Front Running Bancor
Alerted to a problem in Bancor's smart contracts, I waded through all 3,500 words from Ivan Bogatyy in an effort to make the story a little more digestible.
First, a definition of front running. Back when stock exchanges still used paper orders, an unscrupulous broker who spotted a large purchase could trot ahead with a smaller purchase of his own, reaching the trading desk before the order being walked, then a bit later quickly liquidate his holding for a profit after the market digested the bump in the stock price. That's illegal, it's unethical, and it used to result in criminal cases, but they're harder to detect now since stocks are priced by the penny rather than 1/8th of a dollar, which was the case until 2001.
Bancor is the name of a system economists John Maynard Keynes and E.F. Schumacher conceived during World War II as an international clearing house that would solve the problems in our financial system that were exposed by the Great Depression. Like its namesake, today's Bancor seeks to cure the cryptocurrency liquidity problem. No matter what token you might have, Bancor would permit immediate sale without the need for a purchaser or an exchange type environment.
The details of Bancor are really innovative and their thirteen page white paper is well worth a read, but we're going to focus on the fault that was uncovered.
When a miner finds a block, they are free to re-order the transactions any way they like. That's not an issue for Bitcoin, but it is for Bancor, since the trade data contains information of value on the future price of a specific token. So a dishonest mining operator with some programming skills could arrange to skim profit from the system.
Bogatyy took things a step further, developing a way for a non-miner to monitor the happenings with the Bancor token, symbol BNT, and simply front running any large trade by offering a smaller trade with a higher incentive. Bancor is an Ethereum ERC20 token and any trade requires a bit of 'gas', the internal method used to reward miners for doing their job. There is a twenty second window between Ethereum blocks, time enough to spot a big trade, and then add a smaller one with maximum gas in order to get to the head of the line, just like a 20th century trader might have done.
Only in this case, there isn't anything criminal or even unethical about this practice. The Bancor token's behavior is transparent, like most things that happen on a blockchain, so any fix for this unfair advantage is a programming problem, rather than a regulation issue.
Bogatyy worked with Bancor and there are several solutions. There is minReturn function, which detects front running and stops a targeted trade. Bancor suggested setting gas to maximum on transactions, which would thwart the outside observers, but which would not stop a modified miner. There are more complex solutions, but they require equally complex analysis and modeling to ensure they are not introducing additional subtle problems that would be even more difficult to correct.
Taking a step back from it all, this is a class of problem that is going to keep appearing.
Cryptocurrencies and blockchains require a cross disciplinary slice of cryptography, computer science, network analysis, and economics. Right now there are not nearly enough people who can do all these things and do them well. There are already rumblings in graduate education in this area and given the breadth of things that can be done with such systems it won't be long before we see college junior/senior level multi-class sequences that cover this area.