Summary

✔️ Front running is also known as the sandwich attack.

✔️ Front running makes you pay more for your coins.

✔️ Front running usually happens on a DEX.

✔️ There are bots specifically written for front running that you can set up.

What is front running?

Front running is also known by another term, sandwich attack. Sandwich attack is more evocative, however, so we prefer this terminology.

A sandwich consists of three parts: the top and bottom sandwich and the toppings in the middle. The victim of a sandwich attack are the toppings, which are ground between two transactions.

In short, a sandwich attack means that you have to pay more for coins you want to buy on a DEX, because the attacker gets in front of you by paying higher gas fees than you, so that his transaction is handled first. Then he sells the coins you want in the same block to you (backrun), but at a higher price. The benefits the attacker pockets each time.

In principle, front running can also occur on a central exchange through insider trading, but the reputation of the exchange is too important to let that happen.

Trade on a DEX

When you start trading on a DEX, you have to deal with three variables: price, gas fees and slippage. Depending on the site, these are public data.

- Price. It is determined by supply and demand.

- Gas fees. These, too, are determined by supply and demand.

- Slippage. Slippage is a certain percentage you are willing to pay extra to make the transaction go through. Some coins are notorious for their high slippage, such as SafeMoon.

Automated Market Maker

An Automated Market Maker (AMM) determines the course of events on a DEX. An AMM sets prices through decentralized liquidity pools based on smart contracts and based on algorithms.

Providing liquidity can give you very high interest rates when liquidity is low. The downside is that you may not be able to sell the crypto when you want because there are no buyers.

If there is a lot of liquidity then you earn much lower interest rates, but you can get rid of your cryptocurrency much more easily, as with popular and established coins on a large DEX. Here there is little benefit for a bot on a trader.

Blockchain gas fees

This is a much more familiar principle. If you want to make a transaction on a blockchain, nodes or miners will validate your transaction. This usually follows the economic principle, with traders willing to pay the highest gas fees being the first to go, as miners benefit.

A block in a blockchain does not consist of just one transaction, but an entire bundle. Before a block is approved and settled, transactions are collected in a so-called mempool. That includes your transaction and that of the frontrunner. His goal is to pay more gas fees than you to be allowed to trade first and then sell the coins he bought to you at a higher price.

Slippage on a DEX

When you want to buy a coin on a DEX you will usually be asked to specify a slippage percentage. The higher you set this, the more you are willing to pay for your coins because you want the transaction to finalize. With high slippage and a large order you will almost certainly fall victim to a sandwich attack, as this will make the attacker a lot of money and leave you with a lot of loss.

Sandwich attack bot

So how does an attacker know which coin you want to buy, how much, at what price and at what slippage?

Bots exist just for this purpose. These monitor the mempool and know exactly when they can strike successfully (with profit). They determine the victims based on a calculation method that looks something like this:

If I pay 50 euros in gas fees to blockchain X and I buy this coin and sell it again at a higher price to trader Y, will I have a sufficient positive result? You can set all this up in such a bot.

Since blockchains are public, transactions can be tracked in a blockchain explorer or some sort of DEX tool with transactions from the public ledger, or public view ledger. The bot looks to see if there are pending transactions in the mempool, yet to be executed, and determines who its victims will be based on these pending transactions.

If you see in such a tool that a particular address is both buying and selling with other traders in between, then this is probably a bot engaged in sandwich attacks. You can see this then by higher gas fees than the intermediate addresses, but a lower purchase price. He then sells his coins to his victims at a higher price. That's his revenue model.

Of course, such a bot will not get a really good name, but fortunately the owner of such a bot knows how to remain anonymous. Otherwise, there would be a mountain of creditors and angry people at his door the next day. Blockchain is great technology, but it has a number of opportunities for morally less high-minded characters to more or less scam it, even though it is legal.

Example of a sandwich attack

Let's give an example of a sandwich attack that almost never happens because the numbers are exaggerated. Exaggeration makes the point, we used to say at home.

Someone wants to buy PEPE for 1 million euros. He does this on an Ethereum DEX and so he has to pay gas fees in ETH. He sets his gas fees at 50 euros maximum and a slippage of 15%.

A bot can see this information in the meme pool. Since this is a substantial amount of money with a high slippage, the bot makes sure that it puts this trade on hold.

The bot sets up a PEPE purchase, buying for €1 million at gas fees above €50. Since there is a 15% slippage for the buyer, the bot knows he can get an extra 15% from him. When he sells, he will make a profit of about 15%, which in the case of large orders can yield a lot, in this case about 150,000 euros.

Most trades will involve lower amounts, but the principle is clear. Since bots are tireless they continue this practice all day long, taking money from traders who suspect nothing in large numbers. The trader will only see that he gets coins at a fairly high price.

Some accounts make millions a month with this sort of trade. Now that's money for nothing!

By the way, if you're planning on frontrunning yourself, we have bad news for you. You won't succeed, because bots are simply much faster than humans. Of course, you can buy such a bot and throw your morals on the dung heap. It's just business, you know....

What can you do against a sandwich attack?

There are a number of things you can do against a sandwich attack to reduce the risks:

1. Trade on a DEX via smaller trades. The lower the profit a bot can make, the less likely it is to attack you. This may be impossible because of high gas fees.

2. Avoid places with low liquidity, such as a smaller or unknown DEX or an obscure coin. The less liquidity, the fewer traders, the higher the chance of a bot lurking on an unsuspected trader and the less chance of another frontrunner bothering the bot. Often there is also higher slippage here.

3. Trade on a DEX where you can place limit orders, such as 1Inch. With a limit order, you determine the price at which you want to trade.

4. Be very careful when setting a slippage percentage. Set it as low as possible, especially if you are betting a high amount. Don't send an invitation for a sandwich attack!

5. Consider deploying a quick transaction on a large order, i.e., paying higher gas fees than necessary, but with an important goal: to be able to trade first.

6. Use the "flashbot transaction," as on 1Inch. These transactions are not shown in the mempool.

7. Trade on 1Inch, using the limit order and flashbot transaction.

Conclusion

A sandwich attack can cost you a lot of money when trading on a DEX. Especially if it is a large trade. If you have deep pockets, protect yourself in the above ways.

Another option is to give up trading on a DEX. Unless you know a sure shot they are, frankly, extremely expensive exchanges, where you only go to buy obscure coins that are not yet for sale on a central exchange. Also known as gambling.

It's ok to pay a little extra if you purchase an LP pair and then tie it up to farm, but if you plan to buy and sell you can spend big bucks on trading fees, gas fees and sandwich attacks.