[Resource Topic] 2024/1496: No Fish Is Too Big for Flash Boys! Frontrunning on DAG-based Blockchains

Welcome to the resource topic for 2024/1496

Title:
No Fish Is Too Big for Flash Boys! Frontrunning on DAG-based Blockchains

Authors: Jianting Zhang, Aniket Kate

Abstract:

Frontrunning is rampant in blockchain ecosystems, yielding attackers profits that have already soared into several million. Most existing frontrunning attacks focus on manipulating transaction order (namely, prioritizing attackers’ transactions before victims’ transactions) \textit{within} a block. However, for the emerging directed acyclic graph (DAG)-based blockchains, these intra-block frontrunning attacks may not fully reveal the frontrunning vulnerabilities as they introduce block ordering rules to order transactions belonging to distinct blocks.

This work performs the first in-depth analysis of frontrunning attacks toward DAG-based blockchains. We observe that the current block ordering rule is vulnerable to a novel \textit{inter-block} frontrunning attack, which enables the attacker to prioritize ordering its transactions before the victim transactions across blocks. We introduce three attacking strategies: \textit{(i)} Fissure attack, where attackers render the victim transactions ordered later by disconnecting the victim’s blocks. \textit{(ii)} Speculative attack, where attackers speculatively construct order-priority blocks. \textit{(iii)} Sluggish attack, where attackers deliberately create low-round blocks assigned a higher ordering priority by the block ordering rule.

We implement our attacks on two open-source DAG-based blockchains, Bullshark and Tusk. We extensively evaluate our attacks in geo-distributed AWS and local environments by running up to n=100 nodes. Our experiments show remarkable attack effectiveness. For instance, with the speculative attack, the attackers can achieve a 92.86\% attack success rate (ASR) on Bullshark and an 86.27\% ASR on Tusk. Using the fissure attack, the attackers can achieve a 94.81\% ASR on Bullshark and an 87.31\% ASR on Tusk.

We also discuss potential countermeasures for the proposed attack, such as ordering blocks randomly and reordering transactions globally based on transaction fees. However, we find that they either compromise the performance of the system or make the protocol more vulnerable to frontrunning using the existing frontrunning strategies.

ePrint: https://eprint.iacr.org/2024/1496

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .