Maximal Extractable Value (MEV)
Thematic Analysis #3
This is the third article in our Thematic Analysis series. In this series, we talk about broader trends and emerging concepts in the crypto space, looking towards the future and analysing how Web3 is evolving in real-time. Let’s dive in!
Theme: Maximal Extractable Value (MEV)
Introduction 👋
One of the most technical, interesting, and crucial features of blockchains, one that only a few are aware of and even fewer can actually see, is the concept of Maximal Extractable Value (MEV). Unless you’re deeply interested in the intricacies of blockchain design, especially at this early and rapidly evolving stage, it’s unlikely that you’d have heard of MEV. However, there is a very clear parallel in traditional finance – high-frequency trading (HFT), made popular by Michael Lewis in his 2014 book Flash Boys. HFT is a form of algorithmic trading that conducts huge numbers of trades within seconds, attempting to make a small profit per trade, mostly through arbitrage. All of this trading is done by bots which execute transactions in one 64 millionth of a second. MEV, similarly, exploits risk-free transactions by using the core features of the blockchain it is built on.
But to understand what MEV actually is, we have to first understand how Ethereum transactions (and those of other blockchains) work under the hood.
Ethereum Transactions: Under the Hood 🪛
Let’s say Alice buys an NFT from Bob for 1 ETH. When that transaction is submitted to the blockchain to be validated and then mined in a block, the transaction is ‘gossiped’ (i.e., sent) to all nodes (run by miners) who validate and mine transactions. Every transaction also includes a gas price, which is the amount that the sender will pay in ETH as fees. Gas price multiplied by units of gas consumed equals the transaction fee in ETH paid by the transaction sender to the miner. Before transactions are included in a block, they go into the mempool – a list of transactions waiting to be confirmed and added to a block. The gas price of each transaction is publicly available for the miner to see, and miners create a block that maximises the value they receive through transaction fees. For example, if 15k transactions are waiting to be included in a block, and the maximum number of transactions a block can have is 10k, then the miner will include the 10k transactions with the highest fees.
This system means that transaction submitters, in an attempt to get their transactions included first, bid against each other in the form of higher fees. These are called “blockspace auctions.” Bidding for blockspace is public, which is good in terms of privacy and decentralisation, but also bad due to the volatility it causes on gas prices and the increased load on the network. A particular issue is that failed bids still consume gas, leaving transaction submitters in a terrible position: their transactions don’t go through, and they lose money.
Now that we understand what a transaction on Ethereum consists of, let’s dive into what MEV is.
What is MEV? ⛏️
Similar to the bots used by high-frequency traders, MEV arbitrage bots monitor the list of pending transactions in the mempool and try to exploit risk-free, profitable opportunities created by them. These are pure revenue opportunities that represent pure profits, and bots compete against each other in “Priority Gas Auctions” (PGAs) by bidding up transaction fees to ensure that their transactions defeat those of other bots and are executed and included in the block first. This is just a form of front-running, and the losers are usually regular users. All of this is possible because of the latency (slowness) of trades on DEXes. MEV, therefore, can be defined as the total amount of value (ETH profits) that miners can extract from smart contracts by manipulating transactions.
Miners most often extract MEV by using their power to order transactions; they can reorder users’ transactions and insert their own, gaining profit in ETH. For example, imagine an arbitrage bot that discovers a pure revenue opportunity. Several other bots identify this opportunity and they all bid against each other to get their transaction included first. The miner then finds these transactions, includes their transaction first, and claims both the revenue opportunity and the gas fees bid by all the losing bots. These are also known as Ordering Optimisation (OO) fees, which represent the MEV miners/attackers can get from manipulating the order of transactions.
There are a few considerations that are important to keep in mind:
MEV attackers try to execute their transactions in periods with higher trader activity due to the higher volume of transactions that can be targeted. Attacks, hence, will likely take place when gas prices are higher.
Attackers make sure that any price change due to their MEV attack does not exceed the slippage value inputted by the transaction submitters – i.e., if a submitter has intimated that on a transaction where execution price is £100, the maximum amount of slippage they will tolerate is 2%, then the attackers make sure that the execution price does not slip below £98.
Attackers also ensure that the losses they incur from gas fees are covered by the profits they gain.
