Research Summary: Mitigating Sandwich Attacks in Kyber DMM

@Ulysses Thanks for coming up with this patent summary of sandwich attack. From your summary I gleaned the problem statement emanated from the inability of the second access point of Kyber, pool contract to withstand attack as a result of lack of code correction. I also, understand that the research proposed a solution albeit a theoretical one.

I agree with you that Decentralized finance has risen to be one of the sorts after aspect of DLT, because of its ability to entrust trust in a trustless environment and to perpetually bench the central authority in the financial transactions. It’s ability to onboard unbanked population, eliminate and/ or reduce transaction costs has made it a joy to behold by the participants. However, the operation of DeFi in an unregulated environment has like the Achilles heel exposed it to various attacks, one of which is sandwich attacks.

The sandwich attacker targets DEX by using bots to sniff out trade transactions with low gas prices and liquidity pool transactions where users can claim rewards and convert same to required token. The Attackers rely on AMMs pricing algorithms to identify transactions and thus place a transaction with a higher fee which frontruns the normal transaction.

For Instance: A user places an order to buy 1,000 tokens at 100 USDT each, and the slippage factor is set to 10 per cent. While executing the trade, DEX will allow the trade to happen as long as the price is below 110 USDT. The attacker needs to check what is the maximum number of tokens the attacker can buy to increase the price, making sure the price change won’t be more than the slippage set by the user.

In addition to solution proposed by your summary, I have curated some solutions as recommend by some industrialist to further the discussion. For instance,Karkara from Zebpay recommended decreasing the slippage when the trade amount increases and incorporating new technology like ZK-Snarks to mask users trade information so that bots cannot identify it. See Cryptocurrency news: U.S. senators unveil bill to regulate cryptocurrency - The Economic Times

Further, sandwich attack can be avoided by using the Flashbots RPC which allows user to send transaction directly to the miners thereby bypassing the public mempool ( a place pending transactions are stored before being confirmed and added to the block) for additional protection. See Sandwich Attacks in Defi – What Are They and How to Avoid One.

8 Likes