A sandwich assault is a sort of MEV (Maximal Extractable Worth) exploit that takes benefit of pending transactions in DeFi buying and selling. MEV refers back to the most worth that miners or validators can extract by reordering, together with, or censoring transactions inside a single block throughout block manufacturing. In DeFi, bots typically exploit MEV utilizing methods like front-running and back-running. When each of those happen inside a single block, it creates a sandwich assault the place a malicious actor inserts their very own transactions round a consumer’s commerce, successfully “sandwiching” it.
Probably the most excessive examples comes from the notorious “jaredfromsubway,”. This well-known MEV bot operator pocketed over $1 million in only one week via a string of sandwich assaults focusing on merchants of the Pepe (PEPE) and Wojak (WOJAK) memecoins.
Right here’s the way it works:
1. Entrance-running: The attacker detects a pending transaction on the blockchain (normally a big purchase order) and locations their very own purchase order proper earlier than the unique commerce. This pushes the value up simply earlier than the consumer’s commerce executes.
2. Person’s commerce: The consumer’s transaction goes via on the now artificially inflated value. They obtain fewer tokens than anticipated because of the sudden value enhance brought on by the attacker’s purchase order.
3. Again-running: As soon as the consumer’s commerce is executed, the attacker sells their tokens on the inflated value, successfully locking in a revenue on the consumer’s expense.
The consumer is “sandwiched” between the attacker’s two trades, finally paying considerably extra for his or her commerce than initially anticipated.