Save on your transactions and protect from on-chain attacks - how to not become "sandwitched" and avoid front-running
0xF16
0x4F0d
February 11th, 2024

Introduction

If you've ever transacted on the Ethereum blockchain, you've probably encountered or at least heard about the issue of high gas prices. With the introduction of EIP-1559, these fees now reflect the demand at a specific time and are more fair to what happens on-chain. However, it's important to note that gas prices are not the only thing you should consider when transacting on Ethereum. There is also the risk of being sandwich attacked, which can be more damaging, or your transaction could fail if the price changes unfavorably between when you send a swap transaction and when it gets included in a block. All of these factors can result in the loss of your money, sometimes amounting to hundreds or thousands of dollars, and can be incredibly frustrating. In the following article, I will explain why these issues occur and provide tips on how to "game the system" to your advantage.

Problem of MEV

MEV has been a concern ever since there was a chance to extract profits. Due to the public nature of transactions before they are added to the block, certain individuals attempt to exploit this situation. Now, let me highlight the resulting outcomes for you.

The good ✅

Arbitraging, as a form of MEV, can actually have its advantages for users. It helps to establish a more consistent price for a particular token across different DEXes and chains. When an arbitrageur identifies a price discrepancy, their bots can quickly execute transactions by purchasing tokens on a cheaper DEX and selling them at a higher price on another DEX. This action effectively reduces the price of the token on the second exchange, resulting in immediate profits for the arbitrageur and normalized price across DEXes.

The bad ❌

In Ethereum, when there are more transactions waiting to be included in a block than the current gas limit allows (which measures how many transactions can fit within a certain time period, as Ethereum blocks vary in size), a competition for block space gets bigger and bigger and the gas price begins to rise as well. This means you have to pay more for transactions. As a result, people or bots want their transactions included in a specific block as quickly as possible because it is profitable for them. They are willing to pay a higher priority fee as a nice tip for the validator to expedite the inclusion of their transaction. However, during busy moments, the base fee also increases. This fee is mandatory for everyone to pay at a specific time. With more transactions flowing in, there is a greater chance for arbitrage and more opportunities for profit, which leads to even more transactions being sent. The demand for block space increases, causing the price to include transactions in a block to rise. This whole situation is undesirable as it prevents "normies" from transacting at a low cost and can result in transactions getting stuck in a queue called a mempool. Sometimes, it can even be worse, with transactions failing or being reverted, resulting in the burning of some ETH without the intended fulfillment (e.g., a token not being swapped).

Imagine spending $20 or $50 on a transaction that ends up being completely useless! It's such a waste of money!

That is the downside of MEV - it creates a need for more transactions, which could continue indefinitely.

The ugly ☠️

The most unfortunate type of MEV is being caught in a “sandwich” situation. This happens when you intend to make a swap and set a high slippage either knowingly or unknowingly. The slippage needs to be significant enough for someone to exploit and take advantage of your transaction. However, no one wants to be taken advantage of, right?

Here's how the attack works (with some simplifications) - picture this: you want to swap 10,000 USDC for 5 ETH. Assuming the price of ETH is $2,000, if the slippage is set at 5% (which is quite high), it means you agree to make the swap even if you receive only 4.75 ETH. That's a difference of $500 (or 0.25 ETH if you prefer this unit of account)! Now, imagine a bot that monitors all transactions in the mempool and executes two transactions that at the end harm an “average Joe” (all of that happens as transactions are awaiting to be included into a block):

  • The initial transaction is made by a bot ahead of yours - a front-runner purchases ETH on a DEX, causing the price of ETH to increase to $2050.

  • Next, your transaction is carried out (let's assume your transaction fulfills at an average price of $2100).

  • Following the second transaction, a bot sells ETH for $2100 and the price returns to $2000.

Everything occurs within the same block, leaving you with no opportunity to respond. Ultimately, the bot generates a profit instantaneously, while you find yourself paying extra. Your funds had been depleted! This scenario frequently unfolds on a blockchain, affecting numerous individuals.

Example of a real sandwich attack - attacker earned ~0.22 ETH while a transaction in the middle bought tokens on a higher price than it normally would (Source: https://ethereum.stackexchange.com/questions/123722/how-front-running-bots-can-see-private-transactions-sent-via-flashbots)
Example of a real sandwich attack - attacker earned ~0.22 ETH while a transaction in the middle bought tokens on a higher price than it normally would (Source: https://ethereum.stackexchange.com/questions/123722/how-front-running-bots-can-see-private-transactions-sent-via-flashbots)

Using the right RPC for a rescue!

