0xSt1ng3R
@0xSt1ng3R
Followers
2,698
Following
1,128
Media
18
Statuses
141
all your mev belongs to me 🤖
mempool@nyc
Joined August 2011
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
FEMA
• 477279 Tweets
Mutombo
• 217798 Tweets
Mets
• 164588 Tweets
Verizon
• 121614 Tweets
Pete Rose
• 105964 Tweets
Braves
• 97087 Tweets
Lions
• 54913 Tweets
#WWERaw
• 45063 Tweets
Hall of Fame
• 35507 Tweets
Titans
• 31972 Tweets
Dolphins
• 30152 Tweets
WELCOME HOME BAMBAM
• 27561 Tweets
Seahawks
• 23501 Tweets
#ラヴィット
• 22313 Tweets
あと3ヶ月
• 18400 Tweets
Hit King
• 17292 Tweets
コーヒーの日
• 17207 Tweets
Happy New Month
• 17171 Tweets
愛知1区
• 13735 Tweets
#SnowManライブグッズ
• 13353 Tweets
Will Levis
• 12510 Tweets
残り3ヶ月
• 11844 Tweets
Ever found yourself lost in the dark forest, trying to decode transaction calldata of an unknown smart contract? 🤔😤
Say no more!
Using GPT-3 you can decode the calldata from any transaction and understand how to interact with the contract 🧵
61
271
1K
I'm a reverse engineer and cybersecurity researcher with 13 years of experience, turned MEV searcher, and I want to share with you my tech stack and daily tools I use on a day-to-day basis in our MEV operation.
A thread 🧵
1/12
17
117
736
I hacked a MEV bot and you can do it too!
...and a new powerful EVM tool reveal, , brought to you by 🧵
1/9
8
48
372
dropping soon github repo, stay tuned!
@0xfoobar
@0xmisaka
@CapitalGrug
@DeanEigenmann
@EdgarArout
@EigenPhi
@MevRefund
@bertcmiller
@functi0nZer0
@libevm
@lostbutlucky
@mevalphaleak
@phildaian
@samczsun
@tarunchitra
@thal0x
@thegostep
@transmissions11
@wireless_anon
6/6
27
6
238
So I wrote a script that decoded raw calldata from the last three days of transactions from the mainnet using 's types DB, and on this dataset (6k txs), I fine-tuned GPT-3's Davinci model
3/6
2
4
80
liquidation bot tx
0x6e00b1b7a4f40fa162af6020e252deeda74c36825a6c4e1ed82953527b28ce08
5/6
3
2
56
Context - while investigating a sophisticated longtail MEV competitor bot with several thousand transactions, I had to perform data analysis on the bot's calldata, and wanted to test a different generic approach for decoding, without decompiling first
2/6
1
3
52
The resulting model is working great, and after a little temperature tuning, it often recognizes the right data types on its first try
arbitrage bot tx
0xf83b6a98d798f21bc9b45b366d43b57a417aa2915ef3ec0fdaf2b080c886c3a6
4/6
2
2
55
A short and quick operational analysis on the recent $25m mega-mev event, with some info I haven't found in public.
Really one of the coolest mev events in a long time and probably the coolest public one.
🧵
4
7
53
Blockchain data indexing tool
When we started 3 years ago, we used our own little indexer together with
@graphprotocol
, but today we exclusively use cryo by
@notnotstorm
. It's just the fastest mass-indexing solution!
Also, we have a relatively large number of in-house built,
1
3
48
Amazing!
Our team has played with building something similar for internal use a year ago.
Gonna be a super enthusiastic users! 😄
Today we're launching a product that's been in the works for months: Delta Neutral Yields
It uses our huge DB to find opportunities where you borrow a token and then farm with it
With this you can get >20% APY on BTC, ETH, USDC...
Thread on how to get that APY + examples
157
710
3K
0
21
34
$XEN bots are still making profits - here is one that made $213k (after $36k in gas expenses) in 110 days, using 17k "proxy" contracts. An average of $1,800 profit per day hassle-free w/o lurking in the shadows of the mempool, nice.
4
14
35
Tech stack/programming languages
We started our MEV journey a long time ago, before any frameworks like artemis, loom, or subway existed, so we have a pretty big codebase we developed ourselves. Everything that has to go fast is written in Rust. All the other stuff is in Python.
1
1
29
spot-on. applies on MEV also.
How to make money for a long time as an automated trading team/ trader
(get the max rewards possible through time)
Once you have a profitable strategy, it has a gravity and demands that you exploit it to make the most money possible. This is a happy time.
1/n ...
3
46
278
0
20
21
When we have to test or simulate a small and very specific piece of code, we use by
@smlxldotio
.
Super based team, btw! They just released , a really cool and promising tool also!
