Maximizing security: How to deal with MEV attacks in DeFi

Hash of this article (SHA 1): b366289db9b21c3e9b6668c274e4a179be57a463

No.: Lianyuan Security Knowledge No.008

In the past few years, the blockchain economy has experienced exponential growth, especially in 2022, when the locked value of the DeFi ecosystem reached a peak of $300 billion. Web3 has also seen a variety of attack methods and logical security vulnerabilities. Since 2017, the Maximum Extractable Value (MEV) has been at the forefront of the attack methods that cause losses on the ETH chain. The ChainSource Security Team has conducted relevant analysis and sorting on the basic principles and protection methods of MEV, hoping to help readers improve their protection. The ability to ensure the safety of ones own assets.

MEV Basic Principles

MEV, the full name of which is Maximum Extractable Value, was also called Miner Extractable Value in the POW era of Ethereum. After a large number of blockchains switched to POS, it was renamed Maximum Extractable Value. Because block producers are no longer the only ones who decide the order of transactions (currently, the two roles with these two permissions are miners and validators, but previously there were only miners).

MEV refers to a measure of the profit that participants such as validators or sequencers obtain by performing selective operations on transactions (including transactions, sorting transactions, and reordering transactions) within the blocks they produce.

Validators: Participants responsible for validating transactions and producing blocks;

Sequencer: The participant responsible for deciding the order of transactions;

Include transactions: select which transactions will be included in the block;

Exclude transactions: select which transactions will not be included in the block;

Reorder transactions: determine the order of transactions in a block;

Currently, hackers using MEV mainly target wallet addresses that have obtained airdrop snapshot qualifications and whose pledged tokens are about to be unlocked. The prerequisite for hackers to launch such attacks is to obtain the wallet private key, then turn on dynamic Gas monitoring, and wait for the users After the tokens or gas fees are received, a withdrawal transaction is sent in the same block or adjacent blocks, which is called a front-running transaction. We call this type of monitoring robot a Sweeper robot.

Protection methods (taking ETH as an example)

First of all, there are two ideas for this type of protection. Since the goal is to compete with hackers in terms of speed, the first approach is to increase the Gas price and the Nonce of transaction sorting.

Because Ethereums transaction fee = Gas (quantity) * Gas Price (unit price), and the Gas Limit capacity of each Ethereum block is fixed, whoever has a higher Gas Price will have their transaction packaged into the block first. Block confirmation, in addition, nonce in Ethereum represents the number of transactions. This concept should be combined with the fact that Ethereum itself is account-based, so each different account maintains its own nonce, and each transaction of each account in Ethereum Each transaction has a unique nonce, which can prevent replay attacks (the same transaction is processed multiple times) and allow the EVM virtual machine to clarify the order of transactions (for example, if the nonce of a transaction is 5, then in this transaction Before the transaction can be processed, the transaction with nonce 4 in the account must have been processed)

The second idea is to connect to nodes with faster confirmation speed and higher transaction obfuscation

If you want to change the connection node, the first recommended one is the TAICHI network node. This network is a privacy and security solution based on blockchains such as ETH and Solana. It achieves transaction obfuscation and privacy protection by introducing a series of relay nodes. The node is responsible for receiving the users transaction request and mixing it with other transactions to hide the source and purpose of the transaction.

Relay nodes: These nodes are the core of the TAICHI network and are responsible for receiving, mixing, and forwarding transactions;

Transaction mixing: By mixing multiple transactions together, relay nodes are able to effectively hide the source and purpose of individual transactions;

Privacy protection: This method can effectively prevent on-chain data analysis and tracking, protecting user privacy;

Sweeper works by monitoring transaction records in the public memory pool to preempt transactions, but the TAICHI node allows us to submit signed transactions directly to miners without broadcasting through the public memory pool, which means that Sweeper is likely to monitor If it is not available, there is a possibility of front-running Sweeper (the public memory pool refers to the collection of transactions that have been broadcast but not yet packaged into the block).

The second recommended node is FlashProtect. FlashProtect is a solution to the MEV problem in the Ethereum system provided by the FlashBots organization. It works by packaging the users transactions and sending them directly to the miners through Flashbots instead of through the public memory pool. To prevent malicious miners and robots from discovering and exploiting these transactions in the public memory pool to withdraw funds using MEV. Its disadvantage is that the transaction speed is very slow because it uses the Flashbots memory pool, which has far fewer validators than the public memory pool. .

Conclusion

In general, various protection methods are also aimed at maintaining the sorting process of decentralized transactions and ensuring that smart contracts handle transactions in a fair manner, but the most fundamental solution must be to make adjustments from the perspective of miners and validators.

Lianyuan Technology is a company focusing on blockchain security. Our core work includes blockchain security research, on-chain data analysis, and asset and contract vulnerability rescue. We have successfully recovered many stolen digital assets for individuals and institutions. At the same time, we are committed to providing industry organizations with project security analysis reports, on-chain traceability and technical consulting/support services.

Thank you for your reading. We will continue to focus on and share blockchain security content.