A Study on Blockchain Sandwich Attack Strategies Based on Mechanism Design Game Theory

Abstract

The rapid progression of Decentralized Finance (DeFi) has established Decentralized Exchanges (DEX) as critical elements in the financial landscape. Nevertheless, the open and transparent nature of DEX makes them susceptible to strategic manipulations, especially the sandwich attack. During such maneuvers, ill-intentioned actors exploit price slippage by positioning their transactions strategically around a target’s order to reap unfair profits. This paper introduces a ground-breaking framework rooted in mechanism design game theory to lessen the impact of sandwich attacks. The framework delineates the precise strategy of the sandwich attack and its repercussions, shedding light on the tactical aspects and utility functions pertinent to both the attackers and the ordinary traders, subsequently referred to as workers. The discussion extends to defining utility functions for both the market and the workers, emphasizing the benefits of liquidity provision for the market and the potential profits and losses for the workers. The proposal encourages adopting a market-centric mechanism design grounded in game theory, wherein the market, operating as the designer, creates rules to maximize its utility while considering the workers’ utility. Through a meticulous analysis of this game-theoretic approach, the study identifies optimum strategies for all the involved parties, demonstrating that these strategies can reach a balanced state. Further, this study presents a comparative view against existing research, highlighting the limitations of contemporary solutions and asserting the effectiveness of the proposed model in protecting the interests of both the market and the workers. Ultimately, this research furnishes stakeholders with new perspectives and instruments to thwart sandwich attacks and lays a foundation for creating resilient and fair decentralized trading infrastructures.

1. Introduction

Decentralized Finance (DeFi) represents a transformative shift in contemporary finance, leveraging blockchain technology to furnish a decentralized, transparent platform for financial transactions. Within this domain, Decentralized Exchanges (DEX) emerge as notable entities, offering users an economical trading platform free from intermediaries. While the decentralized paradigm brings advantages such as increased transaction autonomy, heightened privacy, and reduced costs, it simultaneously unveils unique security challenges. A paramount concern is the ‘sandwich attack’, wherein attackers place their transactions around a victim’s order, capitalizing on price slippage. As the DeFi sector flourishes, reaching a market capitalization in the billions and attracting diverse investors and traders, the complexities of trading on DEXs have increased. This enhances opportunities for malefactors, compromising ordinary traders’ interests and undermining the foundational trust and fairness intrinsic to DEX. If traders perceive a risk of manipulation, they may shy away from DEX, impeding the robust and sustained evolution of the DeFi landscape.

The prevalence of sandwich attacks critically jeopardizes the fairness and transparency of DEX. If trader confidence erodes, it could trigger an exodus, reducing DEX liquidity and affecting its market efficiency and stability. Consequently, formulating a mechanism that effectively mitigates sandwich attacks and concurrently safeguards the interests of both the market and the traders has become an urgent research imperative. Moreover, it is vital that this mechanism addresses the attacks and does so without unduly impeding or delaying routine transactions. This calls for a comprehensive examination of DEX trading mechanisms, pinpointing potential vulnerabilities and formulating robust defensive strategies.

To address the outlined challenges, we advocate for an investigative approach grounded in mechanism design—a prominent subfield of economics that focuses on creating mechanisms to ensure that, despite private information, each participant’s strategic decisions converge to a socially optimal objective. Our methodology begins with a comprehensive examination of DEX trading mechanisms, highlighting susceptible areas. Building upon mechanism design theory, we then introduce an innovative trading mechanism adept at countering sandwich attacks while preserving market liquidity and efficiency. Our methodology comprises several distinct phases: 1. Data Collection and Analysis: We initiate by amassing a substantial dataset of DEX trading activities, followed by a rigorous statistical scrutiny to discern potential attack vectors and vulnerabilities. 2. Model Establishment: Using insights from the preliminary data analysis, we construct a trading model that meticulously captures the nuances of DEX transactions and potential malicious tactics. 3. Mechanism Design: Drawing from mechanism design theory, we devise a novel trading mechanism that encourages traders to disclose their authentic trading intentions transparently, effectively neutralizing malicious maneuvers. 4. Simulation and Validation: A series of comprehensive simulation experiments validate our mechanism’s robustness across diverse scenarios. Our experimental findings underscore that our proposed mechanism notably augments market fairness and transparency, ensuring optimal trading liquidity and efficiency.

