Summary
Sandwich attacks place a buy transaction before and a sell transaction after a victim’s trade, exploiting slippage to extract value. High-profile data shows this mechanism is widely misunderstood: the top “attackers” by volume often have ~$0 profit or are statistical artifacts. The corrected median price impact from genuine sandwiching is ~0.37 basis points — much lower than the frequently cited 1.53 bps. More MEV value comes from arbitrage and backruns than from direct sandwiching.
Mechanism
[Attacker buy] → [Victim swap] → [Attacker sell]
- The attacker observes a pending swap in the mempool.
- The attacker buys the same token first, pushing up the price.
- The victim’s swap executes at the inflated price (within their slippage tolerance).
- The attacker immediately sells, profiting from the temporary price inflation.
- Net effect: the victim pays a higher price; the attacker extracts the spread.
Slippage tolerance determines the maximum extractable value per sandwich. A 0.5% slippage tolerance on a $10,000 swap allows the attacker to extract up to $50.
Corrected Statistics
Common claims overstate the frequency and profitability of sandwiching. From the dataalways analysis (Apr 2026):
| Statistic | Common claim | Corrected |
|---|---|---|
| Median price impact | 1.53 bps | 0.37 bps |
| Top “sandwich” by volume | High profit | ~$0 profit |
| Top 3 “attacks” in the period | Significant MEV | ~$0 profit |
Why the Discrepancy
- Arbitrage misclassified as sandwiching: some automated arbitrage sequences are structurally similar to sandwiches but actually improve price discovery.
- Statistical artifacts: bots that appear to sandwich may be executing failed or neutral strategies.
- Recency: the most sophisticated sandwiching is done by private systems that don’t appear on public dashboards.
Actual Profitability Distribution
- The majority of sandbox-labeled transactions have very low or zero net profit.
- Profitable sandwiches are concentrated among a small number of sophisticated operators.
- Thin-margin AMM pools (e.g., stablecoin pairs) are unprofitable to sandwich due to low slippage tolerance.
Conditions for Profitable Sandwiching
- High slippage tolerance: the victim must be willing to accept a significant price move.
- Sufficient liquidity imbalance: the pool must be thin enough that the attacker’s buy meaningfully moves the price.
- Gas + latency budget: the attack requires three transactions in precise sequence; high gas costs on L1 make many sandwiches unprofitable.
- Public mempool visibility: transactions routed through private RPCs (OFA providers) are not visible and cannot be sandwiched.
Protection Mechanisms
| Mechanism | How it works | Effectiveness |
|---|---|---|
| Private RPCs (OFA, Flashbots Protect) | Transaction not visible in public mempool | Very high for covered txs |
| Low slippage tolerance | Reduces extractable value; may cause reverts | Moderate |
| CoW Swap / batch auctions | Transactions matched in batches at a uniform price | High; no in-block ordering advantage |
| Encrypted mempool (LUCID) | Transactions encrypted until after ordering | Eliminates ordering-based MEV entirely |
The $50M UI Lie Case Study
A detailed analysis (Mar 2026) examined a specific case where Aave displayed a “good” swap quote while CoW Protocol’s solver routed to a microscopic Sushi pool with much worse execution:
- Aave displayed: optimal routing, ~1 bps slippage
- CoW’s actual execution: routed to a tiny Sushi pool, $50M+ impact on the broader trade flow
- Root cause: the quote-to-order mismatch — solvers update routing between quote display and actual execution; the UI showed the initial quote, not the final execution
Key insight: the worst execution outcomes are not always from sandwiching. Quote staleness, solver competition failures, and routing to illiquid venues can cause larger damage than a well-executed sandwich.
MEV Taxonomy: Sandwiching vs. Other MEV
By value extracted:
- CEX-DEX arbitrage: largest source — price information flows from centralized exchanges to on-chain AMMs
- Liquidations: second largest — collateral seized at discount from undercollateralized positions
- AMM arbitrage: between on-chain venues
- Backrunning: extract residual value after a large trade (without the front-run component)
- Sandwiching: smaller than commonly believed; concentrated in specific pools/conditions
Open Questions
- What is the true rate of “harmful” sandwiching (where the attacker profits at the victim’s expense) vs. statistical sandwiching?
- Does universal adoption of private RPCs eliminate the sandwich problem, or does it shift value to other MEV types?
- How do encrypted mempools (LUCID) affect the overall MEV taxonomy — does eliminated sandwich MEV simply shift to other forms?
Related Pages
- Arbitrage: CEX-DEX and AMM Arb — CEX-DEX and AMM arbitrage
- Private Order Flow and OFA Mechanisms — OFA mechanisms that protect against sandwiching
- Encrypted Mempools — Protocol-level protection
- PropAMMs: Proportional AMMs and On-Chain Market Making — Prop-AMMs and oracle update ordering as countermeasure
Key Sources
- Sandwich Statistics (dataalways, Apr 2026) — corrected 0.37 bps figure; ~$0 profit for top “attackers”
- The $50M UI Lie (Mar 2026) — code-level analysis of Aave/CoW routing failure; quote staleness