The decentralized finance landscape offers many opportunities, but can also be prone to various types of attacks.
Smart contract exploits are a constant concern — criminals take advantage of vulnerabilities in DeFi code, leading to flash loan attacks, rug pulls, and more recently, sandwich attacks.
If you haven’t heard of sandwich attacks yet, you might not be alone, since they’re not as popular an attack as, say, a rug pull. But sandwich attacks can cause pretty problematic situations in DeFi — enough so that Ethereum co-founder Vitalik Buterin warned us about them way back in 2018.
When it comes to the many attack vectors in technology, it is crucial to understand the basic concept of an attack and the potential ramifications. A sandwich attack, mainly targeted at DeFi protocols and platforms, can have significant consequences and result in market manipulation.
The Sandwich Attack Concept
At its core, a sandwich attack is a form of front-running that primarily targets decentralized finance protocols and services.
In a sandwich attack, a nefarious trader looks for a pending transaction on the network of their choice, e.g., Ethereum. The sandwiching occurs by placing one order right before the trade and one right after it. In essence, the attacker will front-run and back-run simultaneously, with the original pending transaction sandwiched in between.
The purpose of placing these two orders and surrounding pending transactions is to manipulate asset prices. First, the culprit will buy the asset the user is swapping to — e.g., using LINK to exchange to ETH — with their knowledge of ETH's price increasing. Then, the culprit will buy ETH for a lower price in order to let the victim buy at a higher value. The attacker will then sell ETH at a higher price afterward.
The transaction sandwiching affects the amount of ETH the initial user will receive. As the culprit succeeded in filling the order at their desired price, the next trade will be higher in cost. That sequence causes the ETH price to increase, allowing the culprit to pocket a profit by front- and back-running a trader and creating an artificial price increase.
For more information about how to avoid front-runners on decentralized exchanges, click here.
Various Factors to Consider in Sandwich Attacks
The sandwich attack method (as explained above) makes this type of attack sound straightforward. In reality, it is perhaps too easy to perform this type of attack. Even if the profit is small, one can use this method repeatedly without any repercussions. However, a malicious trader needs to be well-prepared to pull off a sandwich attack. There are many intricacies in decentralized finance to consider which may impact the chance of success.
The majority of sandwich attacks will be performed through automated market maker solutions or AMMs. Notable examples include Uniswap, PancakeSwap, Sushi and others. Through their pricing algorithms, liquidity is always in high demand, and trades execute continuously. However, you can’t forget about the price slippage aspect, which occurs when the volume and liquidity of an asset change.
Traders also face an expected execution price, an actual execution price and an unexpected slippage rate. These facets can impact the rates at which one trades and how much asset Y they receive in exchange for asset X. Blockchain transactions can take some time to execute and the inter-exchange rates of assets can fluctuate wildly, resulting in more unexpected price slippage.
A Sandwich Attack: Two Possible Scenarios
Keeping all the above in mind, a bad actor can perform a sandwich attack in two ways.
Liquidity Taker vs Taker
It is not out of the ordinary to see different liquidity takers attack one another.
For example, if a regular market taker has a pending AMM transaction on the blockchain, the culprit can emit subsequent transactions — front-running and back-running — for financial gain. As the liquidity pool and asset pair have three pending transactions, miners will decide which is approved first.
If the culprit pays a higher transaction cost than the other individual, there is a bigger chance for the malicious transaction to be picked up first. It is not a guaranteed outcome, but merely an illustration of how easy it can be to attempt a sandwich attack.
Liquidity Provider vs Taker
A liquidity provider can attack a liquidity taker in a very similar manner. The initial setup remains identical, although the bad actor will need to perform three actions this time.
First, they remove liquidity — as a front-running method — to increase the victim's slippage. Second, they re-add liquidity — back-running to restore the initial pool balance. Third, they swap asset Y for X to restore the asset balance of X to how it was before the attack.
Withdrawing one's liquidity before the victim's transaction goes through negates the commission fee for that transaction. Normally, liquidity providers earn a small fee for activity occurring in their pool of choice: ensuring that commission doesn't get granted can cause financial harm to any taker, although at the cost of one's commission.
Are Sandwich Attacks Worth the Work?
Despite clear financial incentives to sandwich attack, doing so may not always be worthwhile. The cost of performing these transactions to front- and back-run other traders will often outweigh the financial gain for attackers — especially when using the Ethereum network, which notes transaction costs (per action) rather regularly.
However, a sandwich attack can still be a profitable attack if the commission earned from "normal behavior" and the transaction cost for a sandwich attack is lower than the victim's trade amount.
The advent of decentralized trading through automated market makers continues to pose a risk to anyone using these services. A sandwich attack can occur at any given moment. As DeFi attracts more and more people, there will be more opportunities for culprits to strike. That doesn't mean there will be more (successful) sandwich attacks in the future, but it is something to keep in mind.
How to Protect Against Sandwich Attacks
For AMMs, it is crucial to develop countermeasures capable of protecting users from sandwich attacks. For example, the 1inch platform introduced a new order type known as "flashbot transactions,” which are not visible in the mempool as they are never broadcasted to it. Instead, the 1inch platform has a direct connection to trustworthy miners to make transactions visible after they are mined.
To date, that appears to be the only way for users to protect themselves against a sandwich attack. However, it remains unclear if other AMMs will forge partnerships with miners to include transactions without broadcasting them to the mempool. Other solutions may be found in the future, although that will likely take some time.