Dune Analytics data shows that on December 1, over a quarter of BNB Smart Chains were infiltrated by sandwich attacks, breaking the previous record. This exploit preys upon users of decentralized exchanges.
Analyse shows Over $1.5 billion worth of trading volume was affected in 43,400 separate transactions on a single business day by 35.5% attacks.
The increase in DEX vulnerability reports is a sign of growing concern. Reports in May showed that a bot had stolen $40 million over three months from more than 100,000 victims.
BNB Chain’s spokesperson is yet to reply to our request for comments.
What is the impact of sandwich attacks on system?
Sandwich attacks are a type of market manipulation where an attacker sandwiches a victim's transaction between two of their own.
This malicious trader makes a fake buy order before the victim transacts, which drives up the token’s price. Then, he immediately follows with a sell, allowing him to profit from this artificially inflated price.
The DEX infrastructure is used to automate the process.
Alejandro Munoz McDonald is an engineer for smart contracts at Immunefi. Decrypt These attacks are the direct result of DEX infrastructure.
“When a user submits a transaction, it is placed in a public waiting area, the mempool, where a transaction sits until it is included in a block by a miner,” He said.
The mempool is where a user’s transaction goes when they submit it. "memory pool," The block remains unaltered until the miner decides to include it in another.
A lot of miners will prioritize higher-fee transactions, and this can affect the order that transactions are processed.
As miners will prioritize the transactions with the highest fee, attackers may bribe these people to change their order, thus ensuring that they execute successfully.
“This essentially means an attacker can view what the intention of anyone’s transaction is before it’s executed and can influence the ordering,” Munoz-McDonald added.
Education is needed to help people find solutions
Jean Rausis noted that low liquidity makes it easier to manipulate prices, a problem exacerbated by the lack of liquidity.
He said that protocols can be used to mitigate attacks, by encouraging users through incentives or partnerships to contribute more liquid funds.
“When pools are bigger, the price doesn’t move as much, making attacks less attractive,” Rausis (explained)
He recommended that traders reduce their vulnerability by dividing trades among multiple pools and using DEX aggregators.
Munoz McDonald also encouraged DEXs adopt features that fail transactions when the return desired is not met. This would limit the impact of “sandwiching”.
To protect their privacy, users can use private relayers to conceal transactions until they are included in a block, or separate block creation from block validation.
Jeremiah O’Connor (chief technology officer, co-founder of crypto cybersecurity company Trugard) suggested another solution: separate block creation from validation. Transactions would then be kept in private mempools.
“Blockchain ecosystems should adopt common security practices […] as a standard to defend against attacks,” He said Decrypt.
Sebastian Sinclair edited the book