Smart Contract Rescue

With Dan Robinson

Smart Contract Rescue

Today I talk to Dan Robinson about trying to get someone their money back on Ethereum. He’s going to be battling this murky world of blockchain high-frequency bots. Along the way, we’ll learn how trades are executed on Ethereum and a bit of game theory and political philosophy.

It’s an entertaining peek into a world that seems like pure science fiction to me, a world where nobody’s in charge, where there’s no regulation, and where these forces of greed and idealism are in direct conflict with each other.


Note: This podcast is designed to be heard. If you are able, we strongly encourage you to listen to the audio, which includes emphasis that’s not on the page


Adam: Hello, and welcome to CoRecursive. I’m Adam Gordon Bell.

Sometime around 2012, one of my coworkers read this article in Wired about this thing called Bitcoin. And he wanted to get his hands on some. And the only way he could find to do this was sending cash in an envelope off to some address he found on the internet, and the person on the other end would supposedly transfer Bitcoin back to him in return when they got his money.

I was pretty sure this was a scam, but he was certain that the Bitcoin people weren’t just in it to scam people. They wanted to bring forth this new world with this new type of currency. They were idealists and not about the greed. So he sent his money off and it worked out. He actually eventually got his Bitcoin.

Today, cryptocurrencies are bigger than ever, and it still seems like a strange mix of idealism and greed that are driving it forward. Today, I brought in a guest who has a great story about the collision of these two forces.

Dan: My name is Dan Robinson. I am a research partner at Paradigm, which is a crypto asset investment firm. And I should mention that here I’m speaking on my own behalf and not on behalf of the firm, and nothing that I say during this call is going to be investment advice. That’s the only thing I have to say.

Adam: Dan is going to share the story of trying to get somebody their money back on Ethereum. He’s going to be battling this murky world of blockchain high-frequency bots. Along the way, we’ll learn how trades are executed on Ethereum and a little bit about game theory and political philosophy. It’s an interesting peek into a world that seems like pure science fiction to me, a world where nobody’s in charge, where there’s no regulation, and where are these forces of greed and idealism are in direct conflict with each other.

The Call for Help

Adam: It all started out when Dan got a support request on Discord:

Dan: There’s an application on the blockchain called Ethereum. This application is called Uniswap, and full disclosure, my employer Paradigm, we’re invested in Uniswap, and were at the time of this. And so I was trying to basically help out with explaining how it worked to people who were trying to use it. So Discord is where a lot of the customer support for crypto verticles happens. And it’s actually mostly not people at the companies who are providing the support. It’s mostly actually the community helping each other. And so I was just kind of like trying to pitch in, in this way.

And in this case, someone had done something that was, it was a fat finger error basically. They’d accidentally sent tokens to this contract that they shouldn’t have sent tokens to. That’s not sort of part of the way that you’re supposed to use it.

Adam: So this person, I feel like they need a name. Call them like Susan or Darryl.

Dan: Yeah, yeah. Darryl.

Adam: Okay, so what did Darryl do wrong?

Dan: Darryl was providing liquidity on Uniswap. And I’m not sure what he meant to do, but what he did was… Well, when you provide the put-in in Uniswap you got the liquidity tokens and those are a newly created token that represents just like your stake, your share of the liquidity that’s in the pool. And in this case, what the user had done was sent tokens directly to this contract, which isn’t really supposed to receive them.

And so my reaction was, “I’m sorry for your loss. I think these are stuck forever.” And that’s a common thing that happens in crypto. People lose money, fat finger errors all the time. They’d sent $12,000 worth of tokens accidentally to this contract that they didn’t mean to. I felt bad for them that they’d done this, but again, this happens in crypto all the time.

And so, I didn’t really give it another thought to wait until just late that night, I was thinking about how Uniswap worked as I often do. And, I’m sort of obsessed with this product. And I’m annoyed that I hadn’t thought of this sooner. But I was thinking about how it worked and I just thought, oh my God, they can actually get the money back out. Like there is a way. There’s an escape hatch. And that’s part of how the contract is supposed to work, but this unintended consequence of this feature that the contract has is that someone who did this thing they weren’t supposed to do might be able to recover it. So I was super excited about this.

