Skip to content
Ntro

What is Sandwich Protocol? A Guide to Crypto Front-Running Attacks

4 min read

According to blockchain analytics firm EigenPhi, sandwich attacks ranked as the second most popular MEV (Maximal Extractable Value) activity in early 2024, with transactions totaling billions of dollars in volume. This statistic reveals the significant threat posed by these invisible market manipulations in decentralized finance (DeFi), where sophisticated bots exploit transaction ordering to profit at a user's expense.

Quick Summary

Sandwich protocol is a malicious market manipulation in DeFi where an attacker's buy and sell orders surround a victim's transaction to exploit price slippage for profit. It preys on the transparency of public transaction pools, using automated bots to front-run and back-run trades, resulting in a loss for the victim.

Key Points

  • Sandwich attacks are a form of MEV exploitation: A type of market manipulation where bots exploit the open and transparent nature of public mempools to gain an unfair advantage.

  • They involve front-running and back-running: An attacker places a buy order (front-run) and a sell order (back-run) around a victim's transaction to profit from the price change they cause.

  • High slippage tolerance is a key enabler: Bots target transactions with a high slippage tolerance, which indicates the user's willingness to accept a less favorable execution price.

  • Victims receive fewer tokens than expected: The attack manipulates the asset price, causing the unsuspecting trader to receive a worse deal on their swap.

  • Protective measures include low slippage and private services: Users can reduce their risk by setting lower slippage limits, splitting large trades, or using private transaction relays like Flashbots.

  • The legality is often unclear: The decentralized nature of DeFi means that the legal status of sandwich attacks is not always well-defined, and it's an evolving area of law.

In This Article

What is a Sandwich Protocol Attack?

A sandwich protocol attack, often referred to simply as a sandwich attack, is a type of Maximal Extractable Value (MEV) exploit that primarily occurs on decentralized exchanges (DEXs). It is a sophisticated form of front-running where a malicious actor, typically a high-frequency trading bot, 'sandwiches' a target user's transaction between two of their own. This manipulation is designed to profit from the price impact of the victim's trade, forcing them to accept a worse execution price than they originally anticipated. The attack takes advantage of the transparent nature of blockchain transaction pools, known as the mempool, where all pending transactions are visible before being confirmed.

These attacks are prevalent on automated market maker (AMM) protocols like Uniswap and PancakeSwap, which rely on liquidity pools to determine asset prices. The price in an AMM is algorithmically adjusted based on the ratio of assets in the pool. By inserting a transaction before and after the victim's, the attacker can force this price movement and capture the difference.

How a Sandwich Protocol Attack Works

The execution of a sandwich attack follows a precise, automated process that happens in seconds. For an attacker to be successful, they need to identify a target transaction that is large enough to cause significant price slippage within an AMM liquidity pool.

Here is a step-by-step breakdown:

  • Step 1: Bot Detection. An automated bot continuously monitors the public mempool for pending transactions, specifically looking for large token swaps with a high slippage tolerance. A high slippage tolerance signals to the bot that the user is willing to accept a wide range of prices for their trade, increasing the potential profit for an attacker.
  • Step 2: The Front-Run. Once a target is identified, the bot executes a buy order for the same asset as the victim. To ensure its transaction is confirmed first, the bot attaches a higher-than-normal gas fee. This front-run buy order creates artificial demand, which forces the asset's price to rise within the liquidity pool, thanks to the AMM algorithm.
  • Step 3: Victim's Transaction Executes. The victim's transaction is then executed, but at this new, inflated price. As a result, the victim receives fewer tokens than originally expected, experiencing a financial loss.
  • Step 4: The Back-Run. Immediately after the victim's transaction is confirmed, the bot executes a sell order for the asset it just purchased. The bot sells at the artificially higher price, which was further boosted by the victim's trade. The attacker then profits from the price difference between their initial purchase and the final sale.

Protecting Yourself from Sandwich Protocol Attacks

While sandwich attacks are a constant threat in DeFi, users can adopt several strategies to minimize their risk of being exploited by MEV bots.

