Ethereum may be vulnerable to frontrunners according to Dan Robinson, a research partner with the crypto-asset investment firm Paradigm.
Robinson said in a blog post, the design of Ethereum’s mempool, or a set of unconfirmed transactions, is where the vulnerability lies. He said arbitrage bots monitor pending transactions in the Ethereum mempool and attempt to exploit profitable opportunities created by them.
Arbitrage bots typically look for specific types of transactions in the mempool (such a DEX trade or an oracle update) and try to front-run them according to a predetermined algorithm. Frontrunners look for any transaction that they could profitably forward trade by copying it and replacing addresses with their own. They can even execute the transaction and copy profitable internal transactions generated by its execution trace.
Robinson explained that he devised a plan to extract the money in cooperation with a team of smart contract engineers and another team of Ethereum security engineers. The plan was to confuse the transaction so that the bots could not detect that there was a connection to the Uniswap spouse.
But despite the efforts made, the plan did not succeed, and the money was seized by the frontrunners.
He concluded his post by stating the lessons he learned from the experience and also warning miners of a similar fate if they do not pay close attention.