sandwich attack solana

What Is a Sandwich Attack?

A sandwich attack is a type of on-chain exploit where an attacker places a buy order just before your transaction within the same block and then sells right after your transaction, effectively “sandwiching” your trade. This manipulates the Automated Market Maker (AMM) price in real time and captures the slippage space you allowed.

The mempool is a public queue of pending transactions waiting to be added to a block. MEV (Maximal Extractable Value) refers to additional profits gained by reordering, inserting, or excluding transactions during block production. Sandwich attacks are a classic MEV strategy designed to ensure your trade executes at a less favorable price, creating a safe arbitrage window for the attacker.

How Do Sandwich Attacks Occur on the Blockchain?

A sandwich attack takes place after your transaction enters the mempool. Bots scan the mempool for large swaps in a particular liquidity pool. Upon spotting your sizable trade, a bot submits a buy order with a higher gas fee to front-run and push the token price up. Your transaction then executes at the worse price, and finally, the bot sells right after you, resetting the price and locking in profit.

Here’s a simplified example: Suppose you intend to swap 100 ETH for Token A on an AMM, setting a 1% slippage tolerance. A bot detects your order and first buys Token A, driving up its price relative to ETH. Your transaction now executes at this higher price, netting you less Token A. The bot immediately sells Token A after your trade, causing the price to drop back, capturing the price difference as profit while depleting your slippage margin.

How Does a Sandwich Attack Work?

The core mechanics hinge on AMM pricing and slippage. AMMs (Automated Market Makers) determine prices based on the ratio of two assets in a liquidity pool. Any significant change in asset amounts shifts the price along a curve, causing “price impact.” Slippage is the maximum price deviation you’re willing to tolerate.

A sandwich attack exploits this by first moving the price against you with a small trade, causing your transaction to execute at a worse rate within your slippage limit. The attacker then quickly reverses their trade, restoring the price and pocketing the difference between their two trades. As long as your slippage tolerance allows it, attackers can reliably profit between their front-run and back-run transactions.

What Are the User Impacts of Sandwich Attacks?

The immediate impact is that you receive fewer target tokens for the same input—your execution price worsens. Indirectly, transaction fees can rise due to increased competition for block space (front-running and back-running bots bid up gas fees), and there’s also an elevated risk of failed transactions (if slippage is set too low, your trade might revert, still incurring some fees).

Over the past year, MEV-related activity on major blockchains has remained high. Sandwich attacks are more common during periods of heavy network congestion, particularly for large swaps. This means users must be especially vigilant when trading in pools with low liquidity or high volatility.

How Can You Identify and Confirm a Sandwich Attack?

The key is to analyze the sequence of transactions within the same block. On a block explorer, check if your swap was preceded by a buy of the same asset and immediately followed by a sell of that asset—both coming from similar or related addresses.

Other warning signs include: your execution price deviates sharply from quoted rates; your entire slippage tolerance is consumed; or your transaction fee is notably higher than others in that block. The simultaneous presence of these signals strongly indicates a sandwich attack.

How Can You Prevent or Reduce the Risk of Sandwich Attacks?

1. Use RPC endpoints or relays that support private transaction submission to hide your trade from public mempools, reducing bot detection risk.
2. Set an appropriate slippage tolerance—too high invites exploitation; too low may cause failed transactions. Test with small amounts first to gauge pool depth and volatility before adjusting slippage.
3. Split large swaps into smaller transactions to minimize price impact per trade and shrink potential profits for attackers.
4. Choose deeper liquidity pools or optimized routes. Deep pools have more stable prices and are harder to manipulate.
5. Avoid trading during peak congestion periods or around trending tokens when bot activity and risks are highest.
6. Use limit orders or Time-Weighted Average Price (TWAP) tools if available, which reduce single-trade price impact by spreading execution over time.

Risk Note: Any on-chain transaction is susceptible to adverse execution and fee losses. Always assess risk according to your capital size, and avoid large swaps if you’re unfamiliar with routing, fees, or pool depth.