The salient contributions of this work encompass the following key areas: 1. In-depth Examination of DEX Trading Mechanisms: We thoroughly investigated the DEX trading mechanisms and the associated attack strategies, which offered a rich data repository and deep insights for future research. 2. Debut of an Innovative Trading Mechanism: Our proposed mechanism, rooted in mechanism design theory, addressed the sandwich attacks while safeguarding market liquidity and efficiency—a marked breakthrough in the DEX sphere. 3. Pragmatic Implementation Guidance: Beyond theoretical discourse, our work provided actionable insights for real-world deployment. DEX operators can leverage our findings to refine their trading structures, enhancing market transparency and fairness. 4. Augmenting Mechanism Design’s Role in Finance: Furthermore, our study heralded an expanded role for mechanism design within the financial sector, especially in financial investigations.

2. Related Work

In the domain of game-theoretic mechanism design, numerous studies have addressed the challenges inherent to sandwich attacks. Heimbach and Wattenhofer provided a highly effective algorithm for traders to set the slippage tolerance. [1]. Modern game theory applications predominantly scrutinized terrorist targeting strategies encompassing entities like businesses, officials, and civilians [2,3]. Within these paradigms, targets often employ divergent tactics to thwart potential threats [4,5]. Noteworthy contributions by Sandler et al. and Zhuang et al. utilized game theory to elucidate equilibrium strategies for both attackers and defenders, focusing on optimal resource allocation against terrorism and natural disasters [6,7]. Similarly, Liang et al. presented an exhaustive survey of game-theoretic solutions targeting network security, bifurcating the strategies into attack–defense analyses and security metrics [8]. Zonouz et al. pioneered the Response and Recovery Engine as an innovative response mechanism [9]. Shamshirband et al. invoked a cooperative game-theoretic approach, enhanced with fuzzy q-learning, to detect and mitigate intrusions in wireless sensor networks [10]. Yuan et al. further postulated optimal criteria for cyber defenders and DoS attackers, leveraging optimal control paradigms [11]. This Special Issue spotlighted the cyber–physical security facets of Networked Control Systems and encapsulated state-of-the-art developments within system theory and decision sciences applied to this rapidly evolving domain [12].

Transitioning to the blockchain domain, Cai et al. critically evaluated blockchain-driven reputation systems, emphasizing vulnerabilities like ballot-stuffing and bad-mouthing [13]. Tosh et al. contextualized block withholding attacks within blockchain cloud architectures, accounting for disparate pool reward dynamics [14]. A novel threat vector, termed the balance attack, was introduced by Natoli et al., targeting forkable blockchain infrastructures [15]. Subsequent contributions by Budish et al. and Dey et al. delved into the economic constraints of Bitcoin and proffered machine learning frameworks to starve off a majority of blockchain-centric threats [16,17]. For bolstered security, Rathore et al. advocated for an integrated architecture merging Software Defined Networking with blockchain. This approach amplified the prowess for detecting threats within IoT ecosystems [18].

Based on previous research, this paper enhances the result of the extant literature [2,4,5,19,20,21,22,23] by introducing a bespoke game-theoretic mechanism, specifically crafted to neutralize sandwich attacks within market-centric environments.

3. Preliminary Work

In the context of the swift evolution of blockchain technology and DeFi, DEX have emerged as a focal component, attracting considerable attention. Nevertheless, the inherent openness and transparency of DEX inadvertently provide avenues for malevolent actors, with sandwich attacks standing out as the most prevalent one. In this section, we elucidate the intricacies of the sandwich attack, review the existing literature, and emphasize the significance of mechanism design in DEX.

3.1. Principles of the Sandwich Attack

At its core, the sandwich attack involves an attacker strategically positioning their transactions around a victim’s transaction to capitalize on price variances. The attacker initially inflates the asset’s price with the transaction (1), waits for the victim’s transaction to materialize and subsequently deflates the asset’s price with the transaction (3), thereby securing a profit.

(1)

Scenario without an Attack:

$$s_0\stackrel{TransactXForY\left({\delta }_x^V\right)}{⟶}\left(x^{*},y^{*}\right),{ \delta }_y^V=y_0-y^{*}$$

(1)

$$x^{*}=x_0+{\delta }_x^V,y^{*}=\frac{x_0{y}_0}{x_0+{\delta }_x^V-c_x\left(s_0,{\delta }_x^V\right)}+c_y\left(s_0,{\delta }_y^V\right)$$

(2)

The victim sent a transaction (2) using ${\delta }_x^V$ of x transformation of ${\delta }_y^V$ of y; the underlying Automated Market Maker (AMM) market starts from $s_0=(x_0,y_0)$; the market becomes a $\left(x^{*},y^{*}\right)$ state without any unexpected price sliding points caused by the attack.

