The sandwich exploit is a popular type of MEV-based attack on the blockchain, and has already resulted in losses of close to $3 million this week alone. This attack doesn't discriminate between large whales or small fish, as it targets all investors. In this article, we'll take a closer look at how this type of crypto market manipulation works and explore an effective solution called AntiSandwich that can help you prevent becoming a victim of this kind of attack.
In order to understand the DeFi Sandwich Attack, we need to first understand two essential elements that compose this attack and are carried out by a bot, commonly referred to as a sandwich bot. These components, frontrunning and backrunning, combine to create a scenario where the victim is caught in the middle and loses his money.
Front-running refers to the execution of a trade ahead of another user's transaction, knowing that the value of the token will soon rise as a result of the targeted transaction.
Back-running refers to the type of transaction where the sender wishes to have their transaction ordered immediately after a ‘target transaction’, in this case the victim's transaction.
To gain insight into how a sandwich bot identifies profitable transactions, it's important to first understand the concept of mempool...
A mempool, short for memory pool, is the term used to refer to the public list of all pending transactions awaiting inclusion in the blockchain.
So, when a user initiates a transaction, his transaction will be broadcasted to the nodes and added to the mempool. Unfortunately, the transparency of the blockchain means that this publicly available information is also on the radar of opportunity scanning bots that are eager to exploit new transactions.
Detailed explanation of Sandwich Attack Knowing the key concepts highlighted above we can reconstruct how a "sandwiching" exploit takes place with the help of an example.
Example of the Flow:
Victim initiates TX via Router
Swap ()Called On Pair (ETH/USD)
Victim TX Sent To Mempool
Attacker Surveils Victim TX in Mempool
Attacker Initiates TXs Via BOT Contract
Swap() Called On Same Pair With Higher Gas Price (in order to put TX in front of victim's TX - frontrun)
Attacker TX Sent To Mempool With Higher Gas
TXs Mined With Attacker Higher Gas TX in Front Of Victim
Victim TX Mined
Attacker Swaps Tokens for Highest Price After Victims Transaction (Backrun).
When an unprotected user places an order to buy token X, his transaction will appear on the mempool alerting bots placed by the attacker of an exploit possibility. A bot then creates two transactions, one transaction with a higher gas price (front run), and one transaction with a lower gas price (back run), that happen all in the same block as the victim's transaction.
In the first transaction, the attacker buys just a high enough amount of token X to impact the price, which pushes the price up (front-run). When the victim transaction takes place, he will get fewer tokens than expected because the price has increased and his transaction has been front run.
Immediately after the victim’s swap, the attacker executes the second transaction (backrun), selling all the tokens purchased in the first transaction at the highest price after both his and victim's swaps
As a result, a percentage of the tokens spent by the victim on buying token X, is extracted off to the attacker. This exploit is clever and lucrative for the attacker but is disappointing for those who fall victim to it. How to Avoid Sandwich Attacks? In order to halt attackers from sandwiching our crypto transactions, we can consider being careful with the use of our slippage tolerance and keep an eye out for low liquidity pools.
Slippage: Let's say we keep our price slippage tolerance low and set it for 1%, meaning if the price of the token changes more than 1% between the time the transaction is submitted and when it is confirmed, the transaction will be canceled. So in order for the attacker to successfully sandwich us, they can’t drive the price up by more than 1%, otherwise, our transaction would be canceled.
Liquidity: The reason why liquidity is important is that we know that low liquidity of a liquidity pool on DEX makes it easier for the price to move significantly, this in contrast to a pool that has high liquidity. Knowing this, we can imagine that low liquidity token pools are easier for an attacker to manipulate the price with a relatively small amount of capital.
In light of this, it is crucial to stress the importance of liquidity and slippage before engaging with a decentralized market. Keeping this in mind, there is an easier way to mitigate the risks. AntiSandwich by Hackless The AntiSandwich tool, currently available on both ETH and BSC networks, is designed for anyone who wants to transact on decentralized exchanges and wants to fully protect their assets from sandwich attacks. Our widget is designed with a standard or typical swapping interface, providing a secure gateway for swapping crypto assets and eliminating the need to use public mempools, which are at all times monitored for sandwiching attacks.
In order to transact safely, transactions processed through AntiSandwich are mined privately, which means they are not added to the publicly visible mempool, making them more secure and invisible for sandwich bots trading crypto.
Users can connect their own wallets to the user-friendly interface without the need to connect to other platforms or go through the hassle of adding custom networks. All connections will be set up automatically, streamlining the process of executing transactions and increasing user convenience. AntiSandwich for Business Hackless offers a comprehensive B2B solution that includes the AntiSandwich tool and additional features to protect businesses' assets.
The B2B swapping solution offers businesses the ability to integrate our widget into any website, wallet, or app, allowing for the swapping of tokens. Using our NPM library integration, users can limit the number of tokens that can be swapped to prevent unauthorized transactions.
Our widget provides advanced features such as the ability to use specific routers (i.e., DEXes) and whitelist specific tokens. Through the whitelist feature, users can specify which tokens can be swapped, allowing clients to swap only their own tokens. Additionally, we offer complete customization of the widget design, allowing it to align perfectly with the platform's brand. Users can also seamlessly integrate the widget into their platform's current user interface, ensuring a smooth and uninterrupted experience for their users.
The sandwiching exploit is just one example of the ingenuity of human beings when there's profit to be made. Your transaction may be sandwiched when a malicious user sends two transactions, sandwiching your transaction in between. If done correctly the attacker profits off of the price movement of the token you're trading. While this exploit may seem complex, it's good to know the solution to protect yourself is easy. So, if you're concerned about the security of your swaps on Ethereum and BSC networks, AntiSandwich provides a great solution.