan Ford. 2018. Calypso: Private data management for decentralized ledgers. Cryptology ePrint Archive, Vol. 14, 4 (09 2018).

[27]

Gaoqi Liang, Steven R. Weller, Fengji Luo, Junhua Zhao, and Zhao Yang Dong. 2019. Distributed Blockchain-Based Data Protection Framework for Modern Power Systems Against Cyber Attacks. IEEE Transactions on Smart Grid, Vol. 10, 3 (2019), 3162--3173. https://doi.org/10.1109/TSG.2018.2819663

[28]

Mocha. 2021. Mocha. https://mochajs.org/. [Online; accessed 15-December-2021].

[29]

Satoshi Nakamoto. 2009. Bitcoin: A Peer-to-Peer Electronic Cash System.

[30]

Naz. 2020. How to Front-run in Ethreum.

[31]

Jonathan Otto. 2020. Arbitraging Uniswap and SushiSwap in Node.js.

[32]

Fabian Pedregosa, Gaël Varoquaux, Alexandre Gramfort, Vincent Michel, Bertrand Thirion, Olivier Grisel, Mathieu Blondel, Peter Prettenhofer, Ron Weiss, Vincent Dubourg, et almbox. 2011. Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, Vol. 12, Oct (2011), 2825--2830.

Digital Library

[33]

SAMCZSUN. 2020. Escaping the Dark Forest.

[34]

Matteo Signorini, Matteo Pontecorvi, Wael Kanoun, and Roberto Di Pietro. 2018. BAD: Blockchain Anomaly Detection. CoRR, Vol. abs/1807.03833 (2018), 1--14. [arXiv]1807.03833 http://arxiv.org/abs/1807.03833

[35]

Solidity. 2020. Solidity 0.8.0 Documentation. https://docs.soliditylang.org/en/v0.8.0/. [Online; accessed 17-September-2021].

[36]

Liya Su, Xinyue Shen, Xiangyu Du, Xiaojing Liao, XiaoFeng Wang, Luyi Xing, and Baoxu Liu. 2021. Evil Under the Sun: Understanding and Discovering Attacks on Ethereum Decentralized Applications. In 30th USENIX Security Symposium. USENIX Association, USA, 1307--1324.

[37]

Christof Ferreira Torres, Ramiro Camino, and Radu State. 2021. Frontrunner Jones and the Raiders of the Dark Forest: An Empirical Study of Frontrunning on the Ethereum Blockchain. CoRR, Vol. abs/2102.03347 (2021), 1--17. [arXiv]2102.03347 https://arxiv.org/abs/2102.03347

[38]

Lennart Van Efferen and Amr M.T. Ali-Eldin. 2017. A multi-layer perceptron approach for flow-based anomaly detection. In 2017 International Symposium on Networks, Computers and Communications (ISNCC). IEEE, USA, 1--6. https://doi.org/10.1109/ISNCC.2017.8072036

[39]

Dabao Wang, Siwei Wu, Ziling Lin, Lei Wu, Xingliang Yuan, Yajin Zhou, Haoyu Wang, and Kui Ren. 2020. Towards understanding flash loan and its applications in defi ecosystem. CoRR, Vol. abs/2010.12252 (2020), 1--6. [arXiv]2010.12252 https://arxiv.org/abs/2010.12252

[40]

Philipp Winter, Eckehard Hermann, and Markus Zeilinger. 2011. Inductive Intrusion Detection in Flow-Based Network Data Using One-Class Support Vector Machines. In 2011 4th IFIP International Conference on New Technologies, Mobility and Security. Springer, Berlin, 1--5. https://doi.org/10.1109/NTMS.2011.5720582

[41]

Xiao Yue, Huiju Wang, Dawei Jin, Mingqiang Li, and Wei Jiang. 2016. Healthcare Data Gateways: Found Healthcare Intelligence on Blockchain with Novel Privacy Risk Control. Journal of medical systems, Vol. 40 (08 2016), 218. https://doi.org/10.1007/s10916-016-0574-6