  • Reduce Slippage Tolerance. For most standard swaps, setting a low slippage tolerance (e.g., 0.1%–0.5%) can deter attackers. A narrow slippage window limits the potential profit for a sandwich bot, making your transaction less attractive to target. However, setting it too low can cause your transaction to fail during periods of volatility.
  • Split Large Transactions. Instead of executing one large swap, break it into several smaller transactions. This reduces the price impact of each individual trade, making it less profitable for MEV bots to target.
  • Use Private Transaction Services. Services like Flashbots Protect allow users to send transactions through a private mempool that is not publicly visible. This prevents bots from seeing and front-running your trades before they are confirmed on-chain. Other solutions are offered by protocols like CoW Protocol.
  • Utilize DEX Aggregators. Some decentralized exchange aggregators can split a single trade across multiple liquidity pools. This results in a smaller price impact per pool, leaving less room for attackers to manipulate prices for profit.
  • Use Wallets with Built-in MEV Protection. Certain crypto wallets, such as Trust Wallet, have begun implementing built-in MEV protection features. These tools are designed to obscure your transactions from malicious bots and ensure you get a fair market price.

Comparison: Sandwich Attack vs. Simple Front-Running

Feature Sandwich Attack Simple Front-Running
Mechanism An attacker places both a buy and a sell order around a victim's transaction. An attacker places a single buy or sell order before a victim's transaction.
Profit Source Exploiting price slippage created by the victim's trade, capturing profit from both buy and sell transactions. Profiting from the general direction of the market, potentially caused by the victim's large transaction.
Outcome for Victim The victim receives fewer tokens than expected and suffers a loss due to the manipulated price. The victim's trade is executed at a slightly worse price than expected.
Transaction Order Buy (Attacker), then Trade (Victim), then Sell (Attacker). Attacker's trade is prioritized before the victim's trade.
Complexity More complex, involving multiple transactions executed in a specific sequence. Simpler, requiring only a single transaction with a higher gas fee.
Impact Creates significant, and often immediate, financial loss for the targeted user. Results in a marginal loss for the user, less direct market manipulation.

Conclusion

Sandwich attacks are a persistent and growing threat in the DeFi landscape, highlighting the innovative but adversarial nature of on-chain trading. By exploiting the public transparency of the mempool and the mechanics of Automated Market Makers, malicious bots can inflict direct financial losses on unsuspecting users. While the legality of such activities remains a gray area in a mostly unregulated space, the consequences for individual traders are very real. The key to mitigating this risk lies in user vigilance and the strategic deployment of protective measures, from adjusting slippage settings to utilizing private transaction networks. As the DeFi community continues to mature, solutions and tools designed to neutralize MEV exploitation will become increasingly critical for safeguarding a fair and secure trading environment for everyone.

Uniswap Labs offers useful articles on how to identify and avoid sandwich attacks.

Frequently Asked Questions

A simple front-running attack involves a single transaction placed before a victim's to get a better price. A sandwich attack is more complex, using two transactions—one before and one after—to profit from the price manipulation caused by the victim's trade.

The legality of sandwich attacks is debated and currently exists in a legal gray area within the decentralized finance space. While similar behavior in traditional finance would be considered illegal market manipulation, DeFi's unregulated environment complicates clear-cut legal definitions. Recent high-profile cases are testing these boundaries.

If you are a victim, your trade will likely execute at a significantly worse price than expected. You can check the blockchain explorer to see if transactions were placed immediately before and after yours by the same address, with the price of the asset spiking just before and dropping immediately after.

The mempool is the public waiting area for unconfirmed blockchain transactions. Its transparency is what makes sandwich attacks possible, as malicious bots can monitor it in real-time to identify and exploit profitable trading opportunities before they are added to a block.

MEV bots profit by manipulating the asset's price using a front-run buy order and a back-run sell order. The bot's profit comes from the difference between its purchase price (lower) and its selling price (higher), which is created by the victim's transaction.

Yes, services like Flashbots Protect are highly effective at preventing sandwich attacks because they bypass the public mempool. By submitting transactions directly to miners or validators, they are not exposed to the bots that monitor the mempool for exploitable trades.

No, a higher gas fee does not protect you. In fact, it might make you more vulnerable. Attackers often pay an even higher gas fee to ensure their front-run transaction is prioritized, effectively outbidding you for transaction ordering.

References

  1. 1
    What Are Sandwich Attacks in Crypto and How to Prevent Them?
  2. 2
    What Are Sandwich Attacks Costing DeFi Users?
  3. 3
    Detecting Sandwich Attack Malicious Accounts in Ethereum
  4. 4
    What are Sandwich Attacks in DeFi?
  5. 5
    What is a sandwich attack?

Related Topics:

#DeFi #sandwich attack #front-running #MEV #decentralized exchanges #blockchain security #price manipulation #crypto trading

Medical Disclaimer

This content is for informational purposes only and should not replace professional medical advice.