Frontrunning

The core enabler of frontrunning is information asymmetry. In public mempools, pending transactions are visible before they are confirmed. This allows an attacker to see the details of a trade (e.g., a large DEX swap) and submit their own transaction with a higher gas price to ensure it is mined first. The attacker profits by buying the asset before the victim's trade executes, then selling it back after the price impact.

The most common form of on-chain frontrunning is a sandwich attack. This is a specific, automated strategy where a malicious actor:

• Front-runs the victim's buy order, purchasing the asset first.
• The victim's order executes, pushing the price up as intended.
• The attacker back-runs the victim, immediately selling the purchased asset at the new, higher price. The victim receives a worse price due to the attacker's activity, and the profit is the difference minus fees.

A Time Bandit attack is a more sophisticated form of frontrunning that targets blockchain consensus itself. A miner or validator can reorganize the blockchain (a reorg) to insert, exclude, or reorder transactions from past blocks after they have been mined. This allows them to retroactively frontrun transactions that appeared to be finalized, extracting maximal value. It represents a fundamental attack on settlement finality.

The public mempool is the source of opportunity for most frontruns. Bots constantly monitor pending transactions, using algorithms to identify profitable targets. Key signals include:

• Large slippage tolerance settings.
• Transactions interacting with specific liquidity pools.
• Identifiable transaction patterns from known entities (e.g., whales). This surveillance creates a competitive environment where only the fastest, most optimized bots succeed.

Several strategies exist to mitigate frontrunning risk:

• Private Transactions: Using services like Flashbots RPC or Taichi Network to submit transactions directly to miners, bypassing the public mempool.
• Commit-Reveal Schemes: Submitting a transaction in two phases to hide its intent until it's too late to frontrun.
• Limit Orders & TWAPs: Breaking large orders into smaller chunks over time (Time-Weighted Average Price) to minimize market impact and visibility.
• Slippage Controls: Setting strict maximum slippage parameters, though this can cause transaction failure.

Frontrunning is a primary subset of Maximal Extractable Value (MEV). MEV is the total value that can be extracted from block production beyond standard block rewards and gas fees, by including, excluding, or reordering transactions. While frontrunning is often predatory, other forms of MEV, like arbitrage and liquidations, can be seen as economically necessary for market efficiency. The ecosystem of searchers, builders, and relays that compete for MEV is known as the MEV supply chain.

The foundational activity for most frontrunning. Bots monitor the public mempool for profitable opportunities by analyzing pending transactions.

• Key Data: Transaction origin, target contract, calldata, and gas price.
• Automation: Bots use this data to simulate the transaction's outcome and programmatically craft a more profitable, competing transaction with a higher gas price to ensure priority execution.

The most common venue for frontrunning, particularly on Automated Market Makers (AMMs) like Uniswap. Bots monitor the mempool for large swap orders that will move the price of a token. They then submit their own transaction with a higher gas fee to buy the token first, and sell it back into the same block after the victim's trade executes, profiting from the price impact.

• Example: A bot sees a pending $1M USDC/ETH swap. It buys ETH first, the victim's swap pushes the price up, and the bot sells its ETH at the new, higher price.

Frontrunning targets limited-supply NFT drops and profitable arbitrage opportunities. Sniping bots monitor for:

• Mint Transactions: Bots copy the mint transaction data and submit it with higher priority gas to mint NFTs before users, often to resell them immediately.
• Listings Below Floor: Bots detect NFT listings priced significantly below the current market floor, buy them in the same block, and relist them at the market price.

This creates a toxic environment where manual users are consistently outbid by automated systems.

In DeFi lending protocols like Aave or Compound, bots compete to be the first to liquidate undercollateralized positions. They monitor for positions falling below the liquidation threshold, then race to submit the liquidation transaction to claim the liquidation bonus (a discount on the collateral).

This is a form of MEV (Maximal Extractable Value) where the profit comes from enforcing protocol rules, not from a direct victim trade, but it still relies on transaction ordering priority.

Protocols that rely on oracles (like Chainlink) for price feeds are vulnerable when that price data is broadcast on-chain. Bots can see the pending oracle update transaction and frontrun dependent transactions.

• Example: If an oracle update will show ETH's price has increased, a bot could frontrun a lending protocol's liquidation function, as the new price will make more positions eligible for liquidation. The bot secures the profitable liquidations before other participants can react.