The Background

Adam: A little background is necessary here. Ethereum is the second largest blockchain after Bitcoin. NFTs, non-fungible tokens, a lot of those are on Ethereum, as well as ICOs, initial coin offerings. A lot of those take place on the Ethereum blockchain and give birth to new crypto tokens of which there’s like at least 900 types that run on the Ethereum blockchain, besides ETH, which is the original Ethereum coin. So Darryl was reaching about Uniswap, which is actually just an exchange for exchanging these tokens. And it works like this.

Dan: The high level is that anyone can provide liquidity between a pair of assets on Uniswap. So take like ETH, Ethereum, which is the native currency of the Ethereum blockchain, and USDC, which is a dollar stable coin that’s on Ethereum. And what someone can do is provide equal amounts of these two assets and it gets pooled with a lot of other people who’ve done the exact same thing, equal value, like a 50/50 portfolio of these.

They all pool it into this on chain agent called a smart contract. And a smart contract is just a program on the blockchain, and it’s something that can own and control tokens, and distribute them and send them around and call other contracts according to its own internal logic. But Uniswap, it can’t be upgraded, the contracts on chain. There’s no way to fix a bug once it’s in there, which is why we put a lot of effort into trying to write bug-free code on it.

When people put in all these tokens, then they get used by other people who want to trade them. So if somebody wants to sell ETH for USCC, they will go to this pool, they’ll sell some ETH to it and the pool will automatically make a market between these two tokens.

So there’s over $4 billion of tokens right now on Ethereum and Uniswap V2, which is the version that this happened to. And you can see how actually the trustless-ness of it is actually pretty important feature. Assuming there’s no bug in the contract, there’s nobody who can actually just steal that $4 billion. And the tokens are, they’re the property of the contract itself, of the code.

And so that’s simultaneously a very powerful thing. It’s also extremely scary because A, if there is a bug and somebody exploits it, there’s no way to undo it. And if somebody makes a mistake, it’s possible that they’ve sort of lost it. So it’s a very harsh and unforgiving environment.

Adam: It’s like, I can lend like various currencies to this airport exchange booth, and I guess it’s-

Dan: That’s right. And they’ll mark and make with your currency on your behalf. And since they’re bound in what they can do, they can only follow these rules that they promised that they can do, it’s like they’ve signed an unbreakable contract with you. This is all we will do with your money. We’re going to do this with your money, that’s it. And that is very powerful. If you wanted to trust, as people have, over four billions of dollars of assets to these contracts, you’d better hope that nobody’s able to betray that trust. And in this case, there is nobody who actually can.

Adam: So Darryl… Dan wants to keep the actual person anonymous, but he or she or they, they had money on Uniswap and they made an error.

Dan: They had taken these tokens and they’d sent it to the contract. And normally when you send tokens to a smart contract that isn’t expecting them, there’s just no way to get them out. There’s literally hundreds of millions of dollars stuck in contracts because yeah, they just don’t have a way to send them. I thought this was one such case. And what I’d forgotten was… This is ironic because I helped design this feature, but the way that Uniswap actually works, it’s somewhat peculiar. I think it was a single-threaded environment.

Ethereum Is a Single Threaded Machine

Adam: You’re saying all of Ethereum is just like lock step, one thing at a time?

Dan: That’s right? It’s a single state machine and each smart contract on it you can think of it as effectively an object with a particular interface and its own internal logic. And these objects interact with each other just by message passing. But ultimately, these calls, all these contract calls and everything, all happen synchronously. And this has been a big limitation for Ethereum scaling because there’s only so much you can do with a single-threaded virtual machine like Ethereum has.

But it’s very powerful. It means, effectively, you can, for example, do an arbitrage between two different decentralized exchanges. And Uniswap is the biggest decentralized exchange. It’s not the only one. And if there are different prices on different decentralized exchanges, then somebody can come in and do an arbitrage that is actually guaranteed to either work and be profitable or to revert. You can do this atomically. And that’s somewhat cool.