There are few simple solutions to not to lose money:

  • transact in a low-fee environment (when gas is cheap)

  • go to some other L2 chains (like Arbitrum, Optimism) where there is no chance to front-run because of the mempool being private (due to a single entity making blocks)

  • go to other blockchains (like Polygon or Solana), where the mempool is rather private or blocks are very quick (due to short times between blocks)

However, there may be situations where this is not feasible. There could be various reasons why you may not want to explore other locations, such as limited availability of liquidity, lack of trust in other platforms or chains, or the token/project not being accessible there. In such circumstances, you might consider the following:

  • If the issue is that my transactions are visible to everyone in the mempool, how can I hide my transactions from others?

  • If the price moves unfavorably, how can I ensure that I do not incur losses on transactions being reversed without experiencing slippage?

As long as encrypted mempools are not live, you can consider using an RPC as a safeguard against those attacks mentioned earlier. But what exactly is an RPC, you might wonder? It's a server that your wallet connects to for sending transactions to the Ethereum network or receiving information from the blockchain. Whenever you send a transaction from MetaMask, it goes through an RPC to communicate with other Ethereum nodes, as browsers cannot directly interact with the Ethereum network. It's as simple as that!

How does an RPC work and who are involved in a transaction execution?

In Ethereum, there are a few key actors that are important to understand for the topics ahead. To make it easier, let's identify them as follows:

  • User: This refers to a "customer" of Ethereum who wants to perform a transaction, such as a swap.

  • Searcher: Typically a bot, searches for opportunities to extract some MEV (earn money) by taking the user's transaction and proposing a back-run transaction. This usually involves an arbitrage transaction that allows them to make some extra income. Unlike front-running or sandwiching, this is actually beneficial for users.

  • Block builder (for simplicity I call them later RPC as this is their service exposed to a user): This entity collects bets on specific transaction batches from searchers, selects the winners, and then adds other transactions from private and public mempools. Finally, they send these transactions to validators for approval.

  • Validator (acting as a block proposer): This is a specific Ethereum node that, during a specific 12-second round, can propose a block.

Illustration of the movement of transactions and decisions involving key participants. (Source: Flashbots GitHub - https://github.com/flashbots/mev-boost)
Illustration of the movement of transactions and decisions involving key participants. (Source: Flashbots GitHub - https://github.com/flashbots/mev-boost)

Now that you know who will be involved in executing our transaction, let's move on and meet the RPC providers, who have some extra powers for those above:

They have different specific services, but their main goal is to gather transactions from users, select the best bets from searchers, create a block with the searchers' transactions, and if they have a validator working with them, they try to persuade the validator, who is a block proposer, to include their blocks. This collaboration is beneficial for both the validators and the block builders because these blocks contain transactions that are not usually visible elsewhere, such as in a public mempool. This allows the block builder and validator to earn extra income. I believe you already understand the arrangement, right? Essentially, there are transactions that are typically not visible to the public until they are included in a block. This enables users to have "private" transactions, the block builder (referred to as RPC for simplicity) has a market to earn money, and the validator (who is a block proposer) gains access to transactions that can potentially earn them a significant amount of ETH compared to just taking transactions from a public mempool.

How it is being decided to select the most profitable blocks (Source: Flashbots Docs - https://docs.flashbots.net/flashbots-auction/overview)
How it is being decided to select the most profitable blocks (Source: Flashbots Docs - https://docs.flashbots.net/flashbots-auction/overview)

Where are the profits being generated? As mentioned earlier, these RPC providers gather and arrange transactions in a specific sequence, and then send them to validators by offering incentives. The block builder who offers the highest payment emerges as the winner. It's as simple as that! So, how much money are we talking about? Typically, according to market standards: 90% of the profit from a successful back-run is given back to the user of an RPC as cashback, while the remaining 10% is divided between the back-runner, the RPC and other parties. You may think: “it's not much”, but these amounts can range from a few cents to even tens of thousands of dollars - all within the same block where the transaction takes place. To summarize, the incentives are as follows:

  • You as “a user” don't have to pay anything extra to get added security against sandwich attacks and "private mempool". In fact, you get to keep 90% of the profit if someone tries to back-run your transactions. That's a great deal!

  • A back-runner is always on the lookout for a chance to make some extra money through arbitrage. They are willing to pay for that opportunity. They take 10% of the profit, which is then shared between them, an RPC provider (block builder), and a validator. Afterwards, they bribe the RPC provider to include their back-running operation after your transaction.

  • The RPC operator receives bribes from a few back-runners (or searchers) who have found opportunities and attempts to bribe a validator.

  • The validator examines the best blocks and publishes the one that offers the most incentives, while also taking their own bribes.

