AMMs & composable swap protocols have led to exponential growth in decentralized trading activity. However, complex economic predicates encoded directly on public blockchains introduce subtle vulnerabilities. Adversaries exploit observable information flows and blockspace priority to manipulate pricing precisely against pending trades, extracting value from users.
This reality requires continuous and responsive diligence from builders in the cat-and-mouse game against incentivized attackers. Fortunately,
- innovations in privacy-preserving transaction flows,
- creative deceit for deterrence, and
- third-party professional liquidity provision
demonstrate promising directions for mitigation.
In this piece, I dissect two prominent manipulation vectors afflicting pooled DEX liquidity provisioning models that leave observable traces which sophisticated extractors deduction and act upon:
- Intra-block front-running (Attacks within a single block)
- Inter-block sandwich attacks (Attacks coordinated across multiple blocks)
Understanding subtle risks allows developers to create better defenses. The concepts help technologists build reliable and fair decentralized trading infrastructure. This gives insight into broader questions around security, transparency, and incentives on public blockchains. Preventing manipulation when value and program logic interconnect is profoundly challenging.
Let's dive deeper into it:
Intra-block front-running
Situation 1 involves intra-block manipulation targeting composable protocol (for example: CowSwap) settlement transactions. Let me comprehensively detail this vector:
CowSwap functions by having users submit orders to solvers, who construct bundled trades across decentralized exchanges to fetch optimal aggregate pricing. These orders await batch settlement on-chain.
The core attack revolves around front-running the settlement transaction within the block that a user submits. Specifically, the attacker observes details like trade sizes, tokens, and DEX routes encoded in the pending settlement.
Armed with this information, the adversary can precisely skew prices on those DEX pools against the user, by dumping their own token inventories to move markets. This adversely impacts the pricing the user's settlement will commit to.
The key risk is that CowSwap's settlement contracts lock in clearing prices at the time of submission by the solver. So any within-block price change between submission and inclusion cannot be adjusted for.
This means the user pays inflated slippage and fees baked into the now-skewed clearing price, while the adversary profits from their advantageous front-running trade.
The key enabler of this attack is the public settlement transaction pending inclusion that leaks order information. Fixing this requires middleware like Flashbots RPC to directly pass bundles to mining pools, eliminating public visibility. By stymieing observational access, this protects users from getting front-run.
So in summary - within-block front-running manipulation by pricing in information leakage from observable settlements. Solved by hiding transaction details from public mempool.
Here is a detailed example walkthrough of an intra-block front-running attack exploiting a CowSwap settlement transaction:
Let's trace out a step-by-step example of a front-running attack extracting value from a pending CowSwap settlement transaction within the same block:
- Andrew submits a large order via his solver to buy 5,000 tokens of XYZ, an illiquid governance token.
- The solver constructs an on-chain settlement transaction encoding details like order sizes, assets, and routes across supporting DEXs to enable best execution.
- This pending transaction is publicly visible in the mempool as the solver waits for the next block.
- A scanning bot spots this transaction and deduces a profitable front-running opportunity from the leaked order details.
- Right before the next block, the attacker splits and sells $50K worth of XYZ tokens across the DEX pools identified, depressing prices.
- Andrew's order executes as part of the block, paying inflated slippage as it eats into thinner order books on those DEXs.
- The skewed clearing price gets locked into the settling contract immediately upon inclusion.
- The attacker buys back the sold tokens at lower prices, profiting from the distortion against Andrew's trade.
By front-running to decode and advantageously act on information leakage from unprotected settlement transactions, adversaries can extract value at users' expense. Intra-block cases are especially pernicious, given limited reaction time.
The intra-block manipulation vector against Composable Protocols highlights the financialization of L1 blockspace that has occurred with the rise of DeFi.
- First, it underscores how priority within single blocks now translates to concrete monetary outcomes by allowing advantaged market access. In essence, leading order inclusion lets you squeeze markets before competitors.
- Second, it demonstrates the potency but also constraints of information leakage. Attackers rely on deducing trade details from public transaction metadata to precision strike. Yet masking this very metadata blinds adversaries. Information imbalances as a dimensional axis.
- Third, the solution space points to an emerging separation of concerns - middleware shields users, offloading resilience specialization to solvers. Almost embodying defense-in-depth principles rather than the impossible goal of eradication.
Stepping back, the fix of “hiding” transactions resonates deeply with debates around financial privacy and the spectre of front-running induced by public ledgers. It stresses subtle links between transparency, manipulation, and fairness.
- Finally, the never-ending responder-innovator interplay as new attack discoveries prompt countermoves speaks to deeper game dynamics between competitors in environments with economic and informational externalities. Almost an institutional maturation forced by perpetual adversary.
In closing, this microcosm of within-block manipulation hints at far-reaching themes around informational equilibria, transparency trade-offs, composability risk, and the challenges of cooperation under adversarial conditions - all crucial considerations as global financial and technological systems progress.
Inter-Block Sandwich Attacks
Unlike the intra-block front-running, this vector involves coordinating an attack across multiple blocks after observing a pending user order. Specifically, the adversary spots large, attractive orders in the public mempool that they can target.
The attack relies on careful timing to skew prices on decentralized exchanges to sandwich the victim's order. For example, if a user order to buy 100k USD worth of an illiquid token is visible, the attacker front-runs this with a large sell order.
