Decentralised finance (DeFi), is one of the hottest trends in the world of cryptocurrencies and blockchain.
DeFi enables users to use financial services without having to trust in traditional financial institutions. However, as DeFi’s popularity grows, new challenges arise, such as various attacks, including the famous Sandwich Attack.
In today’s lesson, we will discuss what a Sandwich Attack is, what risks it poses to DeFi and what steps you can take to protect yourself against it.
What is the Sandwich Attack concept?
Sandwich Attack is a type of attack that occurs in the DeFiecosystem and involves manipulating the prices of cryptocurrency assets on decentralised exchanges. During this attack, the attacker exploits flaws in trading mechanisms to gain financial benefits at the expense of other market participants.
In practice, this type of attack is a form of so-called front-running. It primarily attacks decentralised protocols and financial services. It involves placing an order just before a transaction and just after it. Therefore, the attacker will be at the beginning and end of a given transaction at the same time, and the correct, original transaction will be sandwiched between the fake ones, just like in a sandwich.
The purpose of placing these two orders simultaneously, and placing the correct one in the middle, is to manipulate asset prices. The main targets of sandwich attacks are decentralised exchanges or DEXs, which allow direct exchange of tokens from wallets.
How it works. The victim of the transaction exchanges cryptocurrency X for cryptocurrency Y and makes a purchase. The fraudster detects the transaction in question and begins his work. He buys asset Y before the transaction in question is approved, which automatically increases the price of this asset for the trader, the victim. At the same time, such a transaction increases the slippage (the expected increase or decrease in price, based on trading volume and liquidity).
Due to the transaction made by the fraudster, the price of asset Y increases. The victim buys asset Y at a higher price and the attacker himself sells the asset at a high profit.
What goes into sandwich attacks?
- Automated Market Maker (AMM). It is an algorithm that sets prices for an asset. It automatically creates a market based on the assets in the liquidity pools. The market maker allows liquidity providers to track the market and then set buy and sell prices. As a result, liquidity takers trade based precisely on AMM.
- Price slippage. Slippage is the change in the price of an asset, during a transaction. Expected price slippage is waiting for the price to rise or fall and is based on trading volume and liquidity.
- Execution price we expect. When a given liquidity taker issues a trade, the taker wants to execute the trade at the expected execution price. Of course, this is based on the AMM algorithm and slippage.
- Unexpected slippage indicator. As the name suggests, this is unexpected slippage, relative to our expected price.
How do you recognise Sandwich Attack?
Sandwich scams are very simple and easy to carry out. If you have a lot of experience in cryptocurrencies, you will easily catch these types of attacks. Moreover, attackers can continue to process such transactions without any consequences. This is why it is important to spot the characteristic features of this type of attack early on!
First of all, remember that Sandwich Attack are mainly carried out on decentralised exchanges or DeFi platforms. Which use automated market makers.
In addition, also bear in mind that the trader’s expectations of the strike price and the difference from the actual strike price strongly influence this type of attack.
Here are the two, most common scenarios you can expect with sandwich attacks on DeFi platforms:
- Liquidity Taker vs.
Signs of Sandwitch Attack are very apparent when liquidity providers are competing with each other. For example, when a general taker has pending AMM trades on the blockchain, it is a greedy morsel for fraudsters.
In this case, an attacker can initiate front-run and back-run transactions on such transactions and benefit financially.
- Liquidity provider vs. liquidity taker
In this case, the attacker removes liquidity using a front-running method from the decentralised DeFi protocol. This method increases the victim’s transaction slippage. The attacker then adds liquidity and ensures the stability of the pool. Interestingly, withdrawing liquidity before the victim’s transaction is approved can remove the commission fee for the transaction.
How to combat sandwich attacks?
Unfortunately, there is no specific solution to help us prevent sandwich attacks. However, users of decentralised protocols and DEX can follow certain precautions to avoid the risks associated with such attacks. These include:
- Pay higher transaction fees. It may seem ridiculous, but it is the amount of gas that ensures that the transaction is completed and confirmed more quickly.
- Protection against bots. Attackers use sophisticated tools to take over your funds. To protect yourself from bots, you can use MEV protection. These services use oracles, algorithms and smart contracts to detect and prevent sandwich attacks.
- Look for protocols with a lower slip tolerance. Slippage tolerance can protect you from this type of attack. It refers to the maximum percentage of price fluctuation that a user can accept, in order to approve a trade.
Summary
Sandwich Attack is a type of attack that poses a serious threat to the DeFi ecosystem. Attackers exploit differences in token prices on different exchanges to profit at the expense of other traders.
It is important for traders and designers of smart contracts to understand these types of attacks and take steps to minimise risk. Security and market integrity are critical to DeFi’s long-term success.
Complete today’s lesson!
