Front-running — A threat to crypto trading?

Front-running has been in the stock market for a long time(bonds, stocks) but how does it happen in the crypto market?

Front-running, coined originally for traditional financial markets, is the race to order the chaos to the winner’s benefit. In financial markets, the flow of information gave birth to intermediaries that could simply profit by being the first to know and react to some information. These attacks mostly had been within stock market deals and early domain registries.

The type of front-running attack discussed in this article is called the “sandwich Attack”

So what exactly is a sandwich attack?

A sandwich attack is a predatorial transaction where somebody exploits either insider knowledge or privileged information about a “huge” future transaction that is about to affect the market price substantially.

One of the fundamental things you need in order to commit front-running is mere knowledge of a big transaction.

Basically, the attacker(usually Bots) are taking advantage of any victim/user that is trying to perform a swap( ie swap between tokens on decentralized exchange).

Attackers are usually brokers, CEOs, or advisors that have such information at their disposal..front-running is considered illegal in international stock trading in most markets but not in NFT crypto because all information is stored in a publicly auditable digital ledger.

The internet’s power to disseminate information increases front-running in the cryptocurrency market. While front-running is banned in traditional trading because the trader is using non-public data, the trader on a decentralized exchange(DEX) is using data publicly accessible on the blockchain and is not technically shorting the system.

How these attacks happen

When blockchain users want to execute a transaction, they need a miner to include it in the blockchain. In order to do so, the most common approach is to send the transaction to the mempool, which is a public and temporary list of transactions waiting to be mined. Miners have an incentive to include new transactions into the blockchain (i.e. mine transactions) because they earn profit by charging fees during the process. Thus, they have the incentive to monitor this mempool and process as many transactions as they can.

Since there are so many transactions in the mempool, miners usually pick higher bidding transactions (gas price). The higher the fee, the quicker it is for a transaction to be placed as a priority.

For instance;

If an attacker knew Mr. X was going to buy $1,000 worth of woo tokens, he will get ahead of that particular order by buying the same, then watch the big order he knew was coming anyway go through, pushing up the price of the security and then crystalize with a sell!

This attacker has successfully crafted for himself a transaction that will provide him with profit.

Does this attack always work?

For the “predatorial sandwich signature” to take place on DEFI, Two conditions need to occur simultaneously:

• The profit needs to be higher than the gas fee (the fee that miners charge for processing each transaction). Because profits tend to be small,(the amount of tokens acquired by the user) needs to be big in order to overcome gas fees.
• Thanks to high spillage tolerance
  Slippage is the maximum deviation from the desired price a user is willing to accept in a trade. Because transactions are not executed immediately, other transactions operating within the same token may be executed first, resulting in price variation. This means users wanting to buy a token cannot know the exact price when their transactions will execute. This poses the problem of buying tokens that may have experienced a substantial price variation.

What makes WOOFI unique?

The sandwich attack is one of the main concerns for large DeFi traders, and it’s very common in AMMs.

• An AMM is a protocol that allows decentralized exchanges to carry out trades automatically and without permission by utilizing liquidity pools instead of traditional centrally-managed order books.
• AMMs guarantee that trades will be executed continuously through their pricing algorithm. This aspect of the AMM is what makes carrying out a sandwich attack on a decentralized exchange possible because once a bot or an attacker sniffs out the transaction, they are able to then front-run and back-run a standard trade transaction at the same time, while the original transaction still goes through because AMM transactions allow for price slippage.

However, WooFi has deployed smart contracts that prevent such attacks that aid in masking or encrypting trade information so that bots and attackers can’t identify target trades.

In WOOFi, the price is determined by the parameters of on-chain price feeds and the sPMM algorithm instead of the liquidity in the pool. The price is updated on-chain at a ~0.1% price deviation. Therefore, the exploiter will not be able to push the price up to front-run other users artificially.

In addition, instead of having an asset pool for each trading pair, WOOFi uses a single pool design that holds and manages all the assets including multiple base tokens and one quote token. The sPMM auto rebalances the assets in the pool by providing more favourable quotes to traders who send assets that are low in liquidity to the pool. This design further improves the volume-to-liquidity ratio and saves on gas fees for users.

Summary

While you may think that sandwich bots would only target high-value transactions, you could not be further from the truth.

The easiest way to prevent getting sandwiched is to place a limit order. Unlike typical market orders prone to slippage, users can set their fill price instead.

Although sandwich attacks are not always worth the profit, new ways to protect against them are developing every day, though many are still unaware of this hidden tax on their transactions.

Fun fact: Front-running can happen in the nonfungible token(NFT) marketplaces too.