We Live In A Mempool: Backrunning the MEV Crisis
Despite the prevailing sentiment in the cryptocurrency ecosystem that “code is law” and all is fair game, most crypto systems also rely on some amount of social consensus and good citizenship in order to maintain a good overall user experience. Miners could make the network unusable in order to make more money, but they’d make it unusable in doing so. Binance could incentivize a chain rollback to save a hack, but would greatly undermine the value of Bitcoin in doing so.
Transaction ordering faces a similar social consensus dilemma. While Ethereum and most other blockchains specify transaction correctness, they don’t have strong rules around transaction ordering. That is, miners should order transactions based on fees and when they are first seen — miners want to make more money from fees and want to mine blocks as fast as possible — but this isn’t formally codified anywhere.
Historically, this hasn’t been a problem. Most of the time, when I’m sending ETH or BTC from one person to another, transaction ordering isn’t particularly important. But increasingly, transactions on smart contract platforms like Ethereum aren’t simple transfers of value from person A to person B, but rather complex financial transactions that have some underlying value. A piece of mail can contain a nice note or a $20 bill, but it could also contain a $9B check or material financial information that could lead to an extremely profitable trade. On Ethereum today, transactions might be juicy arbitrages that capture a market mispricing, or the opportunity to win a liquidation bonus on a lending protocol. In these scenarios, only one account gets to make these very profitable transactions, so transaction ordering matters a lot. What’s more is that these opportunities can actually be created through transaction ordering. Trying to top up your underwater loan? Too bad — I’m going to place my transaction to liquidate you before your repayment.
This is the world of Miner Extractable Value, or MEV: the value of the ability to order transactions within a block. MEV is an increasingly large market on Ethereum, with an estimated $1–4MM in value per day. But independent of the market size and potential profit opportunities, MEV is important because it directly impacts both the usability and security of blockchains today.
Bots attempting to take advantage of these MEV opportunities are willing to pay much higher transaction fees than average users — after all, wouldn’t you pay $200 make $1000? — which drives up overall gas prices and creates on-chain congestion. Look no further than Ethereum gas prices earlier this year pre-Flashbots (more on that later). They also make the experience of using protocols unpredictable and non-deterministic. Users who think they’re making a simple trade on a DEX end up getting frontran or sandwiched to death, resulting in failed transactions or terrible execution. Check for yourself to see how much value you’ve lost to MEV on sandwiched.wtf.
Traditionally, this world has been dominated by simple priority gas auctions — whichever bot pays the most, gets the MEV — but the launch of Flashbots this year has flipped this script. Instead, this market for transaction ordering is separate from the traditional blockspace market, allowing more efficient price discovery and helping drop transaction fees for normal users. In theory, this should be great! But in practice, this is an optical nightmare. Some have even suggested that this turns miners into money transmitters or makes them liable for hacks!
One suggestion is that miners should just stick their head in the sand and ignore this, on technical or ethical grounds, but this is also not an easy out! As argued by Phil Daian, miners that are able to extract this MEV will be strictly more profitable than those that cannot or will not, allowing them to profitably control a greater percentage of chain security.
Of course, MEV does not exist in a vacuum and the DeFi space is not static. Instead of thinking of MEV as an existential risk to the industry, I think of it more like an evolutionary pressure that forces different actors to evolve or die, and evolve things have! MEV has presented app developers, protocol devs, and blockchains devs many potential options for the future of their projects.
Option 1: Rollover and Die
Option 2: Embrace MEV and Take It For Yourself
Part of the fear of MEV comes from the “otherness” of miners and bots. 99% of users and protocol developers are neither miners nor bots, so there’s an inherent feeling of being ripped off or manipulated by those beyond your reach. But with the launch of PoS in ETH 2 and L2s with their own transaction ordering and confirmation systems, the overlap in these two groups grows substantially. Is MEV really so bad if those extra fees go back to me, an Optimism dev, or you, a protocol dev on my rollup?
