DEV Community

Cover image for BUY_LOCK_BLOCKS: How Immute Achieves Smart Contract Sandwich Attack Prevention
Version 6 LLC
Version 6 LLC

Posted on • Originally published at immute.io

BUY_LOCK_BLOCKS: How Immute Achieves Smart Contract Sandwich Attack Prevention

#defi #blockchain #ethereum #web3


yaml style: blog status: draft generated_at: 2026-01-25T12:00:00Z

Smart contract sandwich attack prevention is a core design goal of Immute, a bonding‑curve reward token live on the Sepolia testnet. By introducing a per‑address mutual‑exclusion mechanism, Immute makes it impossible for any single wallet to execute a buy‑followed‑by‑sell (or sell‑followed‑by‑buy) inside the same block, thereby neutralising the classic front‑run‑buy / back‑run‑sell pattern that plagues AMM‑style DEXes. This article dissects the attack vector, explains the logic behind the isLocked() and lockedUntil() primitives, and shows how the contract enforces the lock at the EVM level.

What Is a Sandwich Attack?

A sandwich attack is a form of maximal‑extractable value (MEV) exploitation that relies on ordering two transactions around a victim trade in a single block:

  1. Front‑run buy – the attacker sees a pending large buy and places his own buy just before it, pushing the curve price up. 2. Victim execution – the victim's buy settles at the higher price, absorbing the artificial slippage. 3. Back‑run sell – the attacker immediately sells his position in the same block, capturing the spread.

The profitability of this pattern depends entirely on the attacker’s ability to buy and sell within the same block. If a contract can enforce that a wallet cannot both buy and sell in the same block, the attack surface disappears.

Why Traditional AMM Contracts Remain Vulnerable

Most AMM contracts treat each transaction as independent. The swap function simply checks the reserves, updates them, and returns the output. There is no per‑address state that persists across the block, so a single wallet can:

  • Call swap to buy tokens. - Immediately call swap again to sell the same tokens.

Both calls are processed in the same block, so the attacker enjoys the same price impact and can pocket the spread with negligible risk. The only cost is the gas for two transactions, which is often outweighed by the extracted value.

Immute’s Per‑Address Buy‑Lock Mechanism

Immute introduces two simple but powerful state variables:

solidity mapping(address => uint256) public lockedUntil;

lockedUntil[addr] stores the timestamp (or block‑relative value) after which the address is allowed to perform the opposite action. The contract provides a view function:

solidity function isLocked(address addr) external view returns (bool) { return block.timestamp < lockedUntil[addr]; }

When an address executes a buy, the contract sets:

solidity lockedUntil[msg.sender] = block.timestamp + 1; // zero‑duration lock for the remainder of the block

When the same address attempts a sell in the same block, the first line of the sell function checks:

solidity if (isLocked(msg.sender)) revert BuyLockActive();

Because block.timestamp has not advanced, the check evaluates to true, reverting the transaction. Conversely, after a sell, the lock is set on the buy side:

solidity lockedUntil[msg.sender] = block.timestamp + 1;

Thus a user cannot immediately buy after selling, nor sell after buying, within the same block.

Why a 1‑second Lock Works

Ethereum blocks are produced roughly every 12 seconds, but block.timestamp advances only when a new block is mined. By setting lockedUntil to block.timestamp + 1, we guarantee that any subsequent transaction in the same block will see the lock still active, while a transaction in the next block will see block.timestamp equal to or greater than lockedUntil, lifting the restriction. This effectively creates a one‑block cool‑down without altering the global throughput of the contract.

Implementation Details

The IMT V8 contract (0xB575A8760c66F09a26A03bc215D612EA2486373C) implements the lock in the buy and sell entry points. Below is a simplified pseudocode representation of the guard:

```solidity function buy(address recipient, uint256 minOut) external payable { // 1. Validate curve parameters, compute output, apply 10% fee. require(!isLocked(recipient), "Buy locked"); // 2. Execute transfer and update internal accounting. _processBuy(recipient, msg.value); // 3. Set lock to prevent a sell in this block. lockedUntil[recipient] = block.timestamp + 1; }

function sell(address payable seller, uint256 amount, uint256 minOut) external { // 1. Validate allowance, compute output, apply 10% fee. require(!isLocked(seller), "Sell locked"); // 2. Execute transfer and update internal accounting. _processSell(seller, amount); // 3. Set lock to prevent a buy in this block. lockedUntil[seller] = block.timestamp + 1; } ```

The Feeder contract (`0xa87e7c25

Want to dig deeper into how Immute works on-chain?

  • Read the whitepaper — full technical spec of the bonding curve, fee distribution, and Feeder primitive.

  • Audit + V4 postmortem — every finding ever raised against the contracts and how it was resolved.

  • Live leaderboard — top holders, dividend earnings, referral payouts.

  • On-chain charts — supply curve, ETH balance, Feeder fee flow.

  • immute.io — connect a wallet and try the mechanics on Sepolia testnet (mainnet launch coming soon).

Top comments (0)