TLDR
- Private transactions, a special type of transaction that are sent directly to
miners, have a high probability of being packed to the front positions of a
block and added to the blockchain.- To paint a complete picture of private transactions, we take the first step
towards investigating the private transactions on Ethereum.- In particular, we collect large-scale private transaction datasets and perform analysis on their characteristics, transaction costs, and miner profits, as well as security impacts.
- This work provides deep insights into different aspects of private transactions.
Core Research Question
Although the original intention of inventing private transactions is to protect users from attacks, how they are actually used in reality is still an open question. Specifically, what are the security impacts behind private transactions?
Citation
Lyu, X., Zhang, M., Zhang, X., Niu, J., Zhang, Y., & Lin, Z. (2022). An Empirical Study on Ethereum Private Transactions and the Security Implications. arXiv preprint arXiv:2208.02858.
Background
- ERC20 tokens: Ethereum Request for Comments 20 (ERC20) is a token
standard for fungible tokens, which is the second most popular token type in
Ethereum, in addition to ETH. - Stablecoin: Stablecoins are implemented based on the ERC20 token
standards to ensure the price stability. For example, Tether (USDT) [70] is a
stablecoin with a price pegged to 1 USD. - Gas and fees: To pay for the computational resources to execute a
transaction, every transaction is required to pay a fee that is decided by both
the gas and the gas price. Specifically, the transaction fee is calculated as:
TxFee = UsedGas Ă— GasPrice, where UsedGas refers to the gas amount used for executing a transaction and GasPrice is the amount that the user would like to pay per unit of gas. - EIP-1559: EIP-1559 is a proposal requiring transactions to pay both the base fee and the priority fee as the total gasprice. Before EIP-1559, there is no limitation on the gasprice. Users can set zero to the gasprice of their transactions.
However, after the EIP-1559 taking effects, the gasprice is required to be equal or higher than the basefee of the mined blocks. In particular, basefee is the minimum gasprice for mined transactions. - MEV: Although MEV is called miner extractable value, it is usually users,
instead of miners, that search for MEV opportunities and share the earned
profits with miners.
Summary
- In this paper, we make the first step towards understanding private transactions and their impacts on the Ethereum ecosystem.
- Specifically, we conduct a large-scale empirical study on private transactions from three different dimensions.
- First, we describe the general statistics of private transactions by measuring
their categories classified by their purposes, the involved DeFi tokens and
platforms, and the involved entities. - Second, we analyze the transaction cost including used gas and gas price, and measure the miner profits in terms of the distribution, detailed income, and flows.
- Third, we present the measured results to quantify the related security issues, including MEV, real-world DeFi attacks, consensus security, and private transactions leakage. Moreover, we perform detection on private transactions to study arbitrage, which is one popular type of MEVs.
Method
- We collect transaction-related information from customized Ethereum nodes, and we retrieve public data from Etherscan, TradingView. In total, we collect four datasets for our analysis, containing transaction data from May 1, 2021 to April 30, 2022 (one year) and mempool observation data from May 22, 2022 to May 30, 2022 (nine days).
- For the one-year replayed transaction dataset, we collect the necessary
transaction and block information from our customized Geth node in full mode, which is an official Ethereum client implemented in Go language. Specifically, we replay every transaction to extract information and construct our one-year dataset, which contains 446,925,956 transactions in total. - For the nine-day mempool transaction dataset, we deploy two modified Ethereum nodes in two continents from May 22, 2022, to May 30, 2022 (nine days) and collect the received transactions from the local mempool. Specifically, we customized the Geth node to log the hash, block number, timestamp of transactions observed from the mempool of the two nodes. We obtained 6,720,710 transactions from Node 1 and 7,854,054 transactions from Node 2 during the nine days.
- For the private transaction label dataset, we obtain the private transactions within both the one-year dataset and the nine-day dataset by crawling Etherscan Label Cloud. Specifically, we observe 7,405,835 private transactions.
- For the smart contract label dataset, for each address in our one-year dataset, we check whether they belong to these labels: Miner, MEVBot, DeFi, and Token. If so, we collect the corresponding information.
- Based on these large-scale datasets, we perform a detailed analysis of the basic characteristics of private transactions, and their impacts on economics as well as on security.
Results
- We study the characteristics of private transactions. We find that during the last year, the percentage of private transactions per month is increasing and rises to about 2% of the total transaction volume. We categorize the purpose of private transactions. Although private transactions were proposed to protect end users from attacks, we find that only 18.1% of them were used for that purpose, whereas 28.6% of them are actually related to MEV Bots. Besides, five of the top ten receivers of private transactions are MEV Bots.
- We study how private transactions affect the transaction fees and miner profits. We find that the gas used for private transactions is about 737,829 on average, which is much smaller than the average gas used (16,673,757) of normal transactions. We also investigate the impact of EIP-1559 on private transactions.
- We find that around 50% of private transactions set the gas price at zero before EIP-1559; after EIP-1559, since basefees are mandatory, there are around 22% private transactions setting the priority fee to zero. The revenue of private transactions is an integral part of miner profits, accounting for around 5% of the total revenue.
- We study security issues related to private transactions, including MEV, attack case studies, consensus security, and leakage of private transactions. We find that 2.6% private transactions senders earned more than ten ETH as profits via MEV Bots. Attackers have already utilized private transactions to launch attacks; in these attacks, the attackers paid a large amount to the miner as a bribe to get their transactions executed. According to our evaluation, the miner earned as high as 700 ETH for mining a single private transaction. This can lead to serious consensus security issues, such as the undercutting attacks.
- We also find that private transactions are not always private. By running two
Ethereum nodes in two continents for nine days, we have observed 4.3% private transactions in our mempool, which means that they are actually not private.
Discussion and Key Takeaways
- We conduct a large-scale empirical study on private transactions from three
different dimensions: 1) the basic characteristics of private transactions, 2) their economic impacts on Ethereum such as transaction cost and miner profits of private transactions, and 3) their security implications such as the real-world attacks hidden in private transactions. - Our work sheds light on the private transaction ecosystem and calls for more actions to protect users from private transactions.
Implications and Follow-Ups
- As displayed in our paper, there is private transaction leakage at around 4.3% percentage. The leaked private transactions are against their intentions and may harm the profits of their users. It might bring some interesting insights to measure how they are leaked.
- In this paper, we only perform analysis on arbitrage in private transactions. It would be interesting to measure other attacks such as sandwich attacks and flashloan attacks in the private transaction pool.
- Our work was finished before the Ethereum 2.0 upgrade, which moved PoW to PoS and replaced miners with validators. The impact of private transactions on Ethereum 2.0 is worth investigating, and Ethereum 2.0 will also affect the private transactions.
- We only investigated private transactions in Ethereum. Similar to Ethereum,
Binance Smart Chain (BSC) is built based on Ethereum Virtual Machine (EVM) and smart contracts. We believe that there is more to observe and examine in such blockchains about MEV and private transactions.
Applicability
- This work provides deep insights on different aspects of private transactions, including their characteristics, transaction costs, and miner profits, as well as security impact. We believe the community will have a much better understanding of the private transactions with our work.
- Moreover, our work exposes security impacts brought by private transactions. We present the linkages between private transactions and MEV, real-world attacks, and consensus security attacks. We also reveal the leakage of private transactions could harm users.
- Last but not least, we provide a systematic method to collect datasets for private transactions. We will also open-source all the datasets used in our paper, to benefit the community and future research.