There are some types of tokens that are more susceptible to MEV attacks, and some less so. Those more susceptible are NFT-related tokens and meme tokens, whose prices are more volatile, their price activity is much more speculative, and their price elasticity is extremely high, i.e., any change in price causes extreme increases in trading activity. Tokens that are less susceptible include security tokens or classic tokens like ETH, where price elasticity is lower, trading using these tokens is (relatively) more predictable, and volatility is (relatively) lower.
So, now we know what MEV is. But how are MEV attacks structured?
Types of MEV Attacks 🎯
Almost all MEV attacks are conducted using either one or a combination of the following methods:
Destructive Front-Running: If the attacker front-runs the victim and causes the victim’s transaction to fail.
Tolerating Front-Running: The attacker ensures that the victim’s transaction executes successfully. This is necessary for sandwich attacks.
Back-Running: The attacker executes their transaction after the victim’s transaction executes. This is cheaper than front-running since the attacker does not engage in bidding up gas prices.
Clogging: The attacker clogs the blockchain with transactions to prevent users and bots from issuing transactions.
The various types of MEV attacks include:
Arbitrage
Miners monitor new blockchain state changes and execute arbitrage transactions when the difference between the price of the same asset on two separate markets is higher than expected transaction fees. For example, if ETH is priced at 1 ETH = £1,000 on DEX A and 1 ETH = £1,200 on DEX B, the trader can buy ETH for £1,000 on DEX A and sell it for £1,200 on DEX B for an immediate, risk-free £200 profit. If gas fees <£200, it makes financial sense to execute the transaction.
Attackers can do one of two things:
Monitor the confirmed blockchain state (when the transaction is included in a block). When a new block is received, the attacker destructively front-runs all market participants in the next received block, causing their trades to fail and only the attacker’s transaction to go through.
Monitors the mempool to find large pending trades which causes the price of the asset to significantly change on an exchange. The attacker then back-runs this trade with an arbitrage transaction. Assume that an attacker notices an order to buy £1M of ETH for an average price of £1,000 on DEX A, which will subsequently cause the price of ETH on DEX A to increase to £1,100. After this transaction goes in, an attacker can buy ETH for £1,000 on DEX B and sell it for £1,100 on DEX A, making a risk-free profit of £100.
Sandwich Attack
In a sandwich attack, the attacker places two transactions – one right before and one right after the victim’s transaction. Take an example where the victim wants to buy ETH on DEX A. The attacker first inserts a transaction to buy ETH on DEX A for £1,000 per ETH, which increases the price of the victim’s transaction to £1,100 per ETH. The victim then buys their ETH at this new, higher price, which further pushes up the price of ETH to £1,200. The attacker then sells their ETH on DEX A for £1,200, making £200 of profit. This act of inserting a transaction before and after the victim’s transaction is known as sandwiching.
There are two things the attacker needs to do in order to pull off a sandwich attack:
Have the ability to identify large trades. The attacker either looks for pending transactions in the mempool, or looks out for information from miners that signal all incoming transactions or just profitable transactions (i.e., those which cause material changes in asset prices on exchanges).
Be sure that the victim’s transaction will be placed between the attacker’s two transactions.
According to a paper published by researchers at Imperial College London, over a 32-month period up to December 2021, more than 750k sandwich attacks were executed on Uniswap V1/V2/V3, Sushiswap, and Bancor, with a total profit of $174 million.
Assume that an unmined/unvalidated block can include 10k transactions at maximum, the current ‘height’ of the block (h1) is at 5k transactions, and h0 represents the block with 0 included transactions. Now assume that at height h1, the total stealable reward exceeds the reward gained from honestly validating the block. An attacker can ‘rewind’ the block to the original height, h0, and use the MEV gained to subsidise a 51% attack that proposes a new block and mines a fork up to or beyond h1 and capture profits. Obviously, this attack is pretty difficult and resource-intensive to pull off – an attacker would need real-time access to huge mining resources, which can theoretically be done by renting cloud resources such as GPUs. Given the impending ETH Merge and the fact that GPUs and intensive computing resources will not be needed to validate new ETH transactions, the likelihood of a time-bandit attack could reduce.
A 24-hour rental attack on ETH costs ~$21 million today. This is hefty, and the reward would have to be high enough to justify the time, effort, and cost to execute the attack. However, with blockchains that have lower security requirements, the cost of pulling off a time-bandit attack may not be as high, putting the security of that blockchain at risk.
