A sandwich assault is a kind of MEV (Maximal Extractable Worth) exploit that takes benefit of pending transactions in DeFi buying and selling. MEV refers back to the most worth that miners or validators can extract by reordering, together with, or censoring transactions inside a single block throughout block manufacturing. In DeFi, bots usually exploit MEV utilizing strategies like front-running and back-running. When each of those happen inside a single block, it creates a sandwich assault the place a malicious actor inserts their very own transactions round a person’s commerce, successfully “sandwiching” it.
One of the crucial excessive examples comes from the notorious “jaredfromsubway,”. This well-known MEV bot operator pocketed over $1 million in only one week by a string of sandwich assaults concentrating on merchants of the Pepe (PEPE) and Wojak (WOJAK) memecoins.
Right here’s the way it works:
1. Entrance-running: The attacker detects a pending transaction on the blockchain (often a big purchase order) and locations their very own purchase order proper earlier than the unique commerce. This pushes the worth up simply earlier than the person’s commerce executes.
2. Consumer’s commerce: The person’s transaction goes by on the now artificially inflated value. They obtain fewer tokens than anticipated as a result of sudden value improve attributable to the attacker’s purchase order.
3. Again-running: As soon as the person’s commerce is executed, the attacker sells their tokens on the inflated value, successfully locking in a revenue on the person’s expense.
The person is “sandwiched” between the attacker’s two trades, finally paying considerably extra for his or her commerce than initially anticipated.
