Solidity Attack Vector #15: Sandwich Attack

A sandwich attack is a form of front-running where an attacker (usually a bot) places a transaction both before and after a victim's pending transaction.

The Process

1. Victim tries to buy Token A.

2. Attacker sees this in the mempool and buys Token A first (driving the price up).

3. Victim's transaction executes at a higher price.

4. Attacker sells Token A immediately after, profiting from the price difference.

Defense

1. Slippage Tolerance: Always include a minAmountOut parameter in your swap functions.

2. Private Mempools: Use services like Flashbots to hide your transactions from public view.