The use of blockchains for automated and adversarial trading has become commonplace. However, due to the transparent nature of blockchains, an adversary is able to observe any pending, not-yet-mined transactions, along with their execution logic. This transparency further enables a new type of adversary, which copies and front-runs profitable pending transactions in real-time, yielding significant financial gains. Shedding light on such "copy-paste" malpractice, this paper introduces the Blockchain Imitation Game and proposes a generalized imitation attack methodology called Ape. Leveraging dynamic program analysis techniques, Ape supports the automatic synthesis of adversarial smart contracts. Over a timeframe of one year (1st of August, 2021 to 31st of July, 2022), Ape could have yielded 148.96M USD in profit on Ethereum, and 42.70M USD on BNB Smart Chain (BSC). Not only as a malicious attack, we further show the potential of transaction and contract imitation as a defensive strategy. Within one year, we find that Ape could have successfully imitated 13 and 22 known Decentralized Finance (DeFi) attacks on Ethereum and BSC, respectively. Our findings suggest that blockchain validators can imitate attacks in real-time to prevent intrusions in DeFi.

翻译：利用区块链进行自动化对抗性交易已成为常态。然而，由于区块链的透明性，攻击者能够观察任何待处理、尚未打包的交易及其执行逻辑。这种透明性进一步催生了一种新型攻击者，他们实时复制并抢先执行有利可图的待处理交易，从而获得巨额财务收益。为揭示这种"复制-粘贴"滥用行为，本文引入区块链模仿游戏，并提出一种名为Ape的通用化模仿攻击方法。通过利用动态程序分析技术，Ape支持对抗性智能合约的自动合成。在一年时间跨度内（2021年8月1日至2022年7月31日），Ape在以太坊上可产生1.4896亿美元收益，在BNB智能链（BSC）上则可产生4270万美元收益。我们进一步证明，交易与合约模仿不仅可作为恶意攻击手段，也可作为防御策略。在一年内，我们发现Ape能够成功模仿以太坊和BSC上已知的13起和22起去中心化金融（DeFi）攻击。我们的研究结果表明，区块链验证者可实时模仿攻击行为，以预防DeFi中的入侵事件。