There is a fundamental design flaw in how legacy public blockchains process transactions: they force you to show your hand before you play it.
When you submit a large trade on a public network, it doesn't execute immediately. It sits in a public waiting room in clear text. To you, setting a 2% slippage tolerance feels like a safety net against market movement. To the automated, high-frequency algorithms watching the mempool, that 2% is simply a guaranteed profit margin.
The mechanics of this are well documented, especially in Matcha’s breakdown of sandwich attacks.
When your trade settles and you receive less than you were quoted, you aren't losing money to "market volatility." You are paying an engineered, invisible tax to automated predators.
We are going to dissect exactly how this extraction works, using real on-chain data and the cold math that turned pseudonymous operators into multi-million-dollar entities. This isn't a theoretical edge case; it is a feature of the architecture. And by the end, you will understand exactly why the Modulo routing engine had to be built natively on Canton.
The Apex Predators: Jared and His Solana Cousins
jaredfromsubway.eth is the most famous MEV bot across all of crypto. According to EigenPhi’s deep-dive performance report (May 2023), in under three months the bot raked in $40.65 million in revenue from sandwich attacks alone. After coughing up $34.35 million in gas fees, it walked away with a clean $6.3 million net profit. That’s 238,000 individual sandwich attacks on over 106,000 victims, mostly retail traders chasing altcoins and memecoins.
When the bot resurfaced, it quickly became the top gas consumer on Ethereum again (reported by The Block).
On a single day, April 19, 2023, jaredfromsubway.eth became the top gas spender on all of Ethereum, burning through 455 ETH (~$950k at the time) and gobbling up 7% of the entire network’s gas. On-chain researcher @sealaunch_ tweeted the now-legendary line:
The bot didn’t stop there. It resurfaced in 2024–2025 as “Jared 2.0,” layering even more sophisticated multi-victim attacks (sometimes 5–7 transactions deep, including fake liquidity adds/removes in the same block).
Its main address (0xae2fc483527b8ef99eb5d9b44875f005ba1fae13) and bot contract (0x6b75d8af000000e20b7a7ddf000ba900b4009a80) are still active today, sending funds and executing thousands of trades.
Solana has its own apex predator: B91. In just 30 days (early 2025 analysis via FlipsideCrypto and Solscan data), B91 executed 82,200 sandwich attacks on 78,800 victims. It extracted 7,800 SOL gross profit (~$1.2M+ depending on price), netting 6,900 SOL after 832 SOL in Jito tips. Peak day? 4,925 attacks and 431 SOL profit. It targeted volatile PumpSwap pools (WSOL/TGT, WSOL/dddd, etc.) with surgical precision.
These aren’t rogue scripts. They’re optimized killing machines reading the public mempool like an open book.
The Autopsy: One Real Sandwich, Millisecond by Millisecond
Let’s go forensic. Here’s a live, documented sandwich from May 10, 2025 in Ethereum block 22450093. This one hit a trader swapping WETH for the RATO token on Uniswap V2, a clear, verifiable recent example you can pull up on Etherscan right now.
Victim transaction (the one that got sandwiched):
0x7c2d07b87c34605b08b15dccb9e01d403146b9c87d7c1b0ea3ce789a2f9b4252
Sandwich transactions (the bot’s front-run + back-run):
- Front-run transaction (bot buys first and spikes the price):
0xa91b3f3ae036bcad07ee72df22a27ad5bfb5127b88a24301e3b7825868ae0286
- Back-run transaction (bot sells immediately after and pockets the profit):
0x989e2455430f20811de6682e95a7b87d2585305fb12627895a4df032f795cbe7
It played out exactly like this:
Millisecond 0 – The Broadcast (Your Fatal Mistake): Victim sends 0.83 WETH to buy RATO on Uniswap. Slippage tolerance (probably 2–3%) and exact size go into the public mempool ,everything visible in plain text.
Millisecond 15 – The Front-Run: Bot spots it instantly. Front-run tx executes first: bot spends 1.5869 WETH to buy 319.5 million RATO, draining liquidity and spiking the price hard.
Millisecond 45 – The Price Spike: Pool is now badly imbalanced.
Millisecond 46 – The Victim Execution: Victim’s tx fires. They expected a much higher amount of RATO at the quoted price. Instead they receive only 156.96 million RATO because the pool is suddenly far more expensive. Slippage tolerance is maxed out exactly as the bot calculated.
Millisecond 47 – The Back-Run: Bot immediately dumps the 319.5 million RATO back into the now-even-higher pool. Bot receives 1.6416 WETH.
Gross profit on this single leg alone: ~0.0547 WETH (net ~$4.32 after fees at the time). Small per trade, but these add up massively when the bot runs thousands per day.
The Slippage Illusion (And Why It’s Worse Than You Think)
Slippage gets explained as “market movement,” and in small trades that’s often good enough. But once size increases, that explanation starts to break down. What you’re seeing isn’t just the market moving while your transaction confirms. A meaningful part of that price difference comes from the fact that your order is visible before it executes.
On a public chain, your transaction sits in the mempool in clear text. Anyone can read it, simulate it, and understand exactly how it will impact the pool you’re trading against. Bots don’t need to predict anything here. They simply react. They see your size, your pair, and your slippage tolerance, and they position around it accordingly.
What matters is that they don’t try to break your transaction. They want it to go through. The optimal outcome for them is for your trade to execute exactly at the worst price you’re still willing to accept. That’s where the profit sits, and that’s what the system allows.
So slippage tolerance isn’t really a safeguard in this context. It’s a boundary that other participants can operate within. Public mempools combined with constant-function AMMs make that possible by design, not by accident.
Breaking the Pattern
This isn’t something you fix by tweaking parameters.
Lowering slippage might reduce how much room there is to move against you, but it also increases the chance your transaction fails. Switching frontends doesn’t change anything at the execution layer. Paying more gas might get you included faster, but it doesn’t make your order any less visible.
All of those are adjustments inside the same system. The underlying issue is that your trade is exposed before it executes. As long as that’s true, it can be simulated and positioned against.
Where Modulo Fits
Instead of broadcasting your trade to a public mempool, execution happens without exposing the full intent in advance. The size, the pair, and the exact parameters aren’t sitting in a shared queue where anyone can read and react to them.
The only parties that receive the necessary information are the ones directly involved in settlement. There isn’t a globally visible version of your transaction that can be indexed or replayed in simulation. Without that visibility, the entire loop that enables sandwiching breaks down.
There’s no opportunity to step in front of your order, because there’s nothing to detect. There’s no clean way to build a back-run, because there’s no predictable victim execution to anchor it to. What you end up with is closer to how execution is expected to work in any other serious market: you interact with available liquidity, rather than with a system that first exposes your intent to everyone watching.
What That Changes in Practice
The practical difference isn’t that execution becomes “perfect.” Markets still move, liquidity still matters, and large trades will still have impact. But the specific dynamic where your own order becomes the trigger for someone else’s positioning disappears.
The Takeaway
Most people trading on public chains have run into this without fully understanding what caused it. It doesn’t present itself as an obvious exploit. It just looks like a slightly worse fill than expected, repeated often enough to become frustrating.
Once you understand that the issue is visibility, the rest of it becomes much easier to reason about. As long as your intent is public before execution, it can be used against you. If it isn’t, that entire class of behavior stops being viable.
