Sniper bot watcher: Protecting Market-Making capital from front-running exploits

Market making has always required a delicate balance between providing liquidity and protecting capital. Automated market-making bots help projects build order books, generate trading activity, and maintain healthy spreads. The ADAMANT mm bot was designed precisely for this purpose — enabling token issuers and exchanges to create dynamic liquidity and trading volume in a controlled, automated way.

However, as markets evolve, so do adversaries.

Issue #93 introduced one of the most important defensive upgrades to the mm bot: the Sniper Bot Watcher. This system addresses a structural vulnerability that affects nearly all automated market-making strategies — exploitation by ultra-fast external bots.

The weakness of automated market making

Market-making bots often generate volume and maintain spreads by placing orders on both sides of the book. One common mechanism is internal matching. The bot places a maker order inside the spread, and shortly after, it places a corresponding taker order to fill it. This creates legitimate trading activity while preserving inventory balance.

The problem lies in the unavoidable delay between these two steps. Even if the delay is extremely small, it exists. And in modern electronic markets, milliseconds are enough.

External high-speed bots monitor order books in real time and react instantly when new liquidity appears. As soon as the market-making bot publishes its maker order, these bots intercept it before the internal matching order arrives. Instead of the bot matching its own order, the external bot executes against it.

There are two main exploit patterns:

• A third party immediately takes the Buy order. Order states: 1: filled, 2: not filled or partially filled. The following Sell order becomes dummy. The bot loses USDT.
• A third party places a higher Buy just above ours. Order states: 1: not filled or partially filled, 2: filled. The bot’s Sell matches the third party instead. The bot loses TOKEN.

The result is not just occasional losses, but structural exploitation.

Why traditional defenses are insufficient

At first glance, it may seem possible to eliminate the delay or adjust execution timing. In practice, this is impossible.

Every trading system operates within real-world constraints. Exchange APIs have latency. Network communication takes time. Even the fastest infrastructure cannot guarantee atomic order placement and execution across external systems.

• Increasing delays makes exploitation easier. Reducing delays helps, but never eliminates the gap entirely.
• Randomizing execution timing introduces unpredictability, but sniper bots are adaptive. They analyze patterns over time and adjust.

What is needed is not simply faster execution, but intelligent detection and response. This is where the Sniper Bot Watcher comes in.

Introducing the Sniper Bot Watcher

The Sniper Bot Watcher is a detection and mitigation layer integrated into the ADAMANT mm bot.

Its role is not to prevent trading, but to monitor behavioral patterns and identify when external bots are exploiting the system.

When suspicious activity is detected, the bot can react defensively.

Protective measures may include adjusting execution behavior, pausing trading strategies, modifying order placement logic, or activating defensive modes designed to reduce exposure.

The goal is simple: stop predictable capital extraction.

This part of code shows sniper bot activity detection:

} else if (order1Status === 'filled' && order2Status === 'filled') {
  log.info('Trader: Both maker and taker executeInSpread t-orders are self-filled.');

  order.update({
    coin1AmountFilled: coin1Amount,
    coin2AmountFilled: coin2Amount,
    isExecuted: true,
  });
} else if (order1Status === 'filled' && ['new', 'part_filled'].includes(order2Status)) {
  // Scenario1: After maker order is placed in spread, a third party bot quickly takes it, and the taker order remains unfilled or partially filled
  sniperBotActivity(1, order2Details, coin1Amount);

  await addFillsDbRecord(order2Details, order, false); // Maker order is partially or fully filled by a sniper bot

  order.update({
    coin1AmountFilled: order2Details.amountExecuted, // Self-filled amount, excluding sniper bot fills
    coin2AmountFilled: order2Details.volumeExecuted,
    isExecuted: false, // Not fully executed
  });
}

When exceeding the threshold, the program calls the Safe mode:

/**
 * Records a sniper-bot intervention for a given scenario.
 * Triggers safe mode when the total interventions reach the threshold.
 * @param {number} scenario Scenario index: 1 or 2
 * @param {OrderInfoResult} orderDetails Exchange order details (e.g., order2Details), for logging only
 * @param {number} coin1Amount Order amount in base coin, for logging only
 * @returns {void}
 */
function sniperBotActivity(scenario, orderDetails, coin1Amount) {
  sbwActivityCounters[scenario]++;

  const fillPercent = (orderDetails.amountExecuted / coin1Amount * 100).toFixed(2);
  log.warn(`Trader: While the maker t-order is filled, the taker is ${orderDetails.status} (${fillPercent}% self-filled). This may be Scenario ${scenario} of third-party bot intervention; incrementing the counters to ${sbwActivityTotalString()} (Safe mode threshold: ${sbwEnabled ? safeModeThreshold : 'Disabled'}).`);

  if (sbwEnabled && sbwActivityTotal() >= safeModeThreshold) {
    sniperBotSafeMode();
    resetSniperBotCounters();
  }
}

Why this matters for token projects

Market making is essential for token ecosystems.

But if market-making capital is systematically drained by sniper bots, projects face hidden costs. Liquidity becomes expensive. Budgets deplete faster. Market-making effectiveness declines.

Protection is not optional, it is required.

By introducing the Sniper Bot Watcher, the ADAMANT mm bot ensures that market-making resources are used for their intended purpose — building markets, not feeding exploiters.

Sniper bot watcher: Protecting Market-Making capital from front-running exploits was originally published in ADAMANT on Medium, where people are continuing the conversation by highlighting and responding to this story.