The financial market is a dynamic environment that goes through ups and downs in cycles. The…
Sandwich attack? Is this a scene from Cloudy with a chance of meatballs? Sadly, no. This isn’t food-related.
There are different kinds of cyber attacks that occur in the crypto space and sandwich attack is another one of these.
Today’s blog post will explain why and how a sandwich attack happens in decentralized finance. Also, it will outline how you can protect yourself from this intrusion.
Sandwich Attack Explained
A sandwich attack happens because of two elements, a trading bot or a malicious trader. Trading bots and attackers perform two kinds of operations, the front end and back end. This is the usual order of execution of attacks in defi.
An investor makes a buy order for a certain crypto coin. Once the bot or the attacker detects this buy order, the attacker will front-run the purchase of the coin. As a result, the price increases and there is high slippage. Hence, the victim buys at a higher price.
After that, the culprit will sell the crypto coins at a higher value. This is the back-run attack.
The investor’s original pending transaction sandwiched between two manipulative actions: the order placed before the investor’s trade could clear and the back-run act of selling the coins.
Factors Influencing the Sandwich Attack
Automated market makers (AMMs) are the platforms where sandwich attacks usually occur. Some popular AMMs are PancakeSwap, Uniswap, Curve, and Balancer. Because of their pricing algorithm’s structure, there is always a high demand for liquidity and they conduct trades continuously.
However, there is also the influence of price slippage. Investopedia defines price slippage as:
Slippage refers to the difference between the expected price of a trade and the price at which the trade is executed. Slippage can occur at any time but is most prevalent during periods of higher volatility when market orders are used.
Possible Scenarios in an Attack
Bad bots and bad traders can perform two kinds of sandwich attacks. These are the two types of attacks: liquidity taker versus taker and liquidity provider versus taker.
Liquidity Taker versus Taker
This is a phenomenon where two liquidity takers attack each other. To illustrate, when a trader has a pending buy order in the automated market maker, the culprit can release one transaction after another which are already front-run and back-run attacks. Now, miners will see three pending transactions. Then, they have to choose which one they will approve first.
Now, if the malicious trader placed a higher value than the original pending transaction, it has a higher probability of getting validated first. There is no sure-fire guarantee that this is indeed what will happen. This just serves to illustrate the simple way of attempting a sandwich attack.
Liquidity Provider versus Taker
The structure of this attack is identical to the first one. However, the culprits need to perform 3 operations.
First, remove the liquidity to hike up a victim’s slippage. Removing the liquidity serves as a front-running approach. Next, they return the liquidity to the pool.
This actions restores balance in the pool. Lastly, they switch the one asset to the previous one so that it will resume its former balance.
The commission fee for the transactions becomes nullified if the culprits withdraw their liquidity before the victim’s transaction is completed.
Protecting Yourself From a Sandwich Attack
Use a limit order. With limit orders you can specify your fill price. As a result, you will be less prone to slippage.
Previously, only centralized exchanges allowed limit orders. However, there are DEXS like SpiritSwap and 1inch that cater to this.
Flashbots RPC also give an additional layer of protection. It avoids the public mempool so that the transaction is not broadcasted to others.
For now, these are the only ways that investors can protect themselves from sandwich attacks. Developers will continuously look for long-term solutions to this kind of attack. All kinds of crypto scams exist on the web like loan attacks, rug pulls and pump and dump schemes.
Web3 participants need to be continuous updates about these malicious behaviors so that they will remain vigilant and prevent it from victimizing them.