Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Ghost Profile picture
@0xGhostLogs
Oct 15 17 tweets 5 min read Read on X
Scrolly
1) Ghost explains: Wide Sandwich Attacks (with updated website at the end)

We looked at a full year of Solana trades and found that wide (multi-slot) sandwiches extracted 529,000 SOL.

Wide sandwiches now account for 93% of all sandwichesImage
2) A wide sandwich happens when the frontrun and backrun occur in different slots (N -> N+3). This type of sandwich attack evades standard single-slot detectors Image
3) We’ve seen three main flavors of wide sandwiches:

- Toxic: targets specific victim txs
- Momentum: rides expected flow (may or may not have seen victim txs)
- Launch bots: new token+pool, bundles buy, quick sells (not based on seeing victim txs)
4) Social repercussions and transparency crushed single-slot sandwiches.

As detection improved for single-slot sandwiches, wide sandwiches became more prominent on a relative basis.

- Single-slot fell from >90% to <10%
- Wide rose from 5% to 93% Image
5) For wide sandwiches, January 2025 marked the peak: bots extracted 87,000 SOL in one month. Even afterward, extraction held steady at 30-60k SOL per month. They are still highly extractiveImage
6) Wide sandwiches can be tricky to detect. They span slots, cross leader windows, and leave no atomic fingerprint. A malicious leader can insert or reorder without a clear trace.

We built a new detector to find them.
7) The top wide sandwich bot, upon seeing a target, sends 2 bundles: 1 with the frontrun and 1 with victim tx + first backrun.

The 1st backrun sells enough tokens to break even.
Then the bot sends a 2nd backrun to take the rest of the profit, aiming for it land 1 block later Image
8) The top wide sandwich bots wait for high-value victim transactions instead of sandwiching everything they see. They average around 0.46◎/sandwich

Here’s real attack that extracted 1.64 SOL Image
9a) Important point: all panels other than the Validator Panel in the wide sandwich dashboard include aggregate volume from all wide sandwich types because users are affected regardless of category
9b) The Validator Panel specifically aims to identify validators that are statistically likely to have shared private order flow with sandwich bots

Especially those disguising their activity via multi-slot sandwiches
9c) In September 2025, 23 validators had >= 6% of leader slots containing wide sandwiches potentially linked to sharing private order flow.

Their main stake sources are Marinade and Jito, with 6 also receiving Solana Foundation stake. (Cluster avg: 1%, median: 0.4%.) Image
10) Turning to app-level impact:

Users of Axiom were the most affected, accounting for over 70% of extracted SOL, followed by Bloom (10–15%) and Photon (5–10%) Image
11) But we must also consider extracted volume relative to total swap volume

Meme coin and low-cap apps show the highest relative sandwiching, while aggregators and wallets (e.g., Jupiter, Phantom) see minimal impact due to differing order flow, routing, and user profiles Image
12) Transactions that buy new low-cap tokens are most likely to get wide-sandwiched

- Low liquidity -> high price impact
- High default slippage
- Traders prioritize speed over anything else
13) Protect yourself:
- Smarter slippage settings
- Consider implementing something like Anti-Sandwich: for JIT slippage protectiongithub.com/tryghostxyz/an…
14) Single-slot sandwiches are nearly gone (<1% of all sandwich volume)

Wide sandwiches now dominate the Solana Sandwich landscape Image
15) Again, we can’t solve what we can’t see. You can now view the data at

You can also search for any transaction or wallet to see whether it has been wide-sandwiched!sandwiched.me/wide_sandwichesImage

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Ghost

Ghost Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @0xGhostLogs

Ghost Profile picture
Oct 8, 2024
Let’s look at Solana MEV for September

-> We’ll also look at Jito bundle compositions

-> A DATASET of 1M atomic arbs is available

Did you know that the top atomic arb searcher on Solana doesn’t use a custom program? They route through Jupiter’s program. More on this in a bit.

Let's start with atomic arbitrage

Tips for atomic arbs hover at around 50% of revenue. This is significantly less competitive compared to Ethereum where you see 90-99%+ paid to the proposer.

Notice also that about half (by revenue) of atomic arbs are sent directly to validators and don’t go through Jito. These are virtually all “blind” or speculative arbs where searchers hope to land a profitable transaction that pays for all the failed ones. Most of these transactions fail but when they hit, they can avoid paying tips or significant priority fees.

Here’s the top arb for September (by CET timezone). The searcher kept 80%. You don’t really see that on Ethereum.

Here’s the 2nd most profitable atomic arb in September and it was sent directly to the validator. It was not part of a Jito bundle. If you check this searcher’s history, you’ll see many failed transactions. To determine profitability you would have to account for the sum of fees for those failed transactions.

Some searchers, like the one above, don’t use a custom program. Instead they route their arbs through Jupiter. We were a bit surprised but also impressed.

See below for average tips per (signer, program) and notice how the profitable searchers use both Jito and direct-to-validator. Many searchers also hardcode their tips. If arb on Solana becomes more competitive, we expect to see more custom programs (to allow for runtime input amount adjustments) as well as dynamic tipsImage
Image
Image
Image
This atomic arb dataset is available to you! Check the end for the dataset and caveats.

Now switching to sandwich MEV:

Notice how tips for sandwiches were significantly lower than for atomic arbs. This kind of MEV is less competitive since it depends on private orderflow from nefarious or misconfigured validators or RPCs through backroom deals.

So where does MEV fit into Jito bundles? Let’s see:

Here, “DEX” means the tip came from a bundle which contained a swap on one of the Solana DEXes, pumpdotfun means the tip came from a bundle with a trade on the bonding curve.

Tips from DEX swaps seem to make up about 50% of total tips, and pumpdotfun makes up about 40%. We split out arb and sandwich tips from the DEX category.

Based on this data, MEV-related tips seem to be lower than tips from users and Telegram bots seeking fast transaction inclusion. However, this doesn't account for CEX-DEX arbitrage tips, which are likely significant. More on that in the future!Image
Image
Image
Ok now for the dataset and caveats!

Dataset of 1M arbs for 2024-09 on Solana

Caveats:
- only includes net-positive sol&wsol arbs. We’ll release an updated dataset that includes usdc/usdt arbs
- if you find false-positives or false-negatives please let us know!
Read 4 tweets
Ghost Profile picture
Mar 28, 2023
We investigated whether bid spoofing was happening on @blur_io and if so, to what extent.

TLDR (part1)

Based on the results of our analysis, @PacmanBlur and the blur team have done a great job disincentivizing bid spoofing

< 0.6% of orders failed due to bid spoofing
TLDR (part 2)

> 1m transactions on blur

Of those, we looked at the transactions that attempted to accept collection offers:

~ 465k transactions (1.27m orders)
~ 42k transactions with at least 1 failed order (91k orders failed)

of those, only 8100 orders failed due to spoofing
Background:

Bid spoofing is a technique that creates inauthentic collection offers on Blur, typically near the floor price, in order to obtain potential airdrop rewards.
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(