A sandwich attack is a form of maximal extractable value (MEV) where an attacker places one trade immediately before a victim’s swap and another trade immediately after it, so the victim’s transaction executes at a worse price and the attacker captures profit from the induced price movement.
This behavior is most common on automated market makers (AMMs) where price is a function of pool reserves and trades move the price along a curve. In public mempool environments, a pending swap can be observed before inclusion in a block, giving sophisticated searchers a window to insert transactions around it.
A concise definition is widely used in security glossaries: the attack “sandwiches” the victim’s transaction between two attacker transactions to extract value from the victim’s slippage settings.
The key enabler is transaction visibility before finalization.
On many chains, transactions propagate to a public mempool (or to multiple mempools) before being included in a block. During that time, other parties can see details like token pair, amount, and slippage tolerance, and can attempt to influence ordering.
Block production adds the second ingredient: ordering discretion. Validators, block builders, or specialized intermediaries can choose which transactions to include and in what sequence. MEV searchers compete by paying higher fees, using private order flow, or integrating directly with builders.
A constant-product AMM (x*y=k) provides a useful mental model.
A user submits a swap that will move the pool price. The user sets a slippage tolerance so the transaction reverts if the execution price becomes too unfavorable.
An attacker’s goal is to move the price against the user just enough that the user still executes, but at the worst allowed price. The attacker then reverses the position after the victim executes, capturing the difference.
The profit source is not magic. It is the victim’s price impact plus the extra movement created by the attacker, bounded by the victim’s slippage setting, minus fees and gas.
Slippage tolerance is a safety parameter, but it also becomes a maximum extractable spread.
A high slippage tolerance increases the range of prices at which the swap will still execute. That makes it easier to bracket the trade and still land the victim inside the acceptable band.
A low slippage tolerance reduces that band, forcing an attacker to risk reverting the victim’s transaction. Reverts are expensive if the attacker has already taken a position.
The best setting depends on liquidity depth, volatility, and urgency. Extremely low slippage can cause failed swaps. Extremely high slippage can turn routine trades into a predictable MEV opportunity.
Sandwich attacks are not always obvious from the wallet UI. Common indicators include:
These signals are strongest when examining the block containing the swap and the adjacent transactions for the same pool.
The objective is not to eliminate MEV in theory. It is to reduce the chance that a public pending swap becomes a predictable, extractable target.
Some trading systems reduce mempool visibility or change the execution model so the attacker cannot reliably bracket the victim’s swap. Batch-auction and intent-based systems can make reordering less profitable by clearing many trades at a uniform price, and by delegating execution to competing solvers rather than a single public swap router.
Limit orders and RFQ-style fills can reduce the amount of price impact exposed to the public mempool. The core advantage is explicit price control: the order either fills at an acceptable price or does not fill.
Sandwich profitability rises when a small trade causes a large price movement. Trading on deeper liquidity pools or splitting orders can reduce price impact and reduce extractable slippage.
A smaller slippage band reduces the attacker’s space. The safest pattern is to keep slippage as low as possible while still allowing the trade to execute under normal volatility and pool depth.
Some wallets and RPC providers support private transaction submission that bypasses the public mempool and routes directly to builders or block producers. This does not remove MEV entirely, but it can reduce exposure to generalized mempool scanning.
A sandwich attack is MEV that exploits the visibility and ordering of pending swaps. The attacker brackets a victim trade, pushes execution toward the victim’s slippage limit, and captures profit when the price moves back. The most effective defenses are mechanism-level: reducing public mempool exposure, using limit or intent-based execution, and choosing liquidity and slippage settings that minimize predictable extractable value.
The post Sandwich Attack Explained: How MEV Works and How to Reduce Risk appeared first on Crypto Adventure.
