Sandwich attacks explained
In our previous blog post, we’ve already outlined the most common types of MEV attacks that you need to be aware of. Now, it’s time to dig deeper into one of the most common types of attack — a sandwich attack.
| To learn more about Hackless, check out our Twitter page and discover the future of security in DeFi |
AMM, price slippage, front and back-running
To get a good grasp of how a sandwich attacker works, we need to understand a few terms first.
Automated Market Maker (AMM) works on the basis of an automated algorithm that calculates the prices of assets given the demand and supply after every trade.
Mempool is a memory pool for storing information on unconfirmed transactions. When a transaction enters a mempool, it means that it has already been verified but has not yet been included in the block. In a mempool, a mining node picks up a transaction and packages it into a block.
Price slippage can be defined as the price difference between a transaction being submitted and when a transaction is confirmed on the blockchain. In reference to DeFi, you’re sure to notice price slippage mentioned under the swap button when trading on a DEX.
Front and back running implies the monitoring of a mempool with the aim to execute a transaction immediately before or after a pending transaction of a user.
Sandwich attack — step by step
Sandwich attacks include both front-running and back-running tactics aimed at manipulating the price of an asset by executing a single big trade. To do this, MEV actors watch a mempool for large transactions and sandwich them — they place two transactions, one before and another one after the original trader’s transaction.
If we examine this more closely, we can break down this strategy into well-defined steps, which are as follows:
- An attacker watches the mempool to detect a high-value transaction.
- A certain amount of the same token is purchased before a user’s transaction. This is done by paying a higher gas fee.
- Attacker’s front-running transaction results in pumping the price of the asset.
- A user buys the asset at a higher price.
- The attacker sends a sell transaction, pocketing the difference in price.
- The user suffers a loss, while the attacker enjoys the benefit.
Averting sandwich attacks with Hackless
By better understanding the problems associated with sandwich attacks, it is possible to find efficient solutions. That’s what we’ve done at Hackless. Bear with us and we will unfold the curtains to shed light on our solution that protects DeFi users from this type of attack in the coming weeks.
Stay with us — become Hackless!