(2)

Scenario with an Attack: The attacker’s initial state is $(\theta {\delta }_x^{A1},0)$. They initiate the front-running transaction (1) and the subsequent transaction (3) to launch a sandwich attack. Let ${\delta }_x^{A1}$ be defined as the attack cost just sufficient for a single sandwich attack.

$$\begin{array}{c}{s}_0\stackrel{ TransactXForY \left({\theta \delta }_x^{A1}\right)}{⟶}{s}_1=\left(x_1,y_1\right),{\delta }_y^{A1}=y_0-y_1\hfill \\ x_1=x_0+{\theta \delta }_x^{A1},y_1=\frac{x_0{y}_0}{x_1-c_x\left(s_0,{\theta \delta }_x^{A1}\right)}+c_y\left(s_0,{\theta \delta }_x^{A1}\right)\hfill \end{array}$$

(3)

The attacker exchanges ${\theta \delta }_x^{A1}$ of x for ${\delta }_y^{A1}$ of y. Starting from the underlying AMM market state $s_0=(x_0,y_0)$, the market transitions to state $s_1=(x_1,y_1)$.

$$s_1\stackrel{ TransactXForY \left({\delta }_x^V\right)}{⟶}{s}_2=\left(x_2,y_2\right),{\delta }_y^V=y_1-y_2$$

(4)

$$x_2=x_1+{\delta }_x^V,y_2=\frac{x_1{y}_1}{x_2-c_x\left(s_1,{\delta }_x^V\right)}+c_y\left(s_1,{\delta }_x^V\right)$$

(5)

Due to the front-running transaction, when executing the (2) transaction, the market state is no longer the initially assumed $s_0$, but $s_1=(x_1,y_1)$. Modifying the original (2) transaction formula by replacing $s_0$ with $s_1$, we obtain the new market state $s_2=(x_2,y_2)$.

$$\begin{array}{c}{s}_2\stackrel{ TransactYForX \left({\delta }_y^{A2}\right)}{⟶}{s}_3=\left(x_3,y_3\right),{\delta }_x^{A2}=x_2-x_3\hfill \\ x_3=\frac{x_2{y}_2}{y_3-c_y\left(s_2,{\delta }_y^{A2}\right)}+c_x\left(s_0,{\delta }_y^{A2}\right),y_3=y_2+{\delta }_y^{A2}\hfill \end{array}$$

(6)

After the victim’s transaction is executed, the attacker’s subsequent transaction (3) is executed. The attacker exchanges ${\delta }_y^{A2}$ of Y for X. Starting from the market state $s_2=(x_2,y_2)$, the market transitions to state $s_3=(x_3,y_3)$. Ultimately, the attacker obtains a profit of ${\delta }_y^{A2}$ in X. The attacker’s profit is calculated by subtracting the attack cost from the X currency amount obtained after the attack, which is written as follows:

$$profit={\delta }_x^{A2}-\theta {\delta }_x^{A1}.$$

(7)

3.2. Introduction to Mechanism Design Game Theory

Mechanism design game theory, a prominent subfield of economics, investigates the formulation of mechanisms that ensure that the participants’ optimal strategies coincide with the designer’s objectives. Within the sphere of DeFi, such designs are indispensable. This is primarily due to the information asymmetry between the market and its participants, which holds the potential for engendering malicious actions. Ideally, if the market possessed complete knowledge of a participant’s intentions—including potential malevolent plans—it could proactively design deterrent strategies. Yet, participants frequently withhold full disclosure, fearing privacy breaches or strategic exposure. This discrepancy presents a critical challenge: how can one construct a mechanism that safeguards participant privacy and mitigates malevolent actions? The answer lies in mechanism design game theory, particularly in its revelation principle. This principle asserts that, for every Bayesian Nash equilibrium, a corresponding direct mechanism exists wherein participants genuinely reveal their information. Consequently, one can effectively thwart malevolent endeavors by crafting a direct mechanism that incentivizes participants to disclose their intentions honestly. This study conceptualizes the market as the principal and the participants as the players. The principal’s mandate is to curate a mechanism encouraging the players to transparently convey their data, enabling the market to strategize and optimize its returns.