This dumps the token price on DEXs. The attacker then times a subsequent large buy order after the user settlement transaction, recovering the tokens at the depressed price they created and pocketing the difference.
The key prerequisites are pending visibility of lucrative orders, and enough liquidity from the adversary to temporality overwhelm the AMMs. Perfect timing across multiple blocks is essential to ensure profitability.
For users, the core risk is the settlement transaction commits at the manipulated clearing price in between the adversary's sell/buy waves. This makes the order settlement pay inflated slippage versus fair value.
Solutions to mitigate include enhancing order privacy to prevent adversarial targeting, fake orders to disincentivize or punish attacks, and sourcing liquidity from dedicated market makers rather than manipulable AMM pools.
Example Inter-block Sandwich Attack
Let's examine an instance of a multi-block sandwich attack that skews DEX pricing around a target CowSwap settlement transaction to extract value:
- Andrew's trader contract has a large $400K order pending for DAI/wETH from observing his transaction in the mempool.
- Mallory notices this future high demand for wETH from the leaked order details
- A block before Andrew's transaction gets mined, Mallory splits and market sells enough wETH across UniSwap and Sushiswap to crash prices by 5%.
- Andrew's order settles on-chain, buying into thinner wETH order books and accepting wider slippage. His contract commits this lossy conversion rate immediately.
- Mallory then recovers her wETH over two blocks, purchasing at the depreciated valuation before DEX replenishment stabilizes pricing.
- By distorting market valuations specifically around Andrew's observable settlement event through a multi-block sandwiching strategy, Mallory extracts Andrew's slippage as profit.
In this manner, leakage of pending order details combined with finely timed manipulation of blockspace priority enables adversaries to "wrap" trader transactions in distorted valuations targeting victims. The risks grow ever more complex as on-chain logic intrinsically ties into manipulable market infrastructure.
The inter-block manipulation vector on Composable Protocols provides more evidence of the financialization of public blockspace:
- First, it demonstrates how priority over multiple blocks allows temporal control to shape on-chain markets. The sequencing across blocks emerges as key variable for adversarial maneuvering.
- Second, it highlights risks from visibility - extracting signals from pending transactions to meticulously craft an attack. Public transparency enables surveillance for extraction; privacy blunts watcher incentives.
- Third, the solutions space covers raising adversarial costs via fake orders, but even more interestingly transitions liquidity from manipulable automated markets to professional market makers. Almost third-party institutionalization as organic maturing.
- Fourth, the attack crucially never violates serial atomicity - no double spends or outright breaches. Rather it "simply" papers over a temporary market distortion. Subtle line between inescapable manipulation risks and intolerable consensus safety violations.
Finally, the perpetually evolving discovery of new response vectors speaks to an emergent economic metagame - competitor innovation prompting counter-innovation in information hides, deception, and specialization. Conceptually this reflects autocatalytic, open-ended complexity between strategists reminiscent of evolutionary processes.
Stepping back, the never-ending discovery of subtle extraction vectors and escalating countermeasures depicts the profound challenges of balancing transparency, integrity, and cooperation in inherently adversarial decentralized ecosystems. In both cases, the common threat vector is unprotected visibility allowing informational leakage to precisely target transactions.
While daunting, maintaining pragmatic perspective is key - some manipulation will always persist, no panacea exists, perfect is the enemy of good enough. The goal becomes responsively discouraging and obscuring the most acute vectors rather than chasing theoretical eradication.
And in that frame, primitives like trusted privacy-preserving transaction flows, creative symbiotic deterrence, and third-party resilience specialization demonstrate promising directions. The analysis also crucially spotlights the need to evolve best practices around sensitive data minimization so ambient visibility across public infrastructure doesn't unconsciously feed extractors.
The study of these specific front-running vulnerabilities and mitigations provides a microcosm to illuminate deeper meta-dynamics around the amorphous game of moves and countermoves unfolding as exponentially accelerating decentralization concentrates value, computation, and capital flows without historical precedent.
Make no mistake, the permutations of hyper-specialization between competitors in this environment will only grow more sophisticated. And new stable equilibria between attackers and defenders remain elusive at best and illusory at worst.
Yet rather than fatigue, this uncertainty fuels an almost empirical excitement at having a front-row seat to this crypto-cultural cambrian explosion distributing influence beyond historical conventions. Its open-endedness forces us to challenge assumptions, to expand possibility spaces, and to redefine cooperation on more nuanced, hard-won terms.
One thing is certain - dApps, infrastructure and economics now intrinsically fuse. And with that, the questions raised in these subtle micro-phenomenons around securing integrity despite adversarial conditions carry tremendous import in this century's most influential platforms for social coordination at global scales.
Onwards we go...
Thank you for reading, and follow me here and on for more regular post updates.
Please join my telegram channel for frequent daily updates: https://t.me/onchainweb3
If you find my work resourceful, please consider donating to 0x1de17b6c736bcd00895655a177535c2a33c6feba (Ethereum/Optimism/Arbitrum/BSC chain).
I’d also appreciate it if you shared this with your friends, who would enjoy reading this.
You can find my other research & investment thesis here: arhat.mirror.xyz
Thank you.
