Mitigate Griefing with Gas Bombs

Definition
A gas bomb is a transaction that executes a low gas operation at a high gas price, with the intention of efficiently burning a portion of the signer’s ETH balance. The bomb serves as a binding promise by the signer to carry out some action. The signer shares their bomb with a trusted third-party, who can use it to slash them. Once in the mempool, the only way to defuse a gas bomb is for the creator to submit a transaction that costs at least as much gas as the bomb itself.

Application to Trade Reservations on a TEC
A trade reservation system looks something like this:

1. Taker requests to fill a set of orders within some timeframe, T
2. The TEC reserves the orders on behalf of the Taker for T seconds
3. The Taker has T seconds to submit their fill transaction on-chain
4. After T seconds, if the order has not been filled, the TEC starts accepting reservations again

The purpose of trade reservations is to mitigate on-chain trade collisions. However, it also creates an undesirable incentive for the Taker to grief the Maker: if the market fluctuates unfavorably during the reservation period, the Taker can choose not to fill the orders.

Constructing a Gas Bomb for Trade Reservations
A gas bomb is a disincentive for Taker griefing by ensuring mutual destruction:

1. Taker constructs a gas bomb that uses the same nonce as their promised fill transaction (should be next valid nonce)
2. Taker submits the bomb to the TEC, along with their request to fill a set of orders
3. The TEC monitors the mempool for the taker’s fill transaction (which has the same nonce as the gas bomb)
4. If the fill transaction is not observed after T seconds then the TEC submits the gas bomb

Benefits of a Gas Bomb

1. No gas cost if the signer behaves correctly (vs deposit contracts)
2. Minimal overhead
3. Flexible slashing cost

Potential Drawbacks of Using a Gas Bomb for Trade Reservations

1. Blocks the Taker from creating other transactions before filling the reserved orders
2. It is an online slashing strategy (requires monitoring the mempool), opposed to retroactive
3. A MITM could intercept the gas bomb and submit it to the blockhain
4. There is a trusted third-party (the TEC)
5. It’s an eye-for-an-eye disincentive, which is less desirable than disallowing the bad behavior altogether
6. Minimal support at present for signing a transaction w/o submitting it to the mempool
   • https://github.com/ethereum/EIPs/issues/728
   • https://github.com/MetaMask/metamask-extension/issues/3475

Shoutout to our friendly research fellow Peter for his work on this design

I personally think that this downside is a bit understated. There are various levels of trust involved in everything, but some are more acceptable than others. One of the fundamental assumptions with decentralized exchanges is that they are non-custodial (many even prefer the term non-custodial exchange to DEX). Gas bombs break that invariant - the transaction signer is essentially forfeiting custody of some ETH to the TEC until the fill transaction is mined. There are no constraints on when the TEC can submit the gas bomb, and auditability is pretty difficult.

Definitely still very interesting, and amounts can be pretty small in practice (though the size of the gas bomb must scale with size of the fill?). Just want to be explicit about the trust model here.

One of the fundamental assumptions with decentralized exchanges is that they are non-custodial

That’s a good point; I suppose this is a form of custody. Although the TEC can only burn funds (not steal) and is limited to the amount signed by the taker. A TEC must also forfeit its fee in order to slash.

That said, there is an attack vector where a TEC uses the bomb to cancel reservations; for example, if a new Taker arrives who’s willing to pay a higher fee.

There are no constraints on when the TEC can submit the gas bomb

True, aside from the nonce there is no expiration. This becomes an issue particularly if the order cannot be reserved, in which case the taker cannot submit their fill. The taker must trust the TEC to discard the bomb if the order cannot be reserved.

amounts can be pretty small in practice

Yeah ideally the amount is just high enough to deter griefing as a strategy for free options. Like $0.25.

If a TEC is going to break bad then it should be more lucractive (and damaging) to front-run or grief.