SolidityScan
HACK ANALYSIS 2 min read

MEV Bot hack analysis — MEV Boost Relay Attack

MEV Bot hack analysis — MEV Boost Relay Attack

Overview:

On April 3rd, 2023, a malicious proposer used a flaw in the open-sourced mev-boost-relay implementation maintained by Flashbots to exploit the ultrasound relay and steal $20 million from many sandwich bots. The majority of mev-boost relays had a vulnerability that made the attack possible.

Smart Contract Hack Overview:

Malicious Transaction

Decoding The Smart Contract Vulnerability:

  • The attack was made possible because the vulnerable relay made block bodies visible to the proposer as long as the proposer successfully signed a block header.
  • The validity of the signed block header was not verified by the relay. The relay would try to publish the block to the beacon chain if the block header was signed but incorrect, but the beacon nodes would reject it.
  • The relay nevertheless showed the body to the proposer whether or not the block was rejected by beacon nodes.
  • With access to the block body, the malicious proposer was able to take transactions from the block that was stolen and utilize them in their own block so that they could be exploited.
  • To take advantage of this, the malicious proposer built a custom block that destroyed the sandwiches of the sandwich bots and effectively stole their money.
  • In order to make it appear like a transaction that would never be sent as a broad castable block, the malicious proposer set the parent root and state root to zero.
  • The attacker made a large profit by claiming liquidity from MEV bots.

Mitigation and Best Practices:

  • After the open source community applied the patch, mev-boost-relay will no longer accept transactions if the block cannot be properly transmitted to the network.
  • A minute delay has been introduced while the server sends the response, and Mev-Boost relays should never transmit the block body back to the proposers.

If you liked our blog. Do check out our product SolidityScan!
SolidityScan is an advanced smart-contract scanning tool that discovers vulnerabilities and reduces risks in code. Request a security audit with us, and we will help you secure your smart contracts. Signup for a free trial at https://solidityscan.com/signup

Follow us on our Social Media for Web3 security-related updates.
SolidityScan — LinkedIn | Twitter | Telegram | Discord

Sentiment Hack Analysis — Reentrancy Attack
SushiSwap Hack Analysis — Improper Router Approve Parameters