What is a DeFi sandwich attack?
Home > What is a DeFi sandwich attack?
AAG Marketing
May 10, 2023 7 mins read

What is a DeFi sandwich attack?

A sandwich attack is a market manipulation tactic that somewhat questionable traders carry out through decentralized finance (DeFi) platforms for their own gain. The attack takes advantage of “frontrunner” and “backrunner” transactions that sandwich regular transactions in such a way that they earn the attacker a small profit.

In this AAG Academy guide, we’ll explain what sandwich attacks are and how they work in more detail, and look at whether they’re really worth the effort. We’ll also answer some frequently asked questions around sandwich attacks.

What is a sandwich attack?

Sandwich attacks are a form of “frontrunning” — a market manipulation tactic in which traders take advantage of pre-market knowledge to buy or sell assets before a particular order is executed. For instance, a miner who has access to information on an upcoming trade could place an order that will earn them a profit when that trade is executed.

When it comes to sandwich attacks, two orders are placed; one before and one after the pending transaction. In other words, frontrunning is combined with “backrunning” to maximize its effectiveness. This allows a trader to buy a particular asset at a lower price, already aware that its value is going to rise, while their victim pays a higher price for it.

Sandwich attacks aren’t as common as other cryptocurrency scams, so not as many people are familiar with them, but they can certainly pose major problems when carried out successfully. While attackers themselves collect a tidy profit on these trades, their victims end up with less cryptocurrency than they were originally entitled to.

How does a sandwich attack work?

Sandwich attacks are a somewhat complicated process, so we’ll use a simple example to explain how they come together. Let’s say that Andrew wants to swap some AAG tokens for ETH, so they create the necessary transaction. Peter has pre-market knowledge of this transaction, so he buys ETH before Andrew’s transaction causes its value to rise.

Before Andrew’s transaction has a chance to change the value of ETH, Peter’s has already created an artificial price increase, so Andrew ends up paying more than originally anticipated for his ETH and ends up with less than expected. Peter can then sell his ETH at a higher price and collect the profits. They may not be large, but the attack can be carried out repeatedly.

This is a very straightforward example of a sandwich attack, simply to explain the concept, but in reality, they can be much more complicated. Most sandwich attacks — which are usually carried out through automated market makers (AMMs) such as PancakeSwap, SushiSwap, and Uniswap — can be split into two categories:

Liquidity taker vs. taker
In this scenario, liquidity takers on an AMM attack other liquidity takers. Attackers see a pending transaction and then submit subsequent transactions — frontrunning and backrunning — which creates three pending transactions. Miners decide which is approved first, so the attacker will usually offer up a higher transaction fee to give their request a greater chance of going first.

Liquidity provider vs. taker
This scenario is carried out in much the same way as taker vs. taker, but the attacker must carry out a little more work. They first remove liquidity as part of their frontrunning process, increasing the victim’s slippage. They then re-add liquidity as part of the backrunning process to restore the original pool balance. Finally, they swap the necessary assets.

Assuming the trick is carried out successfully and that all goes as planned, the attacker can withdraw their liquidity before the victim’s transaction is processed, eliminating the commission fee for that transaction.

Are sandwich attacks worth the effort?

As you’ve likely realized by now, sandwich attacks can be complex and difficult to execute successfully. Some even rely on factors outside of the attacker’s control, so they are not guaranteed to turn out as planned. In addition, the cost of performing all the necessary transactions can sometimes outweigh the potential profit an attacker might earn.

Taking all of this into consideration, it’s easy to see why sandwich attacks aren’t as popular as other cryptocurrency scams or market manipulation techniques. However, there is potential for sandwich attacks to be profitable, so some traders still attempt them on a regular basis. So much so that sandwich attack calculators are available online.

How to protect against a sandwich attack

From a trader’s perspective, there is little that can be done to protect yourself from a sandwich attack. An attacker’s actions are out of our control, and there are no steps we can take to prevent them from executing the transactions they wish to carry out. Instead, it is the responsibility of AMMs and other platforms to implement measures to counter these tactics.

Some have already begun taking steps to do that. 1inch is one AMM that offers a “flashbot transactions” order type, which does not appear in the transaction “mempool,” so potential hackers are unable to see it while it is processing. Carried out only by trustworthy miners, these transactions remain hidden until they are minted. Only then do they appear on the blockchain.


Frequently Asked Questions

In short, a liquidity taker vs. taker sandwich attack is when one taker performs an attack on another’s transactions through an automated market maker (AMM). You can read more about how this is carried out in the guide above.

A liquidity provider vs. taker attack is when a liquidity provider performs an attack on a liquidity taker’s transactions. This is somewhat similar to the attack above, but a little more complicated. You can read more about how it works in the guide above.

Defi-sandwi.ch offers a free and simple to use sandwich attack calculator.

Sandwich attacks are illegal in the traditional stock market, but when it comes to cryptocurrency, that’s not the case. The problem with sandwich attacks on the stock market is that they rely on insider information, which is illegal to use for trading purposes, whereas much of the cryptocurrency is decentralized and the necessary information is available to anyone.

Was this article helpful?

Have a Question? Join our active Discord

Share this article:

About the author

AAG Marketing


This article is intended to provide generalized information designed to educate a broad segment of the public; it does not give personalized investment, legal, or other business and professional advice. Before taking any action, you should always consult with your own financial, legal, tax, investment, or other professional for advice on matters that affect you and/or your business.

Explore Web3 & Metaverses intuitively with Saakuru®

Get news first

Be the first to get our newsletter full of company, product updates as well as market news.

We use cookies to make your experience better. Learn more: Privacy Policy

Explore Web3 & Metaverses intuitively with MetaOne®

Download now
Download Saakuru