Advertise with BNC

Researchers: DEXs plagued by malicious trading bots

Cornell University researchers say decentralized crypto asset exchanges are heavily affected by malicious trading bots.

In a paper titled “Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges,” an eight-person group, composed primarily of researchers from Cornell University, has uncovered a number of significant details surrounding the activity of malicious trading bots on decentralized exchanges.

The paper focuses on a type of trading bot called arbitrage bots. Referencing the infamous 2012 book ‘Flash Boys’ by Micheal Lewis, the paper explains that the malicious bots act in a manner that disadvantages other participants on decentralized exchanges.

“Like high-frequency traders on Wall Street, these bots exploit inefficiencies in DEXs, paying high transaction fees and optimizing network latency to front run, i.e., anticipate and exploit, ordinary users’ DEX trades,” the authors wrote.

In traditional financial markets, front-running refers to the illegal and unethical practice where an investor or a trader utilizes knowledge of a large order that is about to be executed in a particular asset or security to “front-run” the trade by acting on this information before the original party has. Also referred to as tailgating, the practice is not limited to the equity markets but can also affect other asset classes and financial instruments such as options and futures.

The practice was shown to be popular and widespread on Wall Street by Micheal Lewis in his controversial book, where he alleged that firms that utilized high-frequency trading software were able to capitalize on their access to data at an expedited rate to skew the equity markets in their favor.

In the same vein, the Cornell paper shows that there are malicious actors employing arbitrage bots in a number of scenarios on cryptocurrency exchanges to generate unfair profits. The report explains: “We show that these bots exhibit many similar market-exploiting behaviors – frontrunning, aggressive latency optimization, etc. – common on Wall Street, as revealed in the popular Michael Lewis expose.”

Front running the crypto way

The front-running strategies of malicious trading bots on cryptocurrency exchanges are significantly different from those witnessed in traditional markets. These bots take advantage of a number of blockchain-specific features to create unfair profits for their deployers. Zoning in on pure arbitrage opportunities, the researchers observed the bots engaging in priority gas auctions (PGA) to alter transaction ordering.

Pure arbitrage is the selling of an asset for a price higher than it was purchased for. On cryptocurrency exchanges, especially on decentralized exchanges, malicious trading bots would continually bid for higher transaction fees to “skip the line” and ensure their trades are executed before others who should rightfully be before them.

On DEXs, it is imperative to uphold the integrity of the transaction ordering list otherwise the market becomes inherently flawed and will eventually fail. This is usually controlled on the architectural layer, with certain features designed to uphold the order in which transactions are executed. However, these bots have been able to insert their trades in blocks much earlier than should be possible, because they pay higher transaction fees.

The researchers explain: “We observe bots engage in what we call priority gas auctions (PGAs), competitively bidding up transaction fees in order to obtain priority ordering, i.e., early block position and execution, for their transactions. (…) Because pure revenue opportunities offer unconditional revenue, arbitrage bots often compete against each other by bidding up transaction fees (gas).”

In this way, the malicious bots are able to take advantage of ordinary DEX users by leveraging the flaws present in the underlying architecture.

A larger threat to blockchain integrity

Furthermore, the researchers found that the activities undertaken by the malicious trading bots create a much larger and more insidious problem than just the unfair profits. Bots may be able to affect the overall integrity of a DEX and its host blockchain by incentivizing miners to engage in dishonest behavior.

In blockchains, miners are incentivized to stay honest because they receive both block rewards as well as the fees charged per transactions. On DEXs, miners benefit from ordering optimization (OO) fees which are the earnings they receive in exchange for arranging the order in which transactions occur in a time frame or epoch. However, the researchers found the amount that miners earn from OO fees from the malicious bots can sometimes dwarf other transaction-related revenue streams.

As a result, miners may find it is in their best interest to accommodate the malicious bots as it a more financially sound decision. The paper states: “Occasionally, these fees can be substantial and provide substantial miner incentives to orphan blocks or otherwise deviate from the mining protocol.”

Moreover, the bots provide an incentive for miners to mount a forking attack to gain from the fees attached to the transactions executed by the malicious bots. Lastly, they also create the opportunity for a new attack vector which the researchers call time-bandit attacks. The paper defines this as when “miners rewrite blockchain history to steal funds allocated by smart contracts in the past.”

Scope of the study

To come to these conclusions, the researchers studied six decentralized exchanges. The research methodology also involved the creation of their own trading bot in order to adequately study the behavior of such software in the wild.

Speaking to Bloomberg, lead researcher Philip Daian said they observed more than 500 bots operating in various DEXs and making almost $20,000 daily through their activities.

Lastly, while the researchers zoned in on decentralized exchanges and witnessed this behavior in greater percentages on them, they also believe these activities are taking place on centralized exchanges as well – although researcher Ari Juels says they have “no idea” to what extent that is occuring.

Ultimately, the paper shows that transaction ordering dependencies pose a significant risk, not only to decentralized exchanges but also to the overall integrity of blockchains. Moreover, it is a commentary on the fact that while blockchain technology removes the need for trust, it is a more complex issue to anticipate the actions of human beings.


BNC AdvertisingPlanning your 2024 crypto-media spend? Brave New Coin’s combined website, podcast, newsletters and YouTube channel deliver over 500,000 brand impressions a month to engaged crypto fans worldwide.
Don’t miss out – Find out more today

Advertise with BNC
Advertise with BNC
BNC Newsletters: A weekly digest of the most important news and analysis.
Advertise with BNC
Submit an event on
Latest Insights More
Advertise with BNC