In the world of Decentralized Finance (DeFi), innovative opportunities are accompanied by new and sophisticated challenges. One such challenge that has gained notoriety is the phenomenon known as “DeFi sandwich attacks.” As decentralized exchanges and automated market makers continue to revolutionize traditional financial systems, understanding the vulnerabilities and risks associated with these novel platforms becomes paramount.
In an era where decentralized finance is rapidly reshaping the global financial landscape, a deep understanding of DeFi sandwich attacks is indispensable for users, developers, and stakeholders to participate confidently and securely in this groundbreaking ecosystem.
The article explores the intricate mechanics of DeFi sandwich attacks, shedding light on their operation and potential impact. DeFi sandwich attacks involve strategically placing two opposing transactions around a target trade within a short timeframe, allowing malicious actors to exploit price slippage to their advantage. The attacker typically buys the asset just before the target trade at a lower price and then sells it just after the trade at a slightly higher price, profiting from the resulting price difference.
What are sandwich attacks?
Sandwich attacks capitalize on the distinctive features of DeFi, particularly within Decentralized Exchange (DEX) trading, as a means to generate profit by manipulating cryptocurrency markets. To unravel their mechanics, it’s essential to grasp the operational dynamics of DEX platforms.
Leading DEXs commonly employ Automated Market Makers (AMMs), which serve as exchanges devoid of intermediaries or manual interventions. AMMs typically operate on a formula that maintains the aggregate liquidity pool, akin to an order book, at a constant level.
These ‘constant product’ AMMs dictate the exchange rate at which users of the DEX can swap crypto tokens, hinging on the liquidity available and the magnitude of the orders. This formula also leads to a price curve dictating the order fulfillment, providing a reference for the eventual exchange rate at which a trade will be executed. Given the unrestricted access to DEX usage, actual execution prices aren’t an exact science due to the ever-shifting liquidity landscape.
Coupled with the time lag users encounter from trade decision-making to token transmission and eventual execution, it’s evident that the exchange rate during execution might deviate from the user’s initial intention to secure.
This scenario is what’s labeled as ‘slippage’ in the realm of DeFi, prompting DEX traders to comprehend liquidity conditions thoroughly and determine an acceptable threshold for slippage. Such insights are pivotal to ensuring efficient and effective trading strategies.
What happens in a sandwich attack?
A sandwich attack targeting a DEX that employs a constant product AMM, such as Uniswap, necessitates the orchestration of two malevolent transactions. This tactical maneuver involves an antecedent transaction prior to the victim’s trade, followed by a subsequent transaction after it, thereby sandwiching the victim within this sequence—hence the name “sandwich attack.”
The initial step entails the attacker identifying a potential victim transaction, typically seeking those with a substantial threshold for slippage tolerance, thereby offering a more lucrative profit potential. The transaction’s vulnerability to sandwich attacks can also be exacerbated by the fees associated with it.
Once a suitable target is pinpointed, the attacker executes a buy transaction for the identical asset pair, structured to precede the user’s transaction. This maneuver involves setting a higher fee rate to expedite the token movement to the DEX—a practice recognized as “frontrunning.”
This attacker-initiated transaction disrupts the liquidity pool’s composition, causing the subsequent transaction’s available exchange rates to deviate from those initially presented to other users whose transactions are pending execution.
In cases involving substantial-volume swaps, the situation is compounded—greater volumes necessitate higher liquidity, driving the swap to engage with bids that deviate further from the actual exchange rate.
Hence, configuring an appropriate slippage tolerance emerges as a pivotal aspect of successful DEX trading.
Once the victim’s swap concludes at an unfavorable exchange rate, the attacker swiftly follows up with a sell transaction for the same asset pair, thereby securing their gains. This secondary transaction effectively “backruns” the victim, culminating in the sandwich strategy.
