The recent crypto market has experienced successive "bloodbaths." After the meme coin craze subsided, Solana not only failed to see a price increase, but users also flocked to social media to complain about being "sandwiched."

User X @btc_798 claimed that after buying the $GANG token on the Solana chain, the token's price skyrocketed by 100 times. They then sold their holdings. However, due to the routing service choosing a low-liquidity Raydium pool (only 100 SOL) instead of the more optimal Orca pool (4000 SOL), the sell price was far below the market price, causing the trader to earn about 1000 SOL less. "Even SOL's anti-sandwich node has started to act maliciously." @PinkPunkBotCN also mentioned that they suspect the recent sandwiching phenomenon is nodes deliberately "reaping" users.

GMGN Co-founder @haze0x also made a dedicated post to remind everyone: "There are issues with MEV facilities on the SOL chain, and sandwich attacks have started to run wild."

In response to these phenomena, crypto analyst @PepeBoost888pointed out that recently some Jito validators have leaked data to sandwich attackers, allowing the attackers to prematurely access data on anti-sandwich transactions. According to @solstatz's statistics, on March 15 alone, Raydium reported 10633 attacks, resulting in a total loss of 916.63 SOL; Pump Fun reported 1770 attacks, resulting in a total loss of 314.85 SOL.

Where Is the Problem?

In fact, "sandwich attacks" are not new to Solana. The sandwich attack, a type of MEV (Maximal Extractable Value) strategy, is a common issue in the AMM market. In this attack, bots detect the transaction before it is included in a block, execute a buy order to raise the price, and immediately place a sell order after the transaction is completed, earning the price difference. This forces users to buy the token at a higher price while the bots effortlessly profit. Although fundamentally MEV is not without value and can help prevent spam attacks through priority fee mechanisms, it seems that Solana has left a vulnerability to sandwich attacks due to a mechanism issue.

The MEV on Solana was not very noticeable initially, until Jito introduced the MEV Reward Protocol and started gaining traction. Today, over 66% of validators have adopted the Jito-Solana client, which allows users to prioritize their transactions by paying a "tip." Additionally, Jito runs a mempool, which inadvertently allows sandwich attackers to monitor user transactions. Although Jito closed the mempool in March 2024 in an attempt to reduce such attacks, MEV bots can still listen to transactions by running RPC nodes, and the attack behavior has not stopped.

In June 2024, Tim Garcia, the Solana Foundation's Validator Relations Lead, announced on Discord a decision to take strong measures to remove over 30 validators participating in sandwich attacks to mitigate the issue. However, this action did not completely solve the problem of frequent attacks. For example, the infamous "arsc" bot managed to profit over $30 million within two months, and even after the Foundation's action, this MEV bot continued to earn significant profits through sandwich attacks. The attackers quickly adapted to the network changes and may have bypassed the restrictions by running their own RPC nodes to continue monitoring and frontrunning user transactions.

Related Reading: "Earning $30 Million in 2 Months, Why the "Sandwich Attack" on Solana Persists"

Today, the sandwich attack remains a persistent issue on Solana. Users commonly report that even after paying tips, they cannot completely avoid being sandwiched. This situation is highly reminiscent of the past, where attackers take advantage of Solana's high transaction processing speed and relatively predictable transaction ordering to continuously target transactions.

How Is This Different from Ethereum's "Sandwiching"?

In fact, "sandwiching" is not uncommon in the blockchain world, and Ethereum has also suffered from sandwich attacks. The reason the sandwich attack on Solana has become a persistent issue is closely related to its network design and operation, which differ significantly from Ethereum.

On Ethereum, the main source of MEV is related to the visibility of pending transactions. Due to the existence of a shared mempool, anyone can see the transaction information waiting to be included in a block. It's like knowing in advance which products are about to be sold out in a public market. Therefore, savvy traders can take advantage of this "foresight" to profit through arbitrage or transaction reordering. Attackers can outbid the transaction order by spending more gas fees, exploiting fee competition to carry out the attack.

Contrastingly, Solana does not have a Mempool, meaning that information about unprocessed transactions is not as openly available as it is on Ethereum. The difficulty of accessing this information has significantly increased. However, there is still an opportunity for validators. Validators are responsible for processing a round of transactions and can clearly see which transactions have not yet been included in a block. At this point, validators have a secret "ace up their sleeve": they can conduct a "sandwich attack" quietly, similar to players on Ethereum, to profit from it. But this advantage is private, known only to the "malicious" validator themselves, with other validators being unaware.

In terms of mitigating sandwich attacks, Ethereum and Solana have significantly different measures. Ethereum outsources transaction sequencing to professional sequencers through the MEV-Boost system, limiting validators' ability to manipulate transaction order, effectively reducing the occurrence of attacks. In contrast, Solana's Jito system, while attempting a similar mechanism, still allows attackers to exploit vulnerabilities by using private nodes to bypass restrictions. It can be said that Ethereum's MEV-Boost successfully constrains validator behavior, while Solana's Jito system appears somewhat inadequate in preventing attacks.

Furthermore, the network structures of Solana and Ethereum also determine the difficulty of prevention. Solana has only about 2,000 validators, with power relatively concentrated, where a few malicious nodes could influence transaction order, providing attackers with an opportunity. In contrast, Ethereum has over 500,000 validators, with a highly decentralized network, making it difficult for attackers to control enough nodes to carry out attacks, serving as a natural defense barrier.

Related Reading: "Dialogue with Solana Nodes: Who is quietly making a fortune with memecoin?"

In summary, Solana is fast but centralized, allowing attackers to exploit vulnerabilities using private nodes, while the Jito system fails to prevent such attacks. Ethereum, on the other hand, relies on fee competition and MEV-Boost, coupled with a decentralized structure, for more effective prevention. To address the issues, Solana needs to optimize its mechanisms and decentralize power.

How to Avoid Being "Sandwiched"?

Until Solana's system undergoes changes, understanding how to effectively prevent sandwich attacks in transactions becomes crucial for users.

Cryptocurrency analyst @PepeBoost888 suggests that to determine if your transaction has been sandwiched by a malicious validator, you can verify it by: first clicking on the block number of the relevant transaction in the Solscan blockchain explorer, then going to the block details page and finding the "Leader" field to view information about the validator node responsible for that block. Some malicious validators have already been reported by the community and have risk warnings on the Solscan platform. Users can also cross-reference the validator's address with the public list of malicious nodes maintained by @0xsucxub to confirm any risks.

For "P-Splinterlands" players, the primary principle of on-chain Doge pumping is to avoid setting a too high slippage tolerance. It is recommended to rationally set a 0.5%-1% reasonable slippage range based on market volatility. If using AMM for trading, one should proactively enable MEV protection function. This mechanism, through techniques such as obfuscating transaction paths and delaying broadcasting, can significantly reduce the likelihood of transactions being front-run by malicious nodes and subjected to sandwich attacks.

Related Read: "GMGN Co-founder teaches you how to become a qualified P-Splinterlands player"

The "sandwiched" phenomenon has once again sounded an alarm for the Solana ecosystem. This is not a unique issue to Solana but rather a growing pain that public chains may encounter. However, if being "sandwiched" becomes the norm, Solana's reputation may be affected. After all, it has been hailed as the "Ethereum Killer," relying on its high-speed performance and user experience. If users feel that this high-speed road is filled with all sorts of chaos like toll fees, packaging fees, and protection fees, who would still be willing to travel on it? Especially in key areas like DeFi, trust is the highest cost.

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia