Sandwich attacks are a kind of malicious blockchain attack that exploits smart contract vulnerabilities. Simply put, a sandwich attack traps a user’s transaction between two or more transactions, which is then greatly manipulated to gain profits.
The decentralized finance (DeFi) industry in the crypto world provides many opportunities for crypto holders to benefit and make profits. Nonetheless, it is majorly prone to different types of attacks and cyber strikes.
Undeniably, the exploitation of smart contracts is a persistent worry for investors as hackers strike the vulnerabilities that exist in the DeFi code systems. In most cases, these criminal activities result in rug pulls, and flash loan attacks, and the most recent ones are sandwich attacks.
Not many people have heard about the sandwich attacks since they are relatively new in the crypto sector and are yet to gain popularity among criminals.
Nevertheless, sandwich attacks can result in many problematic occurrences in DeFi. Even Ethereum co-founder Vitalik Buterin warned about these attacks in 2018.
It is important to understand the basic concept of these attacks and their possible implications. Mostly, sandwich attacks target DeFi platforms and protocols, and can result in extensive market manipulation.
Related: The Robbing of DeFi – Can DeFi Projects Secure Their Crypto?
How A Sandwich Attack Operates
A sandwich attack is described as a type of front-running that mostly targets DeFi protocols and services. In such hacks, degenerate traders search for any pending transaction on the network of their preference, for instance, Ethereum.
The sandwiching is executed by placing an order right before the trade and another one immediately after it. Essentially, the hacker front-runs and back-runs concurrently, with the original pending transaction sandwiched between the fictitious orders.
In that context, the main aim of placing the two orders concurrently and sandwiching pending transactions is to manipulate the price of the involved asset. The criminal buys the asset the user wants to swap to, for example, using Chainlink to exchange to Ethereum, knowing that the price of ETH will increase.
Then, the hacker purchases Ethereum for a lower price to let the unsuspecting user buy at a higher price. The criminal then sells ETH at a significantly higher price later.
This sandwiching affects the amount of ETH the user will get. Since the hacker managed to fill the order at their desired price, the next Trade comes at a higher cost. The sandwiching sequence makes the Ethereum price surge, enabling the criminal to reap profits by front and back running a trader and forming an artificial price increment.
Factors To Analyze In Sandwich Attacks
Sometimes it seems like the sandwich attack strategy makes the attack straightforward. Even in reality, it might be too easy to execute this kind of attack. Although the profit might be small, one can exploit this strategy many times without any consequences.
Nevertheless, a criminal trader has to be well-prepared to pull off a sandwich attack. Multiple intricacies in DeFi have to be considered which may affect the probability of success.
Most sandwich attacks are executed via automated market maker solutions (AMMs). Some of the major examples include PancakeSwap, Uniswap, SushiSwap, and many others.
Using their pricing algorithms, liquidity is always in high demand, and the trades execute constantly. Please also consider the aspect of price slippage that happens when the volume and liquidity of an asset change.
Traders also have to deal with the expected execution price, an actual execution price, and even an unexpected slippage rate. Blockchain transactions take some time to execute and sometimes the inter-exchange rates can change explosively, resulting in many cases of unpredictable price slippage.
Here are the two possible scenarios of a sandwich attack:
Liquidity Taker Versus Taker
It is common to see various liquidity takers attacking each other.
For instance, when a normal market taker has a pending AMM transaction on the blockchain, the criminal can execute successive transactions that are back-running and front-running, to get some profits. In such cases, the liquidity pool and asset pair have three pending transactions, and miners decide which gets approved first.
When the criminal pays a higher transaction fee than the user, the fictitious transaction will likely be selected first for approval. Nonetheless, it is not an assured outcome, but just a representation of how easy it can be to execute a sandwich attack.
Liquidity Provider Versus Taker
Liquidity providers can similarly attack liquidity takers. The first setup is almost the same, although the criminal will have to execute three actions this time around.
First, they eliminate liquidity – as a front-running strategy – to intensify the slippage of the victim. Then, they re-add liquidity by back-running to restore the original pool balance. Eventually, they swap asset Y for X to ensure that the asset balance of X is restored to its initial state before the attack.
Withdrawing somebody’s liquidity just before the victim’s transaction is approved negates the commission fee for the specific transaction. Normally, the liquidity providers earn some fee for the activity happening in their pool of choice. This guarantees that a commission is not granted and can result in financial harm to any taker, in exchange for a commission.
Are Sandwich Attacks Worth The Hassle?
Although there is a financial incentive involved, the intense efforts involved in these attacks, may not always be worth an attempt. The cost involved in executing these transactions to back and front-run other traders mostly outweighs the financial profits for the hackers.
The attack is equivocal and wasteful, mostly when executed on the Ethereum network since it charges transaction costs for every action quite often.
Nevertheless, such attacks can be profitable for the cyber attacker when the commission earned from ‘normal behavior’ and the transaction cost for a sandwich attack is significantly lower than the user’s trade amount.
Thus, the efforts involved in executing these attacks are considerably higher than the potential incentive. Although the reward might be low, the threat of such attacks still looms.
Decentralized trading via automated market makers poses a severe risk to the users who depend on these services. In that context, a sandwich attack can happen at any time unexpectedly.
Since decentralized finance is gaining popularity, there will be more chances for criminals to attack and reap elevated profits via sandwich attacks.
Related: Types of Exploits in DeFi You Need to Watch Out For
It might not guarantee that there will be more serious sandwich attacks in the future. But, crypto buyers and investors need to keep it in mind to avoid losing their investment.
How To Avoid These Attacks
It is important to create countermeasures that can protect users from sandwich attacks while using automated market makers (AMMs).
Illustratively, the 1inch platform unveiled a new order type called ‘flashbot transactions’ which are invisible in the mempool because they are not broadcasted to it. But, the 1inch platform has a strong link with trustworthy miners who help make such transactions visible once they are mined.
For now, it seems to be the only strategy users can implement to protect themselves against a sandwich attack. Nevertheless, it is not clear whether other AMMs will partner with miners to feature transactions without having to broadcast them to the mempool. Several other solutions might be discovered in the future, although it might take some time.