Demystify the dark forest on Ethereum — Sandwich Attacks.
Wow, automated market maker (AMM) decentralised exchanges (DEXs) are so sexy! Come on, they are the best! Look at these projects, Uniswap, Bancor, Curve, … They are non-custodial, don’t require KYC, and their pricing formula is public. Oh and everything on Ethereum is transparent, transparency is always good! What can go wrong?
Wait wait, oh Ethereum is transparent. Emm… everyone else can see my transaction before it is confirmed and place their trade before me? Emm… there is no regulation? Hmm… interesting, I can do attacks in this dark forest without getting punished?
Disclaimer: This article is to promote our recent paper ‘High-Frequency Trading on Decentralized On-Chain Exchanges’, which is accepted at IEEE Security and Privacy 2021. All views expressed in this article are my own and do not represent the opinions of the co-authors of our paper.
Our paper is available on Arxiv: https://arxiv.org/abs/2009.14021
For those of you who don’t know about AMM, it is a predefined pricing algorithm automatically performs price-discovery and market making, using assets within liquidity pools. Liquidity providers are, therefore, not required to monitor the market to adjust bid and ask prices. Liquidity takers can directly trade against the AMM liquidity. Such automation also serves to reduce the number of on-chain transactions, making such mechanisms particularly suitable for smart contract-based DEXs given an underlying blockchain that supports only a limited number of transactions per second.
There are a lot of smart people working in this field. My favourite project is Uniswap, their code quality is, in my opinion, the best. Hayden (@haydenzadams) and Dan have also given valuable advice in the early stage of our paper in 2019, which I really appreciate. There are a few other successful projects, such as Curve, Bancor, Balancer and etc, and countless forks. Curve is very interesting on the protocol level, especially how they used tokens to govern the behaviour of their users.
In the academic world, researchers have also worked on blockchain front-running before. For example, the insightful SoK (SoK: Transparent Dishonesty: front-running attacks on Blockchain) at FC by @sbetamc, Seyedehmahsa Moosavi and…