MEV Protection: How to Avoid Sandwich Attacks on a DEX
— By Tony Rabbit in Tutorials

A practical defense guide to MEV protection against sandwich attacks: tighten slippage correctly, route through a private RPC, split large orders, and confirm whether you were sandwiched.
MEV protection against a sandwich attack means stopping a bot from buying right before your swap and selling right after it, pocketing the price move your own trade creates. A sandwich attack is a form of maximal extractable value (MEV) where a bot spots your pending transaction in the public mempool, front-runs it to push the price up, lets your trade fill at that worse price, then dumps for a profit. The good news: this is a solvable problem. With the right slippage settings, a private transaction route, and smarter order sizing, you can make your swaps unprofitable to attack. This guide is the actionable how-to, not another definition, so let's get straight to the defenses.
Key Takeaways
- Sandwich bots need two things: your transaction visible in the public mempool and enough slippage room to extract value.
- Set slippage as tight as the trade allows. High slippage is an open invitation, not a safety margin.
- A protected or private RPC hides your pending swap so bots cannot see it to sandwich it.
- Splitting large orders and avoiding thin pools at peak gas removes the price impact bots feed on.
- You can confirm a past sandwich by inspecting the buy and sell that bracket your tx in the same block.
How you get sandwiched, in one diagram
A sandwich attack happens in a single block, in three ordered transactions. The bot watches the public mempool, sees your buy waiting to be mined, and inserts its own transactions on either side of yours. The picture below shows the exact sequence.
The attack only works because two doors are open at once: your transaction is broadcast to the public mempool where any bot can read it, and your slippage tolerance is wide enough to absorb the price the bot pushes. Close either door and the math stops working for the attacker. For the full mechanics, see what is a sandwich attack in crypto and the wider MEV risks in DEX trading.
Tighten slippage correctly (and why too-high slippage invites the attack)
Slippage tolerance is the maximum price move you will accept between hitting confirm and the swap settling. It exists so volatile trades do not fail, but every percentage point you grant is room a sandwich bot can steal. If you set 10% slippage on a liquid pair, you are telling the network you will accept up to a 10% worse fill, and a bot will take exactly as much of that as it profitably can.
Set slippage as tight as the trade allows rather than defaulting to a round, comfortable number. On deep, liquid pools, 0.1% to 0.5% is often enough. Volatile or newly launched tokens may genuinely need more because of real price movement, but treat every extra point as exposure, not safety. If a swap keeps failing at low slippage, the honest fix is usually a thinner pool or a too-large order, not cranking tolerance to 15%. To understand why fills go bad, read how slippage, price impact, and pool depth cause bad fills.
Use a protected or private RPC to stay out of the public mempool
The single most effective defense is to stop broadcasting your trade where bots are watching. A normal swap goes to the public mempool first, sits there for a few seconds, and is fully readable while it waits. A protected or private RPC routes your transaction through a relay that submits it directly to block builders, so it never sits in the open pool where a MEV bot front-running and sandwiching trades can find it.
In practice you change one setting. In your wallet's network configuration, replace the default RPC endpoint with a sandwich-resistant one offered by services built for this, then swap as normal. Many wallets and front-ends now ship MEV protection on by default, but confirm yours actually does before assuming you are covered. A private route also means a failed or reverted attack attempt does not cost you, since the bot never gets to bracket the trade in the first place.
Split large orders and use MEV-aware aggregators; avoid thin pools at peak gas
Size is what makes you a target. A small swap in a deep pool barely moves the price, so there is almost nothing to extract. A large swap in a shallow pool moves the price a lot, and that movement is exactly the profit a sandwich bot captures. Two habits cut this down.
First, split a large order into smaller pieces so no single transaction creates a big enough price swing to be worth attacking. Second, route through an MEV-aware aggregator that spreads the trade across multiple pools and can submit through private order flow. Tools like a DEX aggregator such as 1inch find deeper combined liquidity than any single pool and often include protection on the route. Finally, avoid executing big trades in thin pools during peak gas, when congestion gives bots the most time and the most incentive to act. If you trade at quieter times you also pay less, as covered in how to lower gas fees on a DEX.
How to confirm you WERE sandwiched in your transaction history
If a fill looked wrong, you can verify a sandwich after the fact. Open your swap in a block explorer and note its block number and position. A sandwich leaves a clear signature: in the same block, the same bot address has a buy of your token ordered immediately before your transaction and a sell ordered immediately after it.
Walk through it in three checks. First, look at the transactions surrounding yours in that block and find a buy and a sell of the same token by one address bracketing your swap. Second, compare the price you received against the pool price just before the block; a noticeably worse fill that snaps back right after is the tell. Third, confirm the bracketing trades share a sender or are clearly coordinated. If all three line up, you were sandwiched, and the takeaways above (tighter slippage plus a private RPC) are what stop it next time.
This article is for educational purposes only and is not financial advice.