Term

Sandwich Attacks

Meaning ⎊ Sandwich attacks are a form of MEV where attackers exploit options market microstructure by front-running and back-running victim transactions to capture slippage.
Greeks.liveJanuary 4, 2026
A composition of smooth, curving ribbons in various shades of dark blue, black, and light beige, with a prominent central teal-green band. The layers overlap and flow across the frame, creating a sense of dynamic motion against a dark blue background
A high-resolution 3D render displays a futuristic mechanical device with a blue angled front panel and a cream-colored body. A transparent section reveals a green internal framework containing a precision metal shaft and glowing components, set against a dark blue background

Essence

A sandwich attack represents a specific form of Maximal Extractable Value (MEV) exploitation, targeting decentralized finance (DeFi) users on automated market makers (AMMs). This attack pattern is a strategic manipulation of order flow where an attacker places two transactions around a victim’s pending transaction. The first transaction, known as the “front-run,” increases the price of the asset being purchased by the victim.

The second transaction, or “back-run,” returns the price to its original level or near it. The attacker profits from the price difference, effectively capturing the value of the slippage paid by the victim. In the context of crypto options, the attack is particularly potent because options prices are non-linear and sensitive to changes in underlying asset price and implied volatility.

A large options order can reveal information about market sentiment or cause a significant change in the options pool’s parameters. The attacker capitalizes on this information asymmetry and price impact. The attacker’s goal is not simply to execute a trade, but to exploit the predictable price movement caused by the victim’s transaction.

This attack vector highlights a fundamental tension between the transparency of on-chain transactions and the need for fair market execution.

A sandwich attack exploits the predictable price impact of a pending transaction by executing orders immediately before and after the victim’s trade, capturing the slippage as profit.
A visually striking four-pointed star object, rendered in a futuristic style, occupies the center. It consists of interlocking dark blue and light beige components, suggesting a complex, multi-layered mechanism set against a blurred background of intersecting blue and green pipes
The image displays a symmetrical, abstract form featuring a central hub with concentric layers. The form's arms extend outwards, composed of multiple layered bands in varying shades of blue, off-white, and dark navy, centered around glowing green inner rings

Origin

The genesis of the sandwich attack traces back to the transparent nature of the mempool in blockchain architectures like Ethereum. In traditional financial markets, order flow information is proprietary and highly valuable. However, on public blockchains, all pending transactions are broadcast to a shared mempool before being included in a block.

This creates an open-field environment where sophisticated actors, known as searchers, can monitor transactions and identify profitable opportunities. The attack evolved from simple front-running, where a searcher simply copies a pending transaction to execute it first. The sandwich attack is a more sophisticated iteration that maximizes profit by exploiting the price impact of the victim’s trade itself.

As decentralized options exchanges grew in prominence, searchers adapted their algorithms to target options AMMs. The non-linear pricing of options, governed by parameters like implied volatility and Greeks, provides a richer set of data points for searchers to exploit compared to simple spot token swaps. The attack became a significant source of MEV as options trading volume increased on-chain.

Two distinct abstract tubes intertwine, forming a complex knot structure. One tube is a smooth, cream-colored shape, while the other is dark blue with a bright, neon green line running along its length
A stylized dark blue form representing an arm and hand firmly holds a bright green torus-shaped object. The hand's structure provides a secure, almost total enclosure around the green ring, emphasizing a tight grip on the asset

Theory

The theoretical foundation of a sandwich attack on options protocols rests on the predictable mechanics of options pricing models, particularly those used in AMMs. The core principle involves exploiting the relationship between trade size, liquidity, and price impact. The attacker calculates the exact price change a large order will cause based on the AMM’s specific pricing curve.

