[yonixw]

What was missing for me in the article is the fact that they don't call a function by name AND by validation of hash.

Instead, only by hash(<method name string> + "(bytes,bytes,uint64)").slice(0,10) which is brute-force-able.

Still, this sounds just like one of my worst nightmares. A code in production having bugs that will lose all my money to an untraceable environment (the tornado chain).

[dcolkitt]

Funny tangent about the function hash... I can't tell you the number of man-hours I spent brute-forcing random function names to find the lowest value hash.

Quick background. Back in the pre Flashbot days, the competitive barrier to front running was winning priority gas auctions. Basically whoever was able to bid at the highest gas price would get their transaction mined with first, and would extract the MEV. (Kind of analogous to traditional HFTs fighting to shave off nanoseconds to win a latency-based priority race.)

So you had to make sure that your on-chain smart contract for the front-running bot is an insanely gas optimized as possible. You'd literally pay a thousand times per unit of gas as the average person. Every single byte matters. And one thing about the EVM is that zero bytes in the transaction data cost slightly less than non-zero bytes.

So anyway, in the hot-path of that front-running bot, you'd want to get as many zeros in the method hash as you could. So I'd literally run a GPU to brute force method names.

[Daishiman]

I am simultaneously stunned at the brilliance of the scheme and the monumental loss of human productivity.

[nootropicat]

Wouldn't it be cheaper to replace the method id with byte id? No need to follow solidity abi if nobody but you is going to call the contract.

[dcolkitt]

For sure. The biggest challenge is once you leave Solidity entirely, it's hard to do anything but very simple operations. And actually, I did essentially do what you mentioning for our "gas refund" contracts. Basically another trick to cut gas spend is to use the refund the EVM gives for calling contract self-destruct.

You create a bunch of dummy contracts when gas is cheap. Then on your transaction where you're paying a 100x gas price to win the contract, you self-destruct as many contracts as you can to max the refund. However the self-destruct call itself costs gas, so you want to make the call as simple as possible. This is a pretty simple: 1) check caller address, invoke self-destruct. So you'd just write the entire contract directly in EVM byte code instead of using Solidity.

[nootropicat]

>The biggest challenge is once you leave Solidity entirely, it's hard to do anything but very simple operations.

You don't have to leave solidity, it could all be done in the fallback/default function, no?

For the rest, you described gas tokens, but self destruct refunds were removed with London so they are all worthless now.

[dcolkitt]

Good question. I'm 90% sure that fallback function is actually implemented in byte code by comparing the byte code against all the method signatures. Then if none match, the assembly jumps to the fallback. So, what you save in 0s in the input byte code, you pay more than that in the execution gas.

Yeah, for gas tokens you're right. This was all pre-Flashbots, so talking about February or March at the latest. Flashbots kind of wrecked the whole game. Now it's a whole lot simpler, just ship transactions to Flashbots and bid as close as possible to breakeven. Consequently 90%+ of the profits now go to the miners.

[nootropicat]

>So, what you save in 0s in the input byte code, you pay more than that in the execution gas.

In this case all methods should be internal, so the preamble would have no methods at all to look for.