Comment on MIT Students Stole $25 Million In Seconds By Exploiting ETH Blockchain Bug, DOJ Says
Kazumara@discuss.tchncs.de 5 months agoby fraudulently gaining access to pending transactions
That makes no sense to me. The mempool is public, everyone can see pending transactions.
treadful@lemmy.zip 5 months ago
Because it’s not the public mempool. It’s a private MEV mempool that people pay to add their transactions to for special priority or conditional inclusion. For instance, asshole profiteers can use it to sandwich attack traders to siphon off “market inefficiencies” or some people just want immediate front of the line inclusion in the next block.
Presumably they exploited something in this MEV system (completely unrelated to the Ethereum protocol) that allowed them to see the pool and they shouldn’t have. Wish I knew more but everything I read was incredibly vague and misleading.
Kazumara@discuss.tchncs.de 5 months ago
Are you sure there is such a thing? My understanding was that they just submit their sandwich transactions to the mempool with higher and lower gas respectively to achieve their desired priority ranking. Could be wrong though.
treadful@lemmy.zip 5 months ago
I’m sure, yes. If you submit to a public mempool, you have no guarantees that your two transactions will land on either side of the target transaction in the same block (They likely won’t). You need to leverage conditional transactions with MEV so you guarantee the miner will select and position your transactions where you need them. In this case, before and after the target transaction.
Check out the Ethereum Foundation’s page on MEV for more info.
Kazumara@discuss.tchncs.de 5 months ago
Wow, thanks for the link. It seems things have gotten a lot more complicated with PoS. I didn’t even know about PBS. I haven’t been following along properly.