A stylized, high-tech object, featuring a bright green, finned projectile with a camera lens at its tip, extends from a dark blue and light-blue launching mechanism. The design suggests a precision-guided system, highlighting a concept of targeted and rapid action against a dark blue background

Options Pricing and Greeks

Options pricing models, such as Black-Scholes or variations adapted for AMMs, define the relationship between an option’s price and variables like the underlying asset price, time to expiration, and implied volatility. When a user executes a large option purchase or sale, the AMM adjusts its inventory and updates the option price based on the trade’s impact. The attacker’s bot calculates this impact before the transaction is confirmed.

The attack mechanism relies on several key elements:

  • Slippage Tolerance: The victim’s transaction often includes a specified slippage tolerance, which defines the maximum price change they are willing to accept. The attacker’s front-run and back-run transactions are designed to execute within this tolerance, ensuring the victim’s transaction still completes at a disadvantageous price.
  • Implied Volatility Manipulation: A large options purchase can increase the implied volatility parameter within the AMM pool. The attacker profits by buying the option before the victim’s trade at a lower implied volatility, then selling it after the victim’s trade at a higher implied volatility.
  • Delta Hedging Dynamics: Options AMMs often maintain a delta-neutral position by dynamically adjusting their inventory. A large trade forces the AMM to rebalance. The attacker profits by anticipating this rebalancing and trading against the new, temporary price inefficiency.
A close-up view of a high-tech mechanical component, rendered in dark blue and black with vibrant green internal parts and green glowing circuit patterns on its surface. Precision pieces are attached to the front section of the cylindrical object, which features intricate internal gears visible through a green ring

Comparative Analysis of Trade Execution

The following table illustrates the financial dynamics of a sandwich attack compared to a standard trade.

Transaction Type Pre-Trade Price (P0) Victim’s Price Impact Attacker’s Actions Final Price (P2) Victim’s Profit/Loss Attacker’s Profit/Loss
Standard Trade 100 Price increases to 102 None 102 No loss from attack 0
Sandwich Attack 100 Price increases to 102 Front-run at P0, Back-run at P2 100.5 (near P0) Loss of slippage P2 – P0.5
A sharp-tipped, white object emerges from the center of a layered, concentric ring structure. The rings are primarily dark blue, interspersed with distinct rings of beige, light blue, and bright green
A detailed, close-up shot captures a cylindrical object with a dark green surface adorned with glowing green lines resembling a circuit board. The end piece features rings in deep blue and teal colors, suggesting a high-tech connection point or data interface

Approach

The execution of a sandwich attack requires sophisticated technical infrastructure and a deep understanding of market microstructure. Searchers utilize specialized bots to monitor the mempool continuously. These bots analyze incoming transactions to identify potential targets based on transaction size, gas fees offered, and the specific protocol being used.

A highly stylized 3D render depicts a circular vortex mechanism composed of multiple, colorful fins swirling inwards toward a central core. The blades feature a palette of deep blues, lighter blues, cream, and a contrasting bright green, set against a dark blue gradient background

Searcher’s Workflow

The searcher’s process involves several distinct steps:

  1. Mempool Surveillance: Continuously scan the mempool for pending options transactions that exceed a certain size threshold. The searcher identifies transactions with high slippage tolerance, indicating a user willing to pay a premium for execution.
  2. Profit Calculation: Simulate the impact of the victim’s transaction on the options pool’s pricing model. The searcher calculates the optimal front-run and back-run sizes to maximize profit while keeping the total gas cost below the potential gain.
  3. Transaction Construction: Create two transactions: a front-run transaction to execute before the victim, and a back-run transaction to execute after. The searcher must bid high gas fees for both transactions to ensure they are included in the same block, sandwiching the victim’s trade.
  4. Block Inclusion: Submit the front-run and back-run transactions to a validator or a private relay. The goal is to ensure the specific ordering of transactions within the block.
Searchers use sophisticated algorithms to calculate the optimal front-run and back-run transaction sizes, maximizing profit while staying within the victim’s acceptable slippage tolerance.
A stylized 3D rendered object featuring a dark blue faceted body with bright blue glowing lines, a sharp white pointed structure on top, and a cylindrical green wheel with a glowing core. The object's design contrasts rigid, angular shapes with a smooth, curving beige component near the back

The Impact on Market Quality

Sandwich attacks reduce market quality by increasing the effective cost of trading for ordinary users. The attack creates a hidden tax on liquidity, as users consistently receive worse execution prices than anticipated. This erodes trust in decentralized exchanges and discourages large institutional orders from using on-chain options protocols.