Adam: So you can send some sort of a message that is the equivalent of doing two things, and they will happen atomically together?

Dan: That’s right. Well, you could send one message. You’d get a response from that. And then you can use that response in sending a message to a completely different contract, get a response from that. And then at any point in this process, you can just hit a button and revert, and the whole transaction state goes back. You can always do that.

And so there’s a very try-catch kind of style that’s common where you’ll just optimistically try to do everything. I’m forgotting what that’s called in Python, but you’ll try to do stuff and then revert if it doesn’t work out the way that you wanted.

So when a contract calls another contract, it has this synchronous lock on the entire Ethereum state. And so you can do these funny things. And one of the funny ways Uniswap was designed to take advantage of this is that in order to burn liquidity on Uniswap V2, what you do is you just send tokens to the pool. You do exactly what this person did by accident. And then you call the contract and tell it, “Hey, I sent you these tokens. Check that you got them, and send me the money that I got.”

And because this is done as an atomic transaction and done synchronously, this works, it’s secure, because you send the tokens and then you tell the contract, like do this thing with those tokens that I just sent you, and it checks how many tokens it has and sends you the amount of liquidity you deserve back out.

And so, because you have this lock on it, you can do it in this kind of weird two-step way. And what this person had done was take the first step. They’d sent these tokens in, but they hadn’t taken the second step. And so what should have happened after they sent this in, was that anybody could go and call that function on the contract and just say, “Hey, I was the one who sent that one in. Give it back, or give me the liquidity for it.”

Adam: It’s sort of like an ATM. You withdraw your money, but if you don’t take the cash out of a dispenser, it’s just sitting there for anybody else to take. And it’s worse than that because on Ethereum, there’s all these bots who are looking around for free money that they can grab.

Dan: There was nothing at this point tying him to it at all. Anyone could call this contract. And that’s what led to this crazy situation that we found ourselves in.

Adam: The money was put in the change thing. And then the person left. And it’s like, if anybody else comes to get money, they’re just going to take it because it’s going to be the change thing with their money.

Dan: That’s exactly it. And it’s like, yeah, you just get the free change in the vending machine, because someone accidentally left it there.

Adam: What do you think the odds are? If there’s money sitting somewhere, what’s the probability you can get it?

Dan: There’s a joke about the economists who are passing a $50 bill on the sidewalk, and one of the points it out and the other says, “Oh, no, it can’t be a $50 bill. If it was, someone would have picked it up already.” And so that was part of my thought. And, as I looked for it, I was fully expecting it not to be there anymore. But nobody had picked it up immediately after this person had sent it, otherwise they wouldn’t have been asking about it.

So it seemed like it hadn’t been caught automatically. So there was at least some chance that it was just gone through a blind spot of all these bots who were looking for this kind of opportunity. And in fact, I went and looked at the contract. This was past midnight. I sort of woke up in like a cold sweat and went and checked this and looked for the contract, and found it. And these tokens were still there and had been there for the past eight or nine hours.

The Crazy Theory

Adam: So when you thought like: “hey, maybe the money’s still there” were you excited or scared?

Dan: Yeah, a bit of urgency, certainly. And this is not my normal state. I spent a lot of my time basically as a researcher. But mostly I sort of have the luxury of sitting around and thinking through problems and trying to imagine how they could play out. And that happens often before this code is launched at all, and then it’s somebody else’s problem.

But the thought process that went through my head first, so first, okay, great, I can actually call this contract. I can call Bern on this, I’ll get the money out, and then I can send it back to the person. The first thought was like, this is great, I can help. And then immediately after that, my thought was, I better do that very fast because if anybody else withdraws liquidity, not even intending potentially to get this money from this pool, maybe just accidentally, they’d get the money out of it. So I had to try to do that before someone else did.