3.3. Introduction to the Problem

To describe this problem more concretely, we introduce some mathematical notations. We use R to represent the market and W to represent the set of workers. Each worker w_i has a type $z_i=\left\{c_i,T_i\right\}$, where C_i is the worker’s total assets, and T_i is his intention to attack. The types of all the workers form a type of space $Z=\prod i\in W^{Z_i}$. The information that worker w_i reports to the market is represented as $g_i\in G_i$, where $g_i$ is the worker’s strategy, a function of the worker’s true type z_i. The strategies of all the workers form a strategy space $G=\prod i\in W^{G_i}$. The market produces an output y_i based on these strategies, and all the outputs form an output space $Y=\prod i\in W^{y_i}$. In this framework, our goal is to design a mechanism, a mapping from strategy space G to output space Y. The devised mechanism ought to meet two essential criteria: firstly, it must optimize the market’s utility, and, secondly, it must ensure that the most strategic approach for the participants is to relay their information truthfully. Specifically, $h_i\left(g_i\right)$ is the requester’s strategy, and $h_i\in H$ is the mechanism strategy space. $u_R(h_i\left(g_i)\right):Y\to R$ is seen as the utility of the market, while $u_{w_i}(h_i\left(g_i)\right):Y\to R$ is seen as the utility of the workers.

3.4. General Framework to Counteract Sandwich Attacks

Given the escalating occurrence of sandwich attacks in the DeFi landscape, there is an imperative need for a holistic and robust strategy to neutralize them. A proficient strategy should not only detect and preempt these assaults but also guarantee that the DeFi environment retains its transparency, decentralization, and user-centricity.

Our proposed holistic strategy addresses the technical nuances and behavioral dynamics of sandwich attacks. Technologically, we incorporate sophisticated surveillance tools harnessing machine learning methodologies to discern anomalous trading activities instantaneously. These instruments are adept at pinpointing impending sandwich attacks, and facilitating swift counteractions.

Moreover, we champion the incorporation of transaction latency protocols. The attacker’s anticipated trajectory can be unsettled by instating a minor, randomized latency to every transaction. Even a slight delay could dissuade potential attackers while posing minimal disruption to regular traders.

Behaviorally, our strategy underscores the importance of trader education. By equipping traders with comprehensive insights into sandwich attacks, through resources and tools, they can be empowered to make judicious choices and adopt prudent trading habits. This encompasses instructive guides, illustrative case studies of sandwich attacks, and trading safety protocols.

Lastly, we advocate a communal approach to tackling these onslaughts. Envisioning a platform where users can flag dubious activities, recount their encounters, and brainstorm solutions can cultivate a communal front against adversarial elements. Harnessing the shared expertise and alertness of the DeFi populace can usher in a fortified, resilient ecosystem.

3.5. The Rise of DeFi

DeFi has emerged as a transformative paradigm within the financial landscape, heralding a transparent, permissionless, open-source financial service ecosystem. Operating devoid of central authority, this model ensures global inclusivity in accessing financial services. The catalyst propelling DeFi’s meteoric ascent is the Ethereum blockchain, which facilitates the deployment of smart contracts—self-executing contracts with predetermined conditions. These contracts have enabled many novel, transparent, and censorship-resistant financial offerings.

3.6. The Role of DEX in DeFi

DEX within the DeFi spectrum signify a profound evolution in finance. Capitalizing on blockchain technology, DeFi platforms provide financial services, bypassing conventional intermediaries such as banks. This democratization broadens the accessibility of financial instruments to an expansive global audience.

Several dynamics underpin DeFi’s ascendancy. Primarily, the innate transparency and robust security features of blockchain render it a compelling alternative to established financial architectures. Activities are cataloged on a public ledger ensuring transparency, while cryptographic methodologies undergird its security and integrity.

Furthermore, DeFi introduces groundbreaking financial instruments and services absent in classical financial systems. Mechanisms from yield farming to liquidity mining permit users’ novel avenues for asset appreciation, a departure from conventional modalities. Compounded by the automation capabilities of smart contracts, operational costs diminish while efficiency soars.

Nevertheless, DeFi’s exponential growth is not devoid of hurdles. Given its emergent phase, many platforms have yet to weather real-world exigencies, leading to vulnerabilities—with sandwich attacks epitomizing such pitfalls. As the DeFi domain advances, it is imperative to confront these challenges robustly, maintaining the integrity and trustworthiness of the ecosystem.

The prospects of DeFi are vast, heralding a more inclusive, agile, and lucid financial framework. However, the risks stemming from malicious exploits and system vulnerabilities must be preemptively addressed to harness their full potential.

3.7. Sandwich Attacks: A Growing Concern

Sandwich attacks, an emergent form of market manipulation, have raised substantial concerns within the DeFi realm. These attacks capitalize on the transparent sequencing of blockchain transactions, enabling malicious entities to leverage other traders’ actions preemptively. At its core, an attacker identifies an impending significant transaction, strategically positioning their trades before and after the target, thereby “sandwiching” it. This strategy facilitates price manipulation in favor of the attacker, potentially yielding substantial profits.

For example, attackers would buy the asset that users are exchanging, e.g., using Chainlink to exchange for Ether (ETH), knowing that the price of ETH is increasing. The criminals then purchase ETH at a lower price so that the victim can purchase it at a higher price. The attacker then sells the ETH at a higher price. This affects the amount of ETH the initial user will receive. Since the attackers managed to execute the order at the price they wanted, the cost of the following trade would be higher. This causes the price of ETH to increase, allowing attackers to profit by trading traders back and forth and artificially creating a price increase.

The underpinnings of sandwich attacks are intricately linked to blockchain transaction processing. Given that transactions are appended to the blockchain in aggregated “blocks”, a temporal window emerges wherein attackers discern pending transactions and strategize. Herein, the deterministic transparency of blockchain, typically its forte, is paradoxically a vulnerability.

As the DeFi ecosystem amplifies in traction and valuation, the lucrative allure of successful sandwich attacks intensifies, magnetizing malicious entities keen on exploiting such weak points. This trajectory not only imperils individual traders financially but also erodes trust in decentralized frameworks. For DeFi to fully manifest its promise, it is essential to confront and neutralize such challenges proactively.

3.8. The Need for Mechanism Design in DeFi

The inherent decentralization of DeFi platforms demands avant-garde strategies to safeguard security and equity. Colloquially termed “reverse game theory”, mechanism design involves sculpting a game with meticulous rules tailored to yield specific outcomes, even amidst participants pursuing self-centered objectives. Within DeFi, this translates to architecting infrastructures such that overarching system equity and integrity prevail irrespective of participants’ potentially self-serving or malevolent actions.

DeFi’s decentralized framework implies the absence of a centralized arbitrator to instate rules or penalize ill-intentioned players. This void in centralized governance renders traditional fairness and security safeguards, such as regulations or supervisory entities, impotent. Consequently, the inherent system protocols must be resilient to counteract malevolent conduct.

By harnessing mechanism design, we can cultivate DeFi platforms where optimal strategies for individual actors (traders, liquidity contributors, or prospective adversaries) synchronize with the platform’s collective optimum. This might encompass architecting fee models that dissuade sandwich attacks, incentivizing user-driven suspicious activity reporting, or pioneering trading algorithms impervious to recognized threats.

Moreover, as the value managed by DeFi platforms escalates, so do the stakes. An isolated vulnerability or systemic design oversight can trigger monumental fiscal setbacks and reputational dents. Ergo, integrating mechanism design within DeFi transcends mere academic contemplation—it crystallizes as a pragmatic imperative, anchoring the enduring credibility and reliability of decentralized finance constructs.

4. In-Depth Discussion on Utility Functions

4.1. Market Utility

Within the blockchain ecosystem, the market functions as a liquidity provider. Such liquidity is realized through a series of transactions and operations, with the fee revenue, $v\left(t\right)$, being paramount. This revenue represents the gains the market accrues from liquidity over time, t. In the majority of DEX, the fee revenue $v\left(t\right)$ is predominantly derived from the following three components:

• Market value $l\left(t\right)$: This part mainly relates to the fluctuation of the coin price. It is determined using Formula (1) $p1\times p2=k$. For stablecoins, since their value is relatively stable, this part is not considered.
• Governance token value $z\left(t\right)$: This part is time-dependent, reflecting the value of the governance token over time.
• Transaction-related part $g\left(t\right)$: This part is the product of transaction volume, coin price, and fee sharing divided by the total value locked.

Given the above, the fee revenue is calculated according to the following function:

$$v\left(t\right)=l\left(t\right)+z\left(t\right)+g\left(t\right)$$

(8)

Given the market’s inherent unpredictability and persistent volatility concerning coin prices, we adopt the Geometric Brownian Motion model. This model, a widely recognized stochastic differential equation within stochastic processes, aptly characterizes such volatility.

