In crypto, front-running occurs when someone intentionally enters a transaction into a block before you to try to extract some value.
For example, let’s say you’re in line at a bakery, where the baker has a sign that says:
“I’m going to sell the next pie for a 50% discount!”
You get excited because you’re next in line! So you walk up to the baker to order and buy your pie, but at the last second, someone cuts you in line, and before you can say anything, they buy the last pie and walk out!
This is an example of being front-run in the real world, and it happens all too often in the Blockchain and crypto world, usually causing more damage than just missing out on a pie.
For example, if a miner notices a large buy order for a particular cryptocurrency token, they might insert their buy order first, validate the larger buy order, and subsequently net an arbitrage. Let’s explore how this happens.
Before we explore crypto front-running in more depth, we need to understand MEV, or Maximum Extractable Value, one of the main causes and use cases of frontrunning in crypto and blockchain.
If you want, you can head over to the Cyfrin Updraft curriculum where we go even deeper on what is MEV and crypto frontrunning, and show you how to find the issue in a smart contract codebase.
MEV stands for "Maximum Extractable Value" (previously “Miner Extractable Value”), which is the value that blockchain node operators and validators can extract by ordering transactions in a block in a specific order.
Nodes on the blockchain are eventually selected to “build the block,” which is when it’s their turn to mine or validate a block. When it’s their turn, they get to select the order of transactions that go into the block.
In the EVM world, people will send a tip with their transaction to ensure they get included. Nodes want those tips, so they prioritize putting a transaction in a block. However, they don’t guarantee where to put the transaction in the block.
Front running is a classic example of MEV. In front running, a block builder places someone else’s transaction before yours. It’s important to note that the node could be the one front-running you or another user could see your transaction and bribe a node (with a tip) to put their transaction in front of yours.
Now, you might be asking:
“Wait a minute, how could a user bribe a node to put their transaction before mine? Can they see my transaction before it’s included?”
The answer is that sometimes, your transactions are public information in the blockchain mempool.
As explained in our guide on what is a mempool, when a blockchain transaction is initiated, it is directed to a specific node that, instead of immediately integrating it into its block, places it into its 'memory pool’ or 'mempool'. This constitutes the lower tier of workings that enable blockchain architectures.
As we know, Ethereum is a Proof-of-stake blockchain, and the nodes essentially "take turns" building blocks for the blockchain. So, if you send your transaction to a single node, the node will have to wait until it's that node's turn to include it! This could take months! So, the node accepts your transaction and will often "fan out" your transaction to other nodes.
If it's one of the other nodes turns to build the block, if you sent enough of a tip (gas) with your transaction, the node will include your transaction in the block.
So this "mempool" is like a waiting room for transactions.
Since blockchain nodes give their mempool to other nodes, the world can often see pending transactions! So, a user can look into the mempool for transactions that are going to be profitable, copy them, and front-run them!
Let’s look at an example. In the following video, we walk through getting front-run LIVE in the video below. You’ll see a MEV bot take $50 away (and they spend $45 in gas just to take my $50).
Let’s say we have the following codebase:
This codebase has a withdraw
function, where the caller must input a password where the hash of the password matches the hash stored in the contract.
It’s very difficult for people to brute force the password, so only the person who knows it should be able to call it.
However, when someone calls the withdraw
function with the correct password, that transaction data will enter the mempool, and everyone else can see it! If a withdraw
involves a lot of money, others are highly incentivized to front-run the withdrawal transaction with the same data!
This image shows what it looks like:
This ability to “see into the future” by scanning the blockchain mempool enables front running and MEV bots.
Front-running is one of the most common forms of MEV, but there are others, too, like:
To develop an in-depth understanding, visit Flashbots.net, a research and development organization dedicated to counteracting the negative implications of MEV. Their 'New to MEV' page, in particular, is a fantastic learning resource.
Three major strategies address how to protect against MEV and frontrunning:
All protocols should at least attempt to design their protocols to be MEV-proof. For our example above, we could add an access parameter to make it more MEV-resistant.
Access controls might not work for every protocol, so protocols will often have to get more clever. For protocols like Uniswap, without MEV prevention, swaps are susceptible to massive MEV and frontrunning attacks. We go over slippage protection and making DEXes and AMMs secure in the Cyfrin Updraft T-Swap curriculum.
On Uniswap, a swap function looks like this:
There are a lot of parameters in there, but many of them are to help prevent against MEV. This swap is intended to swap the amountIn
DAI for its equivalent in WETH, give the resulting WETH to the recipient
, and pay a pool fee
. However, there are bunch more parameters; here is what each of them is for:
deadline
: The Unix time after which a swap will fail to protect against long-pending transactions and wild swings in prices. For example, a malicious node wants to wait to send the swap until they figure out a way to profit from the sender swapping.amountOutMinimum
: In our example here, it’s set to zero, which is a major risk and would and should be flagged on any audit. If someone abused the AMM to crash the price before our transaction went through, we could get a bad exchange rate! So when we swap, we want to say “I want to send amountIn
DAI, and I expect to get at least amountOutMinimum
WETH back”. This will help protect us against frontrunners who try to give us a worse price.sqrtPriceLimitX96
: We set this to zero - which makes this parameter inactive. In production, this value can be used to set the limit for the price the swap will push the pool to, which can help protect against price impact or for setting up logic in a variety of price-relevant mechanisms.These mechanics are often known as “Slippage Protection”, and searching for that term on Solodit will give you a massive list of smart contract security issues that can come from not protecting slippage.
Sometimes, protocols will find that fiddling with the smart contracts isn’t enough, and protocols like CoW Swap take an even higher level approach to prevent MEV, which requires a total redesign of how swapping works at all.
The next most popular method is to use a “Private RPC” or a “Dark Pool.”
When you send transactions through your Metamask, Trezor, or whatever crypto wallet you use, behind the scenes of the wallet is an endpoint or RPC where your transaction data is sent. This endpoint is connected to a node (for example, on Alchemy, Infura, etc) where that node will fan your transactions out to other nodes.
Instead, you can send your transaction to a group of nodes that will promise to not MEV or front-run your transactions and not share the transaction details with nodes outside their group. These endpoints with groups of nodes that won’t look at your transactions or fan out the transaction details are known as “Private RPCs” or “Dark Pools”.
Some of the most popular private RPCs are:
Each of these services approaches the problem a little differently, and some *still *****frontrun you but send you most of the rewards from MEV back.
At first glance, this might seem like the option you always take, but it has some caveats.
In this article, we have discussed what is crypto frontrunning and how it works, and to understand front running, we had to learn a lot of aspects of:
Crypto or blockchain frontrunning is when a node orders a transaction to be included in a block before yours. This is often done in the hopes of gaining some reward or payment for doing so.