No one can deny the attraction of DeFi when you can find a lot of investment opportunities with attractive profits in this market. However, participants are likely to face attacks on DeFi that cause significant damage to each person’s pocketbook.

Imagine that on a clear day, you go to DeFi to trade a pair of tokens and end up buying that token at a significantly higher price than you would like while the token price is quite stable and there is no major fluctuation. In the statement, your trade is “clamped” by two other orders with the same volume. If you have encountered this case then my condolences, you have become a victim of Sandwich Attack.

Maybe for some people, this is the first time I’ve heard of Sandwich Attack. However, this method of attack is not new and is one of the most likely types of attacks.

How Sandwich Attack Works?

First, you need to understand how sandwich attacks work.

Basically, Sandwich Attack is the fact that an attacker (be it a person or bot) takes advantage of knowing a trade has a big impact on the price and tries to place an order right before that trade in order to profit from the spread.

Overall the sandwich attack will take place in steps:

Step 1: A victim will execute a large trading order to swap asset X (e.g. ETH, DAI…) for asset Y.

Step 2: The attacker will see the transaction in step 1 in the queue and try to execute a buy order for asset Y before the victim’s transaction is confirmed (front-run).

Step 3: The attacker’s transaction pushed up the price of Y assets so the victim had to trade at a much higher price than desired while the attacker enjoyed a nice price.

Step 4: Because the victim has to buy property Y at a high price, the attacker will sell asset Y at that price (back-run). As a result, the attacker will benefit from trading the spread.

For example, sandwich attack

For example, in the photo above, a trader placing a 7.85 ETH order buys a token for around $2.46. However, at the same time, the attacker quickly created a command of 3.66 ETH to buy at that price. Both orders near the same time pushed the token price up a significant amount and the victim had to make a purchase at $2.57. Finally, when the price is high, the attacker executes the sell order at $2.6 from which to make a profit of 0.2 ETH while the victim suffers losses when buying at a significantly higher price than desired.

What kind of sandwich attacks are common

There are usually two types of sandwich attacks. The way these two categories work is quite similar while the difference lies in the object that performs it.

Liquidity Taker vs Taker

The first is the type of attack that traders carry out against other traders.

Traders enter the market with an AMM trading order. While orders are pending on the blockchain, attackers can create front-run and back-run transactions for profit. Since there are currently three pending transactions, miners will decide which ones are approved in advance.


At this point, the attacker can compete for the place by paying a significantly higher transaction fee than other individuals, then this trading opportunity will be processed in advance and sandwich attack is executed. This is not a typical Sandwich Attack style with an absolute success rate, but merely an illustration of making a Sandwich attack quite easily.

Liquidity Provider vs Taker

Not only the person involved in the transaction but also the liquidity provider can also carry out this type of attack. Basically, this situation still takes advantage of front-run and back-run transactions, however, the attacker needs to perform in a 3-step sequence.


First, they execute a liquidity withdrawal order, in order to increase the slippage for the victim’s transaction. After the victim has to perform at a more realistic price than the original, they will add liquidity to restore the balance back to the same. Finally, the attacker swaps Y assets for X for profit.

Factors that help attackers perform Sandwich Attacks

Let’s take a closer look to understand what factors make up Sandwich Attack.

The first factor to mention is automated market maker (AMM). This is an automated pricing and market-setting algorithm based on the amount of assets in liquidity pools instead of traditional order books in centralized exchanges. AMM allows liquidity providers to track and track the market, thereby setting the purchase price and selling price. The participants will then trade at the set price.

At the same time the AMM ensures that transactions will be executed continuously based on its price determination algorithm. This makes it possible for the attacker to make a trade that runs ahead of the victim’s trade order to push up the price and then resell it at a bargain price while the victim’s trade is still executed. The reason is that each order on the AMM comes with a certain slippage, so if the trade does not find the desired price, it can still match the price higher or lower than the original.

For these reasons, most sandwich attacks are carried out on AMMs such as UniswapPancakeSwap and SushiSwap.

In addition, thanks to the characteristics of the blockchain, each transaction made on the network can be tracked on mempool (which stores transactions so that they can be processed gradually). In addition, many DeFi smart contracts do not have the ability to prevent attacks of this type, so Sandwich Attack is quite simple and very easy to apply to reality. Even many attackers can carry out this form of attack continuously without any major damage.

Weaknesses of Sandwich Attack

While it’s pretty easy to do sandwich attacks, it’s not always feasible for attackers. Because sometimes the cost of carrying out the attack will exceed the level of profit it brings, especially when using Ethereum – where the transaction fee is quite high. This will make sandwich attacks “counterproductive”.

Besides, not all sandwich attacks are successful. Sometimes the attacking transaction will fail and the executor will have to bear the cost spent.

How to protect yourself from sandwich attacks

So far, users have been hardly immune to Sandwich Attack, as decentralized trading platforms have yet to implement smart contracts that effectively prevent such attacks.

There have been a number of solutions offered, such as the 1inch network platform that introduced a type of commanding model called “flashbot transactions”. This is the hidden method that shows up in mempool, then connects directly to the trusted miner to make the transaction. The completed transactions will be displayed at mempool shortly thereafter.

However, contrary to expectations, the measure also caused some debate around how it works. This includes the fact that users are not yet truly trusted because the AMM can take advantage of the hidden display and fail to check for transparency, to forge a connection to the miner without going through mempool.

Or another example is that there have been suggestions that zk-SNARKs should be used when it can encrypt and hide the information of each transaction, so that the attacker will not be able to analyze the transactions in mempool and find potential targets. However, this way has the weakness that the transaction gas fee will be high and potentially pave the way for other types of attacks.

While waiting for a truly effective solution to be come up, you can take the following measures to somewhat protect from this type of attack:

  • If you are going to make a large order on the AMM decentralized floor, pay attention to set the slide as much as you can tolerate. It is best to trade with the greater the volume, the smaller the slide.
  • Besides, you can also break down your big orders to many different orders.

Read more: What exactly is a Vampire Attack in Defi?

See ya in the next article !

Don’t forget to follow useful articles about Crypto Market from team Holding B !!!