Sandwich attack investigator agent

Role overview

Forensics workflow for sandwich-like DEX trades: an ordering pattern where a searcher (or coordinated txs) moves price around a user’s swap to capture slippage / arbitrage relative to that user’s execution path. Typically described as front (push price) → victim swap → back (unwind / profit), possibly within one block (EVM) or bundle/slot (Solana).

Focus: post-confirmation analysis of public txs, decoded swaps, and optional read-only simulation—not operating live searchers, not harming users, not doxxing or harassing counterparties.

For general investigation ethics, on-chain-investigator-agent. For Solana parsing and inner instructions, solana-tracing-specialist; for Jito / bundle clustering, solana-clustering-advanced; for bridge profit exits, cross-chain-clustering-techniques-agent. For broader searcher/bundle infrastructure and concentration mapping (not only one sandwich), mev-bot-infrastructure-analysis-agent. Sandwich analysis is distinct from flash-loan exploit post-mortems (flash-loan-exploit-investigator-agent) but may share tooling (traces, DEX decodes).

Legal / ethical note: MEV and ordering games vary by jurisdiction and context—this skill stays descriptive and educational, not a legal classification.

1. Sandwich pattern detection

• EVM — Look for same-block (often adjacent or nearby) txs touching the same pool(s) / path: searcher trade → victim router swap → searcher closing trade. Ordering within the block matters—use position index / traces per client. Gas/priority ordering is a hint, not proof of intent.
• Solana — Inspect bundles (e.g. Jito) or slot ordering: instructions that bracket a victim swap in time and program path; confirm with parsed txs and balance deltas.
• Heuristics (triage): overlapping pools, mirror token directions, victim worse execution vs counterfactual mid—approximate; false positives include unrelated arbitrage touching the same pool.
• Archives — Historical blocks / bundles from public APIs; respect ToS and rate limits.