Why Sandwich Attacks Are a Symptom of DeFi's Naive UX

Broadcasting a signed transaction to a public mempool is like announcing your trade before executing it. MEV searchers with sophisticated infrastructure scan for profitable opportunities, primarily sandwich attacks.

• ~$1B+ in MEV extracted annually, with sandwiches a dominant share.
• Latency arbitrage: Searchers win by having faster node connections (~100-500ms advantage).
• Creates a negative-sum game for regular users, who pay inflated gas and receive worse prices.

A sandwich attack is the direct economic consequence of naive UX. A searcher sees a large swap, front-runs it to drive up the price, and back-runs it to profit from the slippage.

• Two transactions are bundled around the victim's trade.
• Profit is extracted from the victim's slippage tolerance.
• Enabled by the atomicity of block building on chains like Ethereum, which Flashbots and others have turned into a marketplace.

Instead of broadcasting a specific transaction, users submit a signed intent (a desired outcome). Solvers compete off-chain to fulfill it optimally, submitting only the final, settled transaction.

• UniswapX, CowSwap, 1inch Fusion are intent-based protocols.
• MEV is internalized as solver competition, often returning value to the user.
• Privacy: The user's exact strategy is never exposed on-chain until settlement.

The ultimate fix is architectural: a separate network for transaction processing. SUAVE (Single Unified Auction for Value Expression) is Ethereum's proposed solution—a decentralized mempool and block builder.

• Encrypted mempool: Transactions are hidden until execution.
• Optimal execution: Builders compete across chains for best price.
• Redefines the stack: Separates expression of intent (SUAVE) from execution (Ethereum, Arbitrum, etc.).

While intents and SUAVE develop, practical protection uses private RPC endpoints. Services like Flashbots Protect route transactions directly to builders, bypassing the public mempool.

• No code changes required for dapps; it's an RPC endpoint swap.
• ~90%+ reduction in sandwich attack success for users of these services.
• Limitation: Centralizes trust in the RPC provider and builder network.

The shift from naive transactions is measured by price improvement—the difference between the quoted price and the final execution price. This flips the MEV narrative from extraction to redistribution.

• CowSwap pioneered this with its batch auctions and surplus maximization.
• Intents turn cost into benefit: Solvers use MEV (e.g., arbitrage, liquidations) to subsidize user trades.
• The new UX promise: "Your transaction will execute at this price or better."

Every DApp defaults to broadcasting raw, readable transactions to a public mempool. This creates a zero-cost option for searchers to front-run user intent. The user's job is to express a trade, not to be a network security expert.

• Guaranteed Leakage: Intent is signaled ~12 seconds before execution.
• User as Prey: Forces retail to compete with $1B+ in specialized infrastructure.

Shift the default endpoint from a public mempool to a private transaction relay. This bundles execution with MEV redistribution, turning a leak into a rebate. Protocols like Flashbots Protect, BloxRoute, and CowSwap's solver network operationalize this.

• Intent Privacy: User orders are hidden until settlement.
• Value Capture: MEV is extracted and partially refunded to the user.

The endgame is removing transaction construction from users entirely. Systems like UniswapX, Across, and CowSwap let users sign a desired outcome (e.g., 'I want 1000 USDC for 1 ETH'). Professional solvers compete in a batch auction to fulfill it optimally.

• Gasless UX: User doesn't pay gas or manage slippage.
• MEV-Inclusive Pricing: Searchers bake optimal routing & MEV capture into the quoted price.

DeFi's obsession with sub-second finality is a trap for retail. A better stack prioritizes economic finality—the guarantee that a settled transaction was the economically optimal path. This is achieved through batch auctions and proof-of-inclusion, as seen in Chainlink's CCIP and Across.

• Removes Time Games: Batch auctions neutralize latency-based front-running.
• Verifiable Outcome: Users get a cryptographic proof their order was filled fairly.

Broadcasting a plain transaction to a public mempool is like announcing your trade to every competitor. This predictable, first-come-first-served model creates a zero-sum game where MEV is extracted from users.

• Frontrunning: Bots front-run your trade, buying the asset first to sell it back to you at a higher price.
• $1B+ Annual Extractable Value: This is the scale of the economic leakage from naive UX.
• User as Price Taker: The user always gets the worst price in the visible transaction sequence.

Instead of specifying how to execute (a transaction), users specify what they want (an outcome). This shifts competition from speed to optimization, neutralizing frontrunning.

• UniswapX & CowSwap: Solvers compete to fulfill the user's intent, offering better prices.
• Privacy: Intents are shared with a limited set of solvers, not the public mempool.
• Better Execution: Users get price improvements, not the worst price in a block.

Infrastructure that separates transaction routing from block production is critical. Private RPCs like Flashbots Protect and order flow auctions (OFAs) create a market for fair execution.

• MEV-Share/SUAVE: Redistributes extracted value back to users and applications.
• Sealed-Bid Auctions: Solvers submit private bids, preventing predatory frontrunning.
• Builder Market: Separates block building from proposing, a core tenet of PBS.

The endgame is cryptographically guaranteed transaction privacy until execution. Projects like Shutter Network and FHE (Fully Homomorphic Encryption) are pioneering this.

• Pre-Execution Secrecy: Transactions are encrypted until included in a block.
• Threshold Decryption: A decentralized network decrypts transactions only after they are ordered.
• Eliminates All Frontrunning: Makes the mempool opaque, rendering speed-based MEV extraction impossible.