What is a sandwich attack and how can you protect yourself?
Maximal Extractable Value (MEV) is a serious problem in the Ethereum ecosystem that accounts for more than $1.3 billion in lost value for traders just over the last few years. While there are different types of MEV, most extracted value comes from the dreaded sandwich attack.
Sandwich attacks occur when a user’s transaction gets trapped, or “sandwiched,” between two hostile transactions — one before and one after. As a result, the original transaction executes at a much higher price than necessary, leading to an inflated price for the original trader and a profit for the malicious trader placing the two extra trades (known as a “searcher”).
How a sandwich attack works
When a searcher spots an opportunity to sandwich a transaction, they place a trade before (known as “frontrunning”) and a trade after (known as “backrunning”) the transaction in order to manipulate the price of the trade.
Due to the design of Automated Market Makers (AMM) such as Uniswap, these trades strategically manipulate the price of the assets, leaving room for profit. To really understand how sandwich attacks work, though, we first need to understand some core concepts.
If you don't know what #MEV (Miner/Maximal Extractable Value) is and how it can hurt your swaps, make sure to watch this video! 🐮#CoWGMI 🐄 https://t.co/2g1cFLYvAL
— CoW DAO | CoW Swap & MEV Blocker (@CoWSwap) March 1, 2022
Core concepts at play
Automated Market Makers (AMM): Automated Market Makers are trading mechanisms that allow traders to buy and sell assets in real time. Unlike traditional “orderbook” trading, which relies on counterparties for every transaction (you need a seller in order to buy and a buyer in order to sell), AMMs work by maintaining a constant ratio between the prices of two assets. For example, ETH and COW. AMMs use the formula “x*y = k” to determine a fair price based on the ratio between two assets (x and y) in the liquidity pool.
Any time a trade alters this ratio by depleting the supply of one asset and increasing the other, the prices of the assets adjust in order to preserve the established ratio. For instance, if a trader buys COW and sells ETH, the COW price rises, and the ETH price falls. The opposite happens when traders sell COW and buy ETH.
Slippage Tolerance: When placing a trade, traders set a “slippage tolerance” for their transactions, which represents the maximum price difference they’re willing to accept for their trade. For example, if ETH is trading at $2,000 and you place an order to buy ETH with a 5% slippage tolerance, you’re willing to buy ETH at up to $2,100. If ETH goes above $2,100, however, your trade will fail, as it’s outside your slippage tolerance.
Some slippage tolerance is always necessary because the prices of crypto assets are constantly fluctuating, so by the time your trade executes, the price may have moved. Setting your slippage tolerance too high, however, leaves room for searchers to sandwich your trades.
Price Impact: Crypto markets, like all markets, are based on supply and demand. AMMs maintain “liquidity pools” of assets that they use to fill trades. Each trade drains some amount of this liquidity, moving the price of the asset. This price movement is known as “price impact.”
The larger the trade, the bigger the price impact. A trade of $100 ETH will not move the price of ETH very noticeably, since it makes up a tiny fraction of the available liquidity. A trade of $1,000,000 ETH however, will noticeably move the price of ETH.
Transaction Reordering: Blockchain transactions do not always enter the block in the order that they were submitted. Searchers can “bribe” the validators responsible for creating the block to get them to arrange transactions in a specific sequence. This transaction reordering is what makes all of MEV, including sandwich attacks, possible.
The sandwich attack: Step by step
Let’s examine a sandwich attack through a step-by-step example. In this example, we’re trading ETH and COW.
Step 1: Bessie wants to buy COW using her ETH. She goes to a decentralized exchange (DEX) like Uniswap, and places an order for 4,000 COW. This should cost her around 1 ETH, but due to significant market volatility, Bessie decides to set a 10% slippage tolerance. This means she’s willing to pay up to 1.1 ETH for 4,000 COW.
Step 2: Bessie’s trade enters the Ethereum mempool (the pending order queue), and a lurking searcher spots an opportunity. Springing into action, the searcher places a trade just before Bessie’s large enough to push the COW price up to her slippage tolerance. In this case, the searcher buys 4,000 COW for exactly 1 ETH. As a result of this first trade’s price impact, Bessie’s 4,000 COW purchase now costs 1.1 ETH — the maximum she’s willing to pay.
Step 3: Once the searcher’s transaction clears, Bessie’s transaction also goes through and she receives her 4,000 COW in exchange for 1.1 ETH. The searcher takes advantage of this price impact and sells his original COW at this new rate — 4,000 COW for 1.1 ETH.
In the end, the searcher buys 4,000 COW for 1 ETH and sells it for 1.1 ETH, earning a profit of 0.1 ETH (before gas and fees) for not much effort.
