Cointime

Download App
iOS & Android

Sandwich Attacks: Are You on the Menu?

Repost from Modern Consensus, Alice Kohn: “Sandwich Attacks: Are You on the Menu?” The full report and all related findings are available on the official website of Modern Consensus.

raditional “front running” is trading of stocks or other financial assets using privileged information about an upcoming transaction that is anticipated to significantly impact its price. For example, brokers could front run trades by using insider knowledge regarding their firm’s imminent issuance of a buy or sell recommendation to clients, a move expected to influence the asset’s price. Trading on this kind of non-public information is illegal in most jurisdictions, not only because it’s unfair to other market participants but also because it degrades the integrity of financial markets and erodes investor trust.

In the often “Wild West” of crypto markets, given that all too often lawmakers haven’t caught up with technology, regulators are preoccupied with increasing their own power or regulating by enforcement – and ultimately, the crypto community has largely failed to police itself – market participants are typically left to fend for themselves.

In the context of decentralized finance (DeFi), front running refers to the practice of a trader or bot capitalizing on advance knowledge of upcoming transactions in a blockchain network, typically on Ethereum given its outsized role, to make profitable trades.

Here’s a breakdown of how it typically works:

  • Observation: front runners use bots to monitor the pool of unconfirmed transactions (known as the mempool*) in a blockchain network. They look for large transactions that will significantly impact the price of a cryptocurrency.
  • Prediction: once a potentially profitable transaction is identified, front runners predict how this transaction will affect the market. For example, a large buy order could increase the price of a cryptocurrency.
  • Action: before the original large transaction is confirmed, the front runner quickly submits their own transaction with a higher gas fee. This higher fee incentivizes miners to prioritize and process the front runner’s transaction first.
  • Profit realization: the front runner’s transaction, processed before the large transaction, capitalizes on the anticipated price movement. For instance, they might buy a cryptocurrency before a large buy order is processed, expecting its price to increase. They then sell it at the higher price after the large transaction has influenced the market.

This practice is controversial and considered unethical by many in the crypto community. It exploits the transparent nature of blockchain transactions and can lead to market manipulation. Efforts to mitigate front running in DeFi include the development of more sophisticated transaction ordering mechanisms and privacy-enhancing technologies.

So what is a sandwich attack? This is a specific type of front running that involves placing not just one but two transactions around a large pending transaction, in order to profit from the price movement it causes. Here’s how it works:

  • First attacker transaction: the attacker spots a large trade (e.g., a buy order) in the mempool.* They then place a similar buy order just before the victim’s transaction executes, increasing the price of the asset.
  • Victim’s transaction: the large order by the victim gets executed at the now-inflated price.
  • Second attacker transaction: the attacker immediately sells the asset at this inflated price, profiting from the price difference caused by the victim’s large order.

So the attacker takes advantage of knowing a victim’s trade details in advance and manipulates the market price to their benefit, both before and after the victim’s transaction. This can lead to a worse trade outcome for the victim because of a phenomenon called “slippage” – the variance between the anticipated and executed prices of an order due to crypto’s inherent volatility when there are low trading volumes.

Ways to avoid being front run

There are several strategies and practices that can help users avoid becoming victims of front running and sandwich attacks in the DeFi space:

Slippage tolerance: setting a low slippage tolerance in decentralized exchanges (DEXes) can prevent your transaction from being executed if the price impact is too high, which is often the case in sandwich attacks.

Private transactions: some platforms offer private transaction services, where details of your transaction are not made public until they are executed. This prevents potential attackers from seeing and exploiting your transaction in advance.

Smaller transactions: large transactions are more likely to be targeted by front runners and sandwich attackers. Splitting a large transaction into smaller ones can reduce visibility and attractiveness to attackers.

Limit orders: using limit orders instead of market orders allows you to specify the maximum price you’re willing to pay or the minimum price you’re willing to accept. This can prevent buying at inflated prices due to front running.

Transaction batching: some services offer transaction batching, where multiple transactions are combined and executed together. This can obfuscate individual transaction details, making it harder for attackers to target specific trades.

Time of execution: executing transactions during less active hours can reduce the likelihood of being targeted, as there are fewer transactions in the mempool for attackers to monitor.

Flashbots: with Ethereum, using Flashbots (a system for miners and traders to directly negotiate transaction inclusion and ordering) via the wallet’s RPC settings can mitigate the risk of being front run.

DEX aggregators: using DEX aggregators such as CoW Swap can help, as they split your transaction across multiple DEXes, reducing the impact of your trade on any single liquidity pool and making it harder for attackers to profit from sandwich attacks.

Upgraded protocols: some DeFi protocols are implementing solutions to mitigate these risks, such as using different transaction processing mechanisms that are less susceptible to front running.

Constant vigilance: ultimately, staying informed about the latest security practices and being aware of the risks inherent in DeFi trading is crucial.

It’s important to remember that while these strategies can reduce the risk of being front run or sandwich attacked, they can’t eliminate it entirely. Always exercise caution and stay updated on best practices in the rapidly evolving DeFi landscape.

* A blockchain’s mempool (short for “memory pool”) functions as a temporary storage area for pending transactions, facilitating transaction validation, preventing double-spending, and enabling nodes to choose transactions for inclusion in mined blocks based on fees, which contributes to blockchain integrity and efficiency.

Comments

All Comments

Recommended for you

  • Whale Transfers 1,133 BTC to Coinbase Prime, Valued at $71.48 Million

    According to Onchain Lens monitoring, a whale transferred 1,133 BTC from Coinbase to Coinbase Prime through an intermediary wallet, valued at $71.48 million.

