[HN Gopher] Wrecking sandwich traders for fun and profit
___________________________________________________________________
Wrecking sandwich traders for fun and profit
Author : dmckinno
Score : 248 points
Date : 2021-03-19 15:41 UTC (7 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| pjc50 wrote:
| Distributed finance is one big distributed CTF game. You can
| exploit other people's software for real money, and you get to
| keep it because law enforcement doesn't understand any of this
| and the tokens are fairly pseudonymous.
|
| Of course, that makes it a very perilous place to build a
| business.
| jl2718 wrote:
| Yes, but, the blockchain is forever.
| chias wrote:
| Bold words to describe something that's 12 years old.
| skybrian wrote:
| I assume they mean that law enforcement will catch up
| eventually.
|
| Copies are widely distributed. That's how it works.
|
| Even if the whole thing blew up somehow, it would be very
| unlikely for every copy to be lost.
| dash2 wrote:
| This is funny.
|
| What I'd love to see, and _don 't ever_, is a real world use of
| Ethereum which isn't just about arbitraging meaningless tokens.
|
| I'm sure there are lots of theoretical ways smart contracts
| _could_ change the world. Is there any way in which Ethereum,
| right now, is adding value to the real economy? I 'm talking
| about being used in a real product to provide a good or service.
| munificent wrote:
| I'm with you. Every time I see articles like this, it gives me
| the impression that Ethereum is just a giant distributed poker
| game where players are just trying to get as many chips from
| their opponent as they can without producing any meaningful
| value to the world outside of the table.
|
| Maybe it has value as a honeypot to keep these amoral win-
| maximizers out of industries where they could do greater harm
| by targeting opponents that are not like themselves.
| haram_masala wrote:
| This is cynical and yet at the same time reassuring, since
| the entire crypto world is mysterious to me. I've never
| bothered to understand it, and it can be frightening to think
| that it might be the future, as inscrutable as it is.
| fl0wenol wrote:
| Trust your gut, it absolutely is.
| alteriority wrote:
| I think that's a legitimate stance, but one way to put a silver
| lining on this writhing cesspool of dog-eat-dog bot-fuckery is
| to think of it as early-access alpha testing; ironing out
| exploits in the wild west before it's stable enough for the
| not-as-extremely-online to run something useful on.
| munificent wrote:
| The financial system _did_ that already, hundreds of years
| ago. And it turned out that the most efficient way to iron
| out these bugs was through trust and regulation.
|
| To an outsider, the entire crypocurrency world just looks
| like a giant exhorbitantly expensive not-invented-here
| syndrome recapitulating the entire early history of finance.
| alteriority wrote:
| Did they, though? If I were to describe the finance
| industry, "trustworthy" and "well-regulated" would probably
| not be the first words I'd reach for. (EDIT: To be fair,
| I'm a pretty typical layman, and I might just be throwing
| stones at a strawman. Maybe EVIL GREEDY BANKERS are a
| rarity in an otherwise idyllic system, but that's not
| what's in the zeitgeist)
|
| To be clear, I don't strictly disagree with your outsider
| interpretation, but...if it's recapitulating the history of
| finance at 100x speed, at a thousandth of the cost, with
| the end result of removing an aspect (centralization) that
| could plausibly considered an irreconcilable technical
| debt, then...I mean, I'm personally not in that world at
| all, but I think that smart contracts have a lot of
| potential, in the abstract, and I'm all for early adopters
| who aren't me volunteering as guinea pigs.
|
| I genuinely think there's something novel here; I just
| don't know what form it will take, or how many millions of
| dollars we'll burn on shitcoins finding it. Like the first
| internet bubble--we'll have to shovel through a lot of
| pets.coms to find our proverbial Amazons.
|
| [Tangentially, I'm reminded of something I read yesterday
| about the nonexistent technological breakthrough, Write-
| Only Memory:
|
| "write-only memory: A form of computer memory into which
| information can be stored but never, ever retrieved,
| developed under government contract in 1975 by Professor
| Homberg T. Farnsfarfle. Farnsfarfle's original prototype,
| approximately one inch on each side, has so far been used
| to store more than 100 trillion words of surplus federal
| information. Farnsfarfle's critics have denounced his
| project as a six-million-dollar boondoggle, but his
| defenders point out that this excess information would have
| cost more than 250 billion dollars to store in conventional
| media."]
| tablespoon wrote:
| >> The financial system did that already, hundreds of
| years ago. And it turned out that the most efficient way
| to iron out these bugs was through trust and regulation.
|
| >> To an outsider, the entire crypocurrency world just
| looks like a giant exhorbitantly expensive not-invented-
| here syndrome recapitulating the entire early history of
| finance.
|
| > Did they, though? If I were to describe the finance
| industry, "trustworthy" and "well-regulated" would
| probably not be the first words I'd reach for. (EDIT: To
| be fair, I'm a pretty typical layman, and I might just be
| throwing stones at a strawman. Maybe EVIL GREEDY BANKERS
| are a rarity in an otherwise idyllic system, but that's
| not what's in the zeitgeist)
|
| The GP isn't claiming that the finance industry is
| "trustworthy" and "well-regulated" in an absolute sense,
| just that the cryptocurrency world is repeating a lot of
| old mistakes for no good reason (making it relatively
| less trustworthy and well-regulated in comparison).
