As the crypto space grows every day, its vulnerability to various types of attacks and hacks is also increasing, increasing the risk for investors.
As the crypto space grows every day, its vulnerability to various types of attacks and hacks is also increasing, increasing the risk for investors. The decentralized finance (DeFi) landscape offers many opportunities, but smart contract exploitation is becoming increasingly worrisome as fraudsters can take advantage of faulty code.
DeFi is a new area that gives users a lot of power without a lot of regulatory limitations and you have to be extra careful because it is vulnerable to many types of attacks. Such attacks are called sandwiches, which may not be very popular but can lead to problematic situations in DeFi. The co-founder of Ethereum warned about it in 2018. Sandwich attack concept
Sandwich attacks target DeFi protocols and platforms and can have significant market manipulation consequences. In simple terms, an attacker will try to stake a user's transaction with the two transactions before and after it, causing the user to lose. “This type of attack is most common on decentralized exchanges (DEXs). Most DEXs use an algorithmic market maker protocol (AMM),” said Raj Karkara, Chief Marketing Officer, ZebPay. "In this protocol, the price of the token is largely dependent on the depth of liquidity."
How do you recognize a sandwich attack?
This type of attack depends on the slip tolerance set by the victim. The price of the token usually depends on the depth of liquidity. Gaurav Dahake, Founder and CEO of Bitbns, said, "This attack degrades performance because the blockchain is open and all these transactions can be monitored and verified what types of transactions have taken place." A user places an order to buy 1000 Y tokens at a price of 100 USDT each and the slip ratio is set to 10%. During trading, DEX allows trading as long as the price is below 110 USDT. The attacker must check the maximum number of tokens that the attacker can buy to increase the price and ensure that the price change is not higher than the pass set by the user.
How do attacks work?
The first step in this attack is bots that spy on trade transactions. The bot looks for deals with low gas prices as well as deals with liquidity pools where users can claim prices and convert them into the symbols they need. Most sandwich attacks are carried out via automated market creation solutions or AMMs. Due to their pricing algorithm, liquidity is always in demand and transactions are made continuously. "Once these transactions were identified, the bots made transactions with higher fees that preceded normal transactions," said Karkara of Zebpay.
How dangerous is a sandwich attack?
Because the blockchain is open, sandwich attacks can make transactions difficult. The attacker can verify the type of transaction made by the victim. Sandwich attacks can actually help perpetrators manipulate asset prices.
This type of attack might be too easy in reality. Despite the lower profits, this hacking technique can be used over and over again without any consequences. The sandwich attack affected the amount of crypto a real user would receive, Dahake said. "This allows the performer to fill the order at the price he wants. Therefore, the next deal will be at a much higher price."
Protection against sandwich attacks
There are not many ways to avoid such attacks, but developing precautions to protect investors is essential. "When doing big business with DEX, you have to properly adjust the slip tolerance to a level it can withstand," says Karkara of Zebpay. “The best strategy is to reduce slippage as trade size increases.” The protocol also tries to incorporate new technologies such as ZK snarks to help users disguise commercial information so that bots cannot identify it. “Basically, you have to be careful not to open your wallet address, and you also be very careful about adding an additional layer of data protection and transaction rollover. This is called access control aggregate, where you can mask your transactions,” added Dahake of BitBns.