FIRST: FrontrunnIng Resilient Smart ConTracts
Emrah Sariboz, Gaurav Panwar, Roopa Vishwanathan, Satyajayant Misra
TL;DR
Frontrunning in DeFi exploits public mempools on permissionless chains, motivating FIRST, a decentralized, application-layer framework that uses Verifiable Delay Functions ($VDF$) and aggregate signatures to enforce per-user delays without changing blockchain consensus.FIRST leverages a federated set of verifiers to compute and verify a $VDF$ result, which is then aggregated and validated on-chain before a transaction is executed, ensuring that adversarial transactions cannot overtake the victim transaction with high probability.The authors formalize security in the Universal Composability framework and provide empirical evaluation on Ethereum and Binance Smart Chain data, showing effective reduction in frontrunning risk and detailing the on-chain costs of aggregate verification.Through extensive data-driven tuning (epoch length, delay parameters) and off-chain verification, FIRST offers a practical, scalable defense against MEV-like attacks while maintaining compatibility with existing DeFi dApps and relayers.The work demonstrates a viable path toward robust, application-layer protection against frontrunning with formal security guarantees and real-world feasibility, highlighting potential for broader adoption and further optimizations.
Abstract
Owing to the meteoric rise in the usage of cryptocurrencies, there has been a widespread adaptation of traditional financial applications such as lending, borrowing, margin trading, and more, to the cryptocurrency realm. In some cases, the inherently transparent and unregulated nature of cryptocurrencies leads to attacks on users of these applications. One such attack is frontrunning, where a malicious entity leverages the knowledge of currently unprocessed financial transactions submitted by users and attempts to get its own transaction(s) executed ahead of the unprocessed ones. The consequences of this can be financial loss, inaccurate transactions, and even exposure to more attacks. We propose FIRST, a framework that prevents frontrunning attacks, and is built using cryptographic protocols including verifiable delay functions and aggregate signatures. In our design, we have a federated setup for generating the public parameters of the VDF, thus removing the need for a single trusted setup. We formally analyze FIRST, prove its security using the Universal Composability framework and experimentally demonstrate the effectiveness of FIRST.