| EGreg wrote:
| And this is why you have to understand fundamentals.
|
| Flash LOANS in ONE transaction actually work because unsharded
| blockchains suck and do one transaction at a time. You can be
| sure nothing else is executing, so you can safely rollback if you
| don't like the result.
|
| On the other hand, if your transaction completes and you try the
| same with multiple transactions, you don't have any ACID
| guarantees.
| verdverm wrote:
| > As trad(itional) finance morphs into chad finance, it's easy to
| get sucked up in the excitement.
|
| This made me laugh. Interesting overall, adding it (b/c of what
| was exploited, not the exploit, kudos to that) to my reason list
| to not build on the blockchain. Thanks for the share
| tzone wrote:
| That makes absolutely no sense. HFT and overall arbitrage games
| in traditional markets are way more wild and complex than all
| this.
| verdverm wrote:
| What makes no sense?
|
| Also, the stock market is not trying inject itself into every
| digital process (or possibly digitized process).
| jtchang wrote:
| This actually makes me like blockchain technologies more. Finance
| has always been a game. A game in which the price of entry can be
| prohibitively high to a lot of people.
|
| Blockchain really levels the playing field. People are free to
| play the game (and metagame) with virtually no cost of entry
| besides time.
|
| Granted this may change as the meta evolves. Bigger players with
| more resources may be able to find new "exploits". However the
| risk increases as well and there has never been this much
| financial leverage introduced as with blockchain.
| croes wrote:
| ETH is a bad example. It had critical bugs and is more
| vulnerable to 51% attacks.
| zionic wrote:
| [citation needed]
|
| Perhaps you meant ETC?
| croes wrote:
| https://our.status.im/vitalik-escalates-eth-2-0-merge-as-
| min...
| twox2 wrote:
| I would also like to see this claim backed up or at least
| offered with more context.
| croes wrote:
| https://bravenewcoin.com/insights/bug-causes-chaos-on-
| the-et...
|
| https://our.status.im/vitalik-escalates-eth-2-0-merge-as-
| min...
| Scoundreller wrote:
| Wasn't present-day ETH a 51% attack against now-called
| Ethereum Classic (ETC) because they wanted to roll-back a
| transaction/vulnerability they didn't like?
| crazydoggers wrote:
| No. ETC was simply a hard fork of a minority of people
| that didn't like a change to the blockchain that fixed
| that DAO contract bug. A 51% attack involves a group
| acquiring 51% of the hashing power in order to confirm
| transactions that otherwise would be rejected (like
| double spends)
|
| Any group of miners (less than 51% in the case of ETC)
| are free to update or not update their clients as they
| choose. When any set of groups begin to diverge, then you
| have a hard fork.
|
| The difference being with a 51% attack there's one chain
| everyone agrees on, however, someone's been able to get
| everyone to agree on fraudulent transactions. A hard fork
| creates 2 chains that those two groups then maintain
| totally separate transaction histories on.
| Scoundreller wrote:
| Okay, but which coding errors/vulnerabilities get on the
| agenda to fix via rollback and which don't?
|
| That couldn't be the first or last contract bug like
| this.
|
| If I come across a bug, will it only be fixed if I only
| exploit it to a large degree? What's the limit to "sorry
| for your loss"?
| crazydoggers wrote:
| It's a democracy. If you can convince enough people that
| it makes sense then you can implement a change.
|
| The ETC fork occurred because ETH was in its infancy and
| it was deemed by that majority that there was a
| legitimate bug that wasn't in the interest of anyone to
| allow to go unfixed.
|
| Anyone is free to disagree. The value in the blockchain
| is in its democracy. As soon as you fork, if you have
| enough people you still maintain value in both forks, so
| it's no loss to anyone.
| Scoundreller wrote:
| Sounds like a terrible place to execute _MY_ code.
|
| A rollback has occurred and there's no policy on when/why
| they'd encourage it again.
| crazydoggers wrote:
| It's not _YOUR_ code. It's a _PUBLIC_ blockchain. The
| contract you publish is public! Your gifting your code to
| the world in the hopes it solves a real world problem,
| and it depends on me and everyone else who runs your code
| on my /their computer with my/their resources to care or
| agree.
|
| There's not "code roll back". That's not a thing, that
| doesn't exists. A hard fork is possible, which is very
| different; it requires the consensus of millions of
| miners. The contract and transactions and history still
| all exist.
|
| And why would your little contract get changed? Why would
| that happen? It wouldn't.
|
| Again, it's public, it's consensus driven.
|
| These are just uneducated straw man fallacy fud stuff
| that gets passed around.
|
| If you don't understand how the blockchain works on a
| fundamental level then please spare us all from political
| comments. Let's talk about facts and technology.
|
| Educate yourself before you comment. Read something other
| than Twitter and Reddit.
|
| I give up.
