What's frontrunning in DeFi?

Frontrunning is a potential issue that can occur on automated market makers (AMMs) like Uniswap, as they use an algorithm to determine the prices of tokens. In a frontrunning attack, a trader can take advantage of the algorithm by predicting its next move and executing trades before the algorithm can adjust the prices.

For example, if a trader knows that a large buy order is about to be placed on Uniswap, they can place their own buy order at a slightly higher price, before the large order is executed. This allows them to purchase tokens at a lower price than the market price, as the algorithm adjusts the price upward after the large order is filled.

What's a sandwich attack in DeFi?

A sandwich attack is a type of exploit that takes advantage of a loophole in a decentralized finance (DeFi) protocol. It is a form of front-running, where an attacker takes advantage of a delay between the time a trade is executed and when it is settled on the blockchain.

The basic concept of a sandwich attack is to place an order for a token at a specific price and then execute a second transaction that buys the same token at a lower price, essentially "sandwiching" the first order. The attacker then sells the token back to the original buyer at the higher price, profiting from the difference.

For example, an attacker could place a buy order for a token at $100, then execute a second transaction to buy the same token at $90 from another user. The attacker then sells the token back to the original buyer at $100, making a profit of $10.

These types of attacks are possible because of delays between the time a trade is executed and when it is settled on the blockchain. This delay creates a window of opportunity for attackers to exploit, as they can take advantage of the delay to execute a second transaction at a lower price before the first trade is settled.

This type of attack is difficult to detect and prevent, as it relies on exploiting a delay in the system. However, some protocols have implemented measures such as price oracles to help mitigate the risk of sandwich attacks.

It is important to note that while the AFSA-Shield reduces substantially the risks of being frontrun on an AMM, it is not a guaranteed outcome. In theory, timestamps can also be subject to manipulation.

The code used for the Shield is:

require( tx.gasprice <= BaseV1Factory(factory).maxGasPrice(), "gas is too high!" );

With each trade , this code does not allow for transactions to be put in front of a user's transaction by offering more gas.