Sandwich Trading is a type of front-running attack in decentralized finance (DeFi) where a malicious actor manipulates the order of transactions in a blockchain network to profit at the expense of other users. This exploit typically occurs in automated market makers (AMMs) or decentralized exchanges (DEXs) and involves placing two transactions—one before and one after a target transaction—to “sandwich” it. The attacker leverages the transparency of blockchain mempools to identify pending transactions and execute this strategy.
What Is Sandwich Trading?
Sandwich trading is a predatory trading technique used in blockchain ecosystems, particularly in DeFi platforms. It exploits the public nature of blockchain mempools, where pending transactions are visible before they are confirmed. The attacker identifies a large trade (the target transaction) and places two trades around it: a buy order just before the target transaction and a sell order immediately after. This manipulation artificially inflates the price of the asset during the target transaction and allows the attacker to sell at a higher price, profiting from the price difference.
This practice is considered harmful because it increases slippage for the victim, leading to worse trade execution and higher costs. It also undermines the fairness and efficiency of decentralized markets.
Who Is Involved in Sandwich Trading?
Several parties are involved in sandwich trading:
- Attackers: These are typically sophisticated traders or bots programmed to monitor mempools and execute sandwich trades automatically.
- Victims: Regular users of decentralized exchanges or AMMs who submit large transactions, making them vulnerable to this exploit.
- Validators/Miners: While not directly involved, validators or miners process the transactions, and in some cases, they may collude with attackers to prioritize malicious transactions for a fee.
- DeFi Platforms: Decentralized exchanges and AMMs are the venues where sandwich trading occurs, as their open architecture and transparent transaction pools make them susceptible.
When Does Sandwich Trading Occur?
Sandwich trading occurs during the transaction confirmation process on blockchains, particularly those using proof-of-work (PoW) or proof-of-stake (PoS) consensus mechanisms. It is most common when:
- A user submits a large trade on a DEX or AMM.
- Network congestion causes delays in transaction confirmation, giving attackers time to act.
- Gas fees are high, allowing attackers to outbid others and prioritize their transactions.
The timing is critical, as attackers must act quickly to sandwich the target transaction before it is confirmed.
Where Does Sandwich Trading Take Place?
Sandwich trading primarily occurs on decentralized exchanges (DEXs) and automated market makers (AMMs) that operate on public blockchains. Common platforms include:
- Ethereum-based DEXs: Uniswap, SushiSwap, and Balancer.
- Binance Smart Chain DEXs: PancakeSwap and BakerySwap.
- Other Blockchain Ecosystems: Solana, Avalanche, and Polygon-based DEXs.
These platforms are vulnerable because they rely on transparent mempools and automated pricing mechanisms, which attackers can exploit.
Why Does Sandwich Trading Happen?
Sandwich trading happens because of the following reasons:
- Transparency of Blockchain Mempools: Pending transactions are visible to everyone, allowing attackers to identify and target large trades.
- Profit Incentive: Attackers can earn significant profits by manipulating prices and exploiting slippage.
- Lack of Protections: Many DeFi platforms lack built-in mechanisms to prevent front-running or sandwich attacks.
- High Liquidity: DEXs and AMMs often have high liquidity, making it easier for attackers to execute large trades without significant market impact.
The combination of these factors creates an environment where sandwich trading is both feasible and lucrative.
How Does Sandwich Trading Work?
The process of sandwich trading involves the following steps:
- Monitoring the Mempool: The attacker scans the blockchain mempool for large pending transactions on DEXs or AMMs.
- Placing a Front-Running Buy Order: The attacker submits a buy order with a higher gas fee to ensure it is processed before the target transaction. This increases the price of the asset.
- Target Transaction Execution: The victim’s transaction is processed at the inflated price, causing them to incur higher costs and slippage.
- Placing a Back-Running Sell Order: The attacker submits a sell order immediately after the target transaction, profiting from the artificially inflated price.
This sequence allows the attacker to profit from the price difference created by their own manipulation, while the victim suffers financial losses.
Conclusion
Sandwich trading is a significant challenge in the DeFi ecosystem, highlighting the vulnerabilities of transparent blockchain networks and automated trading systems. While it demonstrates the ingenuity of blockchain attackers, it also underscores the need for improved security measures, such as private transactions, anti-front-running mechanisms, and better user education to mitigate these risks.
