Blockchain Safety: Front Running Attacks on Smart Contracts

CornerRight 2 min


Icons/Position/Pos. No. 1

Blockchain


Icons/Technology/Tech No.1

AI

The Front running term comes from the era when stock traders would literally run with their orders to get past their clients order. They uses non-public knowledge to exploit and manipulate the market price. Blockchain development transcribes the same problem in the web reality.

In blockchain, the transactions entering the pool, but not coded in the block might be manipulated, and a short moment might give hackers an attack vector.

Transaction-Ordering Attacks

Just a simple example, to help you grasp the idea:

Let’s imagine an ICO where the price of a token increases with every transaction. You know that an investor sent a buy request for 100,000,000 tokens. If you buy a number of tokens before him, you will get them at much lower price.

The request floats in the mempool for a while. During this moment, you send a quick buy request that will be finalized before the investor’s one – or as a miner, simply change the order of the transactions in the mining block.

And if you succeed, you end up with a number of tokens, that have now doubled their market price.

Running attacks on EIP-20

There’s a common attack vector on EIP-20 token – its approve() function is an agreement for sending a requested amount. The front running attack includes sending a second request after the first one to certify the transferFrom() request on a different amount.

Protecting from the attacks

In general, you should pay attention to the doubled requests, and take a closer look at how the processes that run simultaneously interfere with each other.

But to make sure your tokens are safe, you need a full scale Smart Contract security audit. The topic of protecting it from attacks is vast and requires an individual approach.

Looking for a blockchain software house?

Talk to our blockchain development team.

Similar blog posts

10 Common Software Architecture Patterns: Expert Guide

8 min

Did you know that before starting a software development project, an architect needs to pick the software architecture for it? This is a common best practice in the tech industry that allows teams to make the most out of the software and create a better experience for users.

Wed/Mar/2022
see details

4 Most Popular 4soft Articles on ICO & Blockchain Development

2 min

Since the beginning of the 4soft Blog, we created 4 core epic posts on 4 different aspects of Initial Coin Offering process, about 1500 words each. That’s the most popular quartet among our posts. Together those posts make a strong knowledge base for your future ICO project, covering the process, threats, outsourcing and app features.

Tue/Jul/2018
see details

12 Interesting Blogs on Blockchain & Cryptocurrencies

3 min

It’s not easy to find a reliable and friendly source of information on blockchain technology. To help you reach some of the best, we’ve aggregated the top blogs related to the topic, which can extend your view on blockchain & cryptocurrencies.

Thu/Jun/2018
see details

4soft Use Cases: Blockchain In E-Commerce

4 min

E-Commerce thrives. Online sales steadily grow by about 20% every year. To sustain this growth, online shops leverage every possible technology that helps them to be more efficient and get ahead of the competition to sell more, faster and at better prices.

Tue/Feb/2020
see details