And then my almost immediately after that thought was I can’t do that. I can’t just call this contract. I’m glad that I heard a story about this a while before that made me realize that I couldn’t do this because it’s this sort of crazy scifi concept. But I realized it was going to be a lot more complicated than I had initially thought.

Adam: So what’s the problem with grabbing the money?

Dan: I’d heard this kind of horror story from someone who’s probably the top researcher in this particular sub field of cryptocurrency called Miner Extractable Value. And this is a term that he had coined. So Miner Extractable Value is the idea that there’s a lot of opportunities on this blockchain to make money. One such way is by arbitraging one of these on chain, decentralized exchanges. There’s some more sinister ones like front running users and sandwiching their trades and pushing their trades. Like basically doing what maybe a less reputable, centralized financial institution might do to its users by essentially front running them.

Front Running Explained

Adam: So front running, I understand. So front running happens in the stock market. People have access to the market at a faster pace than you do. And so they see your order driving to the market in a slow car, and they speed ahead and just make the same order. Then you end up buying it from them at an increased price. And then they sell it back. Right?

Dan: Yeah. And that’s unfortunately pretty common and the decentralized exchanges have to kind of grapple with that fact.

Adam: A block of transactions is mined every 12 seconds and that’s when the transactions are executed. And that sounds fast, but it’s an eternity to a fast running bot. Transactions within each block are executed in priority order, based on who paid the highest fee. So if you put in an order to buy something, while it’s sitting there waiting to be executed, other things can see it. And if they think that your transaction might move the price of something, they can just put in the transaction ahead of yours by paying a higher fee. So that’s classic front running. But in a world of smart contracts, a bot can do something a little bit more strange.

Dan: What it does is it looks at pending transactions and it tries, for every one of those transactions, and says, “What if I sent this, instead of the person in that sent it?”

There are all these other more complicated ways to make money from calling contracts on Ethereum. And what they’re doing is they’re piggybacking on other bots or on ordinary users who’ve spotted some kind of opportunity. They’re saying like, if somebody is doing this, maybe they’re making money on it. And maybe they’re making money on it in a way that I could actually make money on it.

And so they just do a copycat transaction. And they can do this. They can just simulate this. They just think what if I ran that transaction? And if it would work, what they’d do is they submit their own transaction with a slightly higher fee so it appears ahead of the one that they’re copycatting, and they take that money.

And so that’s this generalized front running bot where instead of caring at all about what it’s actually doing, it’s just blindly copying anything it sees. And this can be quite sophisticated. It isn’t just the transaction itself, but within the transaction, one of the contracts or the transaction calls might make a call to another contract. These bots can actually introspect deep into the call stack and see, oh, this call is happening. What if I made this call? Not just the whole transaction. And so it’s actually quite hard to obfuscate your transaction in order to avoid this.

Adam: The nature of the problem is that everything is transparent if I’m understanding, because all of these contracts, you can see what they do. And all of these requests, you can see what they will do. So you’re saying there could be something that just simulates what’s going to happen when you do something and then just does it itself instead?

Dan: Yeah. And it’s amazing because it’s a deterministic environment on chain. But yeah, anyone can just simulate the effect of a transaction. And obviously this is way too fast for any human to make decisions based on it. But the program can just shoot off a transaction as a result of seeing something like that.

So what’s cool is that on chain, these are just very efficient market for taking money, free money that’s there. And money won’t last in a smart contract for very long if a smart contract can be hacked. But this money had been there for eight hours and nobody picked it up. But my worry was, as soon as I tried to pick it up, that just the act of doing that would cause it to be taken. And so that’s an even more hostile environment than the blockchain, which is already ridiculously hostile.

Theoretical Sea Monsters

Adam: This was all a theoretical problem to Dan. But if these monsters did exist, there would be no better way to attract them than to try to grab Darryl’s free money back.

Dan: Maybe I’m like a predator in this environment where… In this case, I was a white hat hacker, but maybe I’m a black hat hacker. Maybe I’m trying to take money from a smart contract. And I think I’m so smart. Like I put a bunch of effort into figuring out this way to steal this money from it. And as soon as I go to do that, just this whale comes up from the deep and just devours me whole. I think I’m actually at the top of the food chain and I’m not even close.

