Sandwich attacks in DeFi.

Gepubliceerd op 24 juni 2023 om 09:26

The development of Decentralized Finance (DeFi) is moving incredibly fast. DeFi has become an important part of the crypto world. From infinite swapping through your MetaMask to getting exorbitant interest rates when you add liquidity; the future is at our feet. 

What is a Sandwich Attack?
A Sandwich Attack is an attack on a decentralized exchange (DEX), influencing the initial price on a swap. The attacker takes a priority on this transaction and buys this currency at the current advantageous price and then sells it to the victim at a more expensive price. The victim sits between the two transaction, like a sandwich. A sandwich attack is a common attack in the DeFi sphere.

Automated Market Maker.
An AMM is an Automated Market Maker on a decentralized exchange (DEX), such as UniSwap or PancakeSwap. When a user trades on a centralized exchange, such as Coinbase or Binance, you have an order book with a series of buy and sell orders ready to go. You can indicate the price at which you are willing to buy Bitcoin (BTC), for example. In a way, you are buying Bitcoin from someone else, who is willing to sell his or her Bitcoin at that particular price.

An AMM does not work with an order book, but instead operates using decentralized liquidity pools that run on smart contracts. When users of the AMM want to trade, they see a certain price, a price at which they are willing to buy. If agreed, they approve this transaction. Note that on central exchange you can place a limit order, buying at a certain price. Although this development is underway in DeFi 2.0, the use of limit orders in DeFi is still very uncommon.

In short: An automated market maker (AMM) is a system that automatically facilitates buy and sell orders on a decentralized exchange. In contrast to regular market makers, AMMs function by using self-executing computer programs, also known as smart contracts.

Liquidity is essential to enable trading. The scarcer a particular crypto is in this liquidity pool, the harder it is to trade in it and the greater the effect on its price will be (which will rise). This is why providing liquidity (providing your own crypto in a liquidity pool) in DeFi is interesting for many crypto users, as it provides them with high interest rates. The smaller the liquidity pool, the higher the interest rates you receive for this (due to scarcity). But the risk is also very high, because there could be insufficient liquidity. You can then have problems withdrawing your own crypto or you cannot buy that crypto at all.

Front running attack & mempool
The sandwich attack is part of what is known as a frontrunning attack. This term says it all a bit: someone is running in front of you, eating your cheese off your bread, so to speak. A transaction is not immediately added to the blockchain, but they are first collected as parts in blocks. So a block is a collection of all transactions ready to be executed.

The nodes in the network then receive notification of these transactions. When nodes receive this transaction, they add it to the pool of transactions yet to be validated, called the mem pool.

When the time comes to process the transactions in the mempool, the nodes will check these transactions and then validate them. The order in which transactions are validated is determined by the amount of the transaction fee. The higher the transaction fee, the faster your transaction will be completed. This is because the miner/node performing this transaction receives a higher reward for processing this transaction.

In these few minutes when transactions are stored in the mempool, a front running attack happens. They take advantage of the process, adding transactions based on transaction costs. An attacker has the ability to ensure that their transaction is processed before every other transaction, by specifying higher transaction costs.

Thus, by having additional information, a front-runner knows which transactions are in the mempool. This allows a front-runner to place a transaction in a block before anyone else. By looking at the transaction cost of the current transaction, and passing it by means of a higher transaction fee. Miners handle transactions with a higher fee first.

At first you might think this makes sense, that the person with the highest transaction cost gets priority. But front runners can exploit this to harm other users. Front runners can also use this strategy with the Ethereum Name Service. Imagine you want to register a domain name with Ethereum to ensure that your network is well found through a nice name.

So a front runner can see this information earlier and use this information. Then this front runner can sell you this domain name at a higher price. Ethereum Name Service has fortunately protected itself against this problem. But this illustrates well that because of how the blockchain works, this system can be abused if users have additional information that others do not.


Slippage is known in DeFi when the trader receives a different price than initially set. Thus, the price at which the order was executed does not correspond to the price that was requested. Besides the lack of liquidity, volatile markets can also be the cause of this slippage. For example, when you have a trade ready to go, and the value of these assets suddenly goes down the drain.

So how can a front runner influence this? By retrieving information from the trade that is not yet included in the block, and then changing this price so that you can only execute your trade at a higher price. A front runner can earn thousands of dollars by executing the same attack over and over again.

In short: Slippage is the difference between the expected price of an order and the price when the order actually executes. The slippage percentage shows how much the price for a specific asset has moved. Due to the volatility of cryptocurrency, the price of an asset can fluctuate often depending on trade volume and activity.

Sandwich attack

Someone wants to make a transaction and buy crypto on a DEX. An automatic bot constantly monitors this mempool and detects this transaction with the associated transaction fees. So, this bot puts a buy order with a higher gas fee, so it gets priority on this particular transaction. Immediately after, it places a sell order of the same number of crypto but with a lower gas fee than that of the initial trader; the victim in this case. Result? The bot buys and sells in the same block and thus makes money here, thanks to the predetermined percentage of slippage.

because blockchain technology is transparent, we can look up and track all transactions.

In this example, we immediately see how the sandwich attack works.

  • A buyer has placed an order, agreeing to pay at 8.44 BNB per token against 31.578ONE tokens.
  • The front runner sees this transaction and places the same order, but with a higher transaction cost, giving him priority. He buys as many as 15.56 BNB tokens at 57,841 ONE tokens.
  • Almost immediately afterwards, he sells the same number of ONE tokens, namely 31 578 at a BNB price of 8.4744. So here the buyer pays more than he would get, with the attacker getting a share of these crypto.

Here's how a sandwich attack works:

  1. The attacker monitors the pending transactions on the DEX and identifies a target transaction that is about to be executed by a trader.

  2. The attacker quickly initiates two transactions around the same time as the target transaction. The first transaction involves placing a small order ahead of the target transaction, while the second transaction involves placing a larger order just after the target transaction.

  3. The objective of the attacker is to manipulate the price of the targeted cryptocurrency. By placing the small order ahead of the target transaction, the attacker aims to push the price slightly in their favor. Then, by placing the larger order after the target transaction, they further exploit the price movement caused by the target transaction.

  4. The trader's target transaction, which was originally intended to be executed at a certain price, is impacted by the attacker's manipulative actions. The trader ends up buying or selling the cryptocurrency at a less favorable price due to the price movements caused by the attacker's transactions.

How to avoid the sandwich attack

  • Limit gas price
    These attacks can only occur because transactions with a higher gas fee are given priority over others. By putting a certain limit on this gas price, a front runner will have less chance to get in front of it. This problem can never be completely eliminated because there are always differences in the gas fee. But by making this difference less significant, it is also less likely to happen.
  • Avoid pools with low liquidity
    Lack of good liquidity is a big problem. The smaller this pool, the less likely an investor is to get a good price, because slippage is more likely to occur here. The higher the slippage, the more profit can be made by a sandwich attack.
  • Smaller trades
    A sandwich attack is of interest to attackers only for larger trades/transactions. The bigger the trade, the bigger the profit margin. One way to avoid sandwich attacks is to split your trade into several smaller trades. These small trades are not interesting enough for front runners. It is true that you will always pay a transaction fee on these smaller trades instead of one fee on the entire trade. This is a choice you have to make yourself.

Reactie plaatsen


Er zijn geen reacties geplaatst.