# Front-Running Rebase Attack (Stepwise Jump in Rewards) The **front-running rebase attack** targets staking contracts where rewards are distributed in a batch or rebase event. Attackers time their deposits to take advantage of predictable reward distributions and withdraw a disproportionate amount of rewards at the expense of legitimate stakers. The attack involves making a quick deposit right before a large reward (rebase) is sent to the contract, inflating the attacker’s share value and allowing them to withdraw excessive rewards. This behavior **directly harms legitimate stakers**, as they lose a significant portion of the rewards they are rightfully entitled to. *** #### Attack Flow in a Staking Contract: 1. **Normal Operation for Legitimate Stakers**: * **Legitimate users** (like Bob) deposit their tokens into a staking contract expecting to earn a proportional share of the rewards based on how much and how long they’ve staked. * **Rewards** are periodically distributed based on the total amount staked, and these rewards are shared among all stakers according to their share of the pool. 2. **Attacker Front-Runs a Reward (Rebase)**: * An attacker **Alice** monitors the blockchain and sees that a large **reward** (let’s say 100 ETH) is about to be sent into the staking contract. * Just before the reward is distributed, Alice deposits a small amount (e.g., 10 ETH) into the staking contract. * At this point, Alice receives staking shares based on the **pre-reward** asset-to-share ratio. 3. **Rebase Occurs**: * After Alice’s deposit, the large reward (100 ETH) is sent into the staking contract, **increasing the total assets**. * The value of each staking share increases, but **no new shares are minted** as the reward is distributed to all existing shares, including the ones Alice just minted. 4. **Attacker Withdraws for Profit**: * Now that the value of each share has increased due to the rebase, Alice immediately withdraws her share of the rewards. * Her initial small deposit (10 ETH) has now inflated to a much larger amount due to the reward distribution, allowing her to withdraw far more than she originally deposited. *** #### Negative Effects on Legitimate Stakers: 1. **Legitimate Stakers Lose a Portion of Their Deserved Rewards**: * **Before the Attack**: The rewards are intended to be fairly distributed based on the total shares in the pool and each staker’s contribution. * **After the Attack**: Because Alice front-ran the deposit, she mints new shares before the reward is distributed. This **dilutes** the rewards that should have gone to long-term stakers like Bob, who deposited before the rebase but didn’t benefit from Alice’s front-running tactics. * **Example**: * Suppose Bob has been staking for a month and expects to receive a large portion of the 100 ETH reward. * After Alice deposits and front-runs the reward, she captures a significant portion of the 100 ETH, leaving Bob with far fewer rewards than he rightfully deserves. 2. **Unfair Distribution of Rewards**: * The rewards in staking contracts are designed to be **proportional** to the number of shares and the time staked. Legitimate users expect to be rewarded based on their contributions. * However, in a front-running attack, the attacker manipulates the **timing** of their deposit to **steal** a portion of the rewards without actually contributing to the staking pool over time. 3. **Long-Term Stakers Are Penalized**: * Users who have staked their tokens for a long time suffer the most from this attack. They are **penalized** because their rewards are diluted by a short-term attacker who can exploit the system by making quick deposits and withdrawals. * This creates a **disincentive** for users to stake their tokens long-term, as they see their earned rewards siphoned off by opportunistic attackers. 4. **Increased Volatility in the Staking Pool**: * The **value of shares** in the staking contract becomes more volatile because of this attack. Every time a large reward is about to be distributed, attackers may rush in, causing fluctuations in the share distribution. * Legitimate stakers may face **unpredictable rewards** as attackers exploit the system, reducing confidence in the fairness of the staking process. 5. **Loss of Trust in the Staking Protocol**: * Over time, as legitimate users repeatedly lose a portion of their rewards to front-running attackers, **trust in the staking protocol erodes**. Users may withdraw their funds from the protocol entirely, fearing that the system can be gamed by opportunistic attackers. * This negatively impacts the **reputation** of the staking platform, reducing its attractiveness to potential users.\