A sandwich attack is a form of malicious trading activity on financial exchanges seeking to profit from a user’s trade at their own expense.
Beginning on stock markets, sandwich attacks have become commonplace in crypto trading in the era of decentralized finance (DeFi) and decentralized exchanges (DEXes).
DeFi Sandwich Attacks: DEXes And Slippage
Sandwich attacks leverage the unique characteristics of DeFi, in particular DEX trading, to make money by manipulating crypto markets. To understand how they work, it is first necessary to understand how DEXes operate. TabTrader Academy has an extensive guide to them which can be found here.
The most popular DEXes use automated market makers (AMMs) which fulfill the function of an exchange without an intermediary or manual input. AMMs frequently run on a formula which keeps the sum total of their liquidity pool — essentially the equivalent of an order book — constant.
These so-called ‘constant product’ AMMs dictate the price at which DEX users can swap crypto tokens based on liquidity and order size.
The formula also means that order fulfillment follows a price curve which acts as a guide to the ultimate exchange rate that a trade will execute at. Given that anyone can use a DEX without restriction, execution prices are not an exact science, as liquidity conditions are constantly changing.
Add to this the delay that users experience between deciding on a trade and sending tokens to the time at which the trade executes and it becomes clear that the execution exchange rate may be different to that which the user initially hoped to lock in.
The above predicament is what is known as ‘slippage’ in DeFi, and DEX traders must keep a firm grasp of liquidity conditions, as well as agree how much slippage they are willing to tolerate, in order to trade efficiently.
DeFi Sandwich Attacks
The information above is necessary background for understanding how sandwich attacks commonly occur on popular DEXes such as PancakeSwap, SushiSwap and Uniswap.
Attackers take advantage of slippage and user inexperience to manipulate the ultimate exchange rate the latter trades at.
The result is the attacker profits via a two-step process, while the user, or victim, ends up with fewer tokens than they initially hoped to receive and is essentially scammed.
What Happens In Sandwich Attacks?
A sandwich attack on a DEX with a constant product AMM such as Uniswap requires two malicious transactions in total.
One occurs before the victim transaction, while the other follows it, creating a ‘sandwich’ of transactions with the victim in the middle which gives the attack its name.
First, the attacker identifies a potential victim transaction. This will typically be one with high slippage tolerance, which offers better profit potential. The fees included in the transaction can also increase its susceptibility to sandwich attacks.
Once found, the attacker moves to send a buy transaction for the same asset pair which will fill before the user’s transaction. This is done by setting a higher fee rate to move the tokens to the DEX, and is known as ‘frontrunning’.
This attacker transaction shifts the liquidity pool composition, resulting in the available exchange rates for subsequent transactions being different to that which was originally shown to other users whose transactions have not yet executed.
If the victim transaction involves a large-volume swap, the situation is exacerbated — more tokens mean more liquidity is needed, and in order to fill, the swap will need to involve bids ever further from the ‘true’ exchange rate.
This is why setting appropriate slippage tolerance is essential in DEX trading (see below).
Once the victim swap completes at the unfavorable exchange rate, the attacker follows up with a sell transaction for the asset pair which locks in their profit. This second transaction ‘backruns’ the victim, completing the sandwich.
How Are Sandwich Attacks Possible?
Attackers succeed in executing sandwich attacks based on more than their own skill. Thanks to the open nature of DeFi and the transparency of public blockchains, it is all too easy to identify suitable victim transactions.
Sandwich attacks are in fact mostly automated, with malicious actors building bots which identify victims and even simulate the attack before launching it on the blockchain.
The automated nature of attacks removes the margin of error when it comes to pulling them off successfully — simulation takes into account the exact conditions on the market at the time, leaving little to chance.
These frontrunning bots are thus the reason that less experienced DEX traders lose money on trades, in conjunction with high slippage tolerance.
How To Avoid Sandwich Attacks In DeFi
From the information above, it goes without saying that the key factor in avoiding DeFi sandwich attacks is managing slippage appropriately.
In addition to understanding how slippage is and why and when it occurs, DEX users need to assess their tolerance of slippage in order not to become easy prey for sandwich attack bots.
Slippage increases in illiquid markets, and understanding liquidity conditions is a major help when it comes to trading an asset pair safely.
Beyond this, setting low slippage tolerance is essential in keeping off attackers’ radar. 20% slippage tolerance, for example, tells the AMM (and any observers) that a trader is willing to accept an exchange rate up to 20% “worse” than the spot rate — a classic signal to sandwich attackers that they can pocket the difference for themselves.
Most DEXes suggest maximum slippage of less than 2%. Too low slippage tolerance, however, can result in trades failing, as liquidity means that there are simply not enough offers to fill all or even part of a swap at the desired exchange rate.
An additional method, subject to fee rates and liquidity at the time of the swap, is to break that swap into several smaller ones.
This means that the potential for a sandwich attack to profit from slippage tolerance is reduced as relatively less liquidity is required to fill each part of the transaction. The user thus leaves less to chance when it comes to exchange rates, because each smaller transaction has a less tangible impact on the AMM liquidity pool.
Conclusion
DeFi sandwich attacks are increasingly commonplace on decentralized exchanges (DEXes) and can be particularly pernicious when large swaps are conducted by less experienced traders. The open nature of DEX trading and public blockchains means that anyone can identify suitable sandwich attack victims, and attackers have even automated the process to assess the most profitable transactions to hijack.
That said, sandwich attacks are not technically ‘theft’ of victims’ tokens; instead, they are an example of market manipulation where profitability is targeted.
The onus is thus on users themselves to protect their funds from manipulation in advance. When conducting DEX swaps, suitable network fees should be attached to the swap transaction, and slippage tolerance should be set appropriately relative to current liquidity conditions. Both liquidity conditions on the DEX itself and fee rates on the underlying network play a key role in sandwich attack profitability.
To mitigate the fees for frontrunning transactions eroding sandwich attack profitability, it has been suggested that some attackers may collaborate with miners themselves in order for the transaction which frontruns the victim to succeed in executing first, regardless of fee rate required.
If you’re new to crypto trading and DeFi, TabTrader has the tools to make your trading experience on the world’s biggest exchanges safe and effortless.
Download the TabTrader app for iOS, Android and Web.
With the latest version of our app, you can begin your trading journey on DEXes via our integration of OpenBook. OpenBook is a Solana-based order book DEX open for business for TabTrader users — all that’s needed is a Solana-compatible wallet, or better still, our proprietary in-app TabTrader Wallet.
Find out more about TabTrader and OpenBook here.
Want to discover more about how crypto trading works? The TabTrader Academy is here to answer all the burning questions you were afraid to ask.
FAQ
What is a sandwich attack in DeFi?
In DeFi, a sandwich attack is a way of profiting from DEX user slippage tolerance by frontrunning crypto trades and exploiting AMM liquidity conditions.
Are sandwich attacks profitable?
Profitability of sandwich attacks varies — the larger a victim’s slippage tolerance and the less liquid a crypto pair is, the more likely an attacker is to make money. Transaction fees for the underlying blockchain network also dictate profitability.
Why do sandwich attacks happen?
Sandwich attacks take advantage of user inexperience and less liquid exchange environments. Setting high slippage tolerance and low network transaction fees represents a key combination which opens up a DEX trader to sandwich attack exploits.
Is it possible to avoid sandwich attacks?
Sound knowledge of DEX trading techniques, and particularly slippage, reduces the likelihood of becoming a sandwich attack victim. Avoiding large transactions can also reduce the profitability of a potential attack.