Digital Library

[42]

Zijian Zhang, Wenqiang Cao, Zhan Qin, Liehuang Zhu, Zhengtao Yu, and Kui Ren. 2017a. When privacy meets economics: Enabling differentially-private battery-supported meter reporting in smart grid. In 2017 IEEE/ACM 25th International Symposium on Quality of Service (IWQoS). IEEE, USA, 1--9. https://doi.org/10.1109/IWQoS.2017.7969167

[43]

Zijian Zhang, Zhan Qin, Liehuang Zhu, Jian Weng, and Kui Ren. 2017b. Cost-Friendly Differential Privacy for Smart Meters: Exploiting the Dual Roles of the Noise. IEEE Transactions on Smart Grid, Vol. 8, 2 (2017), 619--626. https://doi.org/10.1109/TSG.2016.2585963

[44]

Liyi Zhou, Kaihua Qin, and Arthur Gervais. 2021. A2MM: Mitigating Frontrunning, Transaction Reordering and Consensus Instability in Decentralized Exchanges. CoRR, Vol. abs/2106.07371 (2021), 1--17. [arXiv]2106.07371 https://arxiv.org/abs/2106.07371

[45]

Yiyun Zhou, Meng Han, Liyuan Liu, Jing He, and Yan Wang. 2018. Deep learning approach for cyberattack detection. In Proceddings of IEEE InFOCOM Workshop. IEEE, USA, 262--267. https://doi.org/10.1109/INFCOMW.2018.8407032

[46]

Liehuang Zhu, Yulu Wu, Keke Gai, and Kim-Kwang Raymond Choo. 2018. Controllable and trustworthy blockchain-based cloud data management. Future Generation Computer Systems, Vol. 91 (09 2018). https://doi.org/10.1016/j.future.2018.09.019

[47]

Guy Zyskind, Oz Nathan, and Alex 'Sandy' Pentland. 2015. Decentralizing Privacy: Using Blockchain to Protect Personal Data. In 2015 IEEE Security and Privacy Workshops. IEEE, Oakland, 180--184. https://doi.org/10.1109/SPW.2015.27

Cited By

Jose Diaz Rivera JMuhammad ASong W(2024)Securing Digital Identity in the Zero Trust Architecture: A Blockchain Approach to Privacy-Focused Multi-Factor AuthenticationIEEE Open Journal of the Communications Society10.1109/OJCOMS.2024.33917285(2792-2814)Online publication date: 2024
https://doi.org/10.1109/OJCOMS.2024.3391728
Prasath SPunnakkan ARajan S(2024)Understanding Methods of Top Maximal Extractable Value Searchers2024 2nd International Conference on Sustainable Computing and Smart Systems (ICSCSS)10.1109/ICSCSS60660.2024.10624868(726-731)Online publication date: 10-Jul-2024
https://doi.org/10.1109/ICSCSS60660.2024.10624868
Park SJeong WLee YSon BJang HLee J(2024)Unraveling the MEV enigmaFuture Generation Computer Systems10.1016/j.future.2023.11.014153:C(70-83)Online publication date: 16-May-2024
https://dl.acm.org/doi/10.1016/j.future.2023.11.014
Show More Cited By

Index Terms

Mitigating Frontrunning Attacks in Ethereum
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Software and application security
    1. Domain-specific security and privacy architectures

Recommendations

A Survey on Ethereum Systems Security: Vulnerabilities, Attacks, and Defenses

Blockchain technology is believed by many to be a game changer in many application domains. While the first generation of blockchain technology (i.e., Blockchain 1.0) is almost exclusively used for cryptocurrency, the second generation (i.e., Blockchain ...
Fighting Under-price DoS Attack in Ethereum with Machine Learning Techniques

Ethereum is one of the most popular cryptocurrency currently and it has been facing security threats and attacks. As a consequence, Ethereum users may experience long periods to validate transactions. Despite the maintenance on the Ethereum mechanisms, ...
Mitigating loT Device based DDoS Attacks using Blockchain
CryBlock'18: Proceedings of the 1st Workshop on Cryptocurrencies and Blockchains for Distributed Systems

