Sandwich Attack Analysis on Ethereum Blockchain Transactions
Abstract
The support for smart contracts on Ethereum has led to the emergence of a new decentralized and automated finance ecosystem called DeFi. This environment is highly competitive, and its protocols have been explored in search of vulnerabilities that offer economic profits to strategic users. Ethereum’s pending transaction pool has recently become the target of financial speculation. In search of making some profit, attackers continuously monitor the pool and try to anticipate transactions from other users. They strategically insert their transactions before and after the potential victim’s transaction, known as a sandwich attack. This paper evaluates potential sandwich attacks on Ethereum over 2023, updating knowledge about this approach. Our studies based on 113,774 of 2,599,105 blocks show 1,553,362 possible attacks, with an average profit of USD 3,202.82 for attackers, providing strong evidence that sandwich attacks continue to occur in the DeFi ecosystem.References
Bentov, I., Ji, Y., Zhang, F., Breidenbach, L., Daian, P., and Juels, A. (2019). Tesseract: Real-time cryptocurrency exchange using trusted hardware. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS ’19, page 1521–1538, New York, NY, USA. Association for Computing Machinery.
Chen, T., Li, Z., Zhu, Y., Chen, J., Luo, X., Lui, J. C.-S., Lin, X., and Zhang, X. (2020). Understanding ethereum via graph analysis. ACM Trans. on Internet Technology (TOIT), 20(2):1–32.
Daian, P., Goldfeder, S., Kell, T., Li, Y., Zhao, X., Bentov, I., Breidenbach, L., and Juels, A. (2019). Flash boys 2.0: Frontrunning, transaction reordering, and consensus instability in decentralized exchanges.
Eskandari, S., Moosavi, S., and Clark, J. (2020). Sok: Transparent dishonesty: Front-running attacks on blockchain. In Bracciali, A., Clark, J., Pintore, F., Rønne, P. B., and Sala, M., editors, Financial Cryptography and Data Security, pages 170–189, Cham. Springer International Publishing.
Harvey, C. R., Ramachandran, A., and Santoro, J. (2021). DeFi and the Future of Finance. John Wiley & Sons.
Heimbach, L. and Wattenhofer, R. (2022). Eliminating sandwich attacks with the help of game theory. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, ASIA CCS ’22. ACM.
Qin, K., Zhou, L., and Gervais, A. (2021). Quantifying blockchain extractable value: How dark is the forest? CoRR, abs/2101.05511.
Torres, C. F., Camino, R., and State, R. (2021). Frontrunner jones and the raiders of the dark forest: An empirical study of frontrunning on the ethereum blockchain. In 30th USENIX Security Symposium (USENIX Security 21), pages 1343–1359. USENIX Association.
Varun, M., Palanisamy, B., and Sural, S. (2022). Mitigating frontrunning attacks in ethereum. In Proceedings of the Fourth ACM International Symposium on Blockchain and Secure Critical Infrastructure, BSCI ’22, page 115–124, New York, NY, USA. Association for Computing Machinery.
Wang, Y., Zuest, P., Yao, Y., Lu, Z., and Wattenhofer, R. (2022). Impact and user perception of sandwich attacks in the defi ecosystem. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems, CHI ’22, New York, NY, USA. Association for Computing Machinery.
Weintraub, B., Torres, C. F., Nita-Rotaru, C., and State, R. (2022). A flash(bot) in the pan: measuring maximal extractable value in private pools. In Proceedings of the 22nd ACM Internet Measurement Conference, IMC ’22, page 458–471, New York, NY, USA. Association for Computing Machinery.
Xu, X., Weber, I., and Staples, M. (2019). Architecture for blockchain applications. Springer.
Zhang, W., Wei, L., Cheung, S.-C., Liu, Y., Li, S., Liu, L., and Lyu, M. R. (2023a). Combatting front-running in smart contracts: Attack mining, benchmark construction and vulnerability detector evaluation. IEEE Transactions on Software Engineering, 49(6):3630–3646.
Zhang, Y., Liu, P., Wang, G., Li, P., Gu, W., Chen, H., Liu, X., and Zhu, J. (2023b). Frad: Front-running attacks detection on ethereum using ternary classification model. arXiv preprint arXiv:2311.14514.
Chen, T., Li, Z., Zhu, Y., Chen, J., Luo, X., Lui, J. C.-S., Lin, X., and Zhang, X. (2020). Understanding ethereum via graph analysis. ACM Trans. on Internet Technology (TOIT), 20(2):1–32.
Daian, P., Goldfeder, S., Kell, T., Li, Y., Zhao, X., Bentov, I., Breidenbach, L., and Juels, A. (2019). Flash boys 2.0: Frontrunning, transaction reordering, and consensus instability in decentralized exchanges.
Eskandari, S., Moosavi, S., and Clark, J. (2020). Sok: Transparent dishonesty: Front-running attacks on blockchain. In Bracciali, A., Clark, J., Pintore, F., Rønne, P. B., and Sala, M., editors, Financial Cryptography and Data Security, pages 170–189, Cham. Springer International Publishing.
Harvey, C. R., Ramachandran, A., and Santoro, J. (2021). DeFi and the Future of Finance. John Wiley & Sons.
Heimbach, L. and Wattenhofer, R. (2022). Eliminating sandwich attacks with the help of game theory. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, ASIA CCS ’22. ACM.
Qin, K., Zhou, L., and Gervais, A. (2021). Quantifying blockchain extractable value: How dark is the forest? CoRR, abs/2101.05511.
Torres, C. F., Camino, R., and State, R. (2021). Frontrunner jones and the raiders of the dark forest: An empirical study of frontrunning on the ethereum blockchain. In 30th USENIX Security Symposium (USENIX Security 21), pages 1343–1359. USENIX Association.
Varun, M., Palanisamy, B., and Sural, S. (2022). Mitigating frontrunning attacks in ethereum. In Proceedings of the Fourth ACM International Symposium on Blockchain and Secure Critical Infrastructure, BSCI ’22, page 115–124, New York, NY, USA. Association for Computing Machinery.
Wang, Y., Zuest, P., Yao, Y., Lu, Z., and Wattenhofer, R. (2022). Impact and user perception of sandwich attacks in the defi ecosystem. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems, CHI ’22, New York, NY, USA. Association for Computing Machinery.
Weintraub, B., Torres, C. F., Nita-Rotaru, C., and State, R. (2022). A flash(bot) in the pan: measuring maximal extractable value in private pools. In Proceedings of the 22nd ACM Internet Measurement Conference, IMC ’22, page 458–471, New York, NY, USA. Association for Computing Machinery.
Xu, X., Weber, I., and Staples, M. (2019). Architecture for blockchain applications. Springer.
Zhang, W., Wei, L., Cheung, S.-C., Liu, Y., Li, S., Liu, L., and Lyu, M. R. (2023a). Combatting front-running in smart contracts: Attack mining, benchmark construction and vulnerability detector evaluation. IEEE Transactions on Software Engineering, 49(6):3630–3646.
Zhang, Y., Liu, P., Wang, G., Li, P., Gu, W., Chen, H., Liu, X., and Zhu, J. (2023b). Frad: Front-running attacks detection on ethereum using ternary classification model. arXiv preprint arXiv:2311.14514.
Published
2024-05-20
How to Cite
FONTINELE, Alexandre; CAMPOS, Josué N.; OLIVEIRA, Isdael R.; GONÇALVES, Glauber D.; NACIF, José A. M.; VIEIRA, Alex B.; SOARES, André C. B..
Sandwich Attack Analysis on Ethereum Blockchain Transactions. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 728-741.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2024.1466.
