A sandwich attack is a Maximal Extractable Value (MEV) strategy where a bot spots a large pending token swap in the mempool (the queue of unconfirmed transactions) and “sandwiches” it with two transactions: one before (front-run) and one after (back-run) the victim’s trade. The attack extracts value from the victim, who receives a worse exchange rate than expected. It is named for the structural pattern: attacker’s buy → victim’s swap → attacker’s sell, with the victim’s transaction in the middle like a filling in a sandwich.
How It Works
The following sections cover this in detail.
Setup
Step 1: Front-Run (Attacker’s Buy)
→ Bot’s buy pushes SHIB price up
Step 2: Alice’s Swap Executes (At Worse Price)
Step 3: Back-Run (Attacker’s Sell)
→ Bot’s sell profits from the price it moved up in step 1
Net effect:
- Bot bought low, sold high, pocketing the spread
- Alice paid more than she should have — the difference went to the bot
- The more slippage Alice tolerates, the more extractable value for the bot
The Math
For the attack to be profitable, the bot needs:
- Victim trade size large enough to move the price meaningfully
- Slippage tolerance wide enough that Alice’s transaction still executes after being front-run
- Spread >= gas costs of both bot transactions + pool’s fee on both trades
Sandwich bots scan millions of pending transactions and can assess profitability in milliseconds using simulation.
Why This Is Possible
Public Mempool: Ethereum’s (and most blockchain’s) mempool is public — anyone can see pending transactions before they’re confirmed.
Priority Gas Auctions: Higher gas = earlier inclusion. Bots can “cut in line” with any transaction by paying more.
AMM Price Impact: Automated Market Maker DEXes like Uniswap move price based on trade size — making the price impact of upcoming trades predictable and exploitable.
Scale of Sandwich Attacks
Sandwich attacks are among the most common MEV extractions:
- EigenPhi (on-chain analytics) has documented hundreds of millions in sandwich attack profits on Ethereum
- During peak DeFi activity, thousands of sandwich attacks occur daily
- Large trades (>$50,000) on DEXes are almost certain to be sandwiched if the user isn’t protected
Defenses Against Sandwich Attacks
Low slippage tolerance: Setting slippage to 0.1% instead of 5% makes sandwiching difficult — the attacker can’t move the price enough to be profitable if the transaction will revert.
MEV protection RPC endpoints: Services like Flashbots Protect, 1inch Fusion, and Cow Protocol route transactions privately or through MEV-aware settlement systems that don’t broadcast to the public mempool:
- Flashbots Protect: Sends transactions directly to Flashbots block builders, bypassing the public mempool
- CoW Protocol: Batch auctions that settle trades off-mempool
- 1inch Fusion: Limit-order style fills via solvers instead of direct AMM swaps
DEXes with sandwitch protection built-in: Some newer AMM designs (Cow Protocol, 1inch Fusion) are structurally less vulnerable to sandwich attacks.
Common Misconceptions
“Sandwich attacks require 51% hashrate or special access”
No. Any bot operator can sandwich attack using only higher gas fees and publicly available mempool data. No special privileges required.
“Small trades are safe”
Small trades in absolute dollar terms still get sandwiched if the pool is illiquid enough for the trade to cause significant price impact. The profitability threshold for bots is determined by gas costs, not trade size in isolation.
Social Media Sentiment
Sandwich attacks are a well-known frustration for retail DeFi users. The practice is considered predatory by most of the DeFi community, though technically legal (exploiting public mempool information). MEV protection tools like Flashbots Protect are widely recommended by crypto communities. There is tension between the MEV research community (which views MEV as an economic phenomenon worth studying) and retail users who just want fair swap prices. Cow Protocol and 1inch Fusion have gained significant traction specifically because of sandwich attack prevalence on Uniswap and other standard DEXes.
Last updated: 2026-04
Related Terms
Sources
- Daian, P., et al. (2020). Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability. IEEE S&P.
- EigenPhi. (2023). MEV Sandwich Attack Report: Ethereum Mainnet Analysis. EigenPhi Research.
- Angeris, G., Kao, H.-T., Chiang, R., Noyes, C., & Chitra, T. (2019). An Analysis of Uniswap Markets. arXiv.