What Is a Sandwich Attack in DeFi?
Learn what a sandwich attack is in DeFi, how bots front-run your trades, and practical steps to protect yourself from MEV exploitation on DEXs.
What Is a Sandwich Attack in DeFi?
A sandwich attack is a type of front-running exploit in decentralized finance where a malicious bot places orders around a victim's transaction to profit from price changes. This predatory tactic preys on regular traders using decentralized exchanges (DEXs) and has become a serious concern in the DeFi space. Understanding how sandwich attacks work is the first step toward protecting your funds.
How Sandwich Attacks Exploit DEX Transactions
A sandwich attack relies on the mempool — the waiting area for pending blockchain transactions. When you submit a swap on a DEX, your transaction is broadcast to the network but not immediately confirmed. Bots continuously scan the mempool for large or profitable swaps and then execute a three-step strategy:
- Front-run transaction – The bot buys the same token you want, pushing its price higher.
- Victim transaction – Your original swap goes through, but now at a worse price because of the bot’s earlier buy.
- Back-run transaction – The bot immediately sells the tokens it bought, locking in a profit from the artificial price spike.
The result: you pay more for your trade, and the bot walks away with the difference. This entire process happens within a single block thanks to the bot’s ability to prioritize its transactions with higher gas fees.
Why the Attack Is Called “Sandwich”
Think of your transaction as the filling between two orders — the bot’s buy and sell. The bot “sandwiches” your swap to profit from the price movement it creates. The attack is most effective on automated market makers (AMMs) like Uniswap or PancakeSwap, where prices adjust instantly based on liquidity pool balances.
Why Sandwich Attacks Are Profitable for MEV Searchers
Maximal Extractable Value (MEV) is the profit that miners or validators (and now bots) can extract by reordering transactions. Sandwich attacks are a specific type of MEV. Bots, often called MEV searchers, compete to detect vulnerable trades. The profits can be significant because even a small price movement on a large trade yields a large reward.
The table below compares how sandwich attacks differ from other MEV strategies:
| MEV Type | Method | Target |
|---|---|---|
| Sandwich attack | Front-run + back-run | Single large swap |
| Pure front-running | Buy before victim, hold | Any trade |
| Liquidation | Trigger under-collateralized loans | Borrowers near liquidation |
| Arbitrage | Exploit price differences across DEXs | Price discrepancies |
Sandwich attacks are particularly harmful because they directly harm regular users who don’t realize their trades are being manipulated. Unlike arbitrage, which stabilizes prices between exchanges, a sandwich attack creates artificial volatility at the victim’s expense.
Practical Example: A Real-World Sandwich Attack Scenario
Imagine Alice wants to swap 10 units of Token A for Token B on a DEX. She submits her transaction with a standard gas fee. A bot sees her pending order:
- Step 1: The bot buys Token A with a high gas fee, pushing the effective exchange rate against Alice.
- Step 2: Alice’s swap executes. She receives fewer Token B units than she expected because the price moved in the bot’s favor.
- Step 3: The bot sells the Token A it just bought, cashing out at the elevated price.
Before the attack: 10 Token A → 15 Token B. After the attack: 10 Token A → 13 Token B (Alice loses 2 Token B). The bot profits from that 2 Token B difference, minus gas costs.
The numbers in this example are illustrative only. In reality, the loss depends on trade size, liquidity depth, and how aggressive the bot is. The key takeaway: the victim gets a worse price without knowing it.
💡 Pro Tip: To reduce the risk of being sandwiched, use a DEX aggregator like 1inch or CowSwap. These tools split your trade across multiple pools or use private order flow to keep your transaction out of the public mempool.
How to Protect Yourself from Sandwich Attacks
You don’t have to accept sandwich attacks as inevitable. Several strategies can help you trade safely:
- Use private mempools or RPC endpoints – Services like Flashbots Protect route your transaction directly to miners/validators, bypassing the public mempool.
- Set a low slippage tolerance – If the price moves too much, your transaction fails automatically. A slippage setting of 0.5–1% is often safe.
- Use limit orders – Platforms like 1inch Limit Order or CoW Swap allow you to trade at a fixed price, giving bots no room to manipulate.
- Trade smaller amounts or in illiquid pools – Large trades in shallow liquidity pools are prime targets for sandwich attacks. Consider splitting a large order into several smaller ones.
- Opt for DEXs with MEV protection – Some newer DEXs (e.g., DODO, Clipper) incorporate anti-MEV features by design.
The Role of the Mempool in Sandwich Attack Mechanics
The public mempool is the enabler of sandwich attacks. Every pending transaction is visible to anyone running a blockchain node. Bots exploit this transparency to detect profitable victims. However, the mempool is not mandatory — you can choose to use private transaction relays that submit your order directly to a block producer without broadcasting it publicly.
Private relays are common in Ethereum’s MEV landscape, but other blockchains like BNB Chain and Polygon also have similar solutions. The trade-off is that private transactions may have slightly higher latency or fees, but they eliminate the primary attack vector: visibility of your order.
Conclusion
A sandwich attack is a DeFi exploit that preys on unsuspecting traders by placing buy and sell orders around their transactions. These attacks are driven by MEV searchers competing to front-run users in the public mempool. While sandwich attacks can cause real losses, you can defend yourself by using private mempools, adjusting slippage settings, and choosing MEV-resistant platforms. Staying informed about these threats is essential for anyone participating in decentralized finance.
