Sandwich Attack

What Is a Sandwich Attack?

A sandwich attack is a three-step exploit targeting DeFi traders on decentralized exchanges. An attacker monitors the public mempool for pending swap transactions. When they find a profitable target — typically a trade with generous slippage tolerance — they construct a "sandwich" by wrapping the victim's trade between two of their own transactions.

The name comes from the victim's trade being "sandwiched" between the attacker's front-run and back-run. The attacker buys the target token just before the victim (pushing the price up), lets the victim's trade execute at the now-inflated price, then immediately sells the token at the higher price. The profit equals the price difference minus gas fees.

How Sandwich Attacks Work

Step 1: A searcher bot detects a pending swap in the public mempool — for example, a user buying $5,000 of token X with a 3% slippage tolerance. The bot calculates that front-running with a $2,000 buy will push the price up 1.5%.

Step 2: The attacker constructs a transaction bundle containing three ordered transactions: (a) the attacker buys $2,000 of token X, (b) the victim's original $5,000 buy executes at the now-higher price, and (c) the attacker sells their $2,000 of token X at the post-victim price.

Step 3: The attacker submits this bundle to a block builder (via Flashbots or similar), paying a priority fee to guarantee the transactions execute in the correct order within the same block. The victim's trade still completes, but at a worse price. The attacker pockets the difference — typically $20 to $300 per sandwich on medium-sized trades.

Some of the most active sandwich bots have extracted millions in cumulative profit. The bot known as "jaredfromsubway.eth" famously earned over $6 million in just 3 months during 2023 through sandwich attacks on Uniswap.

Why Sandwich Attacks Matter

Sandwich attacks represent a systemic tax on DeFi trading. Every trader who submits a transaction to the public mempool with slippage tolerance above approximately 0.5% is a potential target. The attacks are not technically illegal — they exploit publicly available information and execute through standard smart contract calls — but they impose real costs on regular users.

The existence of sandwich attacks has driven adoption of private transaction relays, where trades are submitted directly to block builders without passing through the public mempool. Flashbots Protect, MEV Blocker, and similar services now route billions of dollars in daily trading volume through private channels specifically to avoid sandwich attacks.

Protecting Volume Bot Sessions from Sandwiching

Volume bots are attractive sandwich targets because they execute many sequential trades with predictable patterns. Without protection, each trade in a 50-trade session could lose $10 to $50 to a sandwich attacker, draining $500 to $2,500 from the session budget. OpenLiquid mitigates sandwich risk on Ethereum by routing all transactions through Flashbots Protect, which keeps pending trades invisible to public mempool searchers. On Solana, the bot uses Jito bundles for atomic execution. Combined with tight slippage limits of 0.5% per trade, these measures effectively eliminate sandwich attack losses during volume sessions.