To understand this type of attack better, listen to our explanation of a time-bandit attack in our MEV podcast:
Transaction Replay
An attacker can:
Look for pending profitable trades in the mempool;
Copy the execution logic employed by the victim;
Divert the profits to a wallet controlled by the attacker;
Validate their new transaction locally to copy the execution result, and if the transaction yields a profit, then;
Destructively front-run the victim’s transaction.
The Imperial College London researchers found that 188k profitable transactions between April 2019 and December 2021 could have been replayed for a total profit of $35 million.
Bribery Contracts
A user can bribe a miner to give his or her transactions preferential treatment (e.g., better price for a transaction on the DEX). These bribes can be carried out through bribery contracts. An (even more) unscrupulous miner could enter into several bribery contracts with multiple users and pick the most profitable one to complete. In the extreme scenario, a miner could be incentivised enough by a bribe to mine a block on an abandoned chain, practically aiming to rewrite the history of the blockchain and posing a huge risk to the security of the blockchain.
Identifying MEV Transactions 🕵️
MEV transactions are essentially of two types:
Where the attacker bids gas fees higher than the victim to ensure that their transaction goes through first;
The attacker bribes a miner to arrange transactions in a block to their benefit.
The former can be detected when there are one or more failed transactions with either the same or minimally lower gas price than a successful one right before it. The failed transactions are those of the victims or arbitrage bots.
The latter can be detected when the gas price of the transaction is extremely low, like 0 or 1 gwei.
There are obviously many types of MEV transactions, but these represent a snapshot of how these transactions look on Etherscan or any other block explorer.
MEV Statistics 📈
Below, we’ll go through some graphs that highlight the impact MEV has had on Ethereum.
More than $667 million worth of gross profit has been extracted in MEV to date, with a huge spike in summer 2021. As we covered above, MEV transactions occur most frequently in periods of high network activity, which tallies with the significant uptick of crypto activity in last year’s bull market. As we can see, growth in activity has somewhat plateaued since Jan 2022, although more than $114 million has been captured only in this year – much higher than in 2020, where around $75 million of value was captured. To a certain extent, this can indicate the general increase in activity on Ethereum since that date.
In data that tallies with the above graph, miners have been paid increasingly high amounts (essentially bribes) to extract MEV over the last two years – a cumulative sum of ~$240 million to date, which represents a huge flaw in the system.
Arbitrage transactions account for a staggeringly high amount of MEV transactions, while a surprising amount of MEV has been captured by ‘Searchers’, who are entities that actively look for MEV-susceptible transactions on the blockchain, as compared to miners. This indicates that in most cases where MEV is extracted, it isn’t the miners who are the most malicious actors (although they are obviously malicious since they reorder transactions for their own gain) – rather, they get bribed by Searchers to execute their transactions. Lastly, Wrapped ETH (WETH) is overwhelmingly the main token in which profit is taken – probably due to the high liquidity that ETH has and the fact that it is the base asset across DEXes on Ethereum. It is also available across blockchains, giving it even higher liquidity and ease of use for MEV attackers.
According to a Dune dashboard tracking MEV, the top 3 arbitrageurs have made a cumulative profit of more than $80 million over the years, with the top performing arbitrageur making more than $39 million over >12k transactions.
A couple of important stats to also keep in mind are that $1.4 million worth of transaction fees and 524 Ethereum blocks have been wasted on failed MEV transactions between Jan 2020 and Dec 2021.
The conclusion to all these stats is simple – MEV is a huge problem (and source of value for some) in the blockchain ecosystem. But why exactly is MEV a problem? We touched upon the risks it brings to blockchain security, but what are the other reasons why MEV is dangerous?
Why is MEV Harmful? 👎
Two of the biggest risks emanating from MEV are to the security of the blockchain from the incentive to conduct time-bandit attacks, and to the decentralised nature of the blockchain, primarily due to the permissioned communication infrastructure that develops between Searchers and Miners.
Consider a scenario in which a few miners (or validators) with extremely high hashrate or stake are able to collaborate and extract a very high proportion of MEV from the blockchain. These players essentially have the ability to control the manner in which transactions are included in the blockchain and, consequently, can control the future direction of the blockchain, making it no different from a centralised entity – but worse, since most people on the outside will assume the blockchain to be a decentralised entity. Moreover, the fact that the richest bidders are, in effect, able to trade against the poorest bidders seemingly replicates the inequality we can see in the real world – the rich win, and the poor suffer. This centralisation problem is exacerbated by separate block producers being incentivised to merge and form larger and larger entities, since combining MEV strategies and capital to invest in MEV-searching R&D increases the value each producer gains – again mirroring the problems of Web2 and traditional finance. Moreover, MEV tends towards oligopolies or even monopolies since the highest MEV extractors gain the most value, which they can invest in better MEV searching strategies, which, like the intention of many crypto protocols, leads to a flywheel effect where this pattern repeats.
