Beware of a Sandwich attack in the Defi.
Beware of a Sandwich attack in the Defi.
I am a fan of Defi, but I am very cautious of Defi, as I have always considered Defi to have risks. In my earlier posts, I have already mentioned the impermanent loss, Change in the liquidity APR, locking of the capital in the pool. But the latest issue that I recently learned about in Defi or in another word, we can say that the user is completely rekt with this transaction. Some are considering this as Money laundering option as user itself give opportunity to the attacker to rekt him and may be in background both are colluding with each other.
User lost more than $700K USDC in a transaction and to be honest is not the case of losing $700K USD but user lost almost 97.5% of it's initial money. Look a very different picture when the user pays 2.5% transaction fees for a transaction, In this case,look like the user lost 97.5 in the transaction.
What exactly happened?
A Defi user was using Uniswap V3 protocol . User want to swap the $732583 USDC to USDT. (Note both USDC and USDT are stablecoins, so the expectation is that the User will get almost the same amount of USDT after performing the swap. Actually user received $18000 worth of USDT , losing more than $700000 worth of money in this transaction.
How it happened.
If you ever done transaction or performed swap in the Defi Platform, you noticed the Defi slippage tolerance in the interface. Slippage tolerance ensures that what percentage of loss you can bear in the transaction on what you initially observed when you started the transaction and what is your minimum threshold to receive while swapping one asset to another asset. Since user had used a slippage tolerance of 100% and amount you receive while swapping is the function of the liquidity in the pool for both of the token. User transactions are intercepted and Mev Bot did the transaction before and after the user large transaction.
Is it planned?
Since user did not used ant frontends and allowed the slippage of 100% that lead to believe some analyst whether user has colluded in this sandwich attack to launder the funds. Since the wallet initiating the transaction was funded likely by a mixer, and no frontend is used to linit slippage for this transaction.
My 2 cents.
I am not sure if user really lost it's fund or actually it was all planned but there are 2 lessons to be learned form here.
a.) Do not do a very big single transaction , it is better to break them in chunk of smaller values.
b.) Always set your "slippage tolerance/percentage " to some realistic value or the value that you are expecting to be happen while performing the transaction.
I hope, everyone will be now more careful and cautious while interacting with any Defi protocol.
Posted Using INLEO
This post has been manually curated by @bhattg from Indiaunited community. Join us on our Discord Server.
Do you know that you can earn a passive income by delegating your Leo power to @india-leo account? We share 100 % of the curation rewards with the delegators.
100% of the rewards from this comment goes to the curator for their manual curation efforts. Please encourage the curator @bhattg by upvoting this comment and support the community by voting the posts made by @indiaunited.
This post has been manually curated by @bhattg from Indiaunited community. Join us on our Discord Server.
Do you know that you can earn a passive income by delegating to @indiaunited. We share more than 100 % of the curation rewards with the delegators in the form of IUC tokens. HP delegators and IUC token holders also get upto 20% additional vote weight.
Here are some handy links for delegations: 100HP, 250HP, 500HP, 1000HP.
100% of the rewards from this comment goes to the curator for their manual curation efforts. Please encourage the curator @bhattg by upvoting this comment and support the community by voting the posts made by @indiaunited..
This post received an extra 6.19% vote for delegating HP / holding IUC tokens.
!LOLZ
!PIZZA
!BEER
@apoloo1, sorry! You need more to stake more $PIZZA to use this command.
The minimum requirement is 20.0 PIZZA staked.
More $PIZZA is available from Hive-Engine or Tribaldex
lolztoken.com
Well……I hear he is a pain in the neck.
Credit: reddit
@r1s2g3, I sent you an $LOLZ on behalf of apoloo1
(4/4)
Delegate Hive Tokens to Farm $LOLZ and earn 110% Rewards. Learn more.
!LOLZ
!PIZZA
@osiriss, sorry! You need more to stake more $PIZZA to use this command.
The minimum requirement is 20.0 PIZZA staked.
More $PIZZA is available from Hive-Engine or Tribaldex
You always have to set limits to avoid scares.
Well said, very important to set up limits, and use frontend that give protection against these bots .
!PIZZA !LOL
lolztoken.com
She is stunning.
Credit: reddit
@gatet, I sent you an $LOLZ on behalf of r1s2g3
(2/10)
Farm LOLZ tokens when you Delegate Hive or Hive Tokens.
Click to delegate: 10 - 20 - 50 - 100 HP
Wow, that sounds like a horrible experience. Since a mixer was used, we won't know who ended up doing that, but I guess you have to be careful with large transactions.
Yeah, we should also always setup the slippage too.
!PIZZA !LOL
lolztoken.com
Gross-eries
Credit: reddit
@jfang003, I sent you an $LOLZ on behalf of r1s2g3
(1/10)
Delegate Hive Tokens to Farm $LOLZ and earn 110% Rewards. Learn more.
$PIZZA slices delivered:
r1s2g3 tipped jfang003
@r1s2g3(2/10) tipped @gatet
Come get MOONed!