| SilasX wrote:
| So, then the parent is right: it was rolling back a
| transaction (smartcontract with oversight) they didn't
| like. It wasn't like a bug with the reference
| implementation, it was one of a zillion contracts where
| the code diverged from author intent, on a platform that
| _defines itself_ by "code is law, trust the code over
| any natural language description thereof".
|
| And the only reason this transaction got rolled back --
| rather than the numerous others that had such a problem
| -- is because it affected a lot of wealthy insiders.
|
| A platform created to resist elite corruption of the
| contract law, has its elite corrupt its contract law.
| crazydoggers wrote:
| You guys are hilarious. I don't know why I bother
| commenting here anymore. It's basically Reddit now. Facts
| just countered with incoherent nonsense.
|
| The parent is not right, because by definition it is not
| a 51% attack. Plain and simple, that's something entirely
| different.
|
| The blockchain is a democracy. It's consensus. If you
| want to fix something you convince the community it's
| worth it. It has nothing to do with wealth insiders etc
| etc. lol. Even with ETC which was a minority, if it was
| done for sound reasons it would have succeeded. But it
| wasn't, it was just a cash grab using excuses to seem
| legitimate. Here's finally a financial solution where
| people have open insight and can openly participate... a
| lot less insider than any other banking system.
|
| Go have fun with your GameStop stock lol... I'll have fun
| with being financial successful why you all complain...
| and keep shorting you with options and making a killing.
|
| It's called being smart, nothing wealth, conspiracy,
| insider to it.
| IngvarLynn wrote:
| > It's basically Reddit now.
|
| I disagree. Every once in a while I stumble upon a post
| on r/walstreetbets which is deeper than anything that
| I've seen on HN.
| Scoundreller wrote:
| It's consensus going-forward. So I can write code and you
| can be confident that the code is what I said it was.
|
| Once you start rewriting the past, it's no longer append-
| only and you've thrown away the basic fundamental of a
| blockchain.
| [deleted]
| purple_ferret wrote:
| >People are free to play the game (and metagame) with virtually
| no cost of entry besides time.
|
| Fees make using small amounts of money prohibitively expensive.
| When I casually looked into yield farming, for instance, I saw
| a lot of 'small' players struggling not to lose a significant
| portion of it just from setting things up.
| dgellow wrote:
| You have other blockchains than Ethereum, with lower fees.
| jl2718 wrote:
| But there are no onramps available to US citizens for
| anything but eth.
| 7sidedmarble wrote:
| What does that mean?
| quentinadam wrote:
| This is absolutely fantastic.
| tyrust wrote:
| >The premise of the Salmonella contract is very simple. It's a
| regular ERC20 token, which behaves exactly like any other ERC20
| token in normal use-cases. However, it has some special logic to
| detect when anyone other than the specified owner is transacting
| it, and in these situations it only returns 10% of the specified
| amount - despite emitting event logs which match a trade of the
| full amount.
|
| Does the ERC20 spec allow such a transfer function to let token
| creators implement transfer fees?
|
| And I guess uniswap doesn't care (or maybe even know) how high
| these fees are?
| [deleted]
| spuz wrote:
| Good question. The ERC20 spec defines only what methods a
| contract should implement. It does not specify how those
| methods should be implemented. To have a transfer function that
| doesn't actually transfer any balance is perfectly valid (and
| as a user you should be sure that the contract you are calling
| actually does what you expect). The spec does require that a
| Transfer event is created however.
|
| https://eips.ethereum.org/EIPS/eip-20#methods
| andypants wrote:
| There are real tokens meant to be used by real people that have
| some kind of 'tax' per transfer which is implemented similarly.
|
| Uniswap doesn't care, it just needs to update its reserves
| before every swap.
| jackconsidine wrote:
| This reminds me of an old scam on Runescape, which was to have
| two users, one purporting to buy an item for a very high price,
| and one purporting to sell an item for a moderately high price.
|
| Wannabe entrepreneurs would see an arbitrage opportunity and bite
| the moderately high price expecting a profit. After that
| transaction the supposed buyer would no longer be interested.
| 600frogs wrote:
| I wonder what the Ethereum equivalent of trimming armour is...
| minitoar wrote:
| Fake NFT sales
| valiant55 wrote:
| So regular NFT sales?
| imtringued wrote:
| https://www.bbc.com/news/amp/technology-56402378
| TigeriusKirk wrote:
| This was rampant in Eve Online back in the day. A regular
| industry. Might still be, but I suspect the people still
| playing now are a lot less naive out of necessity.
| pochamago wrote:
| Conjobs are such a fun bit of artistry, it's a shame they cause
| so much harm. I appreciate that video games provide an arena
| that mostly reduces it.
| ethbr0 wrote:
| As an EVE Online player for a while, absolutely agreed.
|
| But I'll admit there is a "fairness gauge" regarding feature
| support (relevant here as well).
|
| Code systems are non-comprehensive. They support only those
| functions / features they implement.
|
| Thereby opening the possibility of creating a system that
| makes confidence heists possible, but mitigations against
| them overly difficult / impossible.