Many IoT devices lack memory and computational complexities of modern computing devices, making them vulnerable to a wide range of cyber attacks. Among these, DDoS attacks are a growing concern in IoT. Such attacks are executed through the introduction ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

BSCI '22: Proceedings of the Fourth ACM International Symposium on Blockchain and Secure Critical Infrastructure

May 2022

153 pages

ISBN:9781450391757

DOI:10.1145/3494106

Program Chairs:
Keke Gai
Beijing Institute of Technology, China
,
Kim-Kwang Raymond Choo
University of Texas at San Antonio, USA

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 May 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASIA CCS '22

Sponsor:

SIGSAC

ASIA CCS '22: ACM Asia Conference on Computer and Communications Security

May 30 - June 3, 2022

Nagasaki, Japan

Acceptance Rates

Overall Acceptance Rate 44 of 12 submissions, 367%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
403
Total Downloads

Downloads (Last 12 months)148
Downloads (Last 6 weeks)7

Reflects downloads up to 15 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Jose Diaz Rivera JMuhammad ASong W(2024)Securing Digital Identity in the Zero Trust Architecture: A Blockchain Approach to Privacy-Focused Multi-Factor AuthenticationIEEE Open Journal of the Communications Society10.1109/OJCOMS.2024.33917285(2792-2814)Online publication date: 2024
https://doi.org/10.1109/OJCOMS.2024.3391728
Prasath SPunnakkan ARajan S(2024)Understanding Methods of Top Maximal Extractable Value Searchers2024 2nd International Conference on Sustainable Computing and Smart Systems (ICSCSS)10.1109/ICSCSS60660.2024.10624868(726-731)Online publication date: 10-Jul-2024
https://doi.org/10.1109/ICSCSS60660.2024.10624868
Park SJeong WLee YSon BJang HLee J(2024)Unraveling the MEV enigmaFuture Generation Computer Systems10.1016/j.future.2023.11.014153:C(70-83)Online publication date: 16-May-2024
https://dl.acm.org/doi/10.1016/j.future.2023.11.014
Li DZhang KWang LDu G(2024)A Geth-based real-time detection system for sandwich attacks in EthereumDiscover Computing10.1007/s10791-024-09445-627:1Online publication date: 30-May-2024
https://doi.org/10.1007/s10791-024-09445-6
Zhang YLiu PWang GLi PGu WChen HLiu XZhu J(2024)FRAD: Front-Running Attacks Detection on Ethereum Using Ternary Classification ModelUbiquitous Security10.1007/978-981-97-1274-8_5(63-75)Online publication date: 13-Mar-2024
https://doi.org/10.1007/978-981-97-1274-8_5
Milner HMahmud RAfrin MSiddhartha SMistry SKrishna A(2023)On-graph Machine Learning-based Fraud Detection in Ethereum Cryptocurrency Transactions2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom60117.2023.00174(1279-1285)Online publication date: 1-Nov-2023
https://doi.org/10.1109/TrustCom60117.2023.00174
Churiwala DKrishnamachari B(2023)CoMMA Protocol: Towards Complete Mitigation of Maximal Extractable Value (MEV) Attacks2023 Fifth International Conference on Blockchain Computing and Applications (BCCA)10.1109/BCCA58897.2023.10338932(359-360)Online publication date: 24-Oct-2023
https://doi.org/10.1109/BCCA58897.2023.10338932
Sanjalawe YAl-E’mari S(2023)Abnormal Transactions Detection in the Ethereum Network Using Semi-Supervised Generative Adversarial NetworksIEEE Access10.1109/ACCESS.2023.331363011(98516-98531)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3313630
Kabla AAnbar MManickam SAl-Amiedy TCruspe PAl-Ani AKaruppayah S(2022)Applicability of Intrusion Detection System on Ethereum Attacks: A Comprehensive ReviewIEEE Access10.1109/ACCESS.2022.318863710(71632-71655)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3188637

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents