James Bachini

Defending Against Sandwich Attacks and MEV | A Guide to Flashbots Protect

Flashbots Protect

By using a private mempool such as Flashbots protect, Ethereum users can protect themselves against MEV (maximum extractable value) including sandwich attacks.

It doesn’t cost anything to use and is easy to setup with existing digital wallets, such as Metamask.

  1. Sandwich Attack Protection
  2. Setting Up Flashbots Protect
  3. Benefits & Drawbacks Of Private Transactions

Sandwich Attack Protection

MEV refers to the potential profit that miners can extract from the order and execution of transactions in a block. A sandwich attack specifically targets the ordering of transactions in a block to exploit price movements.

Here’s how a sandwich attack typically works:

  1. Monitor the Mempool The attacker monitors the Ethereum mempool for pending transactions waiting to be included in the next block. They identify a target transaction that they want to exploit. The ideal target transaction would be a large DEX order in to thin liquidity that moves the price of a digital asset.
  2. Execution The attacker instantly submits two additional transactions to the mempool, strategically positioning them before and after the target transaction by manipulating the gas fee to be included prior to the target transaction. The first transaction is designed to purchase the asset before the target transaction, and the second transaction sells it after the order has moved price.
  3. Fun & Profit By front-running the order the searcher is able to buy low and sell high creating a profitable trade all within the same block which finalises within seconds. Often searchers will bundle multiple transactions together to efficiently execute multiple MEV opportunities.
How MEV Sandwich Attacks Work

For the user that made the trade they will experience higher slippage because the price moved before their order. The MEV attackers front-running transaction increased the price that the user will pay for their trade.

To prevent this type of attack users can take advantage of private mempools. Flashbots MEV-boost relay is the largest block builder with currently 1 in 4 blocks being built using the service.

Flashbots offer a private RPC node called Flashbots Protect which can be used to execute transactions in a private mempool so that searchers can not view or front run transactions.

Setting Up Flashbots Protect

Flashbots Protect With Metamask

Let’s set up Flashbots Protect with Metamask.

First open Metamask and click on the network at the top (Set to Ethereum Mainnet as default). Then at the bottom of the list you’ll see an option to “Add Network” then “Add Network Manually”.

Fill in these settings:

  • Network Name: Flashbots Protect
  • New RPC URL: https://rpc.flashbots.net
  • Chain ID: 1
  • Currency Symbol: ETH
  • Block explorer URL: https://etherscan.io/
Flashbot Protect Setup With Metamask

Click save and you will have the new option labelled as Flashbots Protect in your network menu.

Flashbots Protect For Developers

For developers Alchemy also has an integration with Flashbots protect and we can access their private transactions using the method eth_sendPrivateTransaction

We can also set up a custom RPC node directly within Ethers.js

const flashbotsURL = "https://rpc.flashbots.net";
const provider = new ethers.providers.JsonRpcProvider(flashbotsURL );
const signer = provider.getSigner();
const userAddress = await signer.getAddress();
const ethBalance = await provider.getBalance(userAddress);
console.log(`User:${userAddress} Balance:${ethBalance}ETH`);

For Foundry users we can add a custom RPC node to forge commands using

forge create --rpc-url https://rpc.flashbots.net

For Hardhat users we can add the RPC URL into ./hardhat.config.js

And for the Remix fans we can just connect it to the Metamask network we added previously.

Benefits & Drawbacks Of Private Transactions

By executing transactions through a private mempool such as Flashbots Protect users can protect their txs from the opportunistic searchers that operate in the dark forest of Ethereum.

This reduces the slippage that users will experience when trading on decentralized exchanges leading to better execution price.

One negative of private mempools is that transactions are only included in the next block written by that pool. For Flashbots that means that a transaction will be included in 25% of blocks which would roughly equate to a execution time of just under one minute on average. This compares to a public mempool which would include the tx in the next block every 12 seconds.

If a transaction is not included within 6 minutes it is passed out from Flashbots to a public mempool.

Currently there is a rate limit in place of 80 requests per second with a burst limit of up to 100 requests. This should be more than adequate for general users.

Flashbots Protect will only include a transaction if it does not revert. Normally you will get a warning come up on Metamask but in a public mempool the transaction is still executed, reverts and you still pay a gas fee. Flashbots simulates the transaction first to ensure it will go through before including it in the block.

You can check transaction progress using the transaction hash with Etherscan as usual.

Where this is really valuable is for users executing either large transactions or executing orders into thin liquidity where their orders are moving the price about. Flashbots Protect can help improve the execution price you pay when trading digital assets by protecting against MEV and sandwich attacks.

Get The Blockchain Sector Newsletter, binge the YouTube channel and connect with me on Twitter

The Blockchain Sector newsletter goes out a few times a month when there is breaking news or interesting developments to discuss. All the content I produce is free, if you’d like to help please share this content on social media.

Thank you.

James Bachini

Disclaimer: Not a financial advisor, not financial advice. The content I create is to document my journey and for educational and entertainment purposes only. It is not under any circumstances investment advice. I am not an investment or trading professional and am learning myself while still making plenty of mistakes along the way. Any code published is experimental and not production ready to be used for financial transactions. Do your own research and do not play with funds you do not want to lose.



, , ,