  • U.S. AI Chip Stocks Decline Before Market Open, Intel Falls Over 3%

    On July 7, U.S. AI chip stocks experienced widespread declines before the market opened. Intel dropped over 3%, while AMD, Qualcomm, and NXP fell more than 2%. TSMC, Broadcom, and Tesla decreased by over 1%, and NVIDIA declined by 0.7%.

  • China's Central Bank Increases Gold Reserves for the 20th Consecutive Month

    As of the end of June, China's gold reserves stood at 75.44 million ounces (approximately 2,346.446 tons), an increase of 480,000 ounces (about 14.93 tons) from the end of May, which reported 74.96 million ounces (approximately 2,331.52 tons). This marks the 20th consecutive month of gold accumulation.

  • China's Foreign Exchange Reserves in June at $341.6262 Billion

    On July 7, China's foreign exchange reserves for June stood at $341.6262 billion, a decrease of $26 billion from the end of May, representing a decline of 0.75%, with expectations set at $343.2 billion.

  • U.S. Storage Stocks Drop Pre-Market, SanDisk and Micron Down Over 4%

    On July 7, U.S. storage concept stocks collectively fell in pre-market trading. Western Digital dropped over 5%, SanDisk and Micron Technology fell over 4%, Seagate Technology declined over 3%, Rambus fell over 2%, and SMI fell over 1%.

  • U.S. Stocks in Optical Communication Sector Drop Pre-Market

    On July 7, stocks in the optical communication sector of the U.S. market collectively fell pre-market. Astera Labs dropped over 4%, while Marvell Technology, Credo Technology, and AXT Inc. fell more than 3%. Tower Semiconductor, MaxLinear, Corning, Applied Optoelectronics, GlobalFoundries, Lumentum, and Qorvo all declined by more than 2%. Coherent, Nokia, Amphenol, and Broadcom dropped over 1%.

  • Pre-market Decline in U.S. Storage Stocks

    In pre-market trading, U.S. storage concept stocks experienced a widespread decline, with Micron Technology falling by 4.8%, SanDisk dropping over 4%, Corning down more than 2%, and Intel decreasing by over 3%.

  • Two Departments: Support for Reinsurance Institutions to Increase Capital and Issue Supplementary Capital Tools

    On July 7, the National Financial Supervision and Administration Bureau and the Shanghai Municipal Government released several measures to accelerate the construction of the Shanghai International Reinsurance Center. Among these measures, they proposed to enhance the quality and efficiency of the reinsurance industry, support reinsurance institutions in increasing capital and expanding shares, and issuing supplementary capital tools to improve the capacity for internal capital accumulation and external capital supplementation, thereby strengthening the reinsurance industry's capabilities. The initiative aims to guide the insurance industry to focus on major national projects, strategic emerging industries, and livelihood security, consolidating insurance and reinsurance underwriting capabilities to enhance risk protection levels. It also supports reinsurance institutions in leveraging their professional technical advantages to assist the insurance industry in reducing risk.

  • Sources: Saudi Arabia Plans to Expand Oil Pipeline to Red Sea, Increasing Capacity by 2 Million Barrels Daily to Bypass Strait of Hormuz

    On July 7, five informed sources revealed that Saudi Arabia is considering expanding the crude oil pipeline capacity to its western coast on the Red Sea, allowing Saudi Arabia and its neighbors to transport more oil without passing through the Strait of Hormuz. This east-west pipeline, built in the early 1980s, has gained strategic importance since the outbreak of the Iran war in February and the disruption of shipping in the Strait of Hormuz. The pipeline can deliver up to 7 million barrels of crude oil per day to the Red Sea port. The CEO of Saudi Aramco stated in May that approximately 2 million barrels are supplied to west coast refineries, while about 5 million barrels are for export. Sources indicate that Saudi Arabia is in preliminary discussions with some neighboring countries regarding the pipeline expansion, aiming to add about 2 million barrels of pipeline capacity per day. It remains unclear whether Aramco's planned expansion involves upgrading existing infrastructure or constructing new pipelines. One source mentioned that the expansion plan also includes a smaller refined oil pipeline. Two sources indicated that the expansion scale could range from 1 million to 2 million barrels per day, with refined oil also being considered. Another source stated that the project would take several years and cost billions of dollars, requiring adjustments to Saudi crude pricing mechanisms.

  • Citi: Tencent's WorkBuddy Gains Momentum, Maintains 'Buy' Rating

    On July 7, Citi released a research report stating that, according to the latest industry data, Tencent's AI agent product WorkBuddy has reached 20 million monthly active users (MAU) and over 13 million daily active users (DAU), with a DAU/MAU ratio between 65% and 75%. Considering the product has only been launched for a few months, user stickiness and daily engagement are performing strongly. Citi quoted Tencent's management as saying that in terms of daily active users, Tencent is leading its Chinese peers in the deployment of AI agents. Early user data reflects strong natural growth for both CodeBuddy and WorkBuddy, with high retention rates. Early users are interacting with the AI agents for long durations and with high frequency, creating a positive feedback loop. It is expected that AI products will become a key revenue source for Tencent Cloud. The firm believes that WorkBuddy's success demonstrates the strength of Tencent's ecosystem, the synergy between various productivity tools, and users' trust in Tencent's products and security. Citi maintains a 'Buy' rating on Tencent with a target price of HKD 763 unchanged.