Smart Contract Security · Term

What is front-running and MEV?

Pending transactions are public before they are mined, and whoever orders them can profit. Front-running and MEV are how attackers and bots extract value by reordering, inserting, or censoring transactions. Here is how.

Smart Contract Security · TermSmart Contract Audit
TL;DR

Front-running is when an attacker sees a pending transaction in the public mempool and submits their own with a higher fee to execute first, profiting from the victim’s intended action. MEV (Maximal Extractable Value) is the broader term for value that can be extracted by reordering, inserting, or censoring transactions within a block, by validators or specialized bots. Common forms include front-running, back-running, and sandwich attacks around a victim trade. The defenses are design-level: commit-reveal schemes, slippage limits, and private transaction routing.

By SecureLayer7 Audit Team, Smart Contract Audit, SecureLayer7Updated

What it is

On most blockchains, transactions sit in a public mempool before they are included in a block, and whoever builds the block chooses their order. That ordering power has value.

  • Front-running: an observer copies or pre-empts a profitable pending transaction by paying a higher fee to go first.
  • MEV (Maximal Extractable Value): the total profit extractable by ordering, inserting, or dropping transactions in a block, harvested by validators and bots.

Because intentions are visible before they execute, naive on-chain actions can be exploited.

How it works and example

Common MEV/front-running patterns:

  • Front-run: a bot sees a large buy that will move a price and buys just before it, then sells into the victim’s buy.
  • Sandwich attack: the bot places a buy before and a sell after the victim’s trade, profiting from the price impact the victim causes and worsening the victim’s execution.
  • Back-run: act immediately after a known state change (for example, arbitrage right after a big swap).
  • Liquidation/oracle races: race others to a profitable on-chain event.

Documented for defensive context.

How to defend

  • Use commit-reveal schemes so the intended action is hidden until it is committed, removing the information advantage.
  • Enforce slippage limits and deadlines on trades so a sandwich cannot push execution to a bad price.
  • Use private transaction routing / MEV-protection relays that keep transactions out of the public mempool.
  • Design order-insensitive logic where possible, and batch or auction-based mechanisms that neutralize ordering.
  • Audit for ordering dependence, identify where being first or last changes the outcome.

References

  1. [1]OWASP Smart Contract Top 10(OWASP)
  2. [2]Ethereum.org: Smart contract security(Ethereum.org)
  3. [3]SWC Registry: Smart Contract Weakness Classification(SWC Registry)
Related terms

Common questions

Smart contract security, asked often

Shipping a contract on-chain soon?

Scope an audit

Get your smart contracts audited before they go on-chain.

Our auditors review your Solidity line by line and model the economic attacks a real adversary would run, then deliver a report your team can act on with every finding reproduced and a fix. Re-test of fixes included.

See smart contract audit30-min scoping call, fixed-price proposal in 48 hours.