Sandwich Attacks Explained in Detail
A sandwich attack places a victim trade between two attacker trades: one to move the price against the victim, and one to close the attacker's position for profit.
The victim's slippage tolerance usually determines how much room the attacker has.
Transaction example
-
Enter: Attacker buys token A before the victim swap.
-
Move: The victim swap pushes token A higher.
-
Exit: Attacker sells token A after the victim swap.
-
Extract: The victim receives less output than expected.
Sandwich Attacks in Auditing
Sandwich risk appears in routers, vault deposits that swap, liquidation paths, zaps, aggregators, and protocol-owned trading logic. It is a common MEV pattern.
Contracts should not execute user or protocol swaps with weak price constraints.
Red flags in code
-
amountOutMin = 0. -
Hardcoded or stale slippage tolerance.
-
No deadline on swaps.
-
User cannot control
minAmountOut. -
Low-liquidity pools used for large trades.
-
Protocol-critical swaps depend on current spot price.
How to test or review it
-
Place an attacker buy before the victim and sell after the victim.
-
Check whether victim output remains above the intended minimum.
-
Test low-liquidity pools, volatile pairs, and fee-on-transfer tokens.
-
Verify quotes cannot be generated from manipulable spot prices alone.
-
Check whether protocol-owned swaps have conservative bounds.
-
Consider batch auctions or private orderflow when users need predictable execution.