A sandwich assault is a sort of MEV (Maximal Extractable Worth) exploit that takes benefit of pending transactions in DeFi buying and selling. MEV refers back to the most worth that miners or validators can extract by reordering, together with, or censoring transactions inside a single block throughout block manufacturing. In DeFi, bots usually exploit MEV utilizing methods like front-running and back-running. When each of those happen inside a single block, it creates a sandwich assault the place a malicious actor inserts their very own transactions round a person’s commerce, successfully “sandwiching” it.
One of the crucial excessive examples comes from the notorious “jaredfromsubway,”. This well-known MEV bot operator pocketed over $1 million in only one week by means of a string of sandwich assaults focusing on merchants of the Pepe (PEPE) and Wojak (WOJAK) memecoins.
Right here’s the way it works:
1. Entrance-running: The attacker detects a pending transaction on the blockchain (normally a big purchase order) and locations their very own purchase order proper earlier than the unique commerce. This pushes the worth up simply earlier than the person’s commerce executes.
2. Consumer’s commerce: The person’s transaction goes by means of on the now artificially inflated worth. They obtain fewer tokens than anticipated as a result of sudden worth improve attributable to the attacker’s purchase order.
3. Again-running: As soon as the person’s commerce is executed, the attacker sells their tokens on the inflated worth, successfully locking in a revenue on the person’s expense.
The person is “sandwiched” between the attacker’s two trades, finally paying considerably extra for his or her commerce than initially anticipated.