Another huge problem brought about by MEV is that of network load and the resulting high gas fees. All of the failed MEV transactions take up valuable blockspace, and the bidding wars that they engage in pump up gas prices to unsustainable amounts, making it impractical for retail users to transact. This can be observed in the extremely high gas fees observed on Ethereum throughout 2021.
MEV After The Merge 🤝
MEV will be as relevant after the Merge as it is today. The transaction ordering process at the core of MEV will remain the same – validators will just replace miners. Hackmd estimates that with 160k validators, MEV can increase validator rewards by 75%, boosting ETH staking APR to 12.86% from 7.35%. As the number of validators increases, the impact of MEV on validator rewards is meant to decrease; for example, at 250k validators, MEV is meant to boost rewards by 60%. The estimated reward after the Merge is higher than the 5.6% received by miners today, primarily due to ETH issuance reducing significantly in its Proof of Stake system. This indicates that MEV extraction will be at least as lucrative after the Merge as it is today.
The composition of ETH whales and validators will also change. Exchanges will be amongst the most prominent validators, who, to preserve their reputation and user base, may not engage in MEV-extracting transactions in the same manner as miners, who are not retail-facing and purely exist as for-profit entities. This viewpoint, however, depends on putting too much trust in large entities with their own agendas, and the problem of MEV needs to be solved at a protocol design level.
Approaches to Solving MEV ✅
Flashbots
Flashbots is at the forefront of identifying and tackling MEV in the crypto ecosystem, with mining pools accounting for ~74% of Ethereum’s hashrate today using Flashbots to combat MEV. An R&D organisation that aims to mitigate and solve for MEV by quantifying and building solutions for it, Flashbots has three primary aims:
Quantify and clearly identify the impact of MEV on users and the Ethereum ecosystem in general, aiding in the creation of tooling to solve for MEV;
Create an even playing field for the extraction of MEV via MEV-Geth.
Distribute the benefits extracted from MEV to users and the general system over the long-term.
MEV-Geth
Flashbots’ primary product is MEV-Geth or the Flashbots Auction. MEV-Geth is a mechanism that allows users to indicate their transaction order preference via a sealed-bid (anonymous) auction process. For example, if User A submits a fee of 500 gwei, User B’s fee is 200 gwei, and User C’s fee is 790 gwei, the transaction order will be C, A, and then B, with none of the users being able to see each other’s bids. This auction process enables block producers to order their transactions in a trustless manner, while eliminating failed bids from the system, subsequently preserving blockspace and substantially reducing aggregate gas fee losses.
Some key design elements of Flashbots are:
Transactions only become publicly known after they are included in a block, i.e., the list of pending transactions (mempool) is private.
Failed bids always stay private since they are never included in blocks.
It is designed so that trusted third-party intermediaries cannot censor or change transactions.
MEV Explore
To fulfil its aim of quantifying MEV, Flashbots has developed MEV-Explore, a product that aims to track MEV activities on Ethereum. Some of the statistics it tracks are:
Total MEV extracted on Ethereum;
MEV extracted by DeFi traders and bot operators;
Gas spent on MEV transactions;
MEV extracted by strategy (sandwich, transaction replay, etc.);
MEV by DeFi protocol;
Network resource consumption in MEV transactions.
All of their MEV data can be found on explore.flashbots.net, a public dashboard from which we extracted the graphs in the MEV Statistics section. MEV Explore analyses data from Aave, Compound, Uniswap, Curve, Balancer, Bancor, and 0x, with designs on expanding to other DEXes and EVM chains in the future.
MEV Auctions
Optimism, the Layer 2 Ethereum scaling solution, has proposed MEV Auctions as a way of addressing MEV. In this system, the functions of making sure that a transaction is included in a block and ordering those transactions are split up. Now, block producers propose transactions to be included in a block and sequencers order the transactions. Sequencers are chosen via an auction which gives the right to order the last ‘N’ number of transactions. To get their transactions included in a block, users can pay the sequencer a fee (bribe) or submit transactions directly to miners.
