How Sandwich Attacks Work: MEV Extraction Explained

Sandwich attacks are the most well-known MEV extraction strategy in DeFi, generating hundreds of millions of dollars in cumulative profit on Ethereum alone. In this technical guide, we'll explain exactly how sandwich attacks work, the mechanics behind them, and why they remain one of the most profitable automated trading strategies in crypto.

What is a Sandwich Attack?

A sandwich attack is a form of MEV (Maximal Extractable Value) extraction where a bot places two transactions around a target transaction — one before (front-run) and one after (back-run). The name comes from the target transaction being "sandwiched" between the attacker's two trades.

The attack targets large swaps on automated market makers (AMMs) like Uniswap, Sushiswap, and PancakeSwap. When someone submits a large token swap, it will move the price due to the AMM's constant product formula. The sandwich bot exploits this predictable price movement to extract profit.

For example, if a trader submits a $100,000 swap to buy ETH on Uniswap, the sandwich bot detects this pending transaction in the mempool, buys ETH first (pushing the price up slightly), lets the victim's large trade push the price up further, then sells its ETH at the higher price.

The Anatomy of a Sandwich Attack: Step by Step

Step 1: Mempool Monitoring

The sandwich bot runs a full Ethereum node and monitors the mempool — the queue of pending, unconfirmed transactions. It specifically looks for large swap transactions on DEX router contracts (like Uniswap's Router02). The bot decodes each pending transaction to identify the token pair, swap amount, and slippage tolerance set by the trader.

Slippage tolerance is critical. A trader who sets 5% slippage is telling the AMM they'll accept a price up to 5% worse than the current market price. This creates room for the sandwich bot to extract value without causing the victim's transaction to revert.

Step 2: Profitability Calculation

Before executing, the bot simulates the entire sandwich on a local fork of the blockchain state. It calculates:

• The optimal size for the front-run transaction (too large and it consumes all the victim's slippage, causing a revert)
• The expected price impact from both the front-run and the victim's transaction
• The profit from the back-run sell minus gas costs for both transactions
• The gas price needed to ensure proper transaction ordering

Only if the simulation shows net profit after gas costs does the bot proceed. This pre-execution validation ensures the bot never executes unprofitable trades.

Step 3: Front-Run Transaction

The bot submits a buy transaction for the same token the victim is buying. This transaction is crafted to be included in the same block, but positioned before the victim's transaction. The front-run pushes the token price up slightly due to the AMM's pricing curve.

Modern sandwich bots use Flashbots to submit transaction bundles directly to block builders, guaranteeing the ordering of front-run → victim → back-run without competing in the public mempool gas auction. This is more efficient and prevents other bots from front-running the sandwich bot itself.

Step 4: Victim's Transaction Executes

The victim's swap executes at a worse price than they would have received without the sandwich. Because their slippage tolerance allows for some price deviation, the transaction still succeeds — the victim just receives fewer tokens than they would have in the absence of the attack.

Step 5: Back-Run Transaction

Immediately after the victim's trade (in the same block), the bot sells the tokens it bought in the front-run. Because both the front-run and the victim's trade pushed the price up, the bot sells at a higher price than it bought, capturing the difference as profit.

The Math Behind Sandwich Attacks

AMMs like Uniswap use the constant product formula: x * y = k, where x and y are the reserves of the two tokens in the liquidity pool, and k is a constant.

When a large swap removes tokens from one side of the pool, the price changes according to this formula. The sandwich bot exploits this by:

• Buying tokens before the large swap (at the current, lower price)
• The victim's swap then moves the price further in the same direction
• Selling tokens after the victim's swap (at the now higher price)

The profit equals the price difference between the front-run buy price and back-run sell price, multiplied by the amount of tokens traded, minus gas costs for both transactions.

Flashbots and Private Transaction Ordering

Early sandwich bots competed in public mempool gas auctions, driving up gas prices for everyone. Flashbots changed this by introducing a private channel for submitting transaction bundles directly to block builders.

With Flashbots, sandwich bots submit a bundle containing three transactions (front-run, victim's tx, back-run) as an atomic unit. The bundle either executes completely in the specified order or not at all. This eliminates the risk of partial execution (where the front-run succeeds but the back-run fails) and prevents gas price wars with competing bots.

Block builders include these bundles because they receive a payment (called a "bribe") from the MEV bot — a portion of the extracted profit shared as an incentive for including the bundle. This creates an efficient marketplace for MEV extraction that benefits both bots and block builders.

How Much Do Sandwich Bots Make?

Sandwich attacks have extracted billions of dollars from DEX traders since their inception. Individual sandwich bots can earn anywhere from hundreds to tens of thousands of dollars per day depending on market activity, capital deployed, and the sophistication of their strategies.

The famous "jaredfromsubway.eth" bot spent over $90 million on gas fees while extracting significantly more in MEV profits. During high-volatility periods, sandwich opportunities increase dramatically as more traders execute large swaps with wider slippage tolerances.

Profitability depends on several factors: the volume of DEX trading activity, the size of individual swaps, gas costs (which reduce net profit), and competition from other sandwich bots targeting the same transactions.

Protecting Against Sandwich Attacks

Understanding how sandwich attacks work also helps traders protect themselves:

• Use low slippage: Setting tight slippage tolerance (0.5-1%) limits how much a sandwich bot can extract
• Use private mempools: Services like Flashbots Protect route your transactions through private channels, hiding them from sandwich bots
• Break up large trades: Splitting a large swap into multiple smaller transactions reduces the price impact and attractiveness to sandwich bots
• Use DEX aggregators: Aggregators like 1inch split orders across multiple DEXs, reducing the impact on any single pool