A sandwich assault is a kind of MEV (Maximal Extractable Worth) exploit that takes benefit of pending transactions in DeFi buying and selling. MEV refers back to the most worth that miners or validators can extract by reordering, together with, or censoring transactions inside a single block throughout block manufacturing. In DeFi, bots typically exploit MEV utilizing methods like front-running and back-running. When each of those happen inside a single block, it creates a sandwich assault the place a malicious actor inserts their very own transactions round a person’s commerce, successfully “sandwiching” it.
One of the excessive examples comes from the notorious “jaredfromsubway,”. This well-known MEV bot operator pocketed over $1 million in only one week by a string of sandwich assaults focusing on merchants of the Pepe (PEPE) and Wojak (WOJAK) memecoins.
Right here’s the way it works:
1. Entrance-running: The attacker detects a pending transaction on the blockchain (often a big purchase order) and locations their very own purchase order proper earlier than the unique commerce. This pushes the value up simply earlier than the person’s commerce executes.
2. Person’s commerce: The person’s transaction goes by on the now artificially inflated worth. They obtain fewer tokens than anticipated because of the sudden worth improve attributable to the attacker’s purchase order.
3. Again-running: As soon as the person’s commerce is executed, the attacker sells their tokens on the inflated worth, successfully locking in a revenue on the person’s expense.
The person is “sandwiched” between the attacker’s two trades, in the end paying considerably extra for his or her commerce than initially anticipated.