Search papers, labs, and topics across Lattice.
This paper introduces a novel denial-of-service (DoS) attack targeting Ethereum transaction-bundling services like Flashbots, which are crucial for MEV extraction. The attack exploits inter-transaction dependencies and atomic block inclusion to evade detection and minimize costs. Experiments demonstrate high success rates in reducing builder revenue and slowing block production, highlighting vulnerabilities in current bundling service designs.
MEV searchers beware: a new, low-cost DoS attack can cripple transaction bundling services like Flashbots by exploiting inter-transaction dependencies and atomic block inclusion.
In Ethereum, transaction-bundling services are a critical component of block builders, such as Flashbots Bundles, and are widely used by MEV searchers. Disrupting bundling services can degrade searcher experience and reduce builder revenue. Despite the extensive studies, the existing denial-of-service attack designs are ineffective against bundling services due to their unique multi-round execution model. This paper studies the open problem of asymmetric denial-of-service against bundling services. We develop evasive, risk-free, and low-cost DoS attacks on Flashbots' bundling service, the only open-source bundling service known to us. Our attacks exploit inter-transaction dependencies through contract state to achieve evasiveness, and abuse bundling-specific features, such as atomic block inclusion, to significantly reduce both capital and operational costs of the attack. Experimental results show that our attacks achieve high success rates, substantially reduce builders' revenue, and slow block production. We further propose mitigation strategies for the identified risks.
Microsoft Research