A sandwich attack is a way trading bots can extract profits from transactions on a blockchain, at the expense of other traders. It is a type of front-running attack that takes advantage of price impact and involves placing buy and sell orders around a target order in quick succession. 

When you trade using decentralized tools, your onchain activity is public moments before it is executed. If another trade moves the market right before your trade executes, it can increase the cost of your trade up to your slippage tolerance, leaving you paying more - that’s front-running. When it is coordinated with a sell order immediately after, it’s a sandwich attack.

Using Matcha, you can avoid sandwich attacks altogether. Sandwich attack protection is part of the experience when you trade using Matcha Auto, with the 0x TxRelay API preventing front-running and sandwich attacks through its MEV protection solution.

What are sandwich attacks?

Sandwich attacks are a type of MEV where an attacker creates a pair of transactions that influence the market conditions around a trade. First, one front-run transaction intentionally impacts the market price of an asset before your trade executes, and then another order sells that asset back into the market at the newly changed price in a back-run transaction.

Depending on the network, a sandwich attack may affect your trades on both large and small dollar amounts because the attack is most influenced by available liquidity. If liquidity is low, the price impact of a small front-run buy is enough to force the buyer’s transaction to execute higher. Conversely, in high liquidity environments sandwich attacks need more capital to move the price. 

Sandwich bot attacks make up around 34% of all MEV, second to arbitrage.

How much do sandwich attacks cost traders?

As long as the opportunity exists to take profits from inefficient trades, people will continue to use bots for sandwich attacks. Much like arbitrage, sandwich attacks are a bot-driven activity that is a fact of life for decentralized financial networks. If you aren’t aware of the value lost to sandwich bots, you might not know you can optimize your trading with sandwich protection and avoid MEV.

Sandwich attacks likely won’t drain your net worth in one go like rug pulls or wallet exploits might. They can be better thought of as a tax on traders who don’t realize that their transactions are public and easy to manipulate.

Over the last 30 days, $1.45M profit has been made through sandwich attacks on around 68,000 wallets on Ethereum, for an average of $22 in extracted value per wallet. That’s a lot of money lost to a problem that can be easily avoided. By using a DEX aggregator with MEV protection you can say no to sandwich attack taxes and become a more efficient trader!

Protection from sandwich attacks

Sandwich attacks target transactions in the public mempool, so one way to avoid get sandwiched is to take your trades off-chain. Rather than queuing your trade with everyone else’s to be added directly to the blockchain, you can use Matcha Auto to avoid becoming a target. Our Tx Relay API takes the details of your trade and optimizes it for settlement over private channels, safe from MEV attacks.

Request for Quote (RFQ)

Protection from Sandwich Attacks is available in both Matcha Auto and Standard mode by choosing to only trade with private liquidity sources. By limiting your trades to use only RFQ (Request for Quote) liquidity, they will be filled through offers set by professional market makers, with Matcha choosing the best value for you.

As well as tapping directly into the deepest liquidity sources in crypto, RFQ trades are coordinated off-chain and there is no slippage from the offered price, so it is a surefire way to stop possible sandwich attacks. 

Protecting from MEV in DeFi means staying efficient with your trades while managing dozens of variables. Keep it simple with Matcha Auto to protect from sandwiches, get token swaps with zero slippage, and make swaps without holding the native token!

What’s a mempool?

A mempool (short for memory pool) is a temporary record of transactions which have been submitted to a blockchain. Each node keeps their mempool record up to date and can sync with different public and private sources to find suitable transactions. 

Block producers look at the mempool when preparing transactions to include in the next block. They prioritize transactions paying the highest fee, which attackers can take advantage of to front-run your order by simply setting a higher gas fee.

How does a sandwich bot work?

Sandwich trading bots rely on mempool data to know what trades are about to be executed onchain. By observing queued activity, an attacker can target a waiting buy or sell transaction and bid higher fees to skip ahead of it in the next block. The attacker’s transaction will be executed before the victims, so the victim ends up with a worse price. The attacker then finishes the sandwich by selling the token back into the market at the new price point.

What is an example of a sandwich attack in crypto? 

Imagine swapping $10,000 worth of Ethereum for USDC, which saw $21M of volume traded on Matcha in the last 24 hours. A sandwich bot would have to swap hundreds of thousands more than you to impact the market price, taking on more risk for just a few percent of your total trade size.

If that $10,000 of ETH was instead traded for a low-volume token like Reddit memecoin MOONs - with a 24 hour volume under $170,000 - it would have a huge price impact and make a lucrative target for bots watching the mempool. 

To sandwich the trade, a bot would buy a similar amount of MOONs and pay a huge premium in gas to make sure its trade executes before yours, while also sending an order to sell them with a lower fee, so it is processed after. The bot’s buy is processed just before yours, so when your trade gets processed, there are no tokens to buy at the price you expected. Your order is then filled with tokens up to the limit of your slippage tolerance. The attacker’s sell order then triggers, gaining them a profit in ETH and leaving you with a less valuable asset.

Is sandwich trading legal?

Watching the mempool and front-running transactions is not illegal in DeFi but front-running is illegal in most traditional financial (TradFi) markets. It's important to remember that in TradFi privileged information can give insiders a significant advantage, while in DeFi front-running is driven by public mempool data, making it more equitable, although it may still feel unethical. Even so, if you are not aware of MEV and sandwich attacks, you stand to lose out - so what can you do?

Regulation may seem like one way to prevent sandwich attacks and other forms of MEV like front-running, but it is more likely to dampen innovation and increase centralization. Instead, traders looking to get the optimal price can turn to tools like Matcha instead. Our DEX aggregator with MEV protection will show you the precise execution price you will get, while protecting you from sandwich attacks and other MEV techniques altogether.

"We must assume that we are operating in an adversarial environment where each market participant acts rationally in their own self interest." - Will Warren, co-founder and CEO at 0x

Turn off the MEV tax 

Maximal extractable value (MEV) is all about taking advantage of inefficiencies in your trading strategy. The larger your slippage tolerance, and the greater your order’s price impact, the more vulnerable you are to being sandwiched.

Sandwich attacks and front-running cause millions in losses each month, and you could be among the thousands of traders paying an extra MEV tax on your trades, without even realizing it! Turn on sandwich attack protection and turn off MEV opportunists with Matcha Auto. Connect your wallet now!