Sandwich Attack

The attack involves three sequential transactions in a single block:

1. Front-run: The attacker places a buy order for an asset, detecting a pending victim's large buy order via the mempool.
2. Victim Execution: The victim's buy order executes, but due to the attacker's prior purchase, it now trades at a higher price, pushing the price up further.
3. Back-run: The attacker immediately sells the asset they bought in step 1, profiting from the inflated price caused by the victim's trade.

The victim suffers from slippage and pays a worse price than expected.

Sandwich attacks require specific conditions to be viable:

• Transparent Mempool: The attacker must see the victim's pending transaction details (e.g., token, amount, slippage tolerance) before it is mined.
• Sufficient Liquidity: The target pool must have enough liquidity for the attacker to move the price and exit.
• High Slippage Tolerance: The victim's transaction must have a high enough slippage setting to not revert when the price worsens.

Attacks are most common on Automated Market Makers (AMMs) like Uniswap, where price is a direct function of the pool's reserves.

Users can mitigate the risk of being sandwiched through several methods:

• Reduce Slippage Tolerance: Setting a very low maximum slippage (e.g., 0.5%) can cause the transaction to revert if front-run, though it may also fail during normal volatility.
• Use Private Transactions: Services like Flashbots Protect or Tornado Cash (for privacy) submit transactions directly to miners/validators, bypassing the public mempool.
• Trade During Low Activity: Executing trades during periods of low network congestion and MEV bot activity reduces visibility.
• Use DEX Aggregators: Aggregators like 1inch often split trades across multiple pools and use private RPCs to obscure intent.

Blockchain and application developers implement systemic solutions:

• Fair Sequencing Services (FSS): Protocols that reorder transactions to prevent front-running, ensuring a first-seen, first-served order.
• Threshold Encryption: Encrypting transaction content in the mempool until it is included in a block (e.g., Shutter Network).
• Commit-Reveal Schemes: Users submit a commitment hash first and reveal the transaction details later, hiding intent until it's too late to front-run.
• Proposer-Builder Separation (PBS): In Ethereum's roadmap, PBS can help separate block building from proposing, allowing for more transparent and fair block construction markets.

Sandwich attacks are one specific type of value extraction within the broader MEV landscape:

• Front-running: Generally, any transaction that jumps ahead of another to capitalize on its information.
• Back-running: A transaction that follows another to profit from its state changes (e.g., liquidations).
• Arbitrage: Exploiting price differences between markets, which is often considered "good" or necessary MEV for market efficiency.
• Liquidation Bots: A specific form of back-running that triggers and profits from undercollateralized loan liquidations in protocols like Aave or Compound.

Sandwich attacks represent a direct wealth transfer from regular users to sophisticated bots.

• Quantifying Losses: Research from organizations like Flashbots estimates hundreds of millions of dollars have been extracted via sandwich attacks, though precise measurement is complex.
• Network Effects: These attacks increase gas prices as bots compete to have their transactions ordered first, imposing a negative externality on all network users.
• Ecosystem Cost: Beyond direct losses, they degrade user trust and can make decentralized trading prohibitively expensive for retail participants during high-activity periods.

The primary user-level defense. Setting a low slippage tolerance (e.g., 0.5%) in your transaction prevents it from executing if the price moves beyond that limit, making the attack unprofitable for the bot. However, too low a tolerance can cause legitimate trades to fail in volatile markets.

• Key Concept: A trade parameter defining the maximum acceptable price impact.
• Trade-off: Security vs. transaction success rate.

Using Time-Weighted Average Price (TWAP) strategies or limit orders on DEX aggregators breaks a large trade into many small ones over time. This minimizes price impact per trade, reducing the profit opportunity for a sandwich attack and often making its gas costs prohibitive.

• Example: A $1M swap executed as 100 trades of $10k each over an hour.
• Tool: Commonly available on advanced DeFi platforms and aggregators.

A tactical approach where users submit transactions with higher gas fees (priority fees) to outbid potential attackers, or execute trades during periods of low network congestion and low MEV activity. This reduces the likelihood of being the most profitable target for a bot.

• Strategy: Increase transaction cost for attackers.
• Monitoring: Use tools like EigenPhi to track MEV bot activity.

Next-generation Automated Market Makers (AMMs) are being designed with MEV resistance in mind. Features like just-in-time liquidity, discrete batch auctions, and threshold encryption of orders aim to structurally prevent the visibility and arbitrage opportunities that sandwich attacks rely on.

• Innovation: Changing the fundamental market mechanics.
• Future: A long-term, protocol-native solution to the problem.

This is the most common scenario. A user submits a large swap order on a DEX like Uniswap.

• Step 1: A searcher bot detects the pending buy order for Token A in the mempool.
• Step 2: The bot front-runs the user, buying Token A first, which drives up its price.
• Step 3: The user's transaction executes at the now-higher price.
• Step 4: The bot immediately back-runs the user, selling Token A for a profit, creating slippage for the victim.

The attacker's profit is the victim's loss plus gas fees. For example:

• Victim's Order: Wants to buy 100 ETH worth of a token.
• Attack Execution: Bot sandwich causes 2% effective slippage.
• Result: Victim receives ~2% fewer tokens. The bot captures most of this value, minus the cost of its two gas-intensive transactions. The loss is often invisible, buried in the approved 'slippage tolerance'.

In 2021, a single Ethereum address (known as 'jaredfromsubway.eth') was identified as a prolific sandwich attacker. Analysis by researchers revealed:

• The bot executed hundreds of thousands of attacks.
• It earned over $30M in profit over several months.
• This case study highlighted the scale and automation of MEV extraction, turning it from a theoretical concern into a measurable economic force on the network.

Sandwich attacks are one component of the broader MEV landscape. Other common strategies include:

• Front-running: Submitting a transaction with a higher gas fee to execute before a known pending transaction.
• Back-running: Submitting a transaction immediately after another to capitalize on the state change (e.g., liquidations).
• Arbitrage: Exploiting price differences for the same asset across different DEXs or liquidity pools.

The broader category of exploits where a transaction is inserted into the mempool ahead of a target transaction to profit from its execution. A sandwich attack is a specific, two-transaction form of front-running.

• General Front-Running: Can involve copying a trade, arbitraging a price update, or sniping an NFT mint.
• Key Mechanism: Relies on transaction ordering and the ability to pay higher gas fees to gain priority.

The pool of pending transactions broadcast to a network but not yet included in a block. This is the critical attack surface for sandwich attacks.

• Function: Acts as a public waiting room where bots can monitor for profitable opportunities.
• Vulnerability: The public visibility of transaction details (like token swaps) before confirmation enables predatory strategies.

A user-defined setting in a decentralized exchange (DEX) that specifies the maximum acceptable price movement for a swap. It is the primary defense parameter against sandwich attacks.

• Mechanism: If price impact exceeds the set tolerance (e.g., 0.5%), the transaction fails, preventing the final "sell" leg of the sandwich.
• Trade-off: A very low tolerance increases safety but can cause legitimate swaps to fail during normal volatility.

The practice of buying an asset on one market and simultaneously selling it on another to profit from a price difference. While legitimate, it is closely related to sandwich attacks.

• Distinction: Pure arbitrage exploits existing price differences across pools. A sandwich attack creates an artificial price difference by manipulating a single pool's reserves.
• Connection: Both are common strategies executed by MEV bots scanning the mempool.