Some RPCs also provide protection for users by preventing the execution of transactions that are expected to fail or be reverted. This means that if the price of tokens moves unfavorably for a trader, such as breaching a deadline for a swap or slippage, the transaction would not proceed and the trader would not incur fees or experience a loss. With the revert protected RPC, the transaction would not consume the user's ETH as it would not be included in the blockchain - never ever! It's a win-win situation!

How to set it up and use it for transacting?

Finally, after learning the necessary theory to understand the topic, let's dive into the practical aspects! Let’s make our hands dirty! To begin, let's visit the website of any provider. For the sake of simplicity, I will demonstrate how to set up the RPC using Flashbots (for customized settings) and MEVBlocker.io (for simple 1-click solution). These platforms offer a range of strategies, such as private mempool transactions, protection against transaction failures/reverts, or custom fee share policies. Please note that I won't be discussing detailed privacy or censorship concerns here, so make sure to choose a provider that aligns with your specific needs.

Flashbots

I must say, Flashbots deserves credit for creating a fantastic wizard that assists us in comprehending the impact of our choices on transaction potential waiting times and privacy. It also grants us a great deal of control over these aspects. So, let's get started!

Flashbots Protect
A safer way to transact on Ethereum, by Flashbots.
protect.flashbots.net

  1. Go to page above.

  2. Familiarize how your choices affect the speed, privacy and percentage of how much of the transaction fee you want to keep comparing to the rest of the parties.

Here, you have the option to choose the block builders with whom you would like to share your transaction. Remember, sharing it with more builders increases your chances of being included faster, while sharing with fewer builders ensures more privacy. In any case, it is crucial to never let it leak to a public mempool.
Here, you have the option to choose the block builders with whom you would like to share your transaction. Remember, sharing it with more builders increases your chances of being included faster, while sharing with fewer builders ensures more privacy. In any case, it is crucial to never let it leak to a public mempool.
This step is quite technical. I will leave it for you to go down into the rabbit hole if you are interested, but the rule of thumb is: the more options you choose, the more information you are willing to provide to a block builder. This information will assist in determining whether or not to include you in the block.
This step is quite technical. I will leave it for you to go down into the rabbit hole if you are interested, but the rule of thumb is: the more options you choose, the more information you are willing to provide to a block builder. This information will assist in determining whether or not to include you in the block.
The inclusion times are definitely impacted by the refund share. The standard split is 90% for you (the user) and 10% for the searcher, relayer, RPC etc., but you are welcome to customize it as you wish.
The inclusion times are definitely impacted by the refund share. The standard split is 90% for you (the user) and 10% for the searcher, relayer, RPC etc., but you are welcome to customize it as you wish.
The final step includes a helpful summary of the effects of the choices you have made. Once you are happy with the summary, you can easily add the RPC address to your MetaMask with just one click.
The final step includes a helpful summary of the effects of the choices you have made. Once you are happy with the summary, you can easily add the RPC address to your MetaMask with just one click.

MEV Blocker

Mev Blocker - The best MEV protection under the sun
MEV Blocker is your personal protection from frontrunning and sandwich attacks for a broad spectrum of Ethereum transactions
mevblocker.io

This is a choice if you do not want to have to much of a customization, but still want to to be protected. What it does, it takes your transactions and share with most of the MEV protection providers. To be protected, simply scroll down their page, and add a new network by clicking Add to Wallet:

MEV Blocker offers a simple setup without requiring extensive customizations.
MEV Blocker offers a simple setup without requiring extensive customizations.

I believe this will be the best choice for the majority of individuals. However, for those seeking more a, there are additional options available to choose from.

  • if you want to have revert protection, use: https://rpc.mevblocker.io/noreverts (keep in mind your transaction may be included slower, but will never revert)

  • if you want full privacy, use: https://rpc.mevblocker.io/norefunds (focuses on privacy; will not share TX data with other providers; prevents transactions failures in addition)

How to do transactions?

Once you have successfully added your new RPC to your wallet, it is generally recommended to utilize it primarily for actions such as swaps or adding/removing liquidity. To do so, simply switch to the desired network by clicking on the "network selector" dropdown located in the top-left corner of MetaMask wallet. However, for other operations like transfers, you can still use the normal RPC as they are not considered critical. Of course, if you have a different perspective and deem it necessary, feel free to use it.

Choose the network that aligns with your specific goals.
Choose the network that aligns with your specific goals.

Great job! You've learned how to safeguard yourself against the majority of MEV attacks. Moving forward, continue making your transactions as you normally would. Just keep in mind that these transactions won't be visible to public block explorers like Etherscan.io until they're included in a block.

When your transaction successfully passes through the secure RPC, this screen would tell you nothing. It either went smoothly or not :D Now, all you have to do is relax and patiently wait for it to be included in a block. It after some time it's not happening retry the transaction.
When your transaction successfully passes through the secure RPC, this screen would tell you nothing. It either went smoothly or not :D Now, all you have to do is relax and patiently wait for it to be included in a block. It after some time it's not happening retry the transaction.