And so, that’s the metaphor that just immediately came to mind when I heard about these things. And I’d never seen one. I hadn’t seen an example of it actually happening, but I’d heard about them and it made this deep impression on me that this was something to be feared.

Adam: So even if you’re able to hack something, you probably won’t get the proceeds.

Dan: It’s a kind of very uneasy, mutually assured destruction where maybe nobody can take this money because they know that it’ll alert these bots. But ultimately, someone finds it and then it just becomes basically just pure war. So there’s this sort of peacefulness to the blockchain state until suddenly just an outbreak of war. And everybody’s trying to bid to get their transaction in first.

Adam: To build one of these bots, Dan says you’d have to run a lot of Ethereum nodes.

Dan: You have them sort of all over the place and they’re directly connected to all the miners and they’re listening for all transactions across the entire network. And then whenever they see a transaction that they want a frat run, that’ll spam everybody with transactions that go ahead of it. And they’ll participate in this auction where if then the other person tries to go ahead of them, they’ll keep raising the bid and the amount of the price that they’re willing to pay for gas in order to be first. And so, that’s sort of a complicated process and they’re fighting something that, yeah, again, I would have no chance going toe to toe with.

An Ocean’s 11 Moment

Adam: This was after midnight in Dan’s time zone, and he hadn’t told anyone. This wasn’t really the type of thing you want to advertise. But he knew he was in over his head so he put together a team.

Dan: The first person that I called in was my Paradigm colleague, Georgios. And he’s a much better smart contract engineer, in general, developer than I am. I’m fully aware now that my strengths lie elsewhere. And he’s a fantastic programmer. And he fortunately lives in Greece, and so he was on a time zone that he was awake and could help with this. And then another European developer, Alberto, who works at another portfolio company of ours also pitched in to help write the contracts that we were going to write for this. And then there were a few Ethereum smart contract security engineers that I called.

This was on Telegram, an Ethereum smart contract security group that’s like 500 people. I just basically asked anyone the question, “Should I be worried about these generalized smart contract front runners?” And these are the two people who responded, “Yes.” Some people didn’t believe it, but they were the ones that I pulled in to help. But, yeah, sort of put out the bat signal for these security researchers. And they helped me come up with this plan.

Adam: Was it because you thought this was ludicrous? Did you feel like, I heard that there’s these monsters under the ocean, but do they really exist?

Dan: I definitely felt a little silly even asking about it. And then we go on to basically do this really convoluted scheme to try to hide what we’re doing, and taking a few hours to do this. And the whole time I was just like, am I crazy? Does this make any sense? It’s sort of like being weirdly paranoid because I had never seen anything like this happen. It’s not an every day Ethereum thing where there’s free money sitting somewhere to pick it up.

And so, I knew I had heard about it and also just sort of had this general game theory sense that if someone can build this bot, and if they can, then they would. And so, the bot is out there.

Adam: Yeah. It’s the $50 on the ground.

Dan: Well, in this case, it’s me thinking like, oh, would it be safe to leave my $50 out here on the street and thinking no, I shouldn’t.

Adam: And also, isn’t the clock kind of ticking because the money is also just sitting there.

Dan: That’s right. So we were under this time pressure because A, somebody could have spotted it. B, somebody could have just taken their own liquidity out and accidentally gotten it. And either way we would have been out of luck. And so there was this time pressure. And while we were doing all this, we had to write custom smart contracts for this crazy obfuscation plan. And the whole time I was thinking I’m going to feel really stupid if we waste all this time doing it, and then someone just goes and picks it up. And we could have done that the whole time. So there was definitely part of me that was thinking I’m glad we’re being careful, but I feel a little paranoid during it.

Game Theory Can Be a Scary Thing

Adam: Rescuing Darryl’s money makes for an exciting story. And the ending is wild so make sure you stick around to the end. But there’s a much bigger theme here than just somebody’s misplaced money. It’s this tension between coordinating and competing. On Ethereum, even miners who execute transactions could lose out by trying to help somebody get their money back.

