Within the DeFi space, bot attacks have been an unavoidable plague for most new token launches. While most bot attacks during the early stage of a token launch have been so far dismissed by many as a part of the system, the bot attacks have often left traders and liquidity miners at a significant disadvantage to their pump and dump strategies. XFai is stepping up to develop a series of counter-bot measures to protect the community in preparation of the upcoming XFai Liquidity Generation Event (LGE), while setting an important precedent for the DeFi ecosystem.
Here are a few examples of the bot attacks that the security experts at XFai have identified, and are working on permanent solutions to render these attacks ineffective in line with our anti pump and dump strategy.
Demand Side Attack
Normally when farming starts, the attackers have previous knowledge that those particular Uniswap pairs have an increasing demand. The demand is matched by FOMO of the general public to purchase the token at a less-than-ideal price, along with liquidity farmers who do not optimize their operations for the price. The liquidity farmers often optimize according to the staking contract, thus keeping an eye less on the current price. This indicates that the liquidity farmers are less price-sensitive and attackers know this.
Attackers look at the particular pool that often has very little liquidity in the beginning, and with very little amount of money, the attackers can increase the price on Uniswap to an astronomical number. Then, the attackers hold for 1 to 2 blocks. After 1–2 blocks, the farmers come in, buy at the current price to farm, and provide liquidity. After some point, farmers would have brought ample liquidity, to which the attackers sell the tokens. The token experiences a dump.
In some cases, these bots are big enough to force projects to dump on their own tokens to counter the bot-driven demand side attacks that result in a large pump. This often creates extreme volatility in price, resulting in unsatisfied investors and leaving honest projects be labeled as fraudulent.
At XFai, we are working to resolve these demand side attacks with a series of measures involving multiple components and collaborators. While we are not able to share more detail due to the highly sensitive nature of the information, the team at XFai believes that the current method of using an accumulative Uniswap price to determine farming operations for liquidity farmers can largely mitigate these attacks.
In the case of a Sandwich Attack, miners and service providers that work closely with miners are responsible. Since miners and mining service providers are responsible for building the blocks, this puts them at a position to operate with ill intent. The miners would fetch transactions from the public NEM Pool, and create a fake transaction that matches the real transaction. Then, the miners would place the fake transaction before the real transaction. Given the risk of a failed transaction, the real investor would agree to the less-than-ideal rate to purchase the tokens, purchasing it from the transaction created by the miner. The miner would create an additional transaction to go right after the real transaction of the investor, dumping on the investor right afterwards. This effectively creates a sandwich of 3 transactions — 2 fake, and 1 real in the middle. Attackers would get return at the cost of the real buyer receiving significantly less tokens.
XFai’s current solution is already designed to protect the liquidity farmers and investors from sandwich attacks. However, the team has decided to build additional measures to render these attacks realistically infeasible. The new addition will go through a thorough audit by third party auditing firms to ensure its viability and quality.
Arbitrage attacks have received more attention from the mainstream media during the early developments of flash loans. As liquidity farming often involves multiple pools, each with different pairs, the difference in price is bound to happen. Attackers would leverage the difference in price to initiate a flash loan, reducing liquidity and effectively crashing the price.
XFai is currently developing a series of toolings that would prevent arbitrage attacks, along with securing strategic partnerships to ensure that while liquidity farmers are free to choose when to add and remove their liquidity, those with ill intention who wish to take advantage of the community of liquidity farmers will be stopped from doing so.
Whilst As previously stated, developing effective tooling and finalizing strategic partnership to mitigate these attacks take time. However, XFai is excited to inform the community that the majority of the development has been completed, with independent auditing firms going through the upgrade small changes.
We hope that the XFai community is now more aware of the types of bot attacks that often affect the DeFi space negatively, and we pledge to protect our community to the fullest extent possible in order to secure a smooth, successful LGE on April 15.
XFai develops tooling for the DeFi space, graphing it to build game-changing products. The XFai DLO is set to invite mid and small-cap tokens to start earning APY on their token holdings, while the XFai LGE is set to become industry-first in providing a more efficient, transparent, and fair way for everyone to get involved at an early stage. The LGE for XFai’s native token, XFIT, is set to launch on 15thApril 2021. We invite everyone to join the DeFi revolution, spearheaded by XFai.