The Money Making Machine Behind the Polygon Spam Attacks

0xB551
October 15th, 2021

By @ndhung1104 and @RochelleSophie_

Since May, there’s been a lot of talk about Polygon “flipping”  Ethereum -- at first in terms of transaction count (at its peak, there were 8M transactions per day happening on Polygon, compared to 1.2M TPD on Ethereum) and just last week in terms of active user count -- rising to a record high of 566,516 active addresses on Saturday, surpassing Ethereum for the first time.

However, it’s also been reported in a Polygon forum that the network has been under a spam attack since May, which has been inflating network utilization numbers by 90%. Every block was full of users sending meaningless transactions and just paying for the gas fees.

With 1 gwei in gas price, or 0.000000001 MATIC / gas, and a 20 million gas limit per block, it only costs around 0.02 MATIC to spam an entire block on Polygon, or $1,000 for an entire day.

So it’s cheap to flood a whole block - but still, what’s the incentive?

This article sheds light on the mechanism happening behind these spam transactions, and the profits at stake. Our research suggests that increasing gas fees to 30 gwei could be very effective in this case.

The Arbitrage Bot Behind these Spam Attacks

Identifying the Sender

On average, the top 10 dapps in terms of weekly transaction count add up to 3 million transactions per week, or 420k transactions per day. With 4M – 6M transactions happening on the whole network daily, the top 10 applications account for less than 10% of the total network - so where are the rest of the transactions coming from?

With a simple query we were able to find the top 10 addresses in terms of total transactions. The top two contracts, “0xa81ce04168e41a47f68a975d67a00fbef729af9b” and “0x84e5bc3df0df0f543648f250443c6f4077218312”, have been interacting with 2 million transactions daily -- which accounts for roughly 30% of the network’s total transaction count.

Source: Polygon dashboard

Identifying the Recipient

Looking at the details of their transactions, we can see that these two contracts are arbitrage bots. They are the target of millions of transactions every day, and initiate thousands of daily transactions to DEXes themselves.

For example, in the above trade, this contract sent out 0.153 MATIC worth 0.23$ and receive back 4.33 MATIC worth 6.5$

An arbitrage bot is a bot that captures the different exchange rates between platforms to make profit. For example, if Uniswap has 3700$ / ETH and Sushiswap has 3600$ / ETH, you can simultaneously buy on Sushi and sell on Uniswap to capture the 100$ difference.

We now have the full picture: spam attack transactions act as the trigger for these arbitrage bots to make their own transactions on DEXes.

The addresses interacting with the arbitrage bots only hold 0.1 - 0.2 MATIC, which suggests that they are empty placeholders.
The addresses interacting with the arbitrage bots only hold 0.1 - 0.2 MATIC, which suggests that they are empty placeholders.

By plotting the total transactions sent out by these bot contracts, we can see that they make around 2,000 – 4,000 transactions per day, which is nothing unusual.

Source: Polygon dashboard

We don’t know the contract’s code so we cannot explain why it needs so many input transactions versus just 2000 – 4000 trades per day.

The likely theory is that the owner just wants to spam the contract so others cannot front-run the real trade. So someone has a bot that floods a block with noise to protect from front running, as opposed to using priority fees to ensure they are always first in the block. But is it really cheaper to buy a whole block than to just pay exorbitant prices to be first?

How much is this spammer making?

By tracking the contract creator we can see that the bot was initially funded with 14 ETH (~$3,775) and made multiple transactions back for a total of 218.5 ETH (equivalent to ~$825,000 at the time of writing) that was bridged back to Ethereum.

That’s an average of $6,800 a day in profits over the past 120 days - which is how long the bot has been running.

Increasing Transaction Fees

On October 5th 2021, the network’s co-founder recommended increasing the minimum transaction fee from 1 gwei to 30 gwei - raising the cost of spamming an entire day to $30,000 to disincentivize spam transactions from happening.

Shortly after the adjustment, the spam transactions dropped 75% from 2M to just 500k TPD. Polygon’s daily transactions also dropped 50% from 6M to just over 3M TPD. This is clearly shown in the graph above.

Network Utilization Rate - From polygonscan.com
Network Utilization Rate - From polygonscan.com

As shown in the graph above, the network’s utilization rate also dropped down from 90% back to 60% which is a healthier rate. This leaves a lot of room for others to build on Polygon.

It’s worth noting that even with the 75% drop, spam transactions still account for 16.7% of the network’s daily transactions. This means bots are still spending around $5,000 a day at the current gas price, or 83% of their daily profit, to keep this operation going.

Arweave TX
nQ3fcXAS6IIGMznol_k9bP2jsuAzj1RAzXPc77NpbOM
Ethereum Address
0xB551E3E62b14674C8dD6b0B173AC23D4e98Cb791
Content Digest
T-DlnwfiDSQnWnbgBocTfxYmkByUFW5SeGgd520H9zM