Beware of Sandwich Attacks

Beware of Sandwich Attacks

I know what you are thinking here … seagulls or your office mates!

But, no, a sandwich attack on a blockchain network is where a malicious entity — Eve — looks at the pending transactions on a blockchain network and then places one before and after the valid transaction. This means that the inserted transaction will occur before the valid one and straight after it. This can have the effect of manipulating asset prices.

For this, Eve will watch Carol’s transaction to move BobCrypto to AliceCrypto, and will predict that AliceCrypto will go up in value. Eve will then insert a buy on AliceCrypto before the transaction occurs. Next, Eve inserts a sale on AliceCrypto straight after the transaction and will be smiling on the way to the bank.

The two front-loaded transactions (Eve’s and then Carol’s) will inflate the price of AliceCrypto. After which, Eve then cashes out on the transaction after these — and brings the price back to normal, but with a likely profit for Eve. This is standard stock market manipulation, and traders have been leaking information on this type of thing for decades. On the stock market, a trader might detect another trader moving funds from the dollar to the Euro, and bail into Euros before this, and cash out straight after.

A new paper, though, implements a method to overcome this type of trading for cryptocurrency [here]:

The paper outlines a problem in blockchains is that they do not inherently support the transfer of tokens from one platform to another. Overall, the authors reckon that sandwich attacks have accounted for losses of $174 million over a 33-month period on the Ethereum network. Generally, sandwich attacks are part of MEV (Maximum Extractable Value) attacks.

The problem relates to the miners being able to swap the sequence of transactions, and where Transaction X and be swapped with Transaction Y. This is because miners have full access to control a block and the order of its transactions. The paper outlines a protocol which minimises the profit in this type of attack.

Conclusions

With cryptocurrency, for the past decade or so, we have experimented and have fixed flaws where we find them. Every advancement takes us one step forward.

References

[1] Orestis Alpos, Ignacio Amores-Sesar, Christian Cachin, Michelle Yeo, Eating sandwiches: Modular and lightweight elimination of transaction reordering attacks, https://arxiv.org/abs/2307.02954