SIP-45: Prioritized Transaction Submission #45
Conversation
|
Looks like this SIP could enable sandwich attacks on Sui? |
No. This cannot be used to carry out sandwich attacks as there is no public mempool on Sui. |
wriches
changed the title
wriches
added
the
active
You don't need a public mempool. All professional (solana) sniper bots run a validator. In Sui, you run a validator and listen to the RPC nodes to request for a transaction signature. You send your attack transaction with higher fees and then slightly delayed the signature. You would need 1/3+x stake to guarantee success with the delay. But higher fees could be enough. |
It will theoretically work. It will even work without priority fees. Our argument is that, with or without this proposal, despite it is possible to construct such successful sandwich attacks occasionally, any validator that attempts this will find it hard to make it economically sustainable. That is, a sandwich attempt may result in a success or a failure, but over a longer period of time (looking at a day or a week), losses add up much faster, and the actor overall has a negative gain. There are several pitfalls to the method:
|
I have several questions and concerns about the priority fees mechanism:
I believe we need to carefully evaluate whether the benefits of priority fees outweigh these potential security risks, particularly in DeFi contexts where transaction ordering is critical. |
It is irrelevant to the sandwich attack. The gas fee mechanism (you call it priority fees) already exists. It just does not behave deterministically. This proposal simply removes the (unwanted) randomness of transaction submission. It does not enable another attack vector that wasn't possible before. It makes the system fairer by allowing transactions that pay more to get higher priority. We believe this is a fair feature for Sui. @sblackshear @mwtian might be able to provide some insights from Sui's perspective as well? |
Thanks for providing feedback @Iamknownasfesal. To clarify, today ordering of transactions in Sui is first determined by which consensus commit the transaction is included in, then transactions are ordered within each consensus commit by gas price before their execution. There are more details: transactions touching different objects can execute in parallel, transactions touching overloaded objects can be deterministically postponed to execute with a later consensus commit etc. But these are the high level ideas. If we consider the issue of too many transactions trying to use the same shared objects (for example liquidity pools), prioritizing these transactions based on their gas prices ("priority fee") seems to be the most sensible way, which provides the most value to the network. Current protection against sandwich attacks comes from the fact that it should be easy to detect validators carrying out the attack and avoid using these validators for transaction submissions. If you have concrete proposals on alternative ways to order transactions that provide stronger protection against sandwich attacks, feel free to write up an issue at https://github.com/MystenLabs/sui and we can discuss there. As mentioned by @shio-coder, this proposal is basically to allow transactions to use consensus bandwidth proportional to its gas price, which improves the reliability of having a transaction included in the next consensus commit instead of a later one. Ordering within the consensus commit will be determined by gas prices as discussed above, which is the existing behavior. |
## Description This is one of the change that is proposed from [SIP-45](sui-foundation/sips#45). Planning to make another separated PR for protocol config, that is: - Let K be a part of protocol config. - Increase max gas price in protocol config. ## Test plan CI
|
|
||
| We acknowledge that in order to adapt to the forthcoming Mysticeti Fast Path, further changes are needed. | ||
|
|
||
| $K$ is a constant chosen to limit amplification. A smaller value of $K$ will increase amplification to the Sui network. In this case, $5$ is chosen as the initial value of $K$. |
There was a problem hiding this comment.
I think a value of 5 for the amplification factor is very aggressive to start off with.
I propose a higher amplification factor of 120 as a conservative starting amplification factor. This will still have a meaningful effect on better transaction inclusion through higher fees while still protecting validator network bandwidth. The amplification factor can always be lowered in the future.
You can find my full writing and rationale based on a robust quantitative approach here - https://paragraph.xyz/@evandekim/economics-of-sui-shared-liquidity-pool-objects
wriches
added
final
## Description This is the change that is proposed from [SIP-45](sui-foundation/sips#45). The change includes: - Adds a histogram metric for `amplification_factor`. - Adds `K` to protocol config. `K` is set to 5 starting from Protocol Version 71. ## Test plan CI --- ## Release notes Check each box that your changes affect. If none of the boxes relate to your changes, release notes aren't required. For each box you select, include information after the relevant heading that describes the impact of your changes that a user might notice and any actions they must take to implement updates. - [ ] Protocol: - [ ] Nodes (Validators and Full nodes): - [ ] gRPC: - [ ] JSON-RPC: - [ ] GraphQL: - [ ] CLI: - [ ] Rust SDK: --------- Co-authored-by: Mingwei Tian <[email protected]>
This PR creates a new SIP draft, that intends to enable effective prioritized transaction submission.