8/12
2
1
24
(Public) Mempool stream
Nowadays, we exclusively use Fiber by
@chainbound_
- they are just the best and have the fastest stream in the business! (and they are a pleasure to work with!)
4/12
1
2
25
@nicksdjohnson
deep learning is intended to be used to find deterministic function in unordered data. it's possible to write non-ai func for this, but this is what language models are for...
4
1
17
If we want to grasp the bytecode fast, we use by
@pldespaigne
to visualize how the smart contract works - it's really a great tool!
11/12
1
0
19
Databases
Cryo's output is files, but the I/O performance of reading from the disk is not good enough for (almost) real-time MEV operations, so we pipeline some of the data from cryo into Redis for much faster access.
3/12
1
0
19
And here's the fun part - how do we research stuff? What tools do we use?
Well, if the smart contract we're researching has readable public code, we... just read it. Almost no tools here except a simple Sublime, we're old-school :)
I recently found by
2
0
19
That's it for today - I hope you found this thread useful, there are lots of different tools, and the ecosystem evolves every day. I tried to touch on every category of tech/tools we use daily, but I'm sure I missed some of the tools you know or use personally.
Feel free to post
5
1
19
Summary:
makes understanding the EVM bytecode execution flow in transactions easier. It shows the stack and memory for every instruction, with hints and abi decoding to help you understand what's happening in the transaction.
Give it a try and DM me if
0
1
18
@dedaub
as a decompiler, which is really the best when we have to decompile a code that was written specifically in Solidity or Vyper.
There are other decompilers - but we personally found Dedaub to be the most precise.
7/12
1
0
18
Now, when we really have to dive into the darkness of the EVM bytecodes and debug a transaction from a smart contract that was written in assembly (or Yul), we use our own internal tool that we publicly opened yesterday - .
You'll find this tool useful
2
1
15
When we want to simply trace a transaction, we just use one of the public tools - blocksec phalcon, openchain, tenderly, and (now ).
They're all good, each of them has its own strengths and weaknesses :)
9/12
1
0
14
for all the abi nerds and evm lurkers here:
0
0
7
Well, until now, researching or auditing smart contracts that can't be decompiled to Solidity was hard with lots of manual work. But it shouldn't be this way!
Introducing: , your one-stop shop for debugging EVM transactions!
4/9
1
0
9
@mihai673
no, the model learned it's way to correlate between what it sees in the calldata to what the type is. The txs I tried to decode were not present in the dataset nor in (as a func).
6k txs, it's 5 txs per function. also did fine-tuning on 10 txs and 50 txs.
1
1
8
Let's see how we could find that simple vulnerability ourselves, using .
We'll take a random tx the bot sent, and we'll try to understand it together:
5/9
1
0
7
The bot in question is written fully in assembly, so how did the attacker find the vulnerability and successfully build the calldata to exploit it?
3/9
1
0
7
The actor did on-chain tests. Here we can see that he made "meaningless" swaps, but the txs went to the last pos (-1) in the block. It happened several times. I'm still not sure about it, but maybe there is a lead here (in terms of validator/block builder).
3
0
5
is getting the hug of death and restarts every couple of minutes, if you can't access it - please try again in ~75 seconds!
will fix it in the upcoming minutes, sorry and thank you! ♥️
1
0
6
Reposting here the disclaimer regarding the last tweet because I got too many DMs asking if we really did hack the bot:
No, neither I nor my team actually hacked or drained that MEV bot, and the sentence in the first tweet was just a reading hook. We don’t support or encourage
1
0
6
Y'all saw that incident a couple of weeks ago where a MEV bot lost 22 ETH, but have you wondered how the attacker did it?
2/9
One of the top arbitrage bots was drained yesterday with a total loss of 22 Eth by a token called Destroyer Inu.
Attacker even made his contract open source on etherscan lol.
Not a huge event but didn't see any attacks on MEV bots for quite a long time.
5
12
176
1
0
6
Here, at the beginning of the execution, we can see the smart contract checking if the tx landed in the correct block, and if the sender is what we expect it to be.
6/9
1
0
6
The actor made 0 errors until now (apart from one failed SC deployment because of out-of-gas).
I reverse-engineered all of his SCs (they are pretty much the same and very simple), no leads there to other addresses or new information.
We continue to investigate and we'll update.
0
0
5
But wait anon, what about the vulnerability itself?
Let's take a deeper look at the execution flow in the EVM when there is a call to a Uniswap V3 pool.
Here we can see that if the ORIGIN (tx.origin) is the EOA of the bot and the caller (msg.sender) is not equal to ORIGIN, the
1
0
6
The actor used KuCoin to fund the wallets he used. Cross-referencing similar bytecode in other SCs, I have found 9 more similar SCs that he deployed.
