Análise de Ataques Sanduíche sob as Transações da Blockchain Ethereum
Resumo
O suporte a contratos inteligentes na Blockchain Ethereum propiciou a emergência de um novo ecossistema de finanças descentralizado e automatizado, denominado DeFi. Esse ambiente é altamente competitivo e seus protocolos vem sendo explorados em busca de vulnerabilidades que oferecem ganhos econômicos a usuários estratégicos. Recentemente, a fila de transações pendentes do Ethereum tornou-se alvo de especulações financeiras. Na esperança de obter algum lucro, atacantes monitoram continuamente a fila e tentam antecipar transações de outros usuários, inserindo estrategicamente suas transações antes e após a transação da potencial vítima, o que se tornou conhecido como ataque sanduíche. Neste artigo, avaliamos suspeitas de ataques sanduíche na Blockchain Ethereum durante o ano de 2023, atualizando os conhecimentos sobre esse ataque. Nossas análises baseadas em 113.774 dos 2.599.105 blocos processados demonstram a ocorrência de 1.553.362 especulações de ataques, com um lucro de em média USD 3.202,82 para os atacantes, fornecendo fortes evidências que ataques sanduíche continuam ocorrendo no ecossistema DeFi.Referências
Bentov, I., Ji, Y., Zhang, F., Breidenbach, L., Daian, P., and Juels, A. (2019). Tesseract: Real-time cryptocurrency exchange using trusted hardware. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS ’19, page 1521–1538, New York, NY, USA. Association for Computing Machinery.
Chen, T., Li, Z., Zhu, Y., Chen, J., Luo, X., Lui, J. C.-S., Lin, X., and Zhang, X. (2020). Understanding ethereum via graph analysis. ACM Trans. on Internet Technology (TOIT), 20(2):1–32.
Daian, P., Goldfeder, S., Kell, T., Li, Y., Zhao, X., Bentov, I., Breidenbach, L., and Juels, A. (2019). Flash boys 2.0: Frontrunning, transaction reordering, and consensus instability in decentralized exchanges.
Eskandari, S., Moosavi, S., and Clark, J. (2020). Sok: Transparent dishonesty: Front-running attacks on blockchain. In Bracciali, A., Clark, J., Pintore, F., Rønne, P. B., and Sala, M., editors, Financial Cryptography and Data Security, pages 170–189, Cham. Springer International Publishing.
Harvey, C. R., Ramachandran, A., and Santoro, J. (2021). DeFi and the Future of Finance. John Wiley & Sons.
Heimbach, L. and Wattenhofer, R. (2022). Eliminating sandwich attacks with the help of game theory. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, ASIA CCS ’22. ACM.
Qin, K., Zhou, L., and Gervais, A. (2021). Quantifying blockchain extractable value: How dark is the forest? CoRR, abs/2101.05511.
Torres, C. F., Camino, R., and State, R. (2021). Frontrunner jones and the raiders of the dark forest: An empirical study of frontrunning on the ethereum blockchain. In 30th USENIX Security Symposium (USENIX Security 21), pages 1343–1359. USENIX Association.
Varun, M., Palanisamy, B., and Sural, S. (2022). Mitigating frontrunning attacks in ethereum. In Proceedings of the Fourth ACM International Symposium on Blockchain and Secure Critical Infrastructure, BSCI ’22, page 115–124, New York, NY, USA. Association for Computing Machinery.
Wang, Y., Zuest, P., Yao, Y., Lu, Z., and Wattenhofer, R. (2022). Impact and user perception of sandwich attacks in the defi ecosystem. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems, CHI ’22, New York, NY, USA. Association for Computing Machinery.
Weintraub, B., Torres, C. F., Nita-Rotaru, C., and State, R. (2022). A flash(bot) in the pan: measuring maximal extractable value in private pools. In Proceedings of the 22nd ACM Internet Measurement Conference, IMC ’22, page 458–471, New York, NY, USA. Association for Computing Machinery.
Xu, X., Weber, I., and Staples, M. (2019). Architecture for blockchain applications. Springer.
