# Front-Running Rebase Attack (Stepwise Jump in Rewards)

The **front-running rebase attack** targets staking contracts where rewards are distributed in a batch or rebase event. Attackers time their deposits to take advantage of predictable reward distributions and withdraw a disproportionate amount of rewards at the expense of legitimate stakers. The attack involves making a quick deposit right before a large reward (rebase) is sent to the contract, inflating the attacker’s share value and allowing them to withdraw excessive rewards. This behavior **directly harms legitimate stakers**, as they lose a significant portion of the rewards they are rightfully entitled to.

***

#### Attack Flow in a Staking Contract:

1. **Normal Operation for Legitimate Stakers**:
   * **Legitimate users** (like Bob) deposit their tokens into a staking contract expecting to earn a proportional share of the rewards based on how much and how long they’ve staked.
   * **Rewards** are periodically distributed based on the total amount staked, and these rewards are shared among all stakers according to their share of the pool.
2. **Attacker Front-Runs a Reward (Rebase)**:
   * An attacker **Alice** monitors the blockchain and sees that a large **reward** (let’s say 100 ETH) is about to be sent into the staking contract.
   * Just before the reward is distributed, Alice deposits a small amount (e.g., 10 ETH) into the staking contract.
   * At this point, Alice receives staking shares based on the **pre-reward** asset-to-share ratio.
3. **Rebase Occurs**:
   * After Alice’s deposit, the large reward (100 ETH) is sent into the staking contract, **increasing the total assets**.
   * The value of each staking share increases, but **no new shares are minted** as the reward is distributed to all existing shares, including the ones Alice just minted.
4. **Attacker Withdraws for Profit**:
   * Now that the value of each share has increased due to the rebase, Alice immediately withdraws her share of the rewards.
   * Her initial small deposit (10 ETH) has now inflated to a much larger amount due to the reward distribution, allowing her to withdraw far more than she originally deposited.

***

#### Negative Effects on Legitimate Stakers:

1. **Legitimate Stakers Lose a Portion of Their Deserved Rewards**:
   * **Before the Attack**: The rewards are intended to be fairly distributed based on the total shares in the pool and each staker’s contribution.
   * **After the Attack**: Because Alice front-ran the deposit, she mints new shares before the reward is distributed. This **dilutes** the rewards that should have gone to long-term stakers like Bob, who deposited before the rebase but didn’t benefit from Alice’s front-running tactics.
   * **Example**:
     * Suppose Bob has been staking for a month and expects to receive a large portion of the 100 ETH reward.
     * After Alice deposits and front-runs the reward, she captures a significant portion of the 100 ETH, leaving Bob with far fewer rewards than he rightfully deserves.
2. **Unfair Distribution of Rewards**:
   * The rewards in staking contracts are designed to be **proportional** to the number of shares and the time staked. Legitimate users expect to be rewarded based on their contributions.
   * However, in a front-running attack, the attacker manipulates the **timing** of their deposit to **steal** a portion of the rewards without actually contributing to the staking pool over time.
3. **Long-Term Stakers Are Penalized**:
   * Users who have staked their tokens for a long time suffer the most from this attack. They are **penalized** because their rewards are diluted by a short-term attacker who can exploit the system by making quick deposits and withdrawals.
   * This creates a **disincentive** for users to stake their tokens long-term, as they see their earned rewards siphoned off by opportunistic attackers.
4. **Increased Volatility in the Staking Pool**:
   * The **value of shares** in the staking contract becomes more volatile because of this attack. Every time a large reward is about to be distributed, attackers may rush in, causing fluctuations in the share distribution.
   * Legitimate stakers may face **unpredictable rewards** as attackers exploit the system, reducing confidence in the fairness of the staking process.
5. **Loss of Trust in the Staking Protocol**:
   * Over time, as legitimate users repeatedly lose a portion of their rewards to front-running attackers, **trust in the staking protocol erodes**. Users may withdraw their funds from the protocol entirely, fearing that the system can be gamed by opportunistic attackers.
   * This negatively impacts the **reputation** of the staking platform, reducing its attractiveness to potential users.\ <br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://zokyo-auditing-tutorials.gitbook.io/zokyo-tutorials/tutorial-23-staking/front-running-rebase-attack-stepwise-jump-in-rewards.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.