Sandwich Attack

What Is a Sandwich Attack?

The attack is specific to automated market maker (AMM) decentralised exchanges, where prices move along a deterministic mathematical curve based on the size of the trade relative to liquidity in the pool. A large swap shifts the price meaningfully, which means an attacker who acts immediately before and after can profit from the predictable price impact. This is not a bug in any specific contract — it is a structural feature of how AMMs price trades, combined with the public visibility of pending transactions in the mempool.

Sandwich attacks became prominent during the DeFi growth of 2020–2021, as trading on Uniswap and similar protocols accumulated meaningful volume. Studies of Ethereum mempool data have estimated that hundreds of millions of dollars in cumulative profit have flowed to sandwich attackers over the years since, extracted from users who were unaware that their trades were being observed and exploited. The amounts per individual trade are typically small, but they compound across millions of swaps.

The attack is part of the broader category of maximal extractable value — value that can be captured by parties controlling block ordering. Sandwich attacks are MEV extracted at the expense of specific users; other MEV categories include arbitrage between exchanges (often benign or neutral) and liquidation racing in lending protocols (also typically neutral). What distinguishes sandwiching is that the profit comes directly from worsening another user’s execution, not from independently profitable activity.

How Does a Sandwich Attack Work?

The mechanism requires three things to come together. First, a victim transaction must be visible — a large pending swap on a public mempool, with slippage tolerance high enough that the attack can succeed. Second, the attacker must have priority access to block space — typically through paying higher gas fees, or through direct relationships with the block builders who construct Ethereum’s post-Merge blocks. Third, the attacker needs sufficient capital to execute both legs of the sandwich at meaningful size.

Consider a concrete example. A victim wants to swap 1,000 ETH for USDC on Uniswap V2, and signs a transaction with 1% slippage tolerance. The attacker sees the transaction in the mempool. Before the victim’s transaction is processed, the attacker submits their own swap — buying USDC against ETH at the current price — sized large enough to move the pool’s price by close to the victim’s slippage limit. The victim’s trade now executes at this worse price, taking the price even further. Immediately after, the attacker submits a third transaction selling the USDC they bought, capturing the price difference. The attacker’s net profit is the spread between their buy and sell, minus gas costs and the fee paid for priority inclusion.

The economics depend on having the victim’s trade slip enough to compensate the attacker for two transactions plus the price impact of their own activity. Larger victim trades, wider slippage tolerance, and lower-liquidity pools all make sandwiching more profitable. The attacker is not running risk in the conventional sense — they only commit to the sandwich if all three transactions land in the right order in the same block, which is achieved through specialised infrastructure rather than ordinary mempool submission. On post-Merge Ethereum, the same logic plays out at the builder layer, where specialised block builders compete to assemble profitable transaction sequences and bid for the right to have their block proposed by a validator.

Sandwich Attack vs Front-Running

Why Are Sandwich Attacks Important for Traders?

For anyone trading on automated market makers, sandwich attacks represent a quietly meaningful cost. A trader who routinely uses Uniswap or similar protocols at large size, without protective measures, can lose several basis points per trade to attackers — and these costs accumulate. On a year of active trading, the cumulative loss can easily reach a noticeable fraction of returns. The losses are silent and per-trade small, which is why they have persisted: most users never notice they are being attacked.

The structural defence requires changing how trades reach the chain. Setting tight slippage tolerance reduces the maximum amount an attacker can extract — if your trade reverts unless executed within a 0.1% range, sandwich attempts that would have profited at 1% slippage no longer pay. Routing trades through private mempools — services like Flashbots Protect or MEV Blocker — keeps your transactions invisible to public-mempool observers until block inclusion, eliminating the attacker’s information advantage.

The wider implication is that the public-mempool model creates predictable economic leakage to MEV extractors. Some networks have begun designing this out — through batch auctions, encrypted mempools, or fair-ordering protocols — but no design has yet achieved full elimination at scale. Sandwich attacks remain a real cost for users of public AMMs.

Key Takeaways

• A sandwich attack is a form of MEV extraction where an attacker front-runs a large pending swap to move the price, lets the victim’s trade execute at the worse price, then back-runs to capture the price difference.
• The attack is structural to automated market makers — it does not exploit any contract bug, but uses the deterministic price impact of AMM swaps combined with public mempool visibility.
• Cumulative profits to sandwich attackers on Ethereum-based AMMs have been estimated in the hundreds of millions of dollars since 2020, extracted in small amounts per trade across millions of swaps.
• Defending against sandwiches requires either tighter slippage tolerance (which reduces the maximum extractable amount) or routing trades through private mempools (which hide transactions until inclusion).
• The attack persists because it is per-trade small, technically legal, and exploits a structural feature of how on-chain markets currently work — protocol-level solutions exist in research but have not been widely adopted.