Hey guys 😎, as I promised in an earlier post on my X account, I will dive deeper into analyzing how sandwich attacks are happening on the Solana network nowadays, causing a mess in this ecosystem and enabling attackers to make millions of dollars daily by exploiting mempool access to sandwich user trades.
In this article, I will explain some key terminologies in trading and blockchain to make the content understandable, even for newbies. So, let’s get started!
I – What is a sandwiching and front-run
A sandwich attack is a type of MEV (Maximal Extractable Value) attack where an attacker manipulates the price of a token by placing two transactions around a victim’s trade. It typically happens in DeFi trading on DEXs (Decentralized Exchanges). The process involves:
- Front-running: The attacker detects a pending large trade and submits a buy order first at a slightly higher gas fee.
- Victim’s Transaction: The original trader’s order gets executed, pushing the token price up.
- Back-running: The attacker immediately sells the token at the new, higher price, profiting from the price difference.
Front-Running
Front-running is a broader concept where an entity (trader, miner, or bot) detects a pending transaction and submits their own with a higher gas fee to get it executed first. It can be used in:
- Trading: Buying before a large order to profit from price movement.
- NFT Mints: Sniping rare NFTs before others.
- MEV Exploits: Extracting value from pending transactions in blockchains.
II – What is a Mempool and how solana process Transactions
Mempool (Memory Pool)
A mempool (short for memory pool) is a temporary storage area where unconfirmed transactions wait before being included in a blockchain block. Nodes use the mempool to manage pending transactions, prioritizing those with higher fees for faster inclusion in a block. Mempools are crucial in networks like Ethereum and Bitcoin, where miners or validators select transactions based on gas fees.
How Solana’s Mempool Works
Unlike traditional blockchains like Ethereum and Bitcoin, Solana does not have a public mempool in the same way. Instead, Solana uses a highly optimized Gulf Stream protocol, which forwards transactions directly to validators before they are even scheduled for inclusion in a block. This eliminates mempool congestion, reduces front-running risks, and speeds up transaction finalization. However, this also means there is less transparency for users to observe pending transactions, making private order flow and validator-level MEV extraction more feasible.
To read more about this check this article:
III – Jito’s Solana Artificial Mempool
Jito created an artificial mempool on Solana by designing a system where transactions were voluntarily submitted to their block engine before reaching validators, mimicking the behavior of a traditional blockchain mempool. Since Solana’s Gulf Stream protocol directly forwards transactions to leaders (validators) without a public mempool, Jito built a custom relay network that aggregated transactions from users, bots, and MEV searchers. To enable MEV opportunities while preventing instant forwarding, Jito’s block engine introduced a 200ms delay, holding transactions momentarily before sending them to validators. This delay created a brief transaction visibility window, allowing searchers to analyze order flow, construct optimal bundles, and execute MEV strategies like sandwich attacks. These bundled transactions were then prioritized and sent to validators in a structured order. However, this system also introduced risks, such as front-running and fairness concerns, leading Jito to eventually shut down its public mempool to maintain a more equitable trading environment.
Jito, a key player in Solana’s MEV ecosystem, recently shut down its public mempool, citing concerns over transaction fairness and network efficiency.
Check the link below to read the Jito’s mempool official documentation ( Archived Version )
IV – How Sandwiching Happens After the Public Mempool Shutdown
So, do you think that after Jito’s mempool shut down, sandwich attacks will stop? 🤔
No. Thanks to the shutdown of the public mempool, sandwichers have been able to increase their revenue by 100x, with some wallets making $2M per day by front-running user trades with a 100% win rate and no risk of losing a single dollar.
But how are they still able to do this if there is no public mempool available?
After conducting some research in Discord and Telegram channels, I found that some validators have started collaborating to create private mempools. As you know, in the Solana blockchain, transactions are sent to the current leader. So, when multiple validators collaborate, they can create a mempool where each leader, elected in a specific slot, shares the transactions they receive through the Gulf Stream Protocol.
How the Sandwich Process Happens:
1️⃣ – The validators involved in this process search the newly created mempool for a large trade with high slippage in a coin. They especially target memecoins on platforms like PumpFun and Raydium, as the newly created memecoins typically have very small marketcaps. This means that even a small trade, such as $300, can drive the price up by 10%, for example.
2️⃣ – After noticing the trade, the sniper creates a buy order for the same coin and uses Jito’s tips to ensure their order is included in the block before the victim’s trade.
3️⃣ – Then, once the victim’s order is included in the block (after the sniping trade), the bot makes a sell order and sells for a profit.
As shown in the photo, the 8MQ’s orders are the sandwicher’s buy orders, and the middle one is the victim’s buy order.
In this case, the bot made:
145.99$ – 141.45$ = 4.45$
They can make such small profits every 1 to 3 seconds, which adds up to millions per day.
Let’s take this wallet as an example:
8MqRTAQnjhDYH7TWS1b1DjFog4CLZfySWE5cZeotG2VW
As mentioned in GMGN, this wallet made $500k in 7 days with a 100% win rate. However, if you track the wallet live, you’ll notice that they make around $2M per day, which GMGN doesn’t track in the background.