Venturing Into The Dark Forest: A Flashbots Adventure
On the first of April, I received a message from a colleague, Martin Enriquez, informing me that there was an opportunity to steal about $7000 USD from a compromised Ethereum wallet.
Just kidding.
Franco (@franbreciano), an advisor at First Foundry saw this tweet from Santiago Palladino and relayed it to the team.
Brett (@relyes), First Foundry Co-Founder, quickly responded Yes to the call. It represented a great opportunity to genuinely help and learn at the same time.
A friend of a friend, let’s call him Nick, was tricked by a scammer into sending them his private key. Upon relinquishing his private key, his account was drained, presumably by a bot that checks balances on some popular DeFi protocols like Synthetix, SushiSwap, and Aave, among others.
After numerous attempts by Nick to get help from Delta and Metamask, among others, he was almost ready to give up when he was referred to Santiago (@smpalladino), who then referred him to us.
We checked out Nick’s account on Etherscan.
Though it was April Fool’s Day, this was no joke:
At first glance, it seemed that all was lost, but there was one exception: a relatively obscure protocol called Delta. Nick staked 5.2 Ether into this smart contract, where, after some amount of time, he could redeem LP tokens (rLP) which represented his stake in the protocol. We checked Nick’s balance and realized that the attacker had missed this, but we weren’t sure who we were up against.
The simplest method of extracting the funds would be to simply claim the LP tokens using the compromised account and quickly send them to a safe account. However, because the private key had been compromised, we had to assume the worst. The attacker could have shared the private key with black-hat communities or they could even have been running their own front-running bot. The issue with the simple method here is that if we try to recover the funds via traditional means like Metamask, the attacker could find our transaction in the mempool, and then front-run it to transfer the funds to themselves.
So how could we prevent a front-runner (who presumably has our private key) from seeing these transactions and exploiting them for profit? Our team had read Ethereum is a Dark Forest by Dan Robinson and Georgios Konstantopoulos, and Escaping the Dark Forest by samczun, but both methods illustrated in those articles were infeasible for us. We couldn’t get direct access to a miner pool as we had no white-hat reputation, and the smart contract system posed by Dan/Georgios was risky (it failed, as described in the article). But we had heard from a colleague, Franco Breciano, about a neat thing called Flashbots.
Flashbots allows you to bundle up multiple transactions and send them all at once to be mined. Not only does it ensure that the transactions are all mined in the same block, but it doesn’t publish bundled transactions to the mempool, meaning that front-runners wouldn’t be able to see our transactions until they were mined.
So we got to work learning about Flashbots. Franco got us in touch with Santiago, who had just recently published a success story on Twitter about using Flashbots to rescue funds. Santiago was kind enough to give us some resources to get acquainted with Flashbots, and answered quite a few questions from us over the next couple days.
Once we got to the point where we understood Flashbots, in addition to a great companion script, searcher-sponsored-tx, written by Scott Bigelow, et al, we saw that all we had to do was adjust the script to fit our needs.
The first thing we noticed was that the script was configured strictly for ERC20 tokens. The funds we needed to rescue were in fact ERC20s, but we needed to un-stake them from the Delta protocol before we transferred them out of the compromised account.
I dug around the Delta contract and found two methods that looked like they did what we wanted:
claimOrStakeAndClaimLP
getWETHBonusForReferrals
I double-checked the source code in the contracts and verified that these were in fact the functions that we needed to call to extract the funds.
claimOrStakeAndClaimLP is responsible for withdrawing the LP tokens.
getWETHBonusForReferrals disburses wETH referral bonuses, which you get by referring other people to sign up for the protocol.
All that was left to do was to include the function calls in the script’s bundle of zero-gas transactions. We copied the Delta contract’s ABI from Etherscan, wrote the function calls, and modified the script to check that both amounts (rLP and wETH) were transferred. This is what it looked like when we were done:
We started by simulating the bundle to make sure that the transactions would succeed before we actually sent them to be mined. This is simple enough with Flashbots. Just sign the bundle and run a checkSimulation call.
After the simulation passed, we asked Nick for the final go-ahead. This was the defining moment; we’d either rescue the funds and make Nick very happy, or we’d screw it up and embarrass ourselves while the attackers siphoned off the almost-rescued funds for themselves.
Nick gave the go-ahead and we ran the script. In the background we were also running a “burner” — a script written by Santiago that burns off any remaining Ether in an account (which you control) to prevent potential attackers from making any transactions on that account.
The first transaction we saw was from the burner:
Before it was dropped and replaced, the transaction had an estimated confirmation time of over 4 hours... We didn’t set the gas price correctly in the burner. I was concerned that the attacker might see this, but at any rate, we could just front-run ourselves, and that’s actually what we did.
When the bundle was sent, it had the same nonce as the “gas burner” transaction. Because we cranked up the miner reward, the bundle was mined first and the “gas burner” transaction was dropped; replaced by the first transaction in the bundle.
After a pensive few minutes of incessant refreshing (when the “gas burner” transaction hadn’t yet been replaced), we finally saw the bundled transactions on Etherscan:
We did it 🎉
Nick’s funds (what remained on his account, anyways) had been saved, about $7000 USD in total.
What happened with Nick unfortunately wasn’t rare or unique. The more the crypto and DeFi world grows, the more cases and situations like this appear. Scammers, false admins, hackers, and all sorts of malicious entities try to take advantage of those who are new to the space.
Before he was scammed, Nick had roughly $60K worth of tokens he was planning to use to fund a new company/project he had in mind. The hacker took all of it.
In addition to the tokens the hacker took, Nick had staked ETH into a Delta Finance contract, but the contract had been staked with the compromised wallet and there was no way to change that. Because the private key was in unknown hands, we couldn’t be sure whether we were up against front-runners or not. Flashbots helped us eliminate that risk.
Flashbots is an incredible tool. If you’re not familiar with it, check out their flashbots/pm repo for all the introductory resources you’ll need to get started. You can also find me (Brock, aka brock#1337 (with the Pokémon avatar)) in the Flashbots Discord.
Many thanks again to Santiago, Franco, Joey Nelson, and Sung Kim; my team at First Foundry; for all helping make this happen. Nick is thrilled, and we are too.
About the Authors
First Foundry is a blockchain focused engineering firm with multi-year contributions to pioneering projects like rally.io (creator economies), forte.io (game economies), and several unannounced projects in decentralized finance. We have team members all over the world and support remote work collaboration by default. If you’re passionate about the new world of decentralized markets, mechanisms, and trust-minimal computing, we’d love talk to you. Learn more at firstfoundry.co ❤️