How Does a Sandwich Attack Differ From Frontrunning?

Frontrunning involves inserting a transaction ahead of yours to profit from anticipated price movement caused by your trade; sandwich attacks place one trade before and one after yours, fully enclosing your transaction to guarantee an exploitable price difference.

Sometimes you may hear about “backrunning” (trading right after yours), but true sandwich attacks always involve both pre- and post-trade actions, tightly targeting your slippage and execution price.

Why Are Sandwich Attacks More Common on AMMs?

AMMs set prices solely based on pool asset balances, and all trades are transparently queued on-chain. This makes it easier for attackers to shift prices with single transactions within user-defined slippage windows.

In contrast, centralized exchanges use internal matching engines and order books that are not exposed in public mempools. External bots cannot insert surrounding trades within the same block—so sandwich attacks mainly occur on on-chain AMMs and routers.

How Does Gate Address Sandwich Attacks Within Its Ecosystem?

When using Gate’s Web3 wallet to connect with DEXs, prioritize private RPC endpoints or MEV-protected routes. For large swaps, always start with small test trades to calibrate slippage settings and routing paths.

If you don’t require instant AMM swaps, trading via Gate’s spot or derivatives markets shields you from public mempool exposure, significantly reducing sandwich attack risk. For cross-chain or aggregated swaps, opt for deep-liquidity routes with transparent paths and avoid submitting large orders during peak congestion.

Security Reminder: In every scenario, control slippage tolerance, split large trades when possible, monitor fees and execution details closely to avoid preventable losses from misconfiguration.

What Should You Remember About Sandwich Attacks?

Sandwich attacks fundamentally revolve around placing trades immediately before and after yours, exploiting AMM pricing mechanisms and slippage windows to secure arbitrage profits. To mitigate risk, minimize public exposure of your trades, reduce exploitable price ranges, and spread out large swaps over multiple transactions. Always factor in timing, pool depth, routing quality—and leverage private submission channels and limit/TWAP tools for better execution quality.

FAQ

What specific losses can a sandwich attack cause in my trades?

Sandwich attacks inflate your realized slippage, often resulting in execution prices much worse than expected. The attacker injects large trades before and after yours—pushing up the price before dumping it back down—forcing your order to absorb unfavorable rates in between. In simple terms: what should have cost $100 might end up costing $110 instead, with that extra $10 pocketed by the attacker.

How can I effectively avoid sandwich attacks when trading on Gate?

On Gate’s platform, set conservative slippage tolerances—typically between 0.5%–2%. Choose trading pairs with deep liquidity, avoid peak network times, and refrain from submitting single massive orders when possible. Using aggregation tools to split order flow can also help prevent large trades from being easily targeted by bots.

Why do I experience more sandwich attacks on certain exchanges?

Attack frequency varies depending on transparency and liquidity. Exchanges with more open mempools, higher user counts, and greater volume present more opportunities for attackers to observe and exploit large trades. Paradoxically, deeper liquidity pairs are harder to exploit as large orders have less impact on price. Choosing platforms like Gate with high volume and deep liquidity can offer better protection against such attacks.

What’s the key difference between sandwich attacks and ordinary slippage?

Regular slippage is caused by natural market movements—no one controls it; sandwich attacks are deliberate manipulations by malicious actors. The difference: normal slippage is random and unpredictable; sandwich attacks are premeditated, targeted, repeatable exploits. By examining transaction hash history, you’ll notice that unusually high slippage on certain pairs often points to sandwiching activity.

Can on-chain data help me detect if I’ve been sandwich attacked?

Absolutely. Reviewing your transaction hash on a block explorer lets you check trade sequences and price changes before and after your order. If there are unusually large same-direction trades immediately before or after yours—especially if your execution price jumps sharply—you’ve likely been targeted. Learning how to interpret on-chain data is key to protecting yourself.