Smart contract sandwich attack prevention is one of the most critical unsolved problems in DeFi security. While trading venues have explored various MEV mitigation strategies, most solutions either introduce centralization risks or impose prohibitive costs on legitimate traders. Immute takes a different approach with its BUY_LOCK_BLOCKS mechanism—a per-address buy-lock window that makes same-block sandwich attacks structurally impossible without disrupting normal trading patterns. This technical deep-dive explains the attack vector, the prevention mechanism, and how the contract enforces it at the opcode level.

Understanding the Sandwich Attack Vector

A sandwich attack exploits the transparency of public mempools to extract value from unsuspecting traders. The attack unfolds in three precise steps: the attacker identifies a pending victim transaction, places a buy order immediately before it, then executes a sell order immediately after. This sequence manipulates the AMM's constant product formula (x·y=k), driving the victim's execution price upward while the attacker captures the spread [2].

The economic incentive is straightforward—attackers can reliably extract value whenever gas costs don't exceed the spread between their front-run and back-run transactions. Research indicates that sandwich attacks have extracted significant value from DeFi protocols, disproportionately harming retail traders who lack the sophistication or infrastructure to protect themselves [4]. Traditional countermeasures like batch auctions and commit-reveal schemes reduce attack surface but introduce latency and complexity that harm all users, not just attackers.