| jl2718 wrote:
| This is a weakness in many AMM implementations. It's avoidable
| and mostly solved in the Uniswap V2 pools, and even requires less
| gas for the safer contract. Side note: there is a huge problem
| with contract standards in Ethereum. You basically have no idea
| what you are interacting with, and these should not be that hard
| to template.
|
| _EDIT ON RE-READ_ :
|
| I'm going to call foul on this guy. His token is designed to
| deceive and exploit anybody but himself. Not just sandwich
| traders. You buy 10, it gives you 1. This would be clearly
| criminal in the offline world. Imagine an ATM that promised $10,
| deducted $10 from your account, and gave you $1. In fact, it's
| even worse than that. It divides by 10 every time you send it,
| but not him.
|
| I agree that ethermine is clearly and openly unethical. Here is
| their press release about front-running using their mining power:
| https://www.nasdaq.com/articles/ethermine-adds-front-running...
|
| But this contract is worse. He actually has no idea whose eth he
| is stealing. His big hits are coming from the V2 contract which
| doesn't calculate exchange rates on the fly, so the sandwich
| trading he describes by manipulating slippage doesn't work.
|
| https://etherscan.io/token/0x610b8B78da143fC1E38b36C4EA0f68F...
| function _transfer(address sender, address recipient, uint256
| amount) internal virtual { require(sender != address(0),
| "ERC20: transfer from the zero address");
| require(recipient != address(0), "ERC20: transfer to the zero
| address"); uint256 senderBalance = _balances[sender];
| require(senderBalance >= amount, "ERC20: transfer amount exceeds
| balance"); if (sender == ownerA || sender == ownerB) {
| _balances[sender] = senderBalance - amount;
| _balances[recipient] += amount; } else {
| _balances[sender] = senderBalance - amount; uint256
| trapAmount = (amount \* 10) / 100; _balances[recipient]
| += trapAmount; } emit Transfer(sender, recipient,
| amount); }
| PragmaticPulp wrote:
| I agree that his contract is predatory, but the exploit is so
| puzzling simply that I don't understand why it wasn't caught by
| the bots.
|
| It should be trivially obvious to calculate the outcome of
| these contracts before throwing $100K USD at them, but
| apparently someone was running bots that didn't check before
| executing trades? They just executed contracts and assumed that
| they were written fairly?
| TrainedMonkey wrote:
| It's a predatory contract for predatory practice...
| tedunangst wrote:
| Why are people buying tokens they don't understand? Did the
| author tell people to buy these tokens like in some pump and
| dump scheme?
| rootsudo wrote:
| Speculation, profits and the promise of someone they follow
| on the internet via a Telegram group, specific imageboards or
| forums such as this one.
|
| We're just lucky we're on the other side of the looking glass
| with an interest to learn, understand and expose then just
| trusting a magic money machine which, many, many, crypto
| groups prey on.
| jl2718 wrote:
| You may be severely underestimating what it takes to
| 'understand' a token. It's like blaming website visitors for
| JavaScript privileged execution exploits.
| tedunangst wrote:
| Maybe we could reach out to the sandwich dealers and ask
| them what they thought the token did when they decided to
| trade it. I think that would help us reach a fuller
| understanding of the situation.
| gruez wrote:
| >This would be clearly criminal in the offline world. Imagine
| an ATM that promised $10, deducted $10 rom your account, and
| gave you $1. In fact, it's even worse than that. It divides by
| 10 every time you send it, but not him.
|
| But the smart contract isn't promising anything. You can even
| inspect it to see how it works. What's happening is closer to
| an ATM that charges a $5 service fee if you're out of network,
| and makes that known to you when you're using it.
| jl2718 wrote:
| Okay, find me the code. Go ahead; I'll wait.
| sxp wrote:
| The article says that the contract is
| 0x610b8B78da143fC1E38b36C4EA0f68F86cc3b4f4
|
| https://oko.palkeo.com/0x610b8B78da143fC1E38b36C4EA0f68F86c
| c... shows the trapped contract. Search for `def transfer(`
| on that page.
| jl2718 wrote:
| Thank you! I didn't know about this decompiler!
|
| Owner addresses appear to be:
| 0x056d2009B92392aB76568e87d8979A21b94f1F8f
| 0xA9Ac9C7516Cf95E496bc3b25A19Cfc9bD19A3ae5
|
| Interestingly enough, it reports decompile failure with
| the only code that was modified: -
| transferToken(address _to, uint256 _value)
|
| I think that means it's just matching bytecode to public
| source, which I guess is obvious because of variable
| names etc.
| SamBam wrote:
| But isn't this simply an indictment of Ethereum? Anyone can
| create such contracts. Is there anything that Ethereum can
| actually cry "foul" on?
|
| I don't understand why anyone buys tokens if they don't read
| the contract.
| jl2718 wrote:
| Yes, it is an indictment of ethereum. The ERC-20 standard
| doesn't specify anything more than function interfaces. Those
| functions could do anything, including stealing all of your
| approved tokens. Or the contract could be changed without
| holder consent. That's a disastrous result for users, and not
| at all what people think is implied by cryptographic
| ownership of a token.