1
0
5
The actor used 8 SCs. Each SC was deployed to exploit a different set of tokens and LPs.
1
0
4
If we continue a bit further, we'll see a jumpdest with a familiar address - this address is from the calldata, meaning this is how the smart contract selects which piece of code to execute.
Cool! So now we know how this MEV bot basically works - the calldata is composed of
1
0
5
1
0
4
@bbbb
no, as for our use cases it's much faster and more reliable than decompiling each sc and only then decoding, if the decompilation succeeded and if the func param types are simple... :)
1
0
3
@ChainPrompter
@MaxKaay
@tjvsx
@CastignoliMarco
@SourcifyEth
@MetaMask
@TenderlyApp
Now that's interesting
1
0
4
We have thus far found ~16 validators that were funded via the same pattern as the slashed one that executed the MEV sandwich bot exploit.
4
13
93
0
0
2
@samczsun
@0xfoobar
@0xmisaka
@CapitalGrug
@DeanEigenmann
@EdgarArout
@EigenPhi
@MevRefund
@bertcmiller
@functi0nZer0
@libevm
@lostbutlucky
@mevalphaleak
@phildaian
@tarunchitra
@thal0x
@thegostep
@transmissions11
@wireless_anon
didn't had time to check on on-chain tx, so i encoded some params and tested it. it didn't worked on the 5txs&10txs dataset, only on the 50txs and after some temperature tuning. prod env probably will need more training.
1
0
4
@nero_eth
The bot lost couple of mils on this trade but not hacked. 0x0...0dFD is a cex-dex trading bot. 0xED7 is doing arbs. 0xED77, 0x9B7E and more did their arbs. The cex-dex bot lost in total $4m on this trades. Looks more like a bug, maybe even a third-party manipulation.
3
0
2
wow
1/5 Building applications that rely on real-time, on-chain data is complex and resource-intensive. And as chains and clients focus on “writes” (throughput, scalability), rich and efficient “reads” will become even harder. Today we launch to change that.
5
33
171
0
1
3
@nicksdjohnson
today there is no known way (apart from the one mentioned) to decode hexadecimal string (of calldata) into human-readable format, without knowing the types first. what we are doing here is extracting the types from that blob, so decoding can be done via the standard libraries.
0
0
3
@TheDEFIac
reposting my response from a similar discussion on discord:
I don’t believe gatekeepeing public tools nor sharing a internal tool it took me a week to develop will hurt my income, and if it does, it means mev is not my thing anymore.
1
0
3
Ever found yourself lost in the dark forest, trying to decode transaction calldata of an unknown smart contract? 🤔😤
Say no more!
Using GPT-3 you can decode the calldata from any transaction and understand how to interact with the contract 🧵
61
271
1K
1
0
2
A short and quick operational analysis on the recent $25m mega-mev event, with some info I haven't found in public.
Really one of the coolest mev events in a long time and probably the coolest public one.
🧵
4
7
53
0
0
2
@CastignoliMarco
@tjvsx
@SourcifyEth
@MetaMask
if you have the sources you don't need to use ai to decode the function call :)
1
0
2
@CapitalGrug
@0xfoobar
@0xmisaka
@DeanEigenmann
@EdgarArout
@EigenPhi
@MevRefund
@bertcmiller
@functi0nZer0
@libevm
@lostbutlucky
@mevalphaleak
@phildaian
@samczsun
@tarunchitra
@thal0x
@thegostep
@transmissions11
@wireless_anon
Highly appreciate! MEV and ML it's what we do :)
0
0
2
@0xblvck_
for our use cases it's much faster and more reliable than decompiling each sc and only then decoding (if the decompilation succeeded and the if func param types are simple...)
1
0
2
@nero_eth
we researched around+- this topic internally. mainly min bribe, in-general and in-context of specific mev strategies.
1
0
1
@simonw
Would die to see something like that!!
Maybe I'll write some POC for that, can be cool
0
0
1
@Isaac19950503
not sure if I got the translation right, but it’s actually much easier to develop than it seems!
0
0
1
@Ponjinge
building a etherscan-like app sounds reasonable. I personally won’t pick Arkham-like as a first project, it’s more complex.
good luck!
1
0
1
@flevestanagan
thanks!
the data for the function sigs comes from and apis ( indexes them automatically) :)
0
0
1
@samczsun
@0xfoobar
@0xmisaka
@CapitalGrug
@DeanEigenmann
@EdgarArout
@EigenPhi
@MevRefund
@bertcmiller
@functi0nZer0
@libevm
@lostbutlucky
@mevalphaleak
@phildaian
@tarunchitra
@thal0x
@thegostep
@transmissions11
@wireless_anon
i see that there is demand here, will try to hack something together later :)
dm'ing you
0
0
1