5 months ago 2 min read

A Bug in Cardano (ADA) Has Granted Illicit Manipulation on Transaction Orders in Nodes


According to the co-founder of AdaHandle and the operator of Blade Pool, a Scooper of the DEX SundaeSwap, $conrad (@conraddit), Stake pool operators (SPOs) in Cardano (ADA) may potentially bypass transaction ordering in the blockchain’s Mempool and maliciously prioritize certain transactions in favor of them.

The COO of Kora Labs also claimed that he had tested and proven that SPOs could, in his particular circumstance. As a response to a posted tweet by $conrad on October 16, “Deny incoming transactions from all other peers and only accept them from specific DEXs, for example, that could pay me a fee. If I’m minting enough blocks, I could provide this service.”

Yes, this is technically possible and I have tested it. I could deny incoming transactions from all other peers and only accept them from specific DEXs for example that could pay me a fee. If I'm minting enough blocks, I could provide this service. Another reason for sSPO

According to $conrad, this could seemingly be used to deny someone financial access because of a blacklisted AdaHandle.

Process of Cardano Transaction

Cardano's transaction processing architecture is processed based on the fees the sender is prepared to pay. A user creates a transaction on their Cardano client software, which then forms part og the blockchaain and disseminated to all other nodes. This is an evident vulnerability which makes it a potential attack vector and in turn causes price manipulation.

The Proof-of-Stake (PoS) network's first-come first-serve transaction processing architecture has implemented a smart contracting system. The system became operational in September 2021 with the Alonzo hard fork.

The Possiblity of SPOs Blocking Transactions

$conrad, the co-founder of AdaHandle points out that there is no technical definition of whether or not the problem of Minimum Extractable Value (MEV) is achievable. This same problem is what plagues Ethereum (ETH) and account-based blockchains. The developer on the contrary has admitted that it is indeed possible for SPOs to block certain transactions and prioritize others. This may foreshadow problems for projects, particularly DEXes, that are currently operational or are planning to deploy on the network. Cardano's unique design makes DEXes such as SundaeSwap depend on off-chain engines. SundaeSwap employs Scooper nodes which are responsible for building and submitting a transaction which executes many swaps against the Automated Market Maker (AMM) in return for an ADA fee. Scooper node operators are trusted and have the power to operate in the best interests of SundaeSwap and the rapidly growing DeFi community of Cardano. The lack of documentation of this particular problem might be due to Cardano’s default node rules lacking this capability. To establish whether SPOs infringe Cardano’s first-come, first-served design, one must manually monitor the Mempool and ward off nodes that may be implicated in manipulation efforts.

Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Coin Aquarium.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.