It’s easy to see how lucrative sandwich attacks are!
Bessie, on the other hand, ends up with a bad deal. She could have purchased 4,000 COW for just 1 ETH, but her slippage tolerance left room for a sandwich attack that forced her to pay an extra 10% for her trade.
The consequences of sandwich attacks
Sandwich attacks siphon millions of dollars from everyday Ethereum traders. Every dollar captured by searchers is a dollar stolen from the pockets of traders.
EigenPhi, a website tracking on-chain data, offers a dashboard displaying the latest sandwich attacks.
At the time of writing, sandwich attacks on AMMs and aggregators alike generate over $1 million in profit for searchers each week.
How can you protect against sandwich attacks?
There are several steps traders can take to protect themselves from sandwich attacks.
Reduce Slippage
A simple way to reduce your exposure to sandwich attacks is to decrease your slippage tolerance. Sandwich attacks rely on a high slippage tolerance that leaves arbitrage for searchers to exploit.
Lowering your slippage tolerance decreases the chance of falling victim to a sandwich attack, but, on the other hand, it means there’s a greater chance that your transaction will fail. Failed transactions can be frustrating and costly, since you still have to pay a gas fee even for failed transactions.
It can be difficult to know exactly what slippage to use. This is why using a trading mechanism solution that optimizes slippage tolerance on your behalf and doesn’t make you pay for failed transactions, such as CoW Protocol, can be useful.
Use a DEX Aggregator
Decentralized exchange aggregators scan multiple on-chain liquidity sources to offer you better prices for your trades. Spreading out a single trade across multiple liquidity pools means a reduced price impact, and thus less room for searchers to profit.
In addition, DEX aggregators often provide an “auto-slippage” option to algorithmically determine the appropriate slippage for your trade, reducing the chances of sandwich attacks.
Use a Custom RPC Endpoint
For advanced MEV protection, consider using a custom RPC (remote procedure call) endpoint for your wallet.
RPC endpoints act as intermediaries between your wallet and on-chain transactions. Most RPC endpoints (such as the default ones on your wallet) simply do the technical work of routing your trades to the chain. Others, however, will also provide protection from MEV.
A notable RPC endpoint that provides MEV protection is MEV Blocker. When using RPC’s like this, users are protected from MEV for a wide range of transactions including DeFi trading, NFT minting, liquidity providing, and more.
Changing your wallet’s RPC endpoint in order to take advantage of these benefits is relatively straightforward. For Metamask users, instructions can be found here.
Use CoW Swap
For the most comprehensive MEV protection, it’s a good idea to use dApps that are specifically optimized to protect you from MEV.
CoW Swap is a meta-DEX Aggregator that combines all of the benefits of price-optimized trading with the safety features of an MEV-resistant protocol. Cow Swap matches your order against the best prices for on-chain liquidity, and protects your trades from MEV.
For a comprehensive dive into how CoW Swap protects traders from MEV, check out “How CoW Swap solves the MEV problem.”
CoW Swap’s approach to sandwich attacks
Trading on CoW Swap is similar to using a platform like 1inch or Uniswap. You simply navigate to the swap interface, select the tokens you want to trade, specify your trade amount, and click “Swap.”
Behind the scenes, however, CoW Swap is quite different.
First, your order submission is no order at all, it’s actually a signed “intent to trade” message. This message gets sent to a network of “solvers” who find the best route for your trade, optimizing price and slippage tolerance in the process.
This delegated trading model means that your transaction is protected from MEV. If there is a sandwich attack that takes place, it will be the solvers getting sandwiched, not you. And the CoW Swap solver are some of the toughest bulls in the pasture, so they’re not easy to sandwich!
But there’s more: CoW Swap also utilizes Uniform Clearing Prices (UCP) to protect you from MEV.
CoW Swap groups orders into batches and executes them all at the same clearing price per asset. This approach makes transaction reordering ineffective as an MEV strategy since all orders in a CoW Swap batch trade for the same price.
Don’t end up lunch meat
Sandwich attacks pose a constant threat to Ethereum AMM (DEX) users who may fall victim to searchers looking to make a quick buck. Trades with high slippage tolerances are most susceptible to sandwich attacks and other types of MEV. The bigger the trade, and the bigger the slippage tolerance, the higher the chance that you’ll end up as lunch meat.
Thankfully, innovations such as DEX aggregators and custom RPC endpoints have made it much easier to protect yourself from all types of MEV.
For the most comprehensive MEV protection, however, whales, DAOs, and traders of all sizes turn to CoW Swap. Built from the ground up with MEV protection in mind, CoW Swap puts users first and protects every transaction from searchers… And we’ve got the data to back it up.
So try CoW Swap for yourself and leave MEV in the past.