DeFi, or decentralized finance, has reshaped how we think about money, investing, and financial services. No middlemen, no banks, no bureaucracy – just direct access to global finance through smart contracts. But with this freedom comes a new breed of risks. One of the most dangerous and often overlooked is the Sandwich Attack.
In this lesson, we’ll break down what a sandwich attack is, how it works, and how to protect yourself in the fast-paced world of DeFi.
What is a Sandwich Attack?
A Sandwich Attack is a type of price manipulation that happens on decentralized exchanges (DEXs). It’s a form of front-running, where an attacker spots your transaction in the mempool (the public queue of pending blockchain transactions) and exploits it by placing two strategic transactions: one before yours and one after.
The attacker’s goal is simple – to profit at your expense.
Here’s how it works:
-
You submit a trade, swapping Token X for Token Y.
-
The attacker sees your pending transaction.
-
They place a buy order for Token Y before your trade executes – raising its price.
-
Your trade executes at the now higher price.
-
The attacker then sells Token Y after your transaction, locking in a profit.
Your trade becomes the “filling” in their sandwich.
Why Is It Possible?
The heart of this problem lies in how Automated Market Makers (AMMs) set prices on DEXs. AMMs adjust token prices based on supply and demand inside liquidity pools. Because your transaction affects the pool’s balance, it also affects the price.
What makes the attack even easier:
-
All pending transactions are public
-
Sophisticated bots monitor mempools 24/7
-
No centralized system can stop the attacker from jumping ahead
The Key Ingredients of a Sandwich Attack
-
AMM (Automated Market Maker): The algorithm that determines token prices based on real-time supply in liquidity pools.
-
Slippage: The difference between the expected price and the actual execution price of a trade. High slippage opens the door for attackers.
-
Execution price: The price you hope to pay.
-
Unexpected slippage: A sign something went wrong, often caused by sandwich attacks.
How to Recognize a Sandwich Attack
While sandwich attacks are fast and often go unnoticed, there are some signs you can look for:
-
Your trade was executed at a significantly worse price than expected.
-
The price of the token spiked just before your trade, then dropped right after.
-
You’re trading on a DEX using an AMM model, like Uniswap or PancakeSwap.
Advanced users often use block explorers (like Etherscan) to track transaction sequences and identify if they’ve been sandwiched.
Real-World Scenarios
-
Liquidity taker vs. taker
Multiple traders compete for the same liquidity. An attacker spots a pending trade and places orders before and after it to profit from the price movement. -
Liquidity provider vs. taker
The attacker removes liquidity from a pool (reducing supply and increasing price slippage), waits for the victim’s transaction, then re-adds liquidity after the trade – pocketing the difference.
How to Protect Yourself
There’s no bulletproof solution, but you can reduce your risk significantly by following these steps:
-
Use low slippage settings
Keep your slippage tolerance tight, especially for large trades. -
Enable private transactions
Some wallets and tools let you submit transactions directly to validators, skipping the public mempool. -
Use MEV protection services
Flashbots Protect and Eden Network are examples of tools that shield your transaction from front-runners. -
Increase your gas fee
A higher fee can prioritize your transaction and reduce the time it sits exposed in the mempool. -
Trade during low network activity
Fewer bots are active when trading volume is low, usually outside of peak hours.
Summary
Sandwich attacks are a real and growing threat in the DeFi space. They don’t break contracts or steal keys — they exploit the rules of open, transparent blockchains to squeeze extra value out of your trades.
As a DeFi user or builder, understanding this type of attack is essential. It’s not just about coding or investing — it’s about protecting yourself in an environment where every transaction is a potential target.
Security in DeFi isn’t just technical. It’s strategic.
