hack_dinero

EOA-Watch = Baywatch for EOAs! If you expose your private... key that is, and lose control of assets, like ERC20/721 tokens, have no fear! EOA-Watch is here! We use flashbots to recover your assets!

hack_dinero

Created At

HackMoney 2022

Project Description

EOA-Watch is like Baywatch, but for EOAs! Despite all the warnings, EOA users sometimes expose their privates, well, private keys that is. Consequently, webscrapers and flashbots that are designed to exploit compromised EOAs quickly drain the Ether of these accounts, but that’s not all! Often, these accounts control assets in other contracts, such as ERC20 and ERC721 contracts, as well as custom escrows. Fortunately, the hacker may not immediately realize that other assets are tied to the compromised private keys, however, any attempt to withdraw these assets will alarm the hacker of their existence and immediately by exploited.

However, using flash bundles, which package transactions into a bundle and relay them to MEV-Geth clients, avoiding the public mempool, it is possible to withdraw these stranded assets into a secure EOA. Although possible, this is not a simple process and non-advanced users cannot be expected to build their own flashbots to rescue their stranded assets. But, have no fear! EOA-Watch is here!

EOA-Watch provides a user-friendly Dapp that only asks for 3-pieces of data: the address of the contract holding the assets, the private key of the exposed account (yes, never ask for private keys, but this one is already exposed!), and the type of asset, whether it’s an ERC20 or ERC721 token. Finally, the user needs to connect to our Dapp with a MetaMask account that is secure. EOA-Watch formats the flash bundle on our backend and relays it to the MEV-Geth clients, where it is mined within minutes after the user sends the request. Once the stranded assets are rescued, they are immediately sent to the safety of the user’s MetaMask account. This is programmed into the flash bundle, so it happens in a flash! All that the user has to pay is the gas fees, which are estimated at the time of execution.

Pamela Anderson once said, “I’d rather be looked over than overlooked.” Here at EOA-Watch, we look over your stranded assets, rescue them from the predators lurking in the dark Ethereum waters, and return them to the safety of your secure wallet.

How it's Made

The core tech used in EOA-Watch includes, Node.js, React, Hardhat, Ethers, and Flashbots from Ethers-privider-bundle. The core functionality of the client is a simple submission form that takes inputs of an exposed private key, smart contract address containing assets controlled by the exposed EOA, and the type of asset: ERC20 or ERC721 token. The core functionality of the backend is a flashbot bundler that formats three transactions into one bundle and relays the bundle to the MEV-Geth nodes to be mined.

The flashbot bundle is dynamically created based on the user input from the submission form. Although the flash bundle scripts worked in testing on hardhat, they failed when running from the browser due to a control access block stemming from CORS. For that reason, a decision was made to add a backend to serve the flashbot request with formatted headers.

We did not specifically use any sponsor technology.

background image mobile

Join the mailing list

Get the latest news and updates