Apr 30 2019
It is generally believed that blockchains are fair and open, and are built in such a way that a single user will not be able to change or falsify records. This is because they are all part of a transparent network.
But according to a new study performed at Cornell Tech, the reality is not that simple.
Inefficiencies in decentralized exchanges are exploited by an increasing army of bots, just like high-frequency traders on Wall Street, found the new study. Decentralized exchanges are places where users sell, buy, or trade cryptocurrency independent of a key authority. Moreover, the high fees paid to prioritize specific transactions also pose a security risk to the whole blockchain, discovered the researchers. Practices like these enable predatory users to expect and gain from day-to-day trades, stealing millions or perhaps billions of dollars every year in cryptocurrency.
“In a traditional system you have a broker or someone you’re trading through, and you trust them, or they’re legally required to do the right thing,” stated Philip Daian, doctoral student in computer science at Cornell Tech and first author of “Flash Boys 2.0: Frontrunning, Transaction Reordering and Consensus Instability in Decentralized Exchanges,” which was delivered at the Cornell Blockchain Conference April 13 at Cornell Tech.
In these systems, the broker is replaced by the blockchain, which seems like a trusted third party, but in reality there are a lot of different moving parts in the blockchain that can be manipulated. So you have to be very careful about what the blockchain is actually giving you.
Philip Daian, Study First Author and Doctoral Student, Department of Computer Science, Cornell Tech, Cornell University.
In order to carry out the study, an eight-person research team headed by Ari Juels, senior author of the paper and professor of computer science at the Jacobs Technion-Cornell Institute, tracked trades on six decentralized exchanges for a period of 18 months. Subsequently, they determined when they exactly heard about the transactions, at what time, and who actually reported them.
The data showed how time delays in the system were being exploited by the bots to make transactions relatively faster than human users could, enabling them to employ strategies like frontrunning—striking deals on the basis of advance data, which are prohibited in a majority of markets. Moreover, the sequences of their own transactions could be changed by the bots to either make them more gainful, or exploit human error.
Blockchains act just like a continuously updated database spread among a computer network. Blockchain technology is used by smart contracts to automatically establish the flow of cash among various parties. “Miners”—users who solve a set of issues related to payment exchange— verify the transactions made on the blockchain.
These miners are the ones who establish the transaction order on the blockchain, and this authority can lead to corruption as well, discovered the researchers. Higher fees may be accepted by miners to prioritize specific trades, thus rendering the whole system susceptible. Alternatively, miners may also rewrite the history of blockchain to siphon off funds that were already allocated by smart contracts, revealed the study.
The miners have a tremendous amount of power. The blockchain doesn’t get rid of the middleman. It just turns one middleman into 100 middlemen, who you hope are not all being bribed or working against you for their own reasons. In some systems that could be good, but it doesn’t guarantee that your trades are going to be fair.
Philip Daian, Study First Author and Doctoral Student, Department of Computer Science, Cornell Tech, Cornell University.
The investigators analyzed only decentralized exchanges, which include a slight but increasing share of cryptocurrency trading, but according to them, these tactics are also probably utilized on centralized exchanges which could be a billion-dollar problem.
That is indeed bad news, Daian stated; however, the good news is that a majority of these practices can be stopped through better design and increased security.
If you use a cheap bank vault to store your expensive pile of gold, it will be more attractive for someone to break into it. A lot of users are trading on these exchanges and having experiences that are not as good as they could be if the exchanges were designed better.
Philip Daian, Study First Author and Doctoral Student, Department of Computer Science, Cornell Tech, Cornell University.
The paper was contributed by Tyler Kell, a research engineer at the Initiative for Cryptocurrencies and Contracts (IC3); Steven Goldfeder, a postdoctoral researcher at Cornell Tech; Iddo Bentov, a research scientist at Cornell Tech; and scientists from the University of Illinois, Urbana-Champaign; ETH Zurich; and Carnegie Mellon University.
The National Science Foundation and IC3 partly supported the study.