Although sandwich attacks may not be as widespread as more common DeFi hacks such as flash loan attacks and rug pulls, their insidious nature makes them disruptive to the stability of the DeFi ecosystem, particularly on trading platforms.

In this guide, you will learn about sandwich attacks, how they are carried out, and how to protect yourself against them.

What Is a Sandwich Attack in Crypto?

A sandwich attack in the DeFi markets is a type of market manipulation that occurs on decentralized exchanges (DEXs), where a malicious actor spots a large pending transaction and places two transactions around it: one before and one after the targeted transaction.

The attacker buys the asset before the large transaction, driving up the price, and then sells it at a higher price immediately after the large transaction, profiting from the price difference.

Depending on the protocol in question, a sandwich attack may affect both small and large transactions, as it is primarily influenced by the available liquidity. When liquidity is low, a small front-run attack can have a significant impact, causing the buyer’s transaction to execute at a higher price than originally intended. Conversely, when liquidity is high, sandwich attacks require more capital to manipulate the price and generate a profit. 

According to EigenPhi, sandwich attacks ranked as the second most popular MEV (Maximal Extractable Value) activity, with transactions totaling over $2 billion in the first week of January 2024.

How Are Crypto Sandwich Attacks Carried Out?

We need to understand some core terminology to understand how sandwich attacks work.

Automated Market Makers (AMMs)

AMMs are automated trading protocols that enable traders to buy and sell assets in a decentralized manner. They generally work by maintaining a constant ratio between assets in a liquidity pool to determine a fair price and adjust the prices whenever trades are executed to preserve the ratio. 

Price Slippage

Price slippage refers to the change in the price of an asset during a transaction. When undertaking a transaction, traders typically set a slippage tolerance, which is the maximum price difference they are willing to accept for their transaction. 

Price Impact

Like all markets, crypto markets are driven by the forces of supply and demand. Crypto transactions within AMM liquidity pools deplete some assets, drain some of the liquidity, and shift the asset price. 

How Does a Sandwich Attack Work?

Suppose a trader wants to trade a digital asset X for an asset Y and places a large purchase order. The order is broadcasted to the blockchain and is temporarily recorded in the mempool pending block confirmation.

A trading bot detects the pending transaction and executes a front-run transaction by buying asset Y before the original transaction is approved. Consequently, the purchase raises the price of asset Y and the slippage tolerance to its maximum level. 

The trader ends up buying asset Y at a higher price, oblivious to the back-end machinations, and the trading bot backruns and sells asset Y at a higher price.

How to Detect And Prevent Sandwich Attacks

Detecting a sandwich attack primarily involves looking at the blockchain for specific transaction patterns. These patterns are characterized by a large transaction that is closely preceded and followed by smaller ones.

The key is to look for instances where there are two small transactions, one immediately before and one immediately after a significantly larger transaction, especially in a short time frame.

This suggests that an attacker may be manipulating the market by placing orders around a large transaction to profit from the price movement. Advanced monitoring tools and algorithms are often used to track such activities in real-time, as they are not so easy to spot when monitoring the blockchain manually.

Moreover, monitoring the liquidity of assets and the size and frequency of trades can provide further insights into whether a transaction pattern is part of a normal market activity or a potential attack, as low-liquidity environments make it easier to execute sandwich attacks. 

Sandwich attacks can be avoided by the following actions:

  • Reduce Slippage – Traders should lower the slippage tolerance to remove the incentive for attackers to exploit arbitrage within a transaction.
  • Using DEX aggregators – Decentralized exchange aggregators spread out a single trade across several liquidity pools, resulting in a reduced price impact and little room for attackers to profit. 
  • Deploy a custom RPC endpoint – RPC (Remote Procedure Call) endpoints link your wallet to on-chain transactions, with some offering MEV protection.

What Is the Impact of Crypto Sandwich Attacks?

Sandwich attacks remain a persistent threat to crypto traders in the DeFi markets. The bigger the trade and the higher the price slippage tolerance, the greater the chances of traders being susceptible to sandwich attacks.

However, the silver lining is strategies such as using DEX aggregators, custom RPC endpoints, and reducing slippage can protect them from sandwich attacks.