The last article on Dissecting an Ethereum Honey Pot was successful so I’ve taken time to compile all known Solidity exploits and hacks into a small manual.

I’ll be releasing each article every week for 21+ weeks. Some examples of what I’ll be covering:

The full source code with unit testing examples live in Github. The kindle version is normally $.99 but its available for free on Amazon right now.

Miners are special citizens on the blockchain. They have privileges most users never realize. Once you learn the miner’s options consider how a single operator could cheat. If you find a cheat you’ve discovered a perverse incentive. A perverse incentive goes against the intended rules of the game.

High value contracts must be particularly aware. Some contracts will not scale economically.

For example, a random lottery is “Too small to care” up until the point where it’s reward is greater than the effort to cheat. You and I could use a simple lottery to gamble our pocket change. The odds of a miner paying attention are small.

When the amounts become greater than the block reward the incentives dictates change.

Transaction Manipulation

Ordering of Transactions

Miners determine the ordering of transactions in a block.

An example lottery contract may select a winner or offer a bonus based on the number of customers. A “One Millionth Customer Prize!” of sorts.

A miner may place their transaction anywhere in the block. “The lottery will pay every 1,000th player a bonus.” May as well read, “Every 1,000th player will probably be a miner.” Assuming the prize is great enough to bother.

From the user perspective, the blocks are randomly ordered. For a miner they are all predetermined.

Front Running

As a continued example of the danger of transaction ordering consider a decentralized exchange.

A miner sees a purchase for a large number of shares. While still mining the block they craft their own transaction to purchase some of the same. They include their tx before the larger, knowing the price will go up.

They immediately dump their shares afterward.

This naive implementation would give miners the opportunity to beat the market, every time all the time. Market crashing? They would get their trades in first at full value.

Transaction Withholding

Nothing requires a miner include transactions in a block. They may mine empty blocks. They may ignore the highest fee transactions. They may privately sell their block space.

The lottery contract receives seed funds. Every block it will chose 1 winner from ticket buyers. Each round receives a stipend from the seed fund to attract early users.

This is more likely to occur if the stipend amounts to more than the lost transaction fees.

The most beneficial move for the miner is to simply refuse to mine any transactions but their own. Purchase one ticket themselves. Every time they mine a block no other tickets are sold. They win the stipend.

Maybe all of the miners won’t do this. Maybe only some. Then it becomes competitive. All miners will do this or be at some small or large competitive disadvantage.

Developers should think of this as a limited ‘root’ level access. It would require a high degree of collusion for a concerted effort to censor a contract.

However, the miner of a block has privileges that come from the protocol. They cannot change your contracts but do have a limited ability to censor and act as gatekeepers.

Second Chances

Some mitigations rely on successive rounds or generations of hashing block headers. Their success is debatable.

One example that mitigates ordering to some degree is relying on the block hash. The miner knows this information before anyone else. As the block header is completely unique to each miner’s block.

If a miner gaming a contract mines as block early enough they may abandon their block. Simply not broadcast it. If the block reward is 1 coin and the contract is paying 1000 it may be worthwhile to try a different blockheader.

There is no way to tell if a miner abandoned a block. The same way it is impossible to tell if you open and close the calculator program on your computer.

This attack has a cost but as the value of a contract reward increases it may become more viable.

Note on Random Numbers

In addition to the miner advantages everything on the blockchain is public. Secrets work differently. You should pre-commit to a random number.

However, you can pre-commit to a secret.

Each player of the lottery may include a hash of a secret message with their transaction. After the game ends, each player reveals their secret. Players who fail to reveal their secret after some time forfeit. Players submitting invalid secrets forfeit. (Or you just don’t use those players secrets).

The secrets are XOR’d or hashed in some way and a winner is chosen based on their result.