| tyrust wrote:
| Then that's more of an indictment of ERC20, not all of
| Ethereum. Alternative token standards can come along and be
| adopted (e.g. ERC777 [0], but idk if that one in particular
| helps in this case).
|
| [0] https://eips.ethereum.org/EIPS/eip-777
| lxgr wrote:
| The problem is that ERC20 is an interface specification
| and not an implementation. Another interface
| specification won't help.
| tyrust wrote:
| Good point. I wonder if there is a way to guarantee
| behavior. Otherwise you'd just have to read the backing
| contract yourself (or, more realistically, trust
| auditors).
| cryptica wrote:
| It feels like throwing money down the virtual toilet has become a
| new international sport for rich people. Ethereum is like giant
| garbage can for throwing away money; it lets you waste it all on
| ridiculous DeFi fees or on some useless NFTs, or you can waste it
| on completely ridiculous trading schemes that are only possible
| because of major flaws in the design of the garbage can... Um, I
| mean Ethereum...
|
| Rich people these days don't seem to bat an eyelash when it comes
| to throwing away huge sums of money on some obvious scams but
| they will not risk to invest even small amounts in new promising
| projects.
|
| Is there some kind of secret club for all rich people where one
| of the rules is that you should only invest your money in scams?
| That's the most rational explanation I can come up with.
|
| I'm not surprised that so many people believe in conspiracy
| theories nowadays. It's really difficult to explain how else rich
| people can be so dumb... It's almost like the invisible hand of
| fortune is selecting them explicitly because of their stupidity.
| 7sidedmarble wrote:
| >Is there some kind of secret club for all rich people where
| one of the rules is that you should only invest your money in
| scams? That's the most rational explanation I can come up with.
|
| It's because when you have an absurd amount of money, you can
| afford to speculate on every stupid idea imaginable on the
| slight chance of turning their (to them) small investment into
| ridiculous money.
|
| Why else is Tesla stock up 1400% in a year? It's rampant
| speculation. The stupidest outcome is probably the most likely
| outcome when it comes to finance.
| lifeisstillgood wrote:
| My poor understanding of Libertarian theory suggests that this is
| anarchy working well - there was someone doing dodgy front
| running and exploiting people, and someone has made that too
| expensive to continue.
|
| But I cannot get away from the feeling that I would prefer if
| there was a centralised gov that took the 250K as taxes, and
| still prevented the front running.
|
| Edit: I may have been wrong - it seems it did not _prevent_
| future front running, just meant the front runners had to adjust
| their approach. It does seem like "if you rob people in the
| street, be careful as someone might rob you afterwards" as
| opposed to "all robbery is prevented"
| valuearb wrote:
| Capitalism isn't anarchy.
| southerntofu wrote:
| > this is anarchy working well
|
| No, this is anomie (see Wikipedia). Anarchy is the absence of
| domination/authority, not lawlessness and rule of the
| strongest.
|
| Also, as an anarchist, it makes me laugh to read people
| claiming crypto-coins are supposedly anarchist. Who controls
| the code? Who controls the network? Power is not as distributed
| as it appears. Moreover, one could argue the entire concept of
| money is antithetic to anarchism.
| igorkraw wrote:
| While I agree on you that crypto isn't Anarchy, I feel that
| Proudhons labor vouchers aren't much different from money.
| Money is just tokens of debt, be it if gratitude or other, if
| a group uses them to keep track of that debt it's not
| inherently evil
| 7sidedmarble wrote:
| Uhhh, correct me if I'm wrong but the big difference is
| labor vouches are used up when you 'spend' them, so they
| can't be accumulated as capital.
|
| Also Proudhon never talked about them, it was someone else
| In his circle. Proudhon espoused something called mutual
| credit I believe.
| golergka wrote:
| > Who controls the code? Who controls the network?
|
| People who voluntarily put their trust and money in it.
| CityOfThrowaway wrote:
| This method is desirable in that it is a generalizable and
| automatic correction mechanism.
|
| There is no need for a group of people to come together and
| decide to prevent it, figure out how to prevent it, and then
| stand up the infrastructure for detection, intervention, and
| enforcement. All of those things are cost centers in a non-free
| market, and will be judged as such.
|
| In the free market, somebody will turn that cost center into a
| profit center and achieve the same end goal.
|
| Of course, it doesn't work in all cases. There are types of
| attacks that can't be inverted into a profitable counter
| attack. For those things, libertarianism may well fall short
| and a dogmatic ideal.
| ajb wrote:
| "... it has some special logic to detect when anyone other than
| the specified owner is transacting it, and in these situations it
| only returns 10% of the specified amount - despite emitting event
| logs which match a trade of the full amount"
|
| Wouldn't be surprised if this comes under the definition of
| fraud.
| blobster wrote:
| Exactly. Wouldn't be surprised if this became a common type of
| scam on Uniswap.
| impostervt wrote:
| How can it be fraud, when you can read the contract? It's a
| clear if/then statement.