The efficacy of sandwich attacks is contingent not only on the attacker’s skill but also on the accessibility of suitable victim transactions, facilitated by the transparent nature of DeFi and public blockchains. Notably, these attacks are largely automated—ill-intentioned actors construct bots that identify potential victims and even simulate the attack prior to its blockchain deployment.
The automated nature of such attacks diminishes the scope for errors in execution; the simulations incorporate real-time market conditions, minimizing uncertainty.
Consequently, these front-running bots are a primary factor behind the financial losses of less-experienced DEX traders, in tandem with the aspect of high slippage tolerance.
Types of sandwich attacks
A hacker/attacker can perform a sandwich attack in two ways. These are:
Liquidity Taker vs Taker
Instances of diverse liquidity takers engaging in conflicts are far from uncommon within the cryptocurrency landscape. For instance, consider the scenario where an ordinary market taker holds a pending Automated Market Maker (AMM) transaction within the blockchain. In this context, an opportunistic actor can deploy subsequent transactions, encompassing both front-running and back-running strategies, with the aim of securing financial advantage. As these transactions, along with the initial market taker’s action, pile up in the queue, miners play the decisive role in determining the sequence for approval.
The dynamics surrounding transaction approval underscore a pivotal point: when the nefarious actor offers a higher transaction fee compared to their counterpart, the likelihood of their malicious transaction being prioritized increases. It’s crucial to note that this isn’t a guaranteed outcome, but rather a demonstration of how accessible it can be to initiate a sandwich attack.
In essence, when multiple transactions vie for inclusion in the blockchain, the transaction fees attached to each play a pivotal role in determining their order of execution. This creates a competitive environment where the transaction with the higher fee is often prioritized by miners seeking to maximize their earnings.
This competitive fee structure sets the stage for sandwich attacks, where opportunistic individuals strategically structure their transactions to take advantage of the fee-driven priority system. By offering a higher fee for their transactions, they position themselves to be favored by miners, potentially enabling them to front-run or back-run the original market taker’s transaction.
Liquidity Provider vs Taker
A liquidity provider possesses the capability to target a liquidity taker through a strikingly similar modus operandi. The foundational process remains consistent, yet this time the malicious actor must execute a series of three distinct actions.
Initially, the attacker engages in the removal of liquidity, employing a front-running strategy. This maneuver is geared towards amplifying the slippage experienced by the victim. Subsequently, in a back-running approach, the actor proceeds to re-introduce liquidity, effectively reinstating the original equilibrium within the liquidity pool. The final step entails the swapping of asset Y for asset X, thereby restoring the balance of asset X to its pre-attack state.
The rationale behind withdrawing one’s liquidity prior to the victim’s transaction stems from the intention to annul the commission fee linked with that specific transaction. Typically, liquidity providers accrue a nominal fee for any activities occurring within their chosen pool. By strategically preventing the allocation of this commission, the attacker can inflict financial repercussions upon the liquidity taker. However, this maneuver comes at a price—the forfeiture of one’s own commission earnings.
This multifaceted approach underscores the intricate tactics that bad actors can employ within the decentralized financial landscape. It capitalizes on the vulnerabilities inherent in liquidity pools, transaction sequencing, and fee structures.
By tampering with the fundamental mechanics of liquidity provision and subsequent asset swaps, these actors can manipulate outcomes to their advantage while disrupting the intended functioning of the ecosystem. This highlights the ongoing cat-and-mouse game within the DeFi space, where participants must not only comprehend these tactics but also continuously adapt their strategies to thwart such exploitative maneuvers.
Techniques used in sandwich attacks
This is how sandwich attackers introduce an unforeseen slippage rate and exploit unsuspecting victims with unfavorable exchange rates:
- Attackers generate numerous transactions with elevated gas fees, mirroring the victims’ transactions.
- Employing bots, they monitor the mempool, as previously discussed.
- By employing a blend of market and limit orders, they engineer an unforeseen slippage rate that works to their advantage in executing trades.
- In some instances, they even leverage flash loans to borrow funds that support their liquidity pool, enabling them to manipulate trades.