Obviously, a market’s currency price continuously fluctuates and has a certain degree of randomness. Therefore, we introduce the Geometric Brownian Motion model, a commonly used stochastic differential equation in stochastic processes.

$$\frac{dS\left(t\right)}{S\left(t\right)}=\mu t+\sigma dB\left(t\right)$$

(9)

In the above equation, $S \left(t\right)$ is the currency price at time $t$; μ is the return on asset S; σ denotes the volatility of asset $S$, and $B \left(t\right)$ is a standard Brownian Motion that follows the normal distribution of N (0,1). The solution of this differential equation is as follows:

$$S\left(t\right)=S\left(0\right)e^{\left(\mu -\frac{{\sigma }^2}{2}\right)t+\sigma B\left(t\right)}$$

(10)

After that, we will modify the formula for handling fee income. If $S \left(t\right)$ is defined as the token price at time $t$, then $l \left(t\right)$, $z \left(t\right)$, $g \left(t\right)$ can be rewritten as $l\left(t\right)=\alpha ·S_1\left(t\right)+{\beta ·S}_2\left(t\right)$, where $\alpha ·\beta = k$, and $z\left(t\right)=\lambda ·S\left(t\right)$ represents the quantity of two types of tokens separately, and $\lambda$ governs the number of tokens. $g\left(t\right)=\rho ·S\left(t\right)·c/tvl$, where $\rho$ is the trading volume, and $\rho$, $c$, and (2) are the constants.

As a simplification, the fee revenue v(t) can be obtained through the following equation:

$$v\left(t\right)=\left(\frac{\rho ·c}{tvl}+\lambda +\alpha +\beta \right)·S\left(t\right)$$

(11)

For the market, whenever an attack occurs, it will cause damage. We view the impact of the attack on the market as an impact on the health of the market, including liquidity conditions and so on. We use $k \left(t\right)$ to describe this indicator, which can be calculated using the following equation:

$$k\left(t\right)={\omega }_{1}b\left(t\right)+{\omega }_{2}a\left(t\right)+{\omega }_{3}m\left(t\right)$$

(12)

where $b \left(t\right)$ denotes (2); $a\left(t\right)$ denotes the number of active addresses, and $m \left(t\right)$ is the 24 h trading volume; ${\omega }_i$ is the weight coefficient toward each component, which can be determined using common methods such as the Analytic Hierarchy Process. Because short selling is also a type of trading, which can be both long and short, it is not possible to directly relate $a \left(t\right)$ and $m \left(t\right)$ to the prices. Considering that volatility is usually described using variance in statistics, we denote $a \left(t\right)$ and $m \left(t\right)$ with variance $Var\left[S_1\left(t\right)\right]$ of $S_1\left(t\right)$ multiplied by different coefficients as shown below.

$$a\left(t\right)=\delta ·Var\left[S_1\left(t\right)\right], m\left(t\right)=\eta ·Var\left[S_1\left(t\right)\right]$$

(13)

Then, $k \left(t\right)$ can be expressed as

$$k\left(t\right)={\omega }_1·tvl+\left({\omega }_2·\delta +{\omega }_3·\eta \right)·Var\left[S_1\left(t\right)\right]$$

(14)

The variance of $S_1\left(t\right)$ can be obtained with the following equation:

$$Var\left[S_1\left(t\right)\right]={S_1\left(0\right)}^2{e}^{2\mu t}\left(e^{{\sigma }^{2}t}-1\right)$$

(15)

Based on the physical meanings of two sandwich attack strategies, $h_i\left(g_i\right)$ is abbreviated as $h \left(t\right)$. Canceling an order will have an impact on both the commission income $v \left(t\right)$ and the health level $p \left(t\right)$. We construct a function $n \left(t\right)$ to describe the impact of canceling orders on the market. The more cancellations, the more negative the impact, where $n$ is the given parameter.

$$n\left(t\right)=\frac{n\left(1-\theta \right)}{h\left(t\right)+h_0}$$

(16)

Until now, the market utility can be written as

$$U_R={\int }_0^T{\int }_{\underset{\_}{x}}^{\overline{x}}\left[\left(v\left(t\right)+k\left(t\right)·d\right)·n\left(t\right)·f\left(x\right)\right]dxdt$$

(17)

where d is the given parameter showing the difference caused by the impact of canceling the order on the two variables. $f\left(x\right)$ is the probability density function of $w_i$’s attack intention calculated based on historical data. Without historical information, the statistical data of all the workers providing services to requesters can be used to approximate $f \left(x\right)$ and normalize the value of x to between [0, 1]. All the workers $x$ of $w_i$ have a maximum and minimum value.