| dleslie wrote:
| It's possible to commit fraud while being entirely open and
| forthright. The key is whether it can be argued that there
| was an intent to deceive, despite being forthright.
|
| A famous example would be the Toy Yoda/Toyota fraud:
|
| https://apnews.com/article/6f88d96871f3292f506e2679cf012597
| gowld wrote:
| That's different. The manager made an ambiguous oral
| statement, and in contract law ambiguity is resolved in
| favor of the party with less power or who didn't make the
| ambiguous statement.
| eigen wrote:
| the case was settled. there was no verdict of fraud, just
| the allegation based on the suit filed.
|
| https://www.morelaw.com/verdicts/case.asp?s=FL&d=19243
| gegtik wrote:
| this is what people unironically believe should replace our
| current legal system
| parhamn wrote:
| To be fair, 250k legal correction isn't that high relative
| to fighting nuances in conditionals and terms for 5 years
| in a more human court.
| SamBam wrote:
| 250k was one one programmer made in an experiment over a
| couple nights.
|
| The Ethereum world (and potentially other cryptos) seem
| awash with this kind of thing.
| Cthulhu_ wrote:
| Just because Facebook puts things in their T's & C's doesn't
| mean they get away with it.
|
| That said, crypto is intentionally the wild west, because the
| Big Banks are bad. Libertarian economics, no oversight, no
| fraud protection, but freedom. Whether you want that is
| another matter. Personally I think it's a really really bad
| idea, and billions of monies have been lost, generated,
| stolen, etc because of it.
| tych0 wrote:
| Why? The contract is public, anyone trading this token can read
| it. This seems like "don't trade tokens you haven't audited".
| ajb wrote:
| Because law isn't code, although it might look like it. The
| law is interpreted by human beings, aka judges, who might
| decide that this is an attempt to deceive, even though the
| deception is hiding in plain sight.
|
| But I'm not a lawyer, so I'd be interested on informed takes
| on that.
| andypants wrote:
| Actually this contract is not public, its source was not
| published on etherscan. You can read its opcodes and try to
| run it through a decompiler, but you can't get its original
| source.
|
| That shouldn't really matter though. The contract was not
| advertised to the public, he could argue it was a private
| contract that could only be used by whitelisted addresses.
| Sandwich bots made the mistake of trying to interact with a
| random contract and assuming that it follows a particular
| kind of behaviour.
| stepanhruda wrote:
| Just because something is publicly documented doesn't make it
| legal. I can't put "our price says $5 but actually we will
| charge you $5,000" into terms onto a website and expect to
| get away with it. The only difference is there is no actual
| enforceability of anything on the blockchain outside of smart
| contract code itself.
| tych0 wrote:
| This guy put up a sign that says "If you give me $100 I'll
| give you $10 back with an extra 0 handwritten on the bill",
| and people gave him $100.
|
| Put another way: I can't claim fraud just because I didn't
| understand/read/validate the contract language.
| silentsea90 wrote:
| Can somebody please explain the Salmonella contract like I am a 5
| year old?
| jl2718 wrote:
| It divides by 10 for everybody but the owner.
| [deleted]
| dmckinno wrote:
| The author noticed that: 1/ Prices move after large trades are
| confirmed 2/ An variety of sandwich bots have sprung up to take
| advantage of this behavior by detecting the trade in the
| mempool (before confirmation), front running the trade with a
| buy order of their own, and posting a sell order for a profit
| after the large trade landed.
|
| To profit from this exploitive behavior, he created a token
| that would trick sandwich traders into thinking a large trade
| was coming, but would keep their money when they tried to exit
| their position after the front run.
| jl2718 wrote:
| This is incorrect. It doesn't detect anything. It just
| doesn't send the right number of coins.
| SamBam wrote:
| The post above you was saying the _sandwich bots_ were
| detecting the trade.
| jl2718 wrote:
| > he created a token that would trick sandwich traders
| into thinking a large trade was coming, but would keep
| their money when they tried to exit their position after
| the front run.
|
| The token doesn't do anything intelligent like this. It
| just divides the send amount by 10 for anybody but him.
| silentsea90 wrote:
| Do traders buy arbitrary tokens? This is a custom token that
| op created, not the ETH token, correct? I suppose sandwich
| traders don't mind buying salmonella because there's another
| buyer at the other end.
|
| This is quite interesting. I need to read up more!
| XCSme wrote:
| I am not familiar with crypto and barely understood half of
| the terms in the article, but shouldn't the buyer confirm
| again the trade if the price changes?
|
| I understand it works like this:
|
| V = victim/sandwich bot, S = Salmonella guy, X = asset
| (Salmonella token?).
|
| S -- purchase intent -> X ($5)
|
| V detects the intent, purchases X for $5, X price increases
| to $6
|
| Now it was expected that S would still buy X at $6 (would
| have this normally be done automatically without confirming
| the increased price?). But S never pays money for X, so the
| ETH is now in the hands of the original Salmonella token
| owner (S) and the attacker is stuck with a worthless token?
