Sandwich trading

At its core, the sandwich attack involves an attacker strategically positioning their transactions around a victim’s transaction to capitalize on price variances. The attacker initially inflates the asset’s price with the transaction (1), waits for the victim’s transaction to materialize and subsequently deflates the asset’s price with the transaction (3), thereby securing a profit.

Assume a Bonding Curve holding crypto-token in reserves (τ0) that can be swapped with another token (τ1). Now, suppose that user A wants to swap 20 units of τ0 in her wallet for at least 15 units of τ1. This requires to append to the blockchain a transaction of the form

$$A : swap^0 (20 : \tau_0 , 15 : τ_1),$$

where the prefix A indicates the wallet involved in the transaction, swap is the called AMM function, and the superscript 0 indicates the swap direction, i.e. deposit 20 : $τ_0$ to receive back at least 15 : $τ_1$ (a superscript 1 would indicate the opposite direction). In a bonding curve, the actual amount of $τ_1$ transferred to A must be such that the “invariant" is preserved before and after a swap. Now, suppose that an adversary M observes A’s transaction, and appends to the blockchain the following sandwich:

$M : swap^0 (5.9 : τ_0, 5.5 : τ_1)$

$A: swap^0 (20 : τ_0, 15 : τ_1)$

$M : swap^1 (25.9 : τ_0, 20.6 : τ_1)$

where the last transaction is in the opposite direction, i.e. M sends 20.6 : $τ_1$ to receive at least 25.9 : $τ_0$. As a result, A only yields the minimum amount of 15 : τ1 in return for 20 : $τ_0$. This implies that an extra amount has been gained by M and lost by A. This is how a sandwich attack takes place.