skip to content
← Go back

Abusing MEV Algorithms

Abusing MEV Algorithms

You may have wondered or ventured out into the dark forest of the MEV world only to be met with Generalised Frontrunners that steal your precious profitable transaction! Unfortunately, public mempools, not limited to Ethereum, are riddled with these monsters, lurking, waiting, salivating when they see that scrumptious transaction pop up on their monitoring system. Today, we will explore some experimental strategies to learn about these MEV algorithms by reverse engineering them empirically onchain!

import MailingList from ”@/components/blog/NewsletterForm”;


Disclaimer

The information provided in this article is intended solely for educational purposes and should not be used for illegal activities. The focus is on enhancing awareness and understanding of smart contract security and best practices in blockchain technology. This article does not endorse or encourage using these techniques for exploiting vulnerabilities in real-world smart contract applications. The author and publisher of this article disclaim any liability for the misuse of the information contained herein and any damages that may arise from such misuse.


Reverse Engineering Algorithms

Experiment

// SPDX-License-Identifier: Unlicense
pragma solidity ^0.8.13;

import {ERC20} from "lib/openzeppelin-contracts/contracts/token/ERC20/ERC20.sol";


interface UniV2Factory {
    function getPair(address tokenA, address tokenB) external view returns (address pair);
}

// https://github.com/Uniswap/v2-core/blob/master/contracts/UniswapV2Pair.sol
interface UniV2Pair {
    function totalSupply() external view returns (uint);
    function getReserves() external view returns (uint112 reserve0, uint112 reserve1, uint32 blockTimestampLast);
    function price0CumulativeLast() external view returns (uint);
    function price1CumulativeLast() external view returns (uint);
    function kLast() external view returns (uint);
}

contract Contract is ERC20("DGA", "DeGotcha") { 
    
    address constant _FACTORY = address(0);
    address constant _WETH = 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2;

    uint256 reserves0;
    uint256 reserves1;
    
    function mint(address account, uint256 amount) external {
        _mint(account, amount);
    }

    function transfer(address to, uint256 amount) public virtual override returns (bool) {
        address pair = UniV2Factory(_FACTORY).getPair(address(this), _WETH);

        if (pair != address(0)) {
            reserves0 = IERC20(_WETH).balanceOf(pair);
            reserves1 = balanceOf(pair);

            // e.g. 100 weth + 50 token
            // they're adding 50 token w/ `amount`
            
            
            // Check if lp supply is decreasing or increasing.
            // By checking token0 + token1 balance of pair.

            // If kLast != x*y=z after WETH transfer
            

            // If lp ratio remains but tokens reserves are removed.
            // dont transfer and return true
        }

        _transfer(msg.sender, to, amount);
        return true;
    }
}

Final

I appreciate you for taking the time to read this article. I hope you found value in this, anon!

Share this Article

Recent Articles