This process clearly does not eliminate MEV – it just shifts it from miners to Sequencers, who have the same ability to pay for the privilege of ordering transactions. Capital, in this system as well, begets capital. Moreover, even though the auction aims to separate inclusion and ordering, nothing is really stopping one party from doing both inclusion and ordering functions. Auctions may even increase the total amount of MEV in the system since the right to order multiple blocks is auctioned off, rather than the one block miners can validate at a time today. Practically, MEV Auctions are not feasible and may end up being very counterproductive.
Proposer-Builder Separation
The builder’s role is to assemble a block by ordering transactions and the proposer’s role is to validate the block. Proposer/Builder Separation (PBS) dictates that these roles be separated and mandates that the proposer must accept the block with the highest proposer fee from the block builders. Proposers also must not be able to see the contents of builders’ submissions, since they can maliciously copy the contents of the submissions into their own blocks, bid much higher fees to ensure that their transactions go through first, and capture MEV.
The goal of PBS is to make sure that validation of transactions remains as decentralised as possible. Under PBS, builders first look through the mempool, order transactions, create the most profitable block, and add a ‘proposer fee’ on top. A proposer is selected from the validator set, who looks at all the blocks submitted by block builders and selects the one with the highest proposer fee.
There are two takeaways from this. First, builders still get to extract MEV since they can order transactions in a block. Given this power, all the problems with MEV that we spoke about above still exist. Secondly, in a PBS system, the only difference is that the validation of these transactions is completed by proposers who have no skin in the game, so to speak, since they do not gain any benefits from being able to order transactions and extract MEV. They just get the proposer fee plus the block reward when they validate blocks. The validation of whether a block is composed correctly and is fit for inclusion in the blockchain becomes more decentralised in this model. Moreso, according to Vitalik in this thread, “Proposers are totally able to be their own block-builders.” If this is the case, then there is no real ‘proposer-builder separation’, and the same entity can build a block and validate it. A caveat to this is that the mechanism that chooses the proposer may be able to make sure that the same entity does not fulfil both functions at once. It is also important to ensure that there is no collusion between builders and proposers, although this could also be mitigated by the random selection of the proposer from the validator set.
However, PBS seemingly does not solve the problem of MEV extraction itself, and rather seems to represent an improved strategy in the fight against MEV.
P.S. – We may be incorrect in our understanding of PBS because of how technically challenging a topic it is. If folks reading this or listening to the podcast know more, we’d love to have a chat!
Other Solutions
A few other interesting solutions include the likes of:
KeeperDAO, which operates a private virtual mempool called the Hiding Book through which users route their transactions. Keeper’s bots extract the MEV and deposit the profits into the treasury, which are then distributed to users via ROOK tokens.
TaiChi Network, a private transaction service hosted by SparkPool where user transactions are only visible to SparkPool and not visible to other Ethereum nodes, preventing MEV bots from extracting value. However, bots run by SparkPool can still extract MEV.
Fair Arrival Order, a concept used by protocols which try to ensure that if many nodes receive Tx A before they receive Tx B, A should be included before B. Arbitrum One, a L2 scaling solution, plans to implement this solution by using a network of Chainlink oracles to prove the order in which transactions arrive.
Closing Thoughts ⌛
As we hope it’s clear by now, MEV is one of the most interesting, technically nuanced, and critical topics in the entire blockchain ecosystem. The strategies used by MEV extractors, like sandwich attacks, bribery contracts, transaction replays, and generalised front-running exploit the most fundamental technical features of Ethereum and other blockchains, and the smartest people in crypto are banding together to solve the MEV problem. The direction they take will heavily influence the success of Ethereum and other Layer 1 protocols in general, since large-scale adoption will not be possible if user value is constantly at threat from bots, MEV searchers, and MEV extractors in the dark forest of the mempool.
Bibliography 📖
Quantifying Blockchain Extractable Value: How Dark is the Forest?
MEV Auction: Auctioning Transaction Ordering Rights as a Solution to Miner Extractable Value
Clockwork Finance: Automated Analysis of Economic Security in Smart Contracts
To join this journey into the worlds of tech, business, and Web3, subscribe below!
Disclaimer
This is a personal blog. Any views or opinions represented in this blog are personal and belong solely to the article authors and do not represent those of people, institutions or organizations that those authors may or may not be associated with in professional or personal capacity, unless explicitly stated. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. Any views or opinions are not intended to malign any religion, ethnic group, club, organization, company, or individual.
👇🏽 please hit the ♥️ button below if you enjoyed this post.