Sandwich Attacks represent one of the most prevalent forms of Maximal Extractable Value (MEV) extraction in decentralized finance. These attacks exploit the transparent nature of public mempools to systematically profit from other users' trades by manipulating prices immediately before and after victim transactions execute.

Attack Mechanism and Execution

A sandwich attack unfolds through a carefully orchestrated three-transaction sequence. The attacker monitors the mempool for pending large trades that will significantly impact prices in automated market maker pools. Upon identifying a profitable target, the attacker constructs a "sandwich" by placing two transactions around the victim's trade.

The front-running transaction executes first, buying the same asset the victim intends to purchase. This drives the price upward due to the constant product formula, artificially worsening execution for the victim. The victim's transaction then executes at this elevated price, experiencing greater slippage than anticipated. Finally, the back-running transaction sells the asset purchased in the front-run, capturing profit from the price movement the victim's large trade created.

Modern attackers bundle these transactions to guarantee execution order, often using services like Flashbots to avoid mempool detection by competing MEV searchers. This bundling ensures atomicity—either all three transactions execute in sequence, or none execute at all, eliminating the attacker's risk of being caught holding an unwanted position.

Economic Impact on Victims

Sandwich attacks impose direct financial costs on traders through artificially inflated slippage. The profit extracted by attackers represents a pure transfer of value from victims, creating an invisible tax on DeFi trading activity. This impact disproportionately affects larger trades, as increased price impact makes sandwich opportunities more profitable, incentivizing attackers to prioritize high-value victims.

Slippage tolerance settings determine maximum extractable value per attack. If a user sets 2% slippage tolerance, attackers can profitably sandwich the trade up to that threshold. Conservative slippage settings limit individual attack profitability but increase transaction failure rates during volatile periods, creating a difficult trade-off for users seeking optimal execution.

Enabling Factors and Systemic Conditions

Several systemic factors enable sandwich attacks in current blockchain architectures. Mempool transparency allows attackers to observe pending transactions before block inclusion, creating an information asymmetry exploited for profit. Transaction ordering by gas price in traditional mempool designs enables attackers to guarantee execution priority through higher fee payments, though this mechanism has evolved with the introduction of MEV-aware transaction ordering systems.

Automated market maker mechanics create deterministic price impact functions that attackers can calculate precisely before execution. Unlike centralized exchanges where order books provide price uncertainty, AMM price movements become perfectly predictable given transaction size and current reserves. This predictability eliminates uncertainty for attackers while victims face worse-than-expected execution.

Protection Mechanisms for Traders

Multiple defensive strategies exist to reduce sandwich attack exposure, though each involves trade-offs. Conservative slippage tolerance limits maximum extractable value but increases revert probability during normal volatility. Private transaction routing through services like Flashbots Protect hides transactions from public mempool observation until block inclusion, preventing attackers from detecting opportunities. However, this introduces trust assumptions and potential centralization concerns around transaction privacy providers.

Order splitting breaks large trades into multiple smaller transactions distributed across blocks or pools, reducing per-transaction price impact and making individual sandwiches less profitable. However, this increases total gas costs and introduces execution risk from price movements between split orders. Limit order protocols enable users to specify exact execution prices, automatically canceling trades if conditions worsen beyond acceptable thresholds.

Protocol-Level Mitigation Approaches

DeFi protocols have explored various architectural responses to sandwich attacks. Time-Weighted Average Market Makers (TWAMM) spread large orders across multiple blocks, reducing per-block price impact and sandwich profitability. Commit-reveal schemes require traders to commit to transactions before revealing parameters, preventing MEV extractors from observing trade details before execution begins.

Private mempool infrastructure operated by protocols or coalitions creates protected execution environments where transactions remain hidden from public MEV searchers. MEV redistribution mechanisms like MEV-Share acknowledge extraction inevitability while redirecting profits back to users whose transactions generated MEV opportunities, socializing costs rather than allowing pure externalization to attackers.

Sophistication and Evolution

Sandwich attack techniques have grown increasingly sophisticated since their initial emergence. Multi-pool sandwiches manipulate prices across multiple AMMs simultaneously, maximizing profit extraction from complex routing paths. Cross-domain MEV extends attacks across layer-2 networks and bridges, exploiting arbitrage opportunities created by sandwiching on one chain while settling on another.

Sandwich prevention competition has created an arms race between attackers and defenders. As users adopt protection mechanisms, attackers develop counter-strategies like attacking users during network congestion when private routing becomes unavailable or fees become prohibitive. This dynamic evolution suggests sandwich attacks will remain persistent threats requiring continuous defensive innovation across protocol and application layers.