DEFI Sandwich Attack Explain

achinta das
Coinmonks
5 min readJun 12, 2021

--

In this article, I am going to summarise what is sandwich attacks with an example and mathematical view so you can understand crypto market manipulation.

Sandwich attacks are not new, Vitalik already talked about them in the context of Uniswap in 2018.

Let's try to understand what sandwich attack is in simple terms.

What is a Sandwich attack?

A victim transaction trades a crypto-currency asset X (ex: ETH, DAI, SAI, VERI) to another crypto-asset Y and makes a large purchase. A bot sniffs out the transaction and Front-Runs the victim by purchasing asset Y before the large trade is approved. This purchase raises the price of asset-Y for the victim trader and increases the slippage ( Expected price increase or decrease in price based on the volume to be traded and the available liquidity).

Because of this high purchase of asset Y, its price goes up, and Victim buys at a higher price of asset Y, then the attacker sells at a higher price.

Breaking Down the Sandwich Attack

These attacks often appear in the wild due to the public nature of blockchains, all transactions can be observed by anyone in the mempool (unless one has a special direct link to a mining pool). Alternatively, smart contracts may contain functions without access restrictions performing such a trade. These functions often exist for claiming LP reward tokens and immediately swapping them for some other token using a DEX.

Frontrunning
  • The sandwich attack follows a similar course :
  1. Detect the victim’s transaction.
  2. Front-Run the victim’s transaction.
  3. Victim transacts and suffers higher slippage.
  4. The attacker then back-runs the victim.

Uniswap

Let's understand how the market works using an example.

  • Exchange Macanisam: The market contains an internal state, PRICE, which is the current market price. It would also have two parameters, FEE, and DEPTH. If a user wants to buy ORDER_AMOUNT coins, they would raise the price to, PRICE + ORDER_AMOUNT / DEPTH, and pay

Essentially, this constitutes buying an infinitesimal number of coins at every price point between the old price and the new price.

  • Uniswap: Uniswap equation characteristic is r0 * r1 = k an equation where r_i are the reserves of a Uniswap pool. Uniswap takes a fee of 0.3% on the input amount of each trade.
  • Uniswap trade equation
  • The sandwich attack involves frontrunning the victim trade with a trade buying the same asset. The gained tokens are sold again after (back running) the victim trade.

What makes a sandwich attack:

Let’s have a closer look and analyze what makes a sandwich attack.

  • Automated Market Maker (AMM): This is a predefined pricing algorithm that automatically performs price discovery and market-making based on the assets in the liquidity pools. The AMM allows liquidity providers to watch and follow the market, then set the bid and ask prices. Liquidity takers, in their turn, trade against the AMM.
  • Price Slippage: Price slippage is the change in the price of an asset during a trade. Expected price slippage is the expected increase or decrease in price based on the volume to be traded and the available liquidity where the expectation is formed at the beginning of the trade.

` Unexpected price slippage is the increase or decrease in price that occurs. during the transaction process for some unknown or unpredicted reason `.

  • Expected Execution Price: When a liquidity taker issues trade on X/Y, the taker wishes to execute the trade with the expected execution price (based on the AMM algorithm and X/Y state), given the expected slippage.
  • Unexpected Price Slippage: The difference between the execution price and the expected execution price.
  • Unexpected Slippage Rate: The unexpected slippage over the expected price.

Summarise

You can understand how the sandwich attack works in general. so for my opinion bot or attacker analyse transaction in the Mempool to decide to launch an attack or not. So it would be better to encrypt transaction details.

zk-SNARKs: There are proposals in the community to use zk-SNARKs, a zero-knowledge-proof technique, to achieve this goal. In other words, zk-SNARKs would be used to encrypt and hide each transaction's information, so the bot could not do anything about it.

However, this approach is not enough to control this kind of attack because it has drawbacks like high Gas cost and the possibility that it can be used to perform blocking attacks that result in the reduction of overall liveness.

The present scenario is still in R&D work to defend this kind of attack in blockchain mempool.

Reference :

Join Coinmonks Telegram Channel and Youtube Channel get daily Crypto News

Also, Read

--

--

Coinmonks
Coinmonks

Published in Coinmonks

Coinmonks is a non-profit Crypto Educational Publication.

achinta das
achinta das

Responses (2)