4.2. Worker Utility

In this section, “workers” predominantly denotes traders. We operate under the assumption that all the workers act rationally. Thus, they will determine whether to initiate an attack and the amount of tokens to allocate based on maximizing their interests. We delineate this behavior using the profit function during the sandwich attack process, denoted as p(θ), which has been mentioned previously. Grounded in these assumptions, the subsequent equation encapsulates the utility of the workers:

$$U_w={\int }_0^T(p\left(\theta \right)·\mu \left(\theta \right)-h(t)·o)dt$$

(18)

where $h\left(t\right)$ is the market’s strategy, and $\mu \left(\theta \right)$ is a sigmoid function measuring the attack intention of the worker.

$$\mu \left(\theta \right)=\frac{1}{1+e^{-\alpha \left(\theta -{\theta }_0\right)}}$$

(19)

where $o$ is a parameter representing the loss from canceling a single order.

5. Market-Led Mechanism Design Game Theory

In this section, we integrate the previously discussed utility functions, applying mechanism design game theory to derive the optimal strategies for both the market and the workers. Subsequently, we examine the equilibrium conditions of these strategies.

5.1. Market’s Optimal Strategy

To optimize the market’s benefits, it is essential first to define its utility function, which is a function of both the market’s and the workers’ strategies. Specifically, we utilize the following formulation to maximize the market’s benefits:

$$max{U}_R={\int }_0^T{\int }_{\overline{x}}^{\overline{x}}\left[\right(v\left(t\right)+k\left(t{)}^{*}d\right)·n(t)·f(x)]dxdt={\int }_0^{T}R\left(h\left(t\right)\right)dt$$

(20)

where $R\left(h\left(t\right)\right)={\int }_{\underset{\_}{x}}^{\overline{x}}\left[\right(v\left(t\right)+k\left(t\right)·d)·n\left(t\right)·f\left(x\right)]dx$. In order to cause $U_R$ to maximize, we use the Euler–Lagrange equation for the solution.

$$\frac{\partial R}{\partial h}-\frac{d}{dt}\frac{\partial R}{\partial h^{\prime }}=0$$

(21)

Due to the absence of a first derivative for $h\left(t\right)$, the Euler–Lagrange equation degenerates into $\frac{\partial R}{\partial h}=0$ and, hence, we have

$$h^{*}\left(g\right)=\sqrt{\frac{n\left(1-g\right)\left(\underset{¯}{x}-\overline{x}\right)\left(v\left(t\right)+d·k\left(t\right)\right)}{2}}-h_0$$

(22)

After substituting $v \left(t\right)$ and $k \left(t\right)$ into the union simplification, we obtain the optimal strategy for the market as

$$h^{*}\left(g\right)=\sqrt{\frac{n\left(1-g\right)\left(\underset{¯}{x}-\overline{x}\right)\left(\left(\frac{\rho ·c}{tvl}+\lambda +\alpha +\beta \right)·S\left(t\right)+d·{\omega }_1·tvl+\left({\omega }_2·\delta +{\omega }_3·\eta \right)·Var\left[S\left(t\right)\right]\right)}{2}}-h_0$$

(23)

5.2. Worker’s Optimal Strategy

In parallel with the market’s strategy, it is imperative to define the worker’s utility function, which is contingent upon both the worker’s and the market’s strategies. We propose the following optimization problem for workers:

$$\max U_w={\int }_0^T(p\left(\theta \right)·\mu \left(\theta \right)-h\left(t{)}^{*}o\right)dt$$

(24)

By substituting the optimal strategy $h^{*}\left(g\right)$ of the market, we obtain the optimal strategy for the workers denoted using

$$g=g^{*}.$$

(25)

Due to the complexity of the analytical solution for $g$, which is limited by its length and overall appearance, we use ${ g}^{*}$ instead.

5.3. Equilibrium Analysis

To prove that the solutions above are the optimal choices for the market and the workers, it is crucial to verify that our solution outputs the largest utility for each stakeholder. Equivalently, the following inequalities holds

$$\frac{\partial R}{\partial h} \ge 0, \frac{{\partial }^{2}R}{\partial h^2} \le 0$$

(26)

Due to space limitations, we will not present the full proof on the main page. The central idea is solving the Hessian matrix of $R$ for $h$, corresponding to this Hessian matrix being semi-positive definite or using the definition of a convex function directly. Thus, $R$ is a convex function of $h;$ hence, its second-order partial derivative is less than or equal to zero.

