The introduction to DeFi, or decentralized finance, provided new opportunities for transforming conventional notions regarding financial services. You should also note that the growing adoption of DeFi has resulted in more vulnerabilities and the possibility of attacks. You must notice that smart contract exploits and DeFi attacks have become prominent concerns for DeFi users and developers. Decentralized finance has led to a sudden rise in vulnerabilities for DeFi code.
As a matter of fact, every new technology has vulnerabilities, and it is only a matter of time before someone recognizes them. The most common smart contract security pitfalls, such as rug pulls and flash loan attacks, have affected various projects. At this point in time, it is reasonable to think about the sandwich attack, which emerged as a prominent threat. However, sandwich attacks have not gained popularity as rug-pull scams.
The most common assumption about a threat you don’t encounter often is that it does not have the capability to harm you. On the contrary, sandwich attacks could create some of the most complicated situations within the DeFi landscape. Before you find out answers to “What is sandwich attacks?” you must note that Vitalik Buterin mentioned the attacks in 2018. Therefore, it is important to understand the basic principles underlying sandwich attacks and their potential impact. The following post offers you a detailed guide to sandwich attacks and their ramifications for the DeFi sector.
Want to learn and understand the scope and purpose of DeFi? Enroll Now in Decentralized Finance (DeFi) Course!
Definition of Sandwich Attacks
The first thing you must learn about sandwich attacks is their definition and the category of attacks they fall into. Sandwich attacks are a variant of front-running attacks in which exploiters place two transactions before and after a victim’s transaction. The primary target of DeFi sandwich attacks is decentralized exchanges or DEXs, which enable direct exchange of tokens from wallets. The attacker starts the exploit by monitoring all the pending transactions on the blockchain network. Subsequently, they find the largest or most profitable transaction they could exploit. How?
The attacker would place one transaction with a higher gas fee for jumping ahead of the victim’s transaction. It is also important to note that the transaction would purchase the same token intended by the victim in the transaction. As a result, the price of the transaction would become higher than the expectations of the victim. What are the factors responsible for forcing a user to pay more for transaction fees? The two most obvious answers to the question point to the higher demand alongside slippage, which is the difference between the estimated and actual price of transactions.
Build your identity as a certified Web3 & Blockchain expert with 101 Blockchains’ Web3 & Blockchain Certifications designed to provide enhanced career prospects.
How Does the Attacker Benefit from Sandwich Attacks?
The most crucial aspect for understanding sandwich attacks in DeFi is the viewpoint of the attacker. What does the attacker gain by placing a transaction ahead of the victim’s transaction? Now, you must know about the second part of the sandwich attack on the victim. The attacker would place another transaction after the user’s transaction, with a higher gas fee, to ensure immediate processing. After the victim’s transaction is completed, the second transaction placed by the attacker would sell the tokens bought in the first transaction at a higher price. As a result, the transaction would reduce the price of the token, and the victim would lose value on the transaction.
Attackers would get benefits from the difference in the pricing of purchase and sale prices. The victim’s transaction suffers between two transactions of the attacker, thereby terming the attack a sandwich attack.
Important Factors Associated with Sandwich Attacks
The basic example for describing the underlying principles of sandwich attacks offers a clear glimpse of price manipulation and front-running. You might be wondering about the reasons behind losses to the victim. One of the important aspects in the working of sandwich attacks is the Automated Market Maker mechanism.
The AMM must work on rebalancing the exchange rate to maintain liquidity, as the attacker’s buy order takes up a large portion of liquidity from the pool. As a result, the victim would end up with a poor exchange rate as the attacker’s transaction front runs their transaction for earlier execution.
In the second phase of sandwich attacks, the hackers use a big sell order to add liquidity to the pool. The increased liquidity would stabilize the exchange rate, which would help the attackers obtain a better conversion price for the tokens they bought in the first transaction. Prior to the sell transaction by the attacker, the victim’s buy transaction for the same token would have pushed up the price. Therefore, selling the same token would be profitable for the attackers.
Most important of all, hackers also use sandwich attack bot and tools for executing sandwich transactions at unbelievably higher speeds. As a matter of fact, bots can help in executing the sandwiched transactions before the AMM can stabilize the exchange rates. One of the most popular examples of platforms that have been the biggest victims of sandwich attacks is PEPE. Let us learn more about the example of PEPE token network and how it has become the top spot for sandwich attacks.
Want to explore in-depth about DeFi protocol and its use cases? Enroll Now in Decentralized Finance (Defi) Course- Intermediate Level!
The Curious Case of Sandwich Attacks on PEPE Network
PEPE token is one of the most renowned examples of crypto tokens inspired by memes. However, the PEPE token network has been experiencing frequent issues with an increasing number of DeFi sandwich attack complaints and front-running. Interestingly, the PEPE network has also opened up new opportunities for expanding the use of bots for sandwich attacks. In the initial stages, the PEPE token network did not have significant volumes of liquidity, and many people did not know about the token. The PEPE token network shot to popularity after a tweet claimed that a PEPE bag bought at $250 had surged to a price of $1.5 million.
The magic behind the tweet helped in pushing the optimism and hype around the PEPE token, thereby leading to a rise in the bag value. However, another address utilized a sandwich attack bot for front-running all PEPE buy transactions on the token network. Just like other instances of sandwich attacks, the frequent front-running led to an increase in the prices of PEPE tokens.
The attacker also used bots to push up the prices of CHAD tokens. As a matter of fact, the attacker had spent more than $1.28 million in transaction fees across a 24-hour timeframe. Ultimately, the attacker claimed profits amounting to more than $1.4 million at the expense of traders who bought the tokens at high prices.
