Back to Course

3. Advanced Course

0% Complete
0/0 Steps
  1. 1. What is Taproot?
  2. 2. Blockchain bridges – what are they?
  3. 3. What is Ethereum Plasma?
  4. 4. What is Ethereum Casper?
  5. 5. What is Zk-SNARK and Zk-STARK? 
  6. 6. What is Selfish Mining? 
  7. 7. What is spoofing in the cryptocurrency market? 
  8. 8. Schnorr signatures - what are they? 
  9. 9. MimbleWimble - what is it? 
  10. 10. What is digital property rights in NFT?
  11. 11. What are ETFs and what role do they play in the cryptocurrency market? 
  12. 12. How to verify a cryptocurrency project – cryptocurrency tokenomics 
  13. 13. What is the 51% attack on blockchain?
  14. 14. What is DAO, and how does it work?
  15. 15. Zero-knowledge proof – a protocol that respects privacy 
  16. 16. What is EOSREX?
  17. 17. What is Proof of Elapsed Time (PoET)?
  18. 18. Mirror Protocol – what it is? 
  19. 19. What are synthetic assets? 
  20. 20. How to create your own NFT? 
  21. 21. Definition of DeFi, and what are its liquidations?
  22. 22. New identity system - Polygon ID
  23. 23. Ethereum Foundation and the Scroll protocol - what is it?
  24. 24. What is Byzantine fault tolerance in blockchain technology?
  25. 25. Scalability of blockchain technology - what is it?
  26. 26. Interchain Security - new Cosmos (ATOM) protocol
  27. 27. Coin Mixing vs. Coin Join - definition, opportunities, and threats
  28. 28. What is Ethereum Virtual Machine (EVM) and how does it work?
  29. 29. Soulbound Tokens - what are they, and how do they work?
  30. 30. Definition of LIDO - what is it?
  31. 31. What are Threshold Signatures, and how do they work?
  32. 32. Blockchain technology and cyberattacks.
  33. 33. Bitcoin script - what it is, and what you should know about it.
  34. 34. What is zkEVM, and what are its basic features?
  35. 35. Do confidential transactions on blockchain exist? What is a Confidential Transaction?
  36. 36. Algorithmic stablecoins - everything you should know about them.
  37. 37. Polygon Zk Rollups ZKP - what should you know about it?
  38. 38. What is Web3 Infura?
  39. 39. Mantle - Ethereum L2 scalability - how does it work?
  40. 40. What is the NEAR Rainbow Bridge?
  41. 41. Liquid Staking Ethereum and LSD tokens. What do you need to know about it?
  42. 42. Top 10 blockchain oracles. How do they work? How do they differ?
  43. 43. What are Web3.js and Ether.js? What are the main differences between them?
  44. 44. What is StarkWare, and recursive validity proofs
  45. 45. Quant Network: scalability of the future
  46. 46. Polygon zkEVM - everything you need to know
  47. 47. What is Optimism (OP), and how do its roll-ups work?
  48. 48. What are RPC nodes, and how do they work?
  49. 49. SEI Network: everything you need to know about the Tier 1 solution for DeFi
  50. 50. Types of Proof-of-Stake Consensus Mechanisms: DPoS, LPoS and BPoS
  51. 51. Bedrock: the epileptic curve that ensures security!
  52. 52. What is Tendermint, and how does it work?
  53. 53. Pantos: how to solve the problem of token transfer between blockchains?
  54. 54. What is asymmetric encryption?
  55. 55. Base-58 Function in Cryptocurrencies
  56. 56. What Is the Nostr Protocol and How Does It Work?
  57. 57. What Is the XDAI Bridge and How Does It Work?
  58. 58. Solidity vs. Rust: What Are the Differences Between These Programming Languages?
  59. 59. What Is a Real-Time Operating System (RTOS)?
  60. 60. What Is the Ethereum Rinkeby Testnet and How Does It Work?
  61. 61. What Is Probabilistic Encryption?
  62. 62. What is a Pinata in Web 3? We explain!
  63. 63. What Is EIP-4337? Will Ethereum Account Abstraction Change Web3 Forever?
  64. 64. What are smart contract audits? Which companies are involved?
  65. 65. How does the AirGapped wallet work?
  66. 66. What is proto-danksharding (EIP-4844) on Ethereum?
  67. 67. What is decentralised storage and how does it work?
  68. 68. How to Recover Cryptocurrencies Sent to the Wrong Address or Network: A Practical Guide
  69. 69. MPC Wallet and Multilateral Computing: Innovative Technology for Privacy and Security
  70. 70. Threshold signature in cryptography: an advanced signing technique!
  71. 71. Vanity address in cryptocurrencies: what is it and what are its characteristics?
  72. 72. Reentrancy Attack on smart contracts: a threat to blockchain security!
  73. 73. Slither: a static analyser for smart contracts!
  74. 74. Sandwich Attack at DeFi: explanation and risks!
  75. 75. Blockchain RPC for Web3: A key technology in the world of decentralized finance!
  76. 76. Re-staking: the benefits of re-posting in staking!
  77. 77. Base: Evolving cryptocurrency transactions with a tier-2 solution from Coinbase
  78. 78. IPFS: A new era of decentralized data storage
  79. 79. Typical vulnerabilities and bridge security in blockchain technology
  80. 80. JumpNet - Ethereum's new sidechain
3. Advanced Course 74. Sandwich Attack at DeFi: explanation and risks!
Lesson 74 of 80
In Progress

74. Sandwich Attack at DeFi: explanation and risks!

Decentralised finance (DeFi), is one of the hottest trends in the world of cryptocurrencies and blockchain.