6. Evaluation

The ascent of DeFi has marked DEX as being pivotal in finance. However, the inherent openness of DEX exposes them to manipulations like sandwich attacks, where malicious actors exploit price slippage for unfair gains. Building upon existing research, Liu et al. have applied the Stackelberg game and presented efficient mechanisms to analyze the pricing and workload allocation optimization for malicious behavior in crowdsourcing cases [24,25]. However, the research on the interactions between the market and the players in the adversarial sandwich attack setting is under-explored. Heimbach et al. proposed an algorithm for traders to circumvent most sandwich attacks, but it fails to consider the market’s profit [1]. This paper presented the utility functions of both the market and the workers and solved their utility optimization problems through a cooperative mechanism design. The closed-form optimal strategies are provided, which ensure truthful behavior in the equilibrium and creates a safer and more efficient trading environment within the DeFi sector.

6.1. Effectiveness Analysis

The game-theoretic model of mechanism design developed in the paper employs foundational principles from empirical economics and game theory [26,27] to allow the organizer to set up a mechanism (game rules) between the market and the workers which is predicated on the maximization of the market’s benefit, a function that is obtained using the variational method of solving the general function of the market’s benefit function defined on a generalized function space. The principles underlying cryptocurrencies and blockchain technology [28,29] further inform this model, ensuring that the market’s strategy will always be optimal, regardless of how a worker implements it. With this generalization in mind, the worker substitutes this mechanism into his benefit function and then solves it for his optimal strategy. In fact, the optimal solution obtained by the market is an optimal strategy space, and, no matter how the worker changes his strategy, he is in the optimal strategy space of the market. Both optimal strategies are obtained by taking derivatives. In particular, since the market’s benefit function is generalized, it is variationally differentiated and solved according to the Euler–Lagrange equation. By proving that the second-order derivative is less than zero, it can be introduced that both strategies maximize benefits, i.e., Nash equilibrium.

6.2. Security Analysis

The market is the rule maker of the game; this is based on the reality that workers who want to trade in the market have to abide by the rules set by the market, therefore ensuring that the rules of the game will be implemented correctly [30]. In establishing the workers’ benefit function, we have assumed that all the workers are rational—i.e., they will all maximize their benefits as their strategy. Under such a premise, the workers will choose their optimal strategy under the mechanism developed by the market. Based on the effectiveness analysis from the previous section, the workers choose the optimal strategy, meaning that the market can obtain the corresponding optimal strategy in the optimal strategy space and reach the Nash equilibrium, which maximizes the benefits for both.

6.3. Practical Application

When no mechanism is used to design a game theory model, a worker who finds a profitable order put forward by a user will launch a sandwich attack to take advantage of it. This causes the user to experience higher unexpected price slippage, resulting in severe financial losses, and also negatively damages the trading market by lowering the market’s fee earnings and corrupting the market’s reputation, which is negative for the market’s health [31]. That is why it is said that the market will act through some means, such as canceling the user’s orders to limit the attacks on the workers. However, this will also reduce the benefits of the market. Neither the market nor the workers will maximize their benefits in this blind confrontation.

The difference is that by applying mechanism design game theory, when the workers find a profitable order placed by a user, they formulate their strategies based on the benefit function. The market will then obtain the corresponding optimal strategy in the optimal strategy space so that both the market and the workers can have their optimal strategy. Each of them will reach their relative maximum benefit. Overall, this model achieves the following: it ensures that the market’s interests are not compromised; it thwarts some sandwich attacks; and it prevents users from over-experiencing unexpected price slippage, which would otherwise result in severe economic losses.

7. Conclusions

The inherent openness and decentralization of DeFi streamline transactions on DEX. However, these qualities also render it vulnerable to malicious sandwich attacks, which hinder the advancement of blockchain finance and smart contracts.

In response to this challenge, we introduce a method grounded in mechanism design game theory where the market serves as the rule-setter by optimizing its utility. Under this mechanism, the market can induce the workers to choose its optimal solution, maximizing the market’s profit. We calculated the closed form solution for the market and the workers through a convex optimization.

Our method not only seeks to enhance market returns but also addresses the interests of the workers, thus striking a harmonious balance. Collectively, our study presents a novel and efficacious approach for mitigating sandwich attacks in the DeFi sector, potentially fostering the evolution of blockchain finance and smart contracts.