{"id":75578,"date":"2024-01-17T17:39:57","date_gmt":"2024-01-17T17:39:57","guid":{"rendered":"https:\/\/kryptodata.se\/what-are-sandwich-attacks-in-defi-and-how-to-avoid-them\/"},"modified":"2024-01-17T17:39:57","modified_gmt":"2024-01-17T17:39:57","slug":"what-are-sandwich-attacks-in-defi-and-how-to-avoid-them","status":"publish","type":"post","link":"http:\/\/kryptodata.se\/what-are-sandwich-attacks-in-defi-and-how-to-avoid-them\/","title":{"rendered":"What Are Sandwich Attacks in DeFi and How to Avoid Them?"},"content":{"rendered":"

Coinspeaker<\/a>
\nWhat Are Sandwich Attacks in DeFi and How to Avoid Them?<\/a><\/p>\n

One of the setbacks coming with popularity is exposure to the risk of attracting the interest of manipulators seeking personal gains. In the same vein, the evolving DeFi<\/a> space has become vulnerable to various attacks as it continues to grow and gain widespread adoption.<\/p>\n

Among the common attacks faced by the industry are sandwich attacks. These attacks pose great risks to crypto investors and their assets. Let’s delve deep into the details of this type of manipulation to understand its basics, how it works, and how to protect against it.<\/p>\n

The Concept of Sandwich Attack<\/h2>\n

Sandwich attack is a kind of digital exploitation that involves manipulating the price of a targeted asset. While decentralized protocols and services are the major target of sandwich attacks, they are simply malicious activities where the exploiter places two transactions before and after the transaction of the victim.<\/p>\n

Let’s take an example to get a clearer picture. When someone tries to trade one type of cryptocurrency (let’s call it X) for another (Y) to make a big purchase, a trader with a greedy goal uses a sneaky bot to spot the trade and buys up the Y cryptocurrency before the large trade is confirmed.<\/p>\n

This activity will cause the price of Y to go up for the original trader, resulting in higher costs. The bot profits by selling the Y cryptocurrency at an increased price. Notably, such attacks are common because blockchains are public, which means they allow anyone to see transactions in the pool unless they have a direct link to a mining pool.<\/p>\n

Additionally, smart contracts may have unrestricted functions that execute trades, like claiming LP reward tokens and instantly swapping them for another token using a decentralized exchange (DEX).<\/p>\n

Sandwich Attacks: Scenarios<\/h2>\n

So far, it has been observed that the exploiters who adopt sandwich attacks for their malicious schemes do this via certain strategic ways. Hence, let’s observe the scenarios where sandwich attacks can happen.<\/p>\n

The Case of a Liquidity Taker vs Taker<\/h3>\n

In this scenario, different liquidity takers might target each other. Imagine a regular market taker with a pending transaction on the blockchain. The attacker seizes the opportunity by sending extra transactions – front-running and back-running – to make a profit.<\/p>\n

Afterward, the miners decide which transaction to approve first. If the attacker pays a higher transaction cost, their malicious transaction stands a better chance of being prioritized. While success isn’t guaranteed, it shows how a sandwich attack can be attempted quite easily.<\/p>\n

The Case of Liquidity Provider vs Taker<\/h3>\n

In this scenario, a liquidity provider can target a liquidity taker using a similar strategy. The initial steps are the same, but the malicious actor must perform three actions:<\/p>\n

    \n
  1. They remove liquidity to increase the victim’s slippage.<\/li>\n
  2. They re-add liquidity to restore the original pool balance.<\/li>\n
  3. They swap asset Y for X to reset the asset balance to its pre-attack state.<\/li>\n<\/ol>\n

    Withdrawing liquidity before the victim’s transaction prevents the commission fee for that transaction. Although this harms the taker financially, as liquidity providers usually earn a small fee for pool activities, the attacker sacrifices their commission in the process.<\/p>\n

    Examples of Sandwich Attacks<\/h2>\n

    In previous times, the industry had recorded a sneaky Ethereum (ETH<\/a>) validator making off with more than $25 million in cryptocurrencies by swindling an Ethereum MEV bot engaged in sandwich trades. The stolen funds were dispersed among three primary addresses:<\/p>\n