Front running

From DefiLlama
Jump to navigation Jump to search

Front running, also called a sandwich attack, occurs when an attacker buys an asset before a traders big purchase and sells right after (vice-versa for big sells). The price goes up after a big purchase and the attacker profits from the difference. This is common with AMMs like Uniswap because of Slippage and are often executed by MEV bots.

Front running in traditional finance

Front running is not new. In traditional finance, it can occur when an external party such as a broker obtains insider knowledge of a large future transaction and buys the stock before that. The stock price increases after the big purchase, and the external party profits. This is usually illegal. [1]

Front running in DEXes

Front running is common in crypto because it is unregulated and easy to execute. These are also known as sandwich attacks.

How it works

When a user sends a transaction, like buying ETH on Uniswap with MetaMask, the transaction gets sent to the Mempool (pending transactions) before included in a block (getting confirmed). A bot can detect this and send a buy order with slightly more gas. This ensures the bot's buy order executes before the user's. Bots usually sell immediately after.

This results in users getting paying a higher price which bots profit off.

Examples

real sandwich attack
[2]real sandwich attack

Sandwich attacks usually happen in pools with low liquidity because of increased slippage. Some websites detect these attacks.

The screenshot (taken from dextools.io) shows a real sandwich attack where the attacker drained 0.14 ETH at the expense of the buyer.


Avoiding front running

Although front running in crypto is difficult to avoid, most normal users would not be too affected by it. Front running is only profitable with large transactions or low liquidity pools.

Lowering slippage tolerance

Lowering slippage tolerance would cause the transaction to fail if the price changes too much. This usually makes the transaction fail should a bot front-run, but is not guaranteed. Most major DEXes automatically set the slippage tolerance to around 0.5%, which is usually good enough. Do read more at Slippage.

Splitting into multiple transactions

Splitting a large transaction into a few smaller trades greatly reduces the front running risk because it makes a sandwich attack less profitable. However, this would cost the user more gas.

Private transactions / MEV

MEV allow users to send transactions directly to the miner. It skips the mempool therefore would not get detected by bots. Another solution is shielding the trade by sending an encrypted transaction. However, these solutions are still highly technical and difficult to access for the average person.

Front running resistant exchanges/services

There are some emerging services and DEXes that use private transactions or MEV to protect users – this article needs to be updated with more