A composite render depicts a futuristic, spherical object with a dark blue speckled surface and a bright green, lens-like component extending from a central mechanism. The object is set against a solid black background, highlighting its mechanical detail and internal structure
The image displays a high-tech, futuristic object, rendered in deep blue and light beige tones against a dark background. A prominent bright green glowing triangle illuminates the front-facing section, suggesting activation or data processing

Evolution

The evolution of sandwich attacks is characterized by an ongoing arms race between searchers and protocol developers. As searchers refine their techniques, protocols must implement new countermeasures to protect users and maintain market integrity.

A close-up view of abstract, layered shapes that transition from dark teal to vibrant green, highlighted by bright blue and green light lines, against a dark blue background. The flowing forms are edged with a subtle metallic gold trim, suggesting dynamic movement and technological precision

Countermeasures and Mitigation Strategies

Initial mitigation strategies focused on private transaction relays. These relays, like Flashbots Protect, allow users to submit transactions directly to validators without exposing them in the public mempool. This eliminates the searcher’s ability to identify pending transactions.

However, searchers have adapted by developing new methods to identify and exploit transactions even within private relay environments. The next generation of countermeasures involves changes to market design:

  • Batch Auctions: Protocols like CowSwap and Fjord implement batch auctions, where transactions are collected over a specific time period and settled at a single clearing price. This eliminates the concept of front-running by removing the linear ordering of transactions within a block.
  • Dynamic Fee Structures: Some options protocols implement dynamic fees that adjust based on transaction size and price impact. These fees capture the potential MEV value and redistribute it to liquidity providers or the protocol treasury, reducing the searcher’s profitability.
  • Request for Quote (RFQ) Systems: In RFQ models, users request a price from market makers, who provide a firm quote for execution. This eliminates the AMM-based price impact vulnerability by relying on off-chain pricing.
The arms race between searchers and developers has led to innovative market designs, moving beyond simple AMMs toward batch auctions and private relays to mitigate MEV.
A high-resolution stylized rendering shows a complex, layered security mechanism featuring circular components in shades of blue and white. A prominent, glowing green keyhole with a black core is featured on the right side, suggesting an access point or validation interface
A close-up view shows a sophisticated, dark blue band or strap with a multi-part buckle or fastening mechanism. The mechanism features a bright green lever, a blue hook component, and cream-colored pivots, all interlocking to form a secure connection

Horizon

Looking ahead, the prevalence of sandwich attacks in options markets highlights a critical design challenge for decentralized finance. The future of options market design will prioritize mechanisms that ensure fair pricing and user protection over immediate execution speed. This requires a shift toward more sophisticated order flow management and a re-evaluation of the core principles of market transparency. The challenge lies in designing systems that maintain the benefits of decentralization while preventing exploitation by sophisticated actors. This involves creating new incentive structures that align the interests of searchers with the broader market. One potential solution involves protocols that capture MEV and redistribute it to users, transforming a vulnerability into a source of yield for participants. The systemic implications extend beyond individual protocols. The presence of sandwich attacks demonstrates a fundamental inefficiency in current blockchain architectures. The future will likely see a greater emphasis on solutions that obscure order flow or create entirely new mechanisms for price discovery that are less susceptible to front-running. The ultimate goal is to build a financial operating system where the integrity of price execution is guaranteed at the protocol level, not merely through user-side workarounds.