Want to understand the best ways to use DeFi development tools like Solidity, React, and Hardhat? Enroll now in DeFi Development Course!
How Can You Identify a Sandwich Attack?
The discussions about sandwich attacks also refer to the factors required for identifying sandwich attacks. You can notice how anyone with crypto expertise can fool you into engaging in loss-making trades. The interesting thing about such DeFi attacks is the simplicity and ease of performing such attacks. On top of it, the attackers could continue repeating the transactions without repercussions. Therefore, it is important to notice the distinctive traits expected in sandwich attacks to ensure your safety.
First of all, you must remember that sandwich attacks target decentralized exchanges or DeFi platforms, which use Automated Market Makers. Some of the noticeable examples of such platforms include Uniswap, SushiSwap, PancakeSwap, and others. In addition, it is also important to note that the expectations of the trader regarding the execution price and the difference with the actual execution price influence the possibilities of sandwich attacks. Here are the two most common scenarios you can expect in sandwich attacks on DeFi platforms.
Want to explore an in-depth understanding of security threats in DeFi projects? Enroll Now in DeFi Security Fundamentals Course!
Liquidity Taker vs. Taker
The signs of a sandwich attack would be visible when liquidity takers compete with one another. You can identify examples of such scenarios in cases where a general market taker has pending AMM transactions on the blockchain. The attacker would initiate the front-running and back-running transactions on such transactions to obtain financial gain. It is important to note that the liquidity pool, alongside asset pairing, features three pending transactions. Therefore, miners would work on deciding the choice of transaction for first approval.
When the attacker pays a higher transaction fee than the victim, the network showcases an inclination towards the malicious transaction. On the other hand, it is not an effective choice for a sandwich attack in practical scenarios. At the same time, it also suggests an explanation for the ease of implementing sandwich attacks.
Liquidity Provider vs. Liquidity Taker
Liquidity providers could attack liquidity takers in a similar manner as other liquidity takers. Examples of such DeFi sandwich attack scenarios would involve the attacker removing liquidity as a method for front-running. The front-running increases the slippage for the victim, and then the attacker adds liquidity again for stability in the pool balance. Withdrawal of liquidity prior to the approval of the victim’s transaction could remove the commission fee for the concerned transaction.
How Can You Fight Against Sandwich Attacks?
The mysterious nature of sandwich attacks with the complexity of combining front-running and back-running transactions can be confusing for users. How can you trust a DeFi project with safety from sandwich attacks? You can find your answers by reflecting on specific highlights in responses to “What is sandwich attacks?” and how to ensure user safety in DeFi protocols. The alarming fact about sandwich attacks is the fact that there is no specific solution for preventing sandwich attacks.
On the contrary, users could follow some precautions to avoid the risk of sandwich attacks and reduce their exposure to attackers. Sandwich attacks are one of the unique additions among DeFi attacks as they are associated closely with the design and limitations associated with DeFi protocols and platforms. Here are some steps you can follow to ensure that no one fools you into becoming a victim of sandwich attacks.
Pay the Higher Transaction Fees
More often than not, users think that they could put some transactions on hold and wait for the transaction prices to drop as they wait in the queue. Users have the freedom of choosing the amount of gas they want to pay for confirming a specific transaction on the blockchain network. The amount of gas paid for a transaction helps in ensuring faster confirmation and execution of transactions.
Attackers have been using sophisticated tools like sandwich attack bot and target pending transactions at higher speed. On the contrary, you can escape the trap of sandwich attackers by paying higher transaction fees to confirm transactions. As a result, the attackers could not find an acceptable range of profitability with the trades.
Start learning Decentralized Finance (DeFi) with World’s first DeFi Skill Path with quality resources tailored by industry experts Now!
The threat of sandwich attacks has become more complicated with the arrival of tools like bots for sandwich attacks. One of the trusted measures for safeguards against sandwich attacks is MEV protection services. The services use oracles, algorithms, or smart contracts for detecting and preventing sandwich attacks alongside reimbursing users for losses. However, the limited accessibility of such services creates a major challenge for users in leveraging their functionalities.
Look for Lower Slippage Tolerance
Another term that could save you from sandwich attacks is slippage tolerance. It refers to the maximum percentage of price fluctuation that a user can accept for the approval of their trade. For instance, if users set the slippage tolerance at 1%, the transaction would be canceled when the price increases over 1% from the time of initiating the transaction and its completion. Users can reduce the risks of a DeFi sandwich attack by lowering slippage tolerance to avoid paying more for their transactions. Lower slippage tolerance helps in increasing the chances of fighting against risks of price manipulation.
Curious to understand the complete smart contract development lifecycle? Enroll Now in Smart Contracts Development Course!
The introduction to sandwich attacks showed that the domain of DeFi security problems is expanding at a rapid pace. It is important to learn about the significance of responses to “What is sandwich attacks?” beyond the superficial layer. You should identify how attackers target pending transactions on DeFi platforms such as decentralized exchanges.
It is important to reflect on the different scenarios for sandwich attacks alongside understanding the role of liquidity in enabling such attacks. As the domain of DeFi awaits a broader scale of adoption in the event of failure of large centralized exchanges, security lapses due to sandwich attacks could present massive concerns for DeFi adoption. Therefore, it is time to learn more about sandwich attacks and explore potential solutions for them.
*Disclaimer: The article should not be taken as, and is not intended to provide any investment advice. Claims made in this article do not constitute investment advice and should not be taken as such. 101 Blockchains shall not be responsible for any loss sustained by any person who relies on this article. Do your own research!