Dan: Just think about the game theory of it. Even if there is a benevolent miner, they’re going to get out-competed by the malicious one because the malicious miner can make more money from the bots that they mine. And that means that they can spend more money on electricity, they have a lower break even. And so they can just out-compete these miners. Ultimately, mining is a very competitive market. Unless you’re honest and you have some other kind of sustainable advantage and a proof of work network like Ethereum, ultimately any bit of advantage that you can get, other people can get, and they’ll out-compete you if you don’t.

Honestly, competition is the worst. It’s a scary world. Honestly, I say that Ethereum is super competitive. It’s nowhere close to how traditional financers has just been like ground down. There’s still a lot of low-hanging fruit. We’re in this grace period where there’s still time for experimentation, there’s still space for relatively mediocre people like me to sort of have an impact before everything gets just ruthlessly optimized.

Adam: You know this Meditations On Moloch?

Dan: Exactly. Yes, this is exactly Meditations On Moloch. Moloch is this fantastic blog post written by Slate Star Codex. And I recommend people check it out when they’re thinking about this general category of just sort of game theory actually being a very scary thing. And the idea is that the condition of perfect competition, and this could describe an efficient market in the economy, or it can describe the situation of total war. It’s just a terrible situation to be in from the inside.

If you produce great things, like the competition does, it’s fantastic for consumers when it happens in the economy, but as an experience, it really sucks. And it doesn’t leave you a lot of slack. It doesn’t leave you room for art and other things, if you’re always competing to survive. And the issue is that just ultimately any entity that doesn’t just maximize survival and getting as much as possible in a world of scarce resources, could end up just being out-competed by those that do. And this is also a Thomas Malthus thought. And one of our goals and this is something that we at Paradigm care a lot about, is trying to defeat Moloch, is trying to prevent that kind of race to the bottom in whatever way possible.

Is Regulation Needed?

Adam: Yeah. But the thing I got from the essay is that maybe it’s impossible. In a system with people competing against each other, being nice has a cost. And you can be as nice as you want, but you will lose. I think the point of it was that regulation is important and needed because without it, everyone just claws each other into smithereens. So what do you think of that? Are you concerned that you’re building something that while interesting, is just a vehicle for, I don’t know, sidestepping things that might be important, like rules about money-laundering?

Dan: Yeah. And that is a great question. Which side ultimately of the Moloch problem is crypto on? So starting with the point about regulation as a solution to this, I think that’s definitely correct. In fact, it’s not exactly historical, but philosophically, a lot of regulation is rooted in this concept. And so, like Hobbes… Before I go into law school, I was a government major in college. Hobbes had this concept of the state of nature being a war of all against all.

Adam: Nasty, brutish and short.

Dan: Exactly. Life is nasty, brutish and short. And that’s sort of a Moloch type situation, is when everyone is just fighting everyone else for every scrap.

Hobbes’ solution was we raise some Leviathan above everybody else. And for Hobbes, it was just like the monarchy, hereditary monarchy specifically because then you just don’t have a struggle over who the next king is. We know, oh, it’s that guy.

And the idea is by doing that, you’ve now removed the problem of oh, in a struggle now, which one to use, who to listen to, who has power. And we just say, “All right, that one guy has power and everybody else is descendants.” And this is unambiguous. And the advantage of that certainty and the advantage that this person can just say, “Oh no, actually you guys, don’t fight in that way. Or don’t fight about this particular thing.”

This solves some of the problems with complex competition. And I think there’s really something to that. Civilization sort of arose because some people seized massive amounts of power and used it to stop everybody else from competing on stuff.

Adam: I think he’s getting on this thing that even a horrible dictator is better than having nobody in charge.