The image captures a detailed shot of a glowing green circular mechanism embedded in a dark, flowing surface. The central focus glows intensely, surrounded by concentric rings

Glossary

The image showcases a futuristic, abstract mechanical device with a sharp, pointed front end in dark blue. The core structure features intricate mechanical components in teal and cream, including pistons and gears, with a hammer handle extending from the back

Automated Market Makers

Mechanism ⎊ Automated Market Makers (AMMs) represent a foundational component of decentralized finance (DeFi) infrastructure, facilitating permissionless trading without relying on traditional order books.
The abstract digital rendering features several intertwined bands of varying colors ⎊ deep blue, light blue, cream, and green ⎊ coalescing into pointed forms at either end. The structure showcases a dynamic, layered complexity with a sense of continuous flow, suggesting interconnected components crucial to modern financial architecture

Smart Contract Security

Audit ⎊ Smart contract security relies heavily on rigorous audits conducted by specialized firms to identify vulnerabilities before deployment.
The image displays a close-up view of a high-tech, abstract mechanism composed of layered, fluid components in shades of deep blue, bright green, bright blue, and beige. The structure suggests a dynamic, interlocking system where different parts interact seamlessly

Quantitative Finance Applications

Application ⎊ These involve the deployment of advanced mathematical techniques, such as stochastic calculus and numerical methods, to price and hedge complex crypto derivatives.
An abstract digital rendering showcases layered, flowing, and undulating shapes. The color palette primarily consists of deep blues, black, and light beige, accented by a bright, vibrant green channel running through the center

Side Channel Attacks

Vulnerability ⎊ Side channel attacks exploit information leakage from a system's physical implementation rather than directly targeting cryptographic algorithms.
A high-angle, full-body shot features a futuristic, propeller-driven aircraft rendered in sleek dark blue and silver tones. The model includes green glowing accents on the propeller hub and wingtips against a dark background

Price Execution Integrity

Execution ⎊ ⎊ Price execution integrity within cryptocurrency, options, and derivatives markets centers on the faithful and efficient translation of a trader’s intended order parameters into a realized trade.
A high-tech, futuristic mechanical object, possibly a precision drone component or sensor module, is rendered in a dark blue, cream, and bright blue color palette. The front features a prominent, glowing green circular element reminiscent of an active lens or data input sensor, set against a dark, minimal background

Synthetic Attacks

Exploit ⎊ These attacks leverage the creation of synthetic positions, often through under-collateralized or manipulated inputs, to create artificial market imbalances or trigger incorrect onchain liquidations.
An abstract, high-contrast image shows smooth, dark, flowing shapes with a reflective surface. A prominent green glowing light source is embedded within the lower right form, indicating a data point or status

Decentralization Challenges

Architecture ⎊ Decentralization challenges within cryptocurrency, options trading, and financial derivatives stem from the inherent complexity of distributed systems.
A close-up image showcases a complex mechanical component, featuring deep blue, off-white, and metallic green parts interlocking together. The green component at the foreground emits a vibrant green glow from its center, suggesting a power source or active state within the futuristic design

Order Flow Exploitation

Exploit ⎊ Order flow exploitation, within cryptocurrency derivatives and options trading, represents a strategic advantage derived from analyzing and acting upon patterns in order book activity.
A smooth, continuous helical form transitions in color from off-white through deep blue to vibrant green against a dark background. The glossy surface reflects light, emphasizing its dynamic contours as it twists

Defi

Ecosystem ⎊ This term describes the entire landscape of decentralized financial applications built upon public blockchains, offering services like lending, trading, and derivatives without traditional intermediaries.
A futuristic, high-tech object with a sleek blue and off-white design is shown against a dark background. The object features two prongs separating from a central core, ending with a glowing green circular light

Price Oracle Attacks

Exploit ⎊ Price oracle attacks represent a class of exploits targeting the mechanisms by which decentralized applications (dApps) obtain external data, specifically price feeds.