Unpacking the Recent Sandwich Attack on RYUSD: Lessons and Measures

On May 23, 2023, a sandwich attack hit Real Yield USD (RYUSD) during a rebalance call, causing a loss of roughly $8.5k USD from a $1.5M swap. In response, contingency reserves intended to counteract impermanent loss in times of significant market fluctuation were employed to fully offset this loss. This incident was unprecedented as it was the first instance of a sandwich attack on RYUSD since its inception on January 25, 2023.

The sandwich attack occurred roughly at block 17324491 on May 23, 2023. The rebalance transaction that was sandwiched can be found here: https://etherscan.io/tx/0x592536529ac98de599dae244773d5ab1e638f6ac1f4069387fcb277f2c8c3a4f

Two major contributing factors to the attack were identified: a somewhat high slippage tolerance configured for the 1inch swap API, and a large fraction of the swap being processed through Uniswap V3.

To address this, the Seven Seas team has acted decisively by markedly lowering the slippage tolerance from 1%. Additionally, the team is instituting on-chain surveillance for the vault share price, broadening the existing system which currently monitors large stablecoin price shifts, and exchange inflows/outflows, to incorporate the vault share price. A final enhancement to the on-chain security involves tightening the vault’s rebalance deviation check from 0.3%, in order to maintain the vault’s share price stability during a rebalance call.

We firmly believe that these proactive adjustments will act as effective safeguards against similar incidents in the future.