Decentralized finance, or DeFi as it is popularly known, offers great opportunities to traders, coupled with these opportunities are the risk of smart contract attacks. Vulnerabilities in smart contract codes are being exploited by criminal individuals in the form of DeFi attacks. These attacks include rug pulls, flash loan attacks, and sandwich attacks.
Sandwich attacks are rather unpopular among the list of smart contract vulnerabilities, but they can be of huge concern to users of the smart contract. This type of attack was first brought to public knowledge in 2018 by the founder of Ethereum, Vitalik Buterin. These attacks are targeted at DeFi protocols and platforms and the end result is market price alteration.
Theory of Sandwich Attacks
A sandwich attack is a type of front-running that primarily targets decentralized finance protocols and platforms.
The first step in the attack is finding a blockchain network, for example Binance or Ethereum. After this, the attacker then uses bots to search for pending transactions in the mempool of which the victim (user) wants to trade an amount of token X for a corresponding amount of token Y. The attacker places a similar transaction for a higher volume of token Y on the same block. This transaction then falls just before the victim’s transaction.
Upon the successful filling of the attacker’s order, there is a corresponding increase in the price of asset Y. This is the new price of token Y. When the victim’s transaction is finally carried out, he would receive a lower volume of token Y than he was meant to receive due to the increase in the price of token Y. The attacker then sandwiches the victim’s transaction by selling off token Y for a higher price than that for which they bought it, and as a result, pocket a profit from the artificial increase in price.
From the image above, we can see that Tv is the transaction of the victim, TA1 and TA2 to be the first and second transactions of the attacker respectively. The TV was initially placed before TA1 but TA1 front-runs Tv. After Tv is carried out, TA2 then back-runs it thereby completing the sandwich attack.
Factors To Be Considered in Sandwich Attacks
The method of attack by which sandwich attackers use to operate makes it quite simple and also straightforward. Sometimes the attackers may see quite little profit from a single attack but repeated attacks of such nature can amount to quite a substantial profit. But in most cases, an attacker needs to be well prepared to perform a complete attack. This preparation involves a few factors.
Sandwich attacks are mostly carried out on Automated Market Makers (AMMs). Some very good examples are Uniswap, Pancakeswap, Curve, and Sushiswap. By using its pricing algorithm, demand for liquidity is always high, and trades are executed one after the other. The volume and liquidity of a token change from time to time, which affects the price slippage of a token.
Traders always have to deal with differences in actual execution and unexpected execution cost, and also the issue of high slippage value. These features do have a great impact concerning the rates at which tokens X and Y are traded. It also affects the volume of tokens Y that is received after a successful exchange for token X.
How Sandwich Attacks Happen
There are generally two major ways by which vulnerable smart contracts are being exploited via sandwich attacks. These are:
Liquidity Taker or attacker vs another Liquidity Taker or victim
It is very common for liquidity takers to sandwich each other during transactions. Let’s look at an example of how this happens.
Anytime a regular trader has a pending AMM transaction on the blockchain, the attacker can perform subsequent transactions or front run and back run for his gain. Since the number of pending transactions now amounts to three, miners pick the transaction with the highest transaction fee to be carried out. If the attacker has paid the higher transaction fee, it is more probable that the attacker gets his transaction carried out first, therefore, sandwiching the regular trader’s transaction.
Liquidity Provider or Attacker vs Taker or Victim
Liquidity providers can also attack liquidity takers in a very similar manner. However, one new step is added to the initial setup for this kind of sandwich attack to be executed. This is how it happens:
Liquidity is first of all removed thereby leading to an increase in the victim’s slippage. After a victim adds his transaction to the block, then the attacker re-adds the liquidity or the back-run and restores the initial pool balance. The attacker finally swaps token Y for token X to restore the balance of X to its initial state before the attack.
When liquidity is removed from a pool, the liquidity provider receives no commission for transactions on their pool. If the commission isn’t granted, it leads to a loss for the user. It is important to note that this action comes at the expense of the commission the liquidity provider gets for providing liquidity in their pool.
Profits and Sandwich Attacks
Sandwich attacks are not always successful, and when they turn out successful, the total cost of the attack or gas fees is most times more than the profit made from a victim. For instance, a sandwich attack on a smart contract in the Ethereum network would leave the attacker with more loss than profit due to high gas fees.
Even so, a sandwich attack can still be very much profitable given that the trade amount of a victim is of a greater value than the transaction cost of the attack. This is very much the main condition for the success of a sandwich attack.
How To Protect Traders From Sandwich Attacks
The need for countermeasures to protect traders from sandwich attacks is very important. A measure that has been put in place is the use of flashbot transactions by the AMM known as 1inch. These transactions don't get to the mempool thereby making it rather impossible for the attacker’s bot to detect before the order is filled.
For now, this is the only known way by which traders are protected from sandwich attacks. Hopefully, other AMMs would take more proactive action in ensuring traders carry out token swaps without risks.