Frontrunning can occur in cross-chain messaging and bridge designs. When a user submits a transaction to initiate a bridge transfer, a bot can observe the pending transaction and submit an identical one with higher gas.

If the bridge has a first-come, first-served minting mechanism for wrapped assets on the destination chain, the bot receives the assets instead of the original user. The user's funds may be locked or require a complicated recovery process.

The public mempool is the foundational source for all frontrunning. It is the waiting area where all signed, pending transactions are visible before being included in a block. Searchers run sophisticated nodes to monitor this data stream.

• Key Insight: Without a public mempool, generalized frontrunning is impossible. Solutions like private transaction relays (e.g., Flashbots Protect) or in-protocol ordering rules (e.g., CowSwap's batch auctions) aim to mitigate this by altering or obscuring the transaction submission path.

Frontrunning is the act of placing a transaction with prior knowledge of a future transaction to profit from its anticipated market impact. On a blockchain, this is typically achieved by observing transactions in the mempool (the pool of pending, unconfirmed transactions) and then submitting a new transaction with a higher gas fee to ensure miners or validators include it first in the next block. This exploits the transparent and sequential nature of blockchain transaction ordering.

A sandwich attack is the most common form of on-chain frontrunning. An attacker identifies a large pending DEX swap (e.g., buying ETH with USDC). They then execute two transactions that bracket the victim's:

• Front-run: Buy ETH before the victim, driving the price up.
• Back-run: Sell the newly acquired ETH immediately after the victim's trade, profiting from the inflated price. The victim receives worse execution, paying slippage that becomes the attacker's profit.

Frontrunning is a primary source of Maximal Extractable Value (MEV), representing profits extracted by reordering, inserting, or censoring transactions. This creates significant economic externalities:

• Increased costs: Users must pay higher gas to avoid being frontrun.
• Slippage and poor execution: Retail traders get worse prices.
• Network congestion: Bidding wars for block space inflate base fees. MEV is estimated to have extracted billions in value from Ethereum users, fundamentally altering market dynamics.

Backrunning is the complementary practice of submitting a transaction immediately after a known pending transaction to capture value from its side effects. Common examples include:

• Liquidation bots that repay undercollateralized loans the moment they become eligible.
• Arbitrage bots that correct price discrepancies between DEXs created by a large trade. While often profitable, backrunning can be beneficial for network health (e.g., restoring price equilibrium), unlike purely extractive frontrunning.

A landmark example occurred in February 2022 with a sandwich attack on the MISO token launch platform. An attacker frontran a $50 million purchase of the DODO token by placing a buy order with 10x the gas fee. They then immediately sold the tokens in the same block, netting an estimated $3.4 million in profit. This incident highlighted the vulnerability of large, predictable on-chain transactions and accelerated adoption of private transaction services.

A sandwich attack is a specific, predatory frontrunning strategy. A searcher places one transaction before and one after a victim's large DEX trade to profit from the resulting price movement.

• Mechanism: The first transaction buys the asset (raising its price), the victim's trade executes at the inflated price, and the second transaction sells the asset (profiting from the price increase).
• Result: The victim suffers increased slippage and worse execution.

Fair Sequencing Services are protocols designed to prevent frontrunning by enforcing a canonical, fair order of transactions before they are added to a block.

• Goal: To provide transaction ordering fairness, often based on the time a transaction is received, rather than the fee paid.
• Implementation: Projects like Chainlink Fair Sequencing Services (FSS) use decentralized oracle networks to achieve this, creating a more predictable execution environment for DeFi users.

Private mempools (or private RPC endpoints) are services that allow users to submit transactions directly to a validator or builder without broadcasting them to the public peer-to-peer network.

• Function: They hide transactions from the public mempool, where frontrunning bots typically scout for opportunities.
• Examples: Services like Flashbots Protect RPC and proprietary RPCs from major wallet providers (e.g., MetaMask) offer this functionality to protect users from sandwich attacks.

A time-boost auction is a proposed mechanism to mitigate frontrunning by explicitly auctioning off priority in transaction ordering.

• Process: Users can attach an additional "boost" fee to their transaction. The block builder orders transactions based on a combination of the total fee and the time the boost was attached.
• Rationale: This creates a more transparent and efficient market for transaction ordering priority, moving competition from hidden, predatory strategies to an open auction.