Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

GasTrace: Detecting Sandwich Attack Malicious Accounts in Ethereum

Zekai Liu, Xiaoqi Li, Hongli Peng, Wenkai Li

TL;DR

GasTrace tackles the detection of sandwich attacks in Ethereum by combining a gas-feature–driven cascade with graph-based behavior modeling. It first uses an SVM with an RBF kernel to extract predictive probabilities from a curated gas-feature set, then builds a node network whose edges encode probability and proximity, and finally applies a Graph Attention Network to classify accounts at the network level. The approach achieves 96.73% accuracy and 95.71% F1 on a dataset of 1,834 samples (464 malicious, 1,370 benign), and demonstrates superior generalization compared to R1 alone. By releasing both the framework and data open-source, GasTrace provides a practical, scalable method for mitigating sandwich attacks in Ethereum and related MEV contexts.

Abstract

The openness and transparency of Ethereum transaction data make it easy to be exploited by any entities, executing malicious attacks. The sandwich attack manipulates the Automated Market Maker (AMM) mechanism, profiting from manipulating the market price through front or after-running transactions. To identify and prevent sandwich attacks, we propose a cascade classification framework GasTrace. GasTrace analyzes various transaction features to detect malicious accounts, notably through the analysis and modeling of Gas features. In the initial classification, we utilize the Support Vector Machine (SVM) with the Radial Basis Function (RBF) kernel to generate the predicted probabilities of accounts, further constructing a detailed transaction network. Subsequently, the behavior features are captured by the Graph Attention Network (GAT) technique in the second classification. Through cascade classification, GasTrace can analyze and classify the sandwich attacks. Our experimental results demonstrate that GasTrace achieves a remarkable detection and generation capability, performing an accuracy of 96.73% and an F1 score of 95.71% for identifying sandwich attack accounts.

GasTrace: Detecting Sandwich Attack Malicious Accounts in Ethereum

TL;DR

GasTrace tackles the detection of sandwich attacks in Ethereum by combining a gas-feature–driven cascade with graph-based behavior modeling. It first uses an SVM with an RBF kernel to extract predictive probabilities from a curated gas-feature set, then builds a node network whose edges encode probability and proximity, and finally applies a Graph Attention Network to classify accounts at the network level. The approach achieves 96.73% accuracy and 95.71% F1 on a dataset of 1,834 samples (464 malicious, 1,370 benign), and demonstrates superior generalization compared to R1 alone. By releasing both the framework and data open-source, GasTrace provides a practical, scalable method for mitigating sandwich attacks in Ethereum and related MEV contexts.

Abstract

The openness and transparency of Ethereum transaction data make it easy to be exploited by any entities, executing malicious attacks. The sandwich attack manipulates the Automated Market Maker (AMM) mechanism, profiting from manipulating the market price through front or after-running transactions. To identify and prevent sandwich attacks, we propose a cascade classification framework GasTrace. GasTrace analyzes various transaction features to detect malicious accounts, notably through the analysis and modeling of Gas features. In the initial classification, we utilize the Support Vector Machine (SVM) with the Radial Basis Function (RBF) kernel to generate the predicted probabilities of accounts, further constructing a detailed transaction network. Subsequently, the behavior features are captured by the Graph Attention Network (GAT) technique in the second classification. Through cascade classification, GasTrace can analyze and classify the sandwich attacks. Our experimental results demonstrate that GasTrace achieves a remarkable detection and generation capability, performing an accuracy of 96.73% and an F1 score of 95.71% for identifying sandwich attack accounts.
Paper Structure (12 sections, 2 figures, 1 table)

This paper contains 12 sections, 2 figures, 1 table.

Table of Contents

  1. Introduction
  2. GasTrace
  3. Feature Extraction and Selection
  4. First Round of Classification (R1)
  5. Node Network Construction
  6. Second Round of Classification (R2)
  7. Evaluation
  8. Dataset
  9. Performance & Ablation Evaluation
  10. Generalization Capability Analysis
  11. CONCLUSION
  12. ACKNOWLEDGMENTS

Figures (2)

  • Figure 1: Example of Node Network.
  • Figure 2: Area Chart: Precision, Recall, and F1 Score for R1, GasTrace.