What can go wrong? How can you unblock yourself in case it is needed?

If your transaction no longer meets your needs and you wish to cancel it, or if the RPC has revert protection, you have two options:

  • You can either wait for the transaction to expire (the exact duration is not specified).

  • You can perform the "bumpFee" operation. This involves sending the transaction again with the same nonce, same or higher baseFee, and a higher priorityFee.

To initiate this process, please follow these steps:

MetaMask → “Ellipsis” - those three vertical dots → Settings → Advanced → toggle “Customize Transaction Nonce”

This option enables you to make a transaction with the same sequential number. If the new transaction with the same nonce has higher priorityFee it would replace the previous transaction.
This option enables you to make a transaction with the same sequential number. If the new transaction with the same nonce has higher priorityFee it would replace the previous transaction.

There is one more thing you need to do. You have to locate the nonce of the transaction that you think is stuck or that you want to cancel. To accomplish this, go to the Activity tab in MetaMask on the main view. From there, click on the most recent transaction that is waiting to be included in a block.

When you choose a transaction, you will be able to see additional properties, such as the required nonce.
When you choose a transaction, you will be able to see additional properties, such as the required nonce.

Next, let's search for a position called "Nonce". This position represents the sequential number of the transaction that you will require for the upcoming steps. It is important to include this number when replacing or canceling a transaction.

Nonce is the value that we are going to use in the next step. That will replace the transaction.
Nonce is the value that we are going to use in the next step. That will replace the transaction.

Replacing the transaction is technically sending a transaction with the same nonce but higher priorityFee through block proposer RPC.

To effectively cancel the transaction, it would be most suitable to send a 0 ETH transaction to your own address using a standard RPC. Why send ETH to yourself? This is because you are familiar with your address, and sending ETH is the least expensive transaction that can be triggered (resulting in the lowest cancellation costs). Since your other transaction is in a private RPC, a public mempool will readily accept your new cancellation transaction without any problems and that will invalidate the “private” one, as it is unaware of the other.

After you make a simple "Send" from the MetaMask on the second step set nonce same as the transaction that you want to replace or cancel.
After you make a simple "Send" from the MetaMask on the second step set nonce same as the transaction that you want to replace or cancel.

If your wallet is lost and giving you since some time wrong nonce numbers (they are too high), you have to go do what follows: MetaMask → “Ellipsis” - those three vertical dots → Settings → Advanced → Clear activity and nonce data → Clear activity tab data.

By clearing the activity tab data, MetaMask will now use the nonce sequence number based on the blocks that have been mined and the pending transactions that are visible to the public.
By clearing the activity tab data, MetaMask will now use the nonce sequence number based on the blocks that have been mined and the pending transactions that are visible to the public.

Reward for you!

Now that you've followed all the steps, it's time to mark this milestone. By minting an NFT under this article, you not only show appreciation for the work presented here, but also indicate that now use the protection against the MEV attacks presented in the article. Remember, the minting cost comprises only of gas fees on Optimism, which is less than few cents. Let your action signify your journey towards enhanced protection of your hard earned money. Do not forget to subscribe as well!

Summary

In conclusion, understanding MEV and implementing the use of RPCs like Flashbots or MEVBlocker.io can greatly enhance your Ethereum transactions. These tools offer lots of benefits, from reducing the risk of front-running and sandwich attacks to ensuring your transactions remain private from potential exploiters in the public mempool.

These services can also provide “revert protection”, ensuring that if a trade doesn't go in your favor due to unfavorable price movement, the transaction won't be executed - meaning no lost ETH on transactions that would fail or revert.

Remember, setting these up with your MetaMask wallet is easy - a few simple steps and you can enjoy the protection and benefits they offer. So whether you're a casual trader or a power user, consider using these MEV blocking RPCs. This will not only potentially save you from paying an unnecessary premium on your transactions but can also keep your trades private and secure.

To protect yourself from MEV attacks and ensure the privacy and efficiency of your Ethereum transactions, make sure to utilize these outstanding tools. After all, knowledge is power, and using that knowledge to protect your assets is the smart move. Happy trading!

Subscribe to 0xF16
Receive the latest updates directly to your inbox.
Nft graphic
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.
Arweave Transaction
bFEFCqx3y-_ICV0…HKzfAyFO6GjVxHM
Author Address
0x4F0dA995496B7d6…5aad98904e6D0bb
Content Digest
7sOnoIySxnYZTKW…Z4QAKmkoo5vDRpY
More from 0xF16
View All

Skeleton

Skeleton

Skeleton