Dan: That’s right. So that’s the basic philosophy is, is anything is better than the nasty, brutish and short life. And so here we are, and this is the only solution. And in college, I was sort of a hardcore libertarian. I hated that concept. I now think it’s at least directionally correct that actually that is a role that the state plays, is in preventing this… Not even just in the philosophical sense, but really, and in this core way, preventing everyone from just competing with each other all the time, for as much power they can grab. And that there’s a benefit to not having conflict, even if it involves that sort of world. But still as something of a libertarian, I hope there’s a better way.

And so, the alternative possible Leviathan is just, well, democratic government. And I happen to believe that democratic government is a big improvement on total dictatorship, even though it has these failure modes. And one of the objections to democratic government was that you’re leading to just populism, you’re leading to another kind of despotism, you’re leading to just people are going to achieve power through some other means. And now there’s more competition for it. And that’s [inaudible 00:27:21] of competition again and that’s bad.

So, democracy is still an experiment. Hopefully, I think has been working well. It’s touch and go for a bit sometimes, but I think seems to be working. And I don’t know, this is quite grandiose of me to put this in that progression, but the idea, I think of smart contracts, hopefully this is another way for us to come together and coordinate our actions that doesn’t require us vesting infinite power in a single fallible human.

And that’s that you can just say we’re all going to sign sort of a constitution. We’re going to put our money in a smart contract. It’s I feel incredibly cheesy putting it this way, and my law school professors would probably smack me down, but we’re going to invest all of our power into this code, and then it’s going to keep us all honest.

Adam: In other words, that there’s no struggle over who’s in charge and who can undo a mistake because everybody knows that no one can. People can lose money with fat finger errors, but also people can use smart contracts to build cooperative market-making services. It’s a really wild idea. And when people do make mistakes, Dan and others like him can try to help out and try to rescue the money.

Rescue Time

Getter Contract
Setter Contract

Adam: In Darryl’s case, the key to the rescue plan is obfuscation:

Dan: Because ultimately, this is all deterministic, and everything we were doing was going to be public because we didn’t know a miner to send stuff to. So there was no way to solve this cryptographically. We knew that whatever we did that would get this money out, it would be possible for somebody to spot it, and then intercept it. And we were hoping we would just make that as difficult as possible.

So what we did was we split it into multiple steps. So for example, creating a contract that would do this call and then calling your own contract, even if your own contract could only be called by you, wouldn’t work. Because if this contract made the call, somebody can run it, see the execution, trace, see that internal call, copycat it, and make the internal call. So, that wouldn’t be enough by itself.

Adam: So you’re saying something could see you create the contract and call it, and then they would automatically create the exact same contract, but that pays it to them?

Dan: No, no. So, on a theory, every Ethereum transaction is just a call stack of contracts calling other contracts and pouring some logic. And that call is just like a message pass from one contract to another. And so somewhere in this transaction in which we got the money, some contract, no matter how much we put in there, some contract was going to make a call to the Uniswap contract that would get this money out. And we just couldn’t avoid that. And so, if our transaction was going to work, then it was going to have to basically reveal that this call was in there. And someone could look and pluck this particular call right out of the call stack, simulate it, copycat it, mutate it, and run it themselves.

So again, this is why there’s not a perfect solution, but we were hoping they were just not sophisticated enough to spot it. So just doing our own contract wasn’t enough. We split this contract in two contracts. There’s a setter and a getter contract, and we split it into two transactions, a setter and a getter transaction. And so there was a lot of just indirection here. Basically the getter contract was not activated. It just couldn’t be called until someone had called the right function on the setter contract, which could then call the getter contract and activate it. Once the getter contract was activated, we could send a separate transaction to the getter contract that would then go make this call to Uniswap.

So what we did is we submitted the setter and the getter transaction in the same block. So they would look to anyone just running these transactions independently, there’d be nothing to actually link them. They’d be two transactions from two different addresses to two different contracts. And if you ran them separately, they wouldn’t actually do anything. They wouldn’t touch the Uniswap contract. It’s only if you run first, the setter transaction and then the getter transaction, that the getter transaction would then call the Uniswap contracts.