Zhang, W., Wei, L., Cheung, S.-C., Liu, Y., Li, S., Liu, L., and Lyu, M. R. (2023a). Combatting front-running in smart contracts: Attack mining, benchmark construction and vulnerability detector evaluation. IEEE Transactions on Software Engineering, 49(6):3630–3646.
Zhang, Y., Liu, P., Wang, G., Li, P., Gu, W., Chen, H., Liu, X., and Zhu, J. (2023b). Frad: Front-running attacks detection on ethereum using ternary classification model. arXiv preprint arXiv:2311.14514.
Chen, T., Li, Z., Zhu, Y., Chen, J., Luo, X., Lui, J. C.-S., Lin, X., and Zhang, X. (2020). Understanding ethereum via graph analysis. ACM Trans. on Internet Technology (TOIT), 20(2):1–32.
Daian, P., Goldfeder, S., Kell, T., Li, Y., Zhao, X., Bentov, I., Breidenbach, L., and Juels, A. (2019). Flash boys 2.0: Frontrunning, transaction reordering, and consensus instability in decentralized exchanges.
Eskandari, S., Moosavi, S., and Clark, J. (2020). Sok: Transparent dishonesty: Front-running attacks on blockchain. In Bracciali, A., Clark, J., Pintore, F., Rønne, P. B., and Sala, M., editors, Financial Cryptography and Data Security, pages 170–189, Cham. Springer International Publishing.
Harvey, C. R., Ramachandran, A., and Santoro, J. (2021). DeFi and the Future of Finance. John Wiley & Sons.
Heimbach, L. and Wattenhofer, R. (2022). Eliminating sandwich attacks with the help of game theory. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, ASIA CCS ’22. ACM.
Qin, K., Zhou, L., and Gervais, A. (2021). Quantifying blockchain extractable value: How dark is the forest? CoRR, abs/2101.05511.
Torres, C. F., Camino, R., and State, R. (2021). Frontrunner jones and the raiders of the dark forest: An empirical study of frontrunning on the ethereum blockchain. In 30th USENIX Security Symposium (USENIX Security 21), pages 1343–1359. USENIX Association.
Varun, M., Palanisamy, B., and Sural, S. (2022). Mitigating frontrunning attacks in ethereum. In Proceedings of the Fourth ACM International Symposium on Blockchain and Secure Critical Infrastructure, BSCI ’22, page 115–124, New York, NY, USA. Association for Computing Machinery.
Wang, Y., Zuest, P., Yao, Y., Lu, Z., and Wattenhofer, R. (2022). Impact and user perception of sandwich attacks in the defi ecosystem. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems, CHI ’22, New York, NY, USA. Association for Computing Machinery.
Weintraub, B., Torres, C. F., Nita-Rotaru, C., and State, R. (2022). A flash(bot) in the pan: measuring maximal extractable value in private pools. In Proceedings of the 22nd ACM Internet Measurement Conference, IMC ’22, page 458–471, New York, NY, USA. Association for Computing Machinery.
Xu, X., Weber, I., and Staples, M. (2019). Architecture for blockchain applications. Springer.
Zhang, W., Wei, L., Cheung, S.-C., Liu, Y., Li, S., Liu, L., and Lyu, M. R. (2023a). Combatting front-running in smart contracts: Attack mining, benchmark construction and vulnerability detector evaluation. IEEE Transactions on Software Engineering, 49(6):3630–3646.
Zhang, Y., Liu, P., Wang, G., Li, P., Gu, W., Chen, H., Liu, X., and Zhu, J. (2023b). Frad: Front-running attacks detection on ethereum using ternary classification model. arXiv preprint arXiv:2311.14514.
Publicado
20/05/2024
Como Citar
FONTINELE, Alexandre; CAMPOS, Josué N.; OLIVEIRA, Isdael R.; GONÇALVES, Glauber D.; NACIF, José A. M.; VIEIRA, Alex B.; SOARES, André C. B..
Análise de Ataques Sanduíche sob as Transações da Blockchain Ethereum. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 728-741.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2024.1466.