Sandwich Attacks: A New Threat to DeFi Users

DeFi, or decentralized finance, is a fast-growing sector of the cryptocurrency industry that offers various financial services without intermediaries. Users can lend, borrow, trade, earn interest and access other products through smart contracts on blockchain platforms.

However, DeFi is not without risks and challenges. One of the emerging threats that DeFi users face is the sandwich attack, a form of front-running that can result in significant losses for unsuspecting traders.

What is a Sandwich Attack?

A sandwich attack is a type of front-running that involves placing two transactions around a user's transaction on a decentralized exchange (DEX). A DEX is a platform that allows users to swap tokens directly from their wallets without a centralized authority.

A sandwich attacker monitors the pending transactions on the network and identifies a large or profitable trade that they want to exploit. They then place a transaction with a higher gas fee (the fee paid to miners for processing transactions) before the user's transaction, effectively jumping ahead in the queue. This transaction buys the same token that the user wants to buy, driving up the price.

Then, the user's transaction gets executed at a higher price than they expected, due to the increased demand and slippage (the difference between the expected and actual price of a trade). The attacker then places another transaction with a high gas fee after the user's transaction, selling the token that they bought earlier at a higher price. This transaction lowers the price of the token, causing the user to lose value on their trade.

The attacker profits from the difference between the buy and sell prices, while the user suffers a loss. The user's transaction is sandwiched between the attacker's transactions, hence the name sandwich attack.

How Common Are Sandwich Attacks?

Sandwich attacks are not a new phenomenon in DeFi. In fact, Ethereum founder Vitalik Buterin warned about them as early as 2018. However, they have become more prevalent and sophisticated in recent months, as DeFi activity and competition have increased.

According to a report, a research and development organization focused on miner extractable value (MEV), sandwich attacks accounted for 23% of all MEV extracted on Ethereum in March 2021. MEV is the profit that miners or other actors can make by influencing the order or inclusion of transactions on the blockchain.

The report also estimated that sandwich attackers extracted $19.7 million worth of MEV in March 2021, up from $3.8 million in February 2021. The average profit per sandwich attack was $1,729, while the average loss per victim was $1,383.

Some of the most popular DEXs that have been targeted by sandwich attacks include Uniswap, SushiSwap, Balancer and Curve. These platforms use automated market makers (AMMs) to provide liquidity and determine prices for token swaps. AMMs are algorithms that use liquidity pools (collections of tokens) to facilitate trades without relying on order books or market makers.

However, AMMs also have some drawbacks that make them vulnerable to sandwich attacks. For example, AMMs are transparent and public, meaning that anyone can see the pending transactions and their parameters on the network. AMMs also update prices after every trade based on a fixed formula that depends on the supply and demand of tokens in the pool. This makes it easy for attackers to predict and manipulate prices by placing transactions before and after a user’s trade.

How Can Users Avoid Sandwich Attacks?

There is no foolproof way to prevent sandwich attacks, as they are inherent to the design and limitations of current DeFi protocols and platforms. However, there are some steps that users can take to reduce their exposure and risk of being sandwiched.

• Use lower slippage tolerance: Slippage tolerance is the maximum percentage of price change that a user is willing to accept for their trade to go through. For example, if a user sets their slippage tolerance to 1%, their trade will be cancelled if the price moves more than 1% from the time they submit their transaction to the time it gets executed. Using lower slippage tolerance can help users avoid paying too much for their trades due to price manipulation by sandwich attackers. However, it can also increase the chances of their transactions failing or getting stuck in the mempool (the queue of pending transactions) due to high volatility or network congestion.

• Use faster gas fees: Gas fees are the fees paid to miners for processing transactions on the blockchain. Users can choose how much gas they want to pay for their transactions, which affects how fast they get confirmed and executed. Using faster gas fees can help users get ahead of sandwich attackers who try to front-run or back-run their transactions. However, it can also increase the cost of trading and reduce the profitability of their trades.

• Use limit orders: Limit orders are orders that specify the exact price and amount of tokens that a user wants to buy or sell. Unlike market orders, which execute at the best available price at the time of submission, limit orders only execute if the price reaches the user's specified level. Using limit orders can help users avoid slippage and price manipulation by sandwich attackers who try to influence the market price. However, limit orders are not supported by all DEXs and may require third-party services or tools to implement.

• Use privacy-preserving tools: Privacy-preserving tools are tools that aim to hide or obfuscate the details of a user's transaction from other network participants. For example, some tools use encryption, zero-knowledge proofs, or decoy transactions to conceal the sender, receiver, amount, or timing of a transaction. Using privacy-preserving tools can help users avoid being targeted by sandwich attackers who monitor the pending transactions and their parameters. However, privacy-preserving tools are not widely available or compatible with all DEXs and may introduce additional costs or risks.

• Use Flashbots or MEV protection services: Flashbots is a research and development organization that provides a transparent and fair way for users to communicate with miners and bid for MEV opportunities. Users can use Flashbots to bypass the public mempool and submit their transactions directly to miners who support Flashbots, avoiding front-running and sandwich attacks by other network participants. MEV protection services are services that aim to protect users from MEV extraction by sandwich attackers or other actors. For example, some services use smart contracts, oracles, or algorithms to detect and prevent sandwich attacks or reimburse users for their losses. Using Flashbots or MEV protection services can help users avoid or mitigate sandwich attacks and other forms of MEV extraction. However, these services are not widely adopted or accessible by all users and may have limitations or trade-offs.

Conclusion

Sandwich attacks are a new threat to DeFi users that can result in significant losses for unsuspecting traders. Sandwich attackers exploit the transparency, latency, and pricing mechanisms of DEXs and AMMs to manipulate prices and profit from other users' transactions.

Users can take some steps to reduce their exposure and risk of being sandwiched, such as using lower slippage tolerance, faster gas fees, limit orders, privacy-preserving tools, Flashbots, or MEV protection services. However, these steps are not foolproof and may have drawbacks or challenges.

Ultimately, sandwich attacks are a symptom of a larger problem in DeFi: the lack of efficient and fair market mechanisms that prevent MEV extraction and protect users' interests. As DeFi grows and evolves, more research and innovation are needed to address this problem and ensure a more secure and equitable DeFi ecosystem.

Stay tuned to CoinCarp Social Media and Discuss with Us:

Twitter |Telegram |Reddit |Discord