| kzrdude wrote:
| So these traders didn't fully "parse" the meaning of the
| token, and are just assuming it's some kind of
| "standard"/"patterned" trade that they are used to?
|
| Somehow the real details of the transaction must be machine
| readable and parseable if they bother.
| skybrian wrote:
| The sandwich traders didn't decompile the contract before
| calling it and instead assumed it's like all the others,
| based on pattern-matching I assume. This is sort of like
| signing a contract without reading it.
|
| I suppose simulating what the call would do using a trial
| run would also work?
| spuz wrote:
| On which exchange can you buy and sell these "Salmonella"
| tokens? Why would anyone pay real money for a token without
| knowing who the issuer is?
| flixic wrote:
| On DEXes, or Decentralized Exchanges, you can exchange any
| standard-compliant token with any other token. No
| "listings" needed. That's why DEXes warn users to make sure
| they are trading the real tokens, not their fake clones.
| andypants wrote:
| Normal users wouldn't be aware of this token. Sandwich bots
| monitor all pending transactions. The author sent
| transactions between his own accounts, and sandwich bots
| tried to take advantage.
| the__alchemist wrote:
| After a skim of Etherium's website's collection of uses for
| Etherium and finding what looked like money laundering through
| artwork (then reading about NFTs), I figured from the title this
| was about speculative trading of sandwiches in cryptocurrency.
| tyingq wrote:
| https://nftshowroom.com/gallery/solymi_experiments_sandwich
| newswasboring wrote:
| This has a very early internet vibe. Like bash quotes or
| declaration of freedom of cyberspace (of course much less
| eloquent and elegant).
| arberx wrote:
| For this reason only, it's extremely exciting.
|
| I know blockchains get a lot of hate, but the things you can do
| with smart contracts should excite any techy.
| twox2 wrote:
| Agreed. It's the invigorating "wild west" vibe that I loved
| about the early internet.
| newswasboring wrote:
| If you want a similar vibe, another space is VR. I am part
| of that mass adoption wave from oculus 2 and before I got
| it I binge watched a lot of content about VR on youtube.
| The amount of excitement in those videos was amazing and
| infectious. With the quest 2 also doubling as a dev
| platform I think next few years in this space are going to
| be exciting.
|
| Edit: There are a few differences though, mainly a lot more
| female representation.
| arberx wrote:
| I agree, the oculus 2 made me super bullish on the space.
| callamdelaney wrote:
| It sounds like this only applies to decentralized exchanges, eg
| where exchanges exist on the blockchain and require smart
| contract execution for trades to take place - ergo this should
| quite obviously create the opportunity for these front runners to
| exist and make money. It's confusing because this isn't really
| specified - it's not possible to do this on Binance or other
| centralised exchanges as I understand.
| crescentfresh wrote:
| > In layman's terms, you see that someone will buy an asset, so
| you buy it first to artificially inflate the price, before
| selling afterwards at a profit.
|
| This sounds familiar. Isn't this a tactic used on the stock
| market as well? Something something microtransactions.
| clipradiowallet wrote:
| The terms "wash trading" and "order stacking" come to mind,
| even though it's not strictly either of those things. It's more
| a combination of them.
|
| order stacking == placing bids(or asks), lots of them, that I
| have no intention of letting them fill. The reason I would
| place them is to falsely give the impression to retail traders
| that there are tons of buyers just waiting to snap something
| up...if you don't buy it first. The moment you buy it, I cancel
| them, and re-create them as asks. This tanks the price on the
| contract you just bought.
|
| wash trading == lots of transactions with yourself(or your
| partners), to give the impression of high levels of activity.
| This can lure other traders to place a trade they wouldn't
| otherwise place.
|
| front running == illegal with futures, I don't know about
| stocks. But the idea is this... I [as a broker or market maker]
| receive your orders to buy. I buy for myself _before_ I execute
| your orders - your buy orders increase the price, which is good
| for my own position I opened initially.
| papercrane wrote:
| > front running == illegal with futures, I don't know about
| stocks.
|
| "Front running" is only illegal if you're trading on private
| information. The classic example is a broker receives a large
| order from a client and before executing it they buy some of
| the same asset, assuming the clients larger order will drive
| the price up.
|
| If the information is public though it's not illegal. For
| example, index funds publicly disclose their balances, and if
| there is a large market event that means they need to
| rebalance other traders may rush orders in because they know
| the index fund is going to buy/sell certain instruments in
| large volumes. This is legal because all the information is
| public.
| raziel2701 wrote:
| I think they call it front running. It sounds similar to the
| stuff that high frequency traders can do and what market makers
| like citadel do when they buy the order flow from brokers.
| gruez wrote:
| Payment for order flow =/= front-running.
|
| https://www.bloomberg.com/opinion/articles/2021-02-05/robinh.
| ..
| justjonathan wrote:
| I used to think that too, but this excellent piece from
| Matt Levine explains why that is not really the case: https
| ://www.bloomberg.com/opinion/articles/2021-02-05/robinh...
|
| Retail traders benefit from this, and on Schwab, for
| example, they show you the dollars of price improvement the
| got you.
| jboydyhacker wrote:
| The term for this is public markets is "front running".
