Liquidation MapLiquidation HeatmapToolsAPI
Blog
BlogGlossary
Pricing
PricingLifetime
Glossary TermApril 20, 2024

Sandwich Attack

MEV attack that sandwiches your trade between two attacker transactions — the silent predator of DeFi that you can defend against with proper slippage settings.

defimarket-manipulationrisk-management

Definition

MEV attack that sandwiches your trade between two attacker transactions — the silent predator of DeFi that you can defend against with proper slippage settings.

Sandwich Attack

In Simple Terms: A sandwich attack is when a bot sees your trade in the mempool, front-runs you to push the price up, lets your trade execute at a worse price, then sells immediately after — you're the meat in a very expensive sandwich.

A sandwich attack is a type of MEV (Maximal Extractable Value) exploit where an attacker detects a pending transaction in the blockchain's mempool, places a buy order just before it ("front-running"), lets the victim's trade execute at an inflated price, then immediately sells after ("back-running"), pocketing the difference. The victim's trade goes through at a worse price than expected, while the attacker captures risk-free profit.

In AMM-based DeFi (Uniswap, PancakeSwap, etc.), sandwich attacks are automated by MEV bots that scan the mempool for profitable opportunities. The attack is possible because transactions sit in the public mempool before being included in a block, giving bots time to observe, simulate, and insert their own transactions. Crypto perpetual futures on centralized exchanges (CEXs) are less vulnerable to classic sandwich attacks because CEXs use a central limit order book with time-priority matching, not an AMM. However, CEX traders face analogous risks: front-running by exchange insiders or market makers with faster connections, and latency arbitrage where your order hits the book after the market has already moved. Kingfisher users are primarily CEX-based, but understanding sandwich mechanics is valuable for navigating DeFi protocols that integrate with the broader crypto ecosystem.

How It Works

Sandwich attack step by step:

  1. Victim submits transaction: A trader submits a large buy order for Token X on a DEX, with 1% slippage tolerance
  2. Attacker detects: MEV bot sees the pending transaction in the public mempool
  3. Front-run: Attacker submits a buy transaction with higher gas fee, getting it processed first. This pushes Token X's price up (AMM constant product formula)
  4. Victim executes: Victim's transaction executes at the now-inflated price, buying fewer tokens than expected. The slippage tolerance allows this — the victim effectively overpays
  5. Back-run: Attacker immediately sells Token X at the inflated price (higher than their entry), capturing the difference as profit
  6. Price returns: After both transactions, the AMM pool rebalances and price returns to near-original levels

The victim loses value through:

  • Worse execution price (price impact from attacker's front-run)
  • Slippage tolerance being maxed out
  • The attacker's profit coming directly from the victim's trade

In CEX futures (less vulnerable, but analogous risks exist):

  • Latency arbitrage: Faster participants see price changes and execute before you, similar to front-running
  • Order book front-running: Market makers with co-located servers see your order and adjust quotes before it executes
  • Information leakage: Large orders on CEXs can be detected by monitoring order book changes, allowing anticipatory positioning

Why It Matters for Traders

  1. Slippage tolerance is your primary defense in DeFi. Setting slippage to 0.1-0.5% makes sandwich attacks unprofitable because the attacker can't extract enough value to cover gas costs. The trade-off: your transaction may fail during volatile periods. 0.5% is the practical sweet spot.
  2. Private mempools (Flashbots, MEV-Boost) protect against sandwich attacks. By submitting transactions directly to block builders rather than the public mempool, your trade can't be observed and sandwiched. This is standard practice for any DeFi trade over $10K.
  3. CEX traders face different but related risks. Kingfisher users on centralized exchanges don't face on-chain sandwich attacks, but large orders can still be detected through order book monitoring. Using iceberg orders, splitting large orders, and avoiding obvious limit order placement at key levels reduces this risk.

Common Mistakes

  • Setting slippage tolerance too high on DEX trades. 3-5% slippage is an open invitation to sandwich bots. Unless you're trading extremely illiquid tokens, keep slippage at 0.5-1% maximum.
  • Trading large size on AMMs during high-congestion periods. When gas prices spike, sandwich bots become more selective — but large trades remain profitable targets. If you must trade size on a DEX, use a DEX aggregator (1inch, Matcha) that routes through multiple pools and provides MEV protection.
  • Assuming CEXs are immune to all forms of front-running. While on-chain sandwich attacks don't apply, CEX traders with large orders can be detected and front-run by market participants with faster infrastructure. Use algorithmic execution or break large orders into smaller pieces.

Deep Dive

Want to explore further? Check out:

Ready to Start Trading?

Join The Kingfisher community and get access to professional-grade trading tools and insights.

View PlansLearn more about our tools →