Ethereum’s mempool has seen a recent boom in sandwich trading. Sandwich trading is a shrewd trading strategy that involves placing a trade before and after a selected and unsuspecting victim’s trade. The sandwich trader/bot observes that someone is about to buy a token, so they buy it first in order to artificially inflate the price, before selling the token afterwards at an incremental profit.
This is made possible because the Ethereum blockchain is transparent: Traders can see other transactions before they are confirmed on Decentralised Exchanges (DEX), and thus, sandwich bots position their trades before these initial transactions. There is no regulation preventing this, and victims have no recourse.
Robert Miller recently took to Twitter to divulge how sandwich bots became the victim, losing a total of 400 ETH.
As explained above, sandwich bots watch the Ethereum mempool for users buying on a DEX, and sandwich them by running the price up before the victim buys. They then dump the tokens afterwards, raking in a profit.
Traditionally, sandwich bots have been quite secure and only pay transaction fees on the sell transaction of a sandwich. If a sandwich does not make an ETH profit, then no transaction fees are incurred. Bots simulate this process to make sure they will not suffer a loss before the transaction occurs. It seems now though that two astute developers were able to find and exploit some weaknesses.
As explained by Miller via a Twitter thread:
Here’s how it went down (try stay with me): The sandwich bot got baited and bought 100 ETH of a specific ERC20 token. This poisonous token owner’s bait triggered a custom transfer function, paying 0.1 ETH to the miner. The sandwich bot’s sell, therefore, doesn’t work because of the poisonous token. Because the sandwich bot submitted these three transactions in a bundle, all three were included (the successful buy, the bait, and the failed sale). The poisonous ERC20’s payment via the custom transfer is what incentivised a miner to include it.
The first person to do this made about 100 ETH. You can see the poisoned ERC20 Uniswap transactions here.
Miller further noted that, within a short period of time, the victim actually turned into an apex predator, launching a similar but slightly different ERC20 (“YoloChain”), making themselves a hefty profit of around 300 ETH.
The owner of the first toxic token noticed that their victim was the latest predator and dropped a cryptographically signed note of respect:
The owner of the first poisonous token noticed their victim was the latest predator on the block and they dropped a cryptographically signed note of respect in the Flashbots discord
— Robert Miller (@bertcmiller) April 11, 2021
For the time being, carnage is over and bot operators have upgraded their bots accordingly, although a small few were entirely drained.
It’s important to note that users should always be careful in their trading, especially in automated landscapes like DEXs: Predators may well turn out to be prey.
Feature image by Doanld Stark from flickr