Sandwich Attack

Basics

• From Dose of DeFi (11-5-2021):

"An arb bot puts transactions before and after yours to extract all of the slippage you set."

• From Week in Ethereum (9-11-2020):

"Frontrunning and backrunning your uniswap transaction to avoid the slippage tolerance."

• From this blog (3-11-2022):

"A sandwich attack is a form of front-running, which primarily targets decentralized finance protocols and services.

A sandwich attack involves “sandwiching” a user’s transactions in between two transactions. These two transactions are before and after the user's transaction (hence the name sandwich), generating a loss for the user and a gain for the attacker.

In a sandwich attack, an attacker will first monitor for pending transactions in the mempool. Then He will find the user's transaction and place two trades, one before the victim’s pending transaction (front-running) and another trading order just after it (back-running). The victim’s pending transaction will be sandwiched between the two new trade orders created by the attacker. The purpose of placing these two orders and surrounding pending transactions is to manipulate asset prices.

Let us assume that Bob is swapping ETH for MATIC from a Uniswap pool. Now, an attacker monitors his transaction by scanning the mempool, and when he finds his transaction and he immediately places two orders.

Attacker’s 1st Txn: Swapping ETH for MATIC paying higher gas fees

Attacker’s 2nd Txn: Swapping back MATIC for ETH paying lower gas fees

1. First, the attacker will front-run Alice’s transaction with the same swap (swapping ETH for MATIC) and thus increasing the price of MATIC.
2. Now, after the price is increased Alice’s transaction is executed and she ends up paying more ETH for MATIC with higher price slippage.
3. Once the victim’s transaction is executed, the attacker will swap his MATIC back to ETH and make a profit."

Usage

• Robert Miller pointed out 4 tx being sandwiched (7-7-2021).