DeFi enables users to use financial services without having to trust in traditional financial institutions. However, as DeFi’s popularity grows, new challenges arise, such as various attacks, including the famous Sandwich Attack.

In today’s lesson, we will discuss what a Sandwich Attack is, what risks it poses to DeFi and what steps you can take to protect yourself against it.

What is the Sandwich Attack concept?

Sandwich Attack is a type of attack that occurs in the DeFiecosystem and involves manipulating the prices of cryptocurrency assets on decentralised exchanges. During this attack, the attacker exploits flaws in trading mechanisms to gain financial benefits at the expense of other market participants.

In practice, this type of attack is a form of so-called front-running. It primarily attacks decentralised protocols and financial services. It involves placing an order just before a transaction and just after it. Therefore, the attacker will be at the beginning and end of a given transaction at the same time, and the correct, original transaction will be sandwiched between the fake ones, just like in a sandwich.

The purpose of placing these two orders simultaneously, and placing the correct one in the middle, is to manipulate asset prices. The main targets of sandwich attacks are decentralised exchanges or DEXs, which allow direct exchange of tokens from wallets.

How it works. The victim of the transaction exchanges cryptocurrency X for cryptocurrency Y and makes a purchase. The fraudster detects the transaction in question and begins his work. He buys asset Y before the transaction in question is approved, which automatically increases the price of this asset for the trader, the victim. At the same time, such a transaction increases the slippage (the expected increase or decrease in price, based on trading volume and liquidity).

Due to the transaction made by the fraudster, the price of asset Y increases. The victim buys asset Y at a higher price and the attacker himself sells the asset at a high profit.

What goes into sandwich attacks?

  • Automated Market Maker (AMM). It is an algorithm that sets prices for an asset. It automatically creates a market based on the assets in the liquidity pools. The market maker allows liquidity providers to track the market and then set buy and sell prices. As a result, liquidity takers trade based precisely on AMM.
  • Price slippage. Slippage is the change in the price of an asset, during a transaction. Expected price slippage is waiting for the price to rise or fall and is based on trading volume and liquidity.
  • Execution price we expect. When a given liquidity taker issues a trade, the taker wants to execute the trade at the expected execution price. Of course, this is based on the AMM algorithm and slippage.
  • Unexpected slippage indicator. As the name suggests, this is unexpected slippage, relative to our expected price.

How do you recognise Sandwich Attack?

Sandwich scams are very simple and easy to carry out.  If you have a lot of experience in cryptocurrencies, you will easily catch these types of attacks. Moreover, attackers can continue to process such transactions without any consequences. This is why it is important to spot the characteristic features of this type of attack early on!

First of all, remember that Sandwich Attack are mainly carried out on decentralised exchanges or DeFi platforms. Which use automated market makers.

In addition, also bear in mind that the trader’s expectations of the strike price and the difference from the actual strike price strongly influence this type of attack.

Here are the two, most common scenarios you can expect with sandwich attacks on DeFi platforms:

  1. Liquidity Taker vs.

Signs of Sandwitch Attack are very apparent when liquidity providers are competing with each other. For example, when a general taker has pending AMM trades on the blockchain, it is a greedy morsel for fraudsters.

In this case, an attacker can initiate front-run and back-run transactions on such transactions and benefit financially.

  1. Liquidity provider vs. liquidity taker

In this case, the attacker removes liquidity using a front-running method from the decentralised DeFi protocol. This method increases the victim’s transaction slippage. The attacker then adds liquidity and ensures the stability of the pool. Interestingly, withdrawing liquidity before the victim’s transaction is approved can remove the commission fee for the transaction.

How to combat sandwich attacks?

Unfortunately, there is no specific solution to help us prevent sandwich attacks. However, users of decentralised protocols and DEX can follow certain precautions to avoid the risks associated with such attacks. These include:

  1. Pay higher transaction fees. It may seem ridiculous, but it is the amount of gas that ensures that the transaction is completed and confirmed more quickly.
  2. Protection against bots. Attackers use sophisticated tools to take over your funds. To protect yourself from bots, you can use MEV protection. These services use oracles, algorithms and smart contracts to detect and prevent sandwich attacks.
  3. Look for protocols with a lower slip tolerance. Slippage tolerance can protect you from this type of attack. It refers to the maximum percentage of price fluctuation that a user can accept, in order to approve a trade.

Summary

Sandwich Attack is a type of attack that poses a serious threat to the DeFi ecosystem. Attackers exploit differences in token prices on different exchanges to profit at the expense of other traders.

It is important for traders and designers of smart contracts to understand these types of attacks and take steps to minimise risk. Security and market integrity are critical to DeFi’s long-term success.

Complete today’s lesson!

  1. Security in the crypto market – what rules are worth following?
  2. Smart contracts – what are they?
  3. What is a Ponzi scheme?
  4. Definition of DeFi and what are its liquidations?
  5. Blockchain technology and cyber attacks.