MEV and Swap Protection
Last modified:
What is MEV?
Maximal Extractable Value (MEV) is profit captured by reordering, inserting, or censoring transactions within a block. On EVM-compatible chains, block builders and searchers compete to extract MEV from pending transactions in the public mempool.
For swap users the most common extraction vector is the sandwich attack.
Sandwich attacks
A sandwich attack brackets a victim's pending swap:
- Front-run — the attacker buys the same output token ahead of the victim, pushing the price up.
- Victim's swap executes at a worse price than expected.
- Back-run — the attacker sells immediately after, profiting from the inflated price.
The victim receives fewer tokens; the attacker pockets the difference.
The math
Consider a pool with reserves x (CTN) and y (USDC). The attacker front-runs the victim's Δx_v with Δx_a:
Step 1 — front-run:
attacker_output = y * Δx_a / (x + Δx_a)
new reserves: x' = x + Δx_a, y' = y - attacker_outputStep 2 — victim swaps at degraded price:
victim_output = y' * Δx_v / (x' + Δx_v)Step 3 — back-run at the now-elevated price.
The attacker's maximum profit is bounded by the victim's slippage tolerance s:
max_extractable ≈ s * Δx_v * (y / x)Example: A 10 CTN swap in a 100 CTN / 200,000 USDC pool with 2 % slippage tolerance:
max_extractable ≈ 0.02 * 10 * 2,000 = $400In practice, profit is lower due to gas costs and competition among searchers.
Who is affected?
Any swap submitted to a public mempool is a potential target. Larger trades and higher slippage tolerances widen the attacker's profit margin.
How slippage tolerance protects you
The slippage tolerance (e.g., 1 %) sets the minimum acceptable output. If a sandwich pushes the execution price beyond this threshold, the transaction reverts — the trader loses only gas.
| Tolerance | Protection | Tradeoff |
|---|---|---|
| 0.1 % | Very high — almost no extraction room | Swaps may fail in volatile markets |
| 0.5 % | High — good default for most swaps | Small risk window |
| 1–3 % | Moderate — necessary for volatile tokens | Larger extraction window |
| 5 %+ | Low — significant exposure | Reserve for tokens with built-in transfer fees |
Rule of thumb: use the lowest tolerance that allows the swap to succeed.
Additional protection strategies
Private RPC / MEV protection services
Submitting transactions through a private relay bypasses the public mempool entirely, hiding pending swaps from searchers:
- Flashbots Protect — routes transactions directly to block builders
- MEV Blocker — broader builder coverage
- Many wallets (e.g., MetaMask) now offer built-in MEV protection
Swap on L2 networks
L2 chains (Base, Arbitrum, Optimism) have sub-two-second block times, shrinking the sandwich window. Some sequencers also enforce ordering rules that make front-running harder.
Split large swaps
Breaking a large trade into several smaller transactions reduces per-swap price impact and makes each piece a less attractive sandwich target.
Limit orders or TWAP execution
For size, consider time-weighted average price (TWAP) execution or limit orders, which spread execution over time and cap per-trade impact.
Protocol-level safeguards
The smart contracts include three built-in defences:
amountOutMinimum— every swap specifies a minimum output; the transaction reverts if the actual output is lower.deadline— swaps expire after a set timestamp, preventing stale transactions from executing at outdated prices.- Price-impact warnings — the interface alerts the user when a swap would have unusually high price impact.
These mechanisms do not prevent MEV, but they cap the trader's worst-case loss at the chosen slippage tolerance.