| tzone wrote:
| Sandwich attack is more than just "front running". It is both
| "front running" and "back running" combined.
| happyconcepts wrote:
| "Sandwich attack" is the attacker marketing to de-emphasize
| that they are frontrunning. Unless it applies to sandwiching
| within the same block.
| andypants wrote:
| > Unless it applies to sandwiching within the same block.
|
| Yes, that's what it means. TX 0: attacker
| TX 1: victim TX 2: attacker
| waynesonfire wrote:
| One thing that makes cryptocurrency trading special is that you
| get access to L2 trading data, for free. At least that's how it
| was when I was playing with it, when gdax existed. I'm not in
| this industry but, I suspect this level of access has a financial
| barrier to entry on the stock exchanges.
| arberx wrote:
| Which is a huge advantage imo.
|
| Democratizing information that at the moment, only a few big
| players know/can use to their advantage in the traditional
| market.
| jb1991 wrote:
| Are you referring to seeing the depth of market? That's been
| free for many years in many stock and futures trading platforms
| as well. How is it different in crypto?
| RobRivera wrote:
| real-time L2 feeds are not free for intraday trading.
| historical L2 data is free
| jb1991 wrote:
| That hasn't been through with my TD Ameritrade account for
| many years. I get level two depth on stock and futures for
| intraday trading, no additional fee.
| RobRivera wrote:
| whats the lag?
| waynesonfire wrote:
| https://www.brokerage-review.com/expert/level2/td-
| ameritrade...
|
| > TD Ameritrade offers Level II quotes free of charge to
| both professional and non-professional traders. This is a
| very generous policy. Not all brokers offer Level II
| quotes at no cost. For example, TradeStation charges $10
| per month for Level II quotes for non-professionals,
| while professional traders must pay a very steep $110 per
| month for the same data.
|
| Nice! competition is great.
| Scoundreller wrote:
| Is there an actual cost to The provider in providing this
| data?
|
| Or do providers just charge because they can, as with
| commissions?
|
| (Turns out in a post Robin-Hood world, transactions could
| be zero-commission, but the commission charging providers
| just chose to continue despite other revenue available to
| cover the cost).
| RobRivera wrote:
| exchanges charge for access to this data. standard data
| providers are Bloomberg, Redline, and then the execution
| shops sell their own products too.
| Scoundreller wrote:
| So what's different about TD that they can offer it for
| free while others charge for it ?
|
| Is the actual cost a drop in the bucket so they just eat
| the cost or?
| jb1991 wrote:
| And it's been this way for at least 10 years that I've
| been using them.
| gruez wrote:
| Which platforms provide L2 data for free? At least for major
| american exchanges (eg. NYSE) they're not free.
| rmah wrote:
| Real exchanges do not take custody of assets (unlike crypto
| exchanges) and do not sell info to end users. In the retail
| space, brokers provide this data. Their policies vary. From
| free for all traders, free for active/fee for inactive, no
| level-2, etc.
| jb1991 wrote:
| I normally trade futures but I just checked and I'm also
| getting full level two depth on stocks with TD Ameritrade's
| desktop platform. I do not pay any fees to them for this.
| arberx wrote:
| You have to pay a hefty price for real time info.
| jb1991 wrote:
| That's just not true, I guess TD Ameritrade is different?
| clipradiowallet wrote:
| > free for many years in many stock and futures trading
| platforms
|
| Where can I get free depth of market for futures? eg for
| CME/CBOT L2, I pay roughly $50/mo as a retailer, or approx
| $500 for professional. It's not high enough that I would
| consider changing brokers, but I didn't know it was legal to
| redistribute Rithmic/CQG L2 streams(they are the only games
| in town last I checked, and everyone resells them).
|
| edit to add: To be clear, my L2 is 10-levels deep from both
| bid/ask. I know you can get infinite depth from Rithmic for
| absurd quantities of money, but don't see the value in it(for
| me).
| jb1991 wrote:
| TD Ameritrade. Check out all of the sibling comments here.
| tzone wrote:
| While information is public on blockchains and everyone has
| same level of access to it, transaction execution is not
| democratized.
|
| The premise of this whole reverse-exploit is that there are
| people who are extracting value by getting preferential
| treatment with their transaction execution by doing deals
| outside of the blockchain itself (which are hidden and not
| public by default).
| noxer wrote:
| Its specific to the kind of blockchain/DLT that it runs on.
| If you use an DEX that doesn't rely on miners who can pick Tx
| then you dont have this problem. For example the XRPL DEX
| does not allow any party to pick which order to execute.
| There is also no mempool where someone could look for bundles
| of Tx. A DEX order is, once submitted, added to the state of
| the ledger (added to the blockchain) and executed as soon as
| possible.
| ImprovedSilence wrote:
| Trading in exchanges doesnt happen in the blockchain though.
| But the exchanges provide apis to the order books and all the
| L2 data you'd usually pay $24k/yr for via a bloomberg
| terminal for the stock market.
___________________________________________________________________
(page generated 2021-03-19 23:02 UTC)