The decentralised finance (DeFi) landscape offers multiple opportunities but smart-contract exploits are becoming an increasing concern, as fraudsters could take advantage of flaws in the code.
DeFi is a new space that is giving users a lot of power without many regulatory constraints, and one needs to be extra careful as it is prone to various types of attacks. One such attack is called sandwich, which may not be a very popular one but can cause problematic situations in DeFi. Ethereum’s co-founder had raised an alarm about this back in 2018.
Concept of Sandwich Attack
A sandwich attack targets the DeFi protocols and platforms, and can have significant consequences in market manipulation. In simple words, the attacker will try to sandwich a user’s transaction with two transactions, before and after, thus incurring a loss to the user.
“This type of attack is most common in decentralised exchanges (DEXs). Most DEXs work on AMM (algorithmic market maker) protocols,” said Raj Karkara, Chief Marketing Officer, ZebPay. “In these protocols, most of the time, the price of a token depends on the depth of the liquidity.”
How to identify sandwich attacks?
This kind of attack depends on the slippage tolerance set by the victim. Most of the time, the price of a token depends on the depth of the liquidity.
Gaurav Dahake, Founder & CEO, Bitbns, said: “These attacks make execution worse because blockchains are open and all these transactions can be observed and checked as to what kind of transaction have been conducted.”
For Instance: A user places an order to buy 1,000 Y tokens at 100 USDT each, and the slippage factor is set to 10 per cent. While executing the trade, DEX will allow the trade to happen as long as the price is below 110 USDT. The attacker needs to check what is the maximum amount of tokens the attacker can buy to increase the price, making sure the price change won’t be more than the slippage set by the user.
How do the attacks take place?
The first step in these attacks is bots sniffing out trade transactions. Bots look for transactions with low gas prices and also liquidity pool transactions where users can claim the rewards and convert these to the required tokens.
The majority of sandwich attacks are performed through automated market maker solutions or AMMs. Through their pricing algorithms, liquidity is always in high demand, and trades are executed continuously. “Once these transactions are identified, the bot will place a transaction with a higher fee which frontruns the normal transaction,” said Karkara of Zebpay.
How harmful are sandwich attacks?
As blockchains are open, sandwich attacks can make execution of transactions a challenge. The attacker can check the kind of transactions the victim has conducted. Sandwich attacks can actually aid culprits…