On Tuesday night, an Ethereum MEV bot gained 800 ETH through the use of clever arbitrage, only to lose all of it and more to a hacker an hour later.
Štai kaip situacija susiklostė grandinėje:
- The event began with a third-party trader mistakenly losing nearly $2 million to spreads on Uniswap v2 trade. While he initially traded in 1.8 million cUSDC, he only gavo 518 USD mainais.
- According to Flashbots Product Lead Robert Miller, this only created a “massive arbitrage opportunity” for another trader to swoop in and claim plenty of ETH.
- “0xbaDc0dE [the MEV bot] dutifully backran the arb in the mempool (!) in a looong arb touching many protocols,” he explained. In the end, the bot netted 800 ETH.
- However, that ETH was entirely stolen just an hour later. Miller claims the bot didn’t properly protect the function it’s used to execute dydx flashloans, leaving it vulnerable.
“When you get a flashloan the protocol you’re borrowing from will call a standardized function on your contract,” he said. “0xbaDc0dE’s code unfortunately allowed for arbitrary execution.”
- Using this vulnerability, an attacker approved all of the bot’s WETH for spending on the contract, then transferred it to his own address. That was 1,106 WETH in total, worth over $1.4 million at writing time.
- Taip pat buvo daugybė „Profanity“ sugeneruotų tuštybių adresų nusausinti iš maždaug 1 milijono JAV dolerių ETH šį mėnesį.
„Binance Free“ 100 USD (išskirtinis): Naudokite šią nuorodą užsiregistruoti ir gauti 100 USD nemokamą ir 10% nuolaidą „Binance Futures“ pirmajam mėnesiui (sąlygos).
Specialus „PrimeXBT“ pasiūlymas: Naudokite šią nuorodą užsiregistruoti ir įvesti POTATO50 kodą, kad gautumėte iki 7,000 USD už savo indėlius.
Source: https://cryptopotato.com/how-a-bot-gained-and-lost-over-1-million-of-eth-in-one-night/