Protecting against sandwich attacks
The insight garnered from the preceding discussion underscores an undeniable truth: the pivotal aspect of shielding oneself from DeFi sandwich attacks hinges on the adept management of slippage.
A comprehensive defense strategy extends beyond the comprehension of what slippage entails and why and when it materializes. DEX users must additionally gauge their individual threshold for slippage. This exercise becomes instrumental in fortifying one’s defense against becoming an easy target for sandwich attack bots.
Notably, the severity of slippage escalates within markets characterized by low liquidity. Consequently, a profound comprehension of liquidity dynamics becomes a guiding compass for safely navigating the trading landscape involving a given asset pair.
Furthermore, establishing a low slippage tolerance assumes paramount importance in evading the radar of potential attackers. To exemplify, a 20% slippage tolerance essentially communicates to the Automated Market Maker (AMM) and any vigilant onlookers that a trader is amenable to tolerating an exchange rate deviation of up to 20% from the spot rate. This, inadvertently, offers a conspicuous signal to sandwich attackers, paving their way to exploit the differential for their personal gain.
It’s worth noting that most DEX platforms advocate for a maximum slippage tolerance of less than 2%. Nevertheless, maintaining a slippage tolerance that is excessively low could potentially lead to trade failures. In such instances, limited liquidity implies an insufficient number of offers to fulfill either the entirety or a portion of a swap at the envisioned exchange rate.
Alternatively, one can adopt a strategic approach, contingent on prevailing fee rates and liquidity conditions at the juncture of the swap. This involves breaking down the intended swap into several smaller transactions. This approach serves to diminish the potential for a sandwich attack to capitalize on slippage tolerance, as each fraction of the transaction demands relatively lesser liquidity for fulfillment. Consequently, users mitigate uncertainty pertaining to exchange rates, given that the impact of each smaller transaction on the AMM liquidity pool is less pronounced.
Within the realm of Automated Market Makers (AMMs), the imperative lies in formulating robust safeguards that shield users from the perils of sandwich attacks. A case in point is the innovative approach undertaken by the 1inch platform, wherein they introduced an inventive order type coined as “flashbot transactions.” This novel approach circumvents the conventional visibility within the mempool, as these transactions are deliberately withheld from broadcast.
The unique mechanism employed by the 1inch platform involves establishing a direct conduit with reputable miners. Consequently, the transactions are rendered visible only once they have been successfully mined. By sidestepping the mempool broadcasting process and establishing a direct linkage with miners, the platform adds an extra layer of security that prevents the transaction intentions from being preemptively exposed to potential attackers.
Conclusion
The prevalence of DeFi sandwich attacks within decentralized exchanges (DEXes) has become a concerning reality, especially for less experienced traders executing substantial swaps. The inherent openness of DEX trading and the transparent nature of public blockchains have provided attackers with ample opportunities to identify and exploit vulnerable victims. The sophistication has reached a point where these attackers have automated the selection of profitable transactions to manipulate.
However, it’s crucial to recognize that sandwich attacks don’t qualify as direct theft of victims’ assets; rather, they exemplify a form of market manipulation that capitalizes on profit potential. Therefore, the responsibility falls on users to preemptively safeguard their funds. Engaging in DEX swaps necessitates attaching suitable network fees to the transaction and calibrating slippage tolerance in alignment with the current liquidity landscape. The equilibrium between liquidity on the DEX and network fee rates fundamentally influences the viability of sandwich attacks.
As an intriguing facet, some attackers might even forge alliances with miners to enhance the success of frontrunning transactions, irrespective of fee rates. This intricate interplay highlights the evolving nature of these attacks and the intricate strategies deployed by both attackers and defenders within the DeFi realm. Thus, arming oneself with comprehensive understanding and proactive measures is pivotal in thwarting the detrimental effects of DeFi sandwich attacks and preserving the integrity of the ecosystem.