So we were hoping that what these bots were doing was they’d simulate these transactions independently. They would just run them against the current state before this block, rather than say, trying to construct a candidate block out of the transactions of the [men 00:31:19] pool and running them all. Because if they did that, then we’d be toast. But if they were just looking at these transactions one by one, then this could obfuscate it.

So we tried this and I don’t know, at least for me, the time pressure was getting to me at this point. And we were just having trouble basically submitting these transactions in part because the second one looks like it was going to fail until the first one was included. And Ethereum infrastructure is designed to protect you from some transactions that are going to fail. And so we actually had trouble getting these into the same block. And we had to try it and then reset it and try again. And ultimately, I was like, forget it. We’re just submitting them. Let’s do it in different blocks. We’ll do the setter transaction, and then the getter transaction the next block, and we’ll just hope it works.

And that was what turned out to be this critical mistake. The second transaction finally succeeded. So we’d done a few tries. It’s like, oh, thank God. Like it actually worked. And we looked at the address that we were going to send the money to, and it hadn’t gotten anything. So we looked at the transaction that it succeeded and it said, “There’s no money there.” Which means someone had already gotten it. We looked and there was a transaction just like a few seconds after ours had been submitted. Someone had created a transaction that would take it. And what happened was we got front run. The monsters are real.

Adam: Before this happened, you probably thought, well, there is a story here. The story is going to be how I rode in with my white hat and saved the day, right?

Dan: Yeah, yeah. Afterward I was just like, I’m too embarrassed. Looking back on it, and this feels very insensitive about the person whose money was lost, but in retrospect, it would have been a much worse story if we had been able to get the money out. To some extent, it was slightly vindicating. I’d been feeling paranoid this whole time that there were these crazy monsters. And if the story ended with, “And then we got the money on and it was fine,” we could act victorious, but really, was there ever any conflict? Was there ever really any drama in this?

The Future Of Cryptocurrencies Is War

Adam: Dan thinks of these battles in terms of game theory. In an iterated prisoner’s dilemma, people can learn to collaborate as long as the group stays kind of small.

Dan: If everyone’s playing tit for tat, then as soon as you start getting some defectors, yeah. I think I previously thought, oh, Miner Extractable Value is an interesting problem in theory. A lot of these game theory games just aren’t actually going to be played for a while. And I think we’re starting to see the incentives are getting such that actually there’s real money at stake.

Adam: The Ethereum community talks about solving these problems using Schelling fences. Schelling fences are sort of a fence you put in front of a slippery slope to prevent everybody from sliding down it. But in the early days, enforcing norms with Schelling fences was a lot easier.

Dan: We were kind of in the Garden of Eden early on. And it’s true. Bitcoin mining too, back when you could mine Bitcoin on your computer, and there was this nice, spontaneous order where people just wouldn’t exploit every possible way that they could exploit things. And we’re seeing one by one, these… This is a bummer of an answer here, but we’re seeing these Schelling fences that would prevent us from collapsing into total war of all against all, kind of collapsing faster maybe than I would have expected.

Adam: And that’s where things stand right now. Dan and his colleagues are actually looking for ways to prevent a further race to the bottom towards outright bot warfare. His company invested in Flashbots, which is a pirate hacker collective focused on this very issue. Yeah, that’s right. They’re a pirate hacker collective. Nobody can claim that the cryptocurrency space is not very interesting.

So that was the show. I’d love to hear what you thought about the episode. If you aren’t subscribed, now is a great time to do that. If you really liked the episode, maybe think about sharing it in your favorite Slack or Discord or Telegram channel. Until next time, and I mean this sincerely, thank you so much for listening.

Support CoRecursive

I make CoRecursive because I love it when someone shares the details behind some project, some bug, or some incident with me.

No other podcast was telling stories quite like I wanted to hear.

Right now this is all done by just me and I love doing it, but it's also exhausting.

Recommending the show to others and contributing to this patreon are the biggest things you can do to help out.

Whatever you can do to help, I truly appreciate it!

Thanks! Adam Gordon Bell

Audio Player
back 15
forward 60s

Smart Contract Rescue