There’s certainly a world where MEV is just the cost of doing business and how these systems self-fund. One could even imagine a large protocol running their own rollup and having that MEV go directly into a protocol treasury. For systems which already use some sort of off-chain transaction sequencing mechanism such as dYdX and Loopring’s matching engines, one doesn’t have to squint too hard to see how a percentage of matched order overlap could go back into the pockets of protocol developers and token holders.
Option 3: Prevent MEV
People are clever and respond well to incentives, and I suspect they will respond well to the incentives presented by MEV by changing how they build products. At its heart, MEV stems from a few core ̶b̶u̶g̶s̶ features of Ethereum:
- All transactions sit in a public mempool while waiting to be mined into a block
- All of the data required for these transaction is also public
- Any user can (usually) take this public data from these public transactions and make the same transaction themselves.
Most solutions center around tweaking one of these assumptions about how Ethereum works in order to address MEV.
Option 3A: Hide the MEV
What if instead of just hanging in a public mempool, transactions were just sent privately to miners until finally mined? Bots couldn’t see transactions that they were about to frontrun, ergo there’s no opportunity to frontrun. This is the path that many application developers such as 1inch and Archerswap have chosen by integrating with private transaction relay services such as Taichi Network and even re-purposing Flashbots to get similar functionality. Users who opt in to private transactions have their transactions bypass the public mempool and get sent to miners directly.
The additional upside here is that users don’t have to worry about failed transactions as miners are only compensated when the transaction is successfully included in a block! The big downside here is obviously the need to trust miners to not frontrun you themselves, but again, reputation and social consensus keeps them in check for now.
Devs can also leave the transactions sitting in the public mempool, but have their contents be private. Bots can see the transactions, but they can’t decrypt their contents, making them effectively private. This technique was pioneered by “submarine sends”, using a commit-reveal scheme to allow users to publicly send transactions without frontrunning, but could easily be re-purposed for DeFi applications.
Option 3B: Unionize
What if instead of allowing any random address to take these MEV opportunities, protocols restricted access to a set of known actors? Transactions could still hang out in the mempool, but non-whitelisted addresses would be prevented from duplicating them. When those addresses captured that MEV, they would be forced to give it back to the users who were getting frontrun or liquidated, spreading the wealth.
This is the path forward that protocols like KeeperDAO and BProtocol have taken. Bots are either game theoretically- or programmatically-forced to share MEV with users of DeFi protocols. With BProtocol and KeeperDAO’s kCompound, these protocols effectively take over users’ positions on lending markets and add a small collateral buffer, effectively lowering the user’s liquidation price. When user positions would normally be liquidated without this additional buffer (for example, at $2000 / ETH instead of $1800 / ETH), whitelisted bots can liquidate these positions within the above protocols and share this “penalty” with the user being liquidated and other users of the protocol. Because these positions are not actually liquidatable on e.g. Compound or Maker, non-whitelisted bots never actually see these opportunities. If every borrower migrated their positions to one of these protocols tomorrow, almost all on-chain liquidation MEV would disappear.
But this technique doesn’t have to be “DAO-ified” and have proceeds spread amongst many users or token holders. Users can strike agreements with individual companies to save their positions or protect them from arbitrage directly for a small fee. DeFi Saver will do what kCompound does on an individual basis, and services like BackRunMe by bloXroute will backrun users’ AMM trades, giving them back a cut of the slippage they induce by trading.
Option 3C: Evolve
Ultimately, many protocols today probably can’t survive in their current form in the MEV Era. Many of these solutions are quite hacky and look more like trying to make a faster horse.
Some solutions such as Request For Quote (RFQ) DEXs such as 0x, 1inch Limit Orders, Tokenlon, and Hashflow are designed to be MEV-less from the start. In RFQ models, users receive orders that are made specifically for their address — the trade execution smart contract prevents other users who see their trade from filling it — and as a result, have been rising in popularity as a percentage of total DEX volume. RFQ volumes through aggregators are now larger than Uni v2, Curve, and Sushi.
Even older systems are being upgraded to reduce MEV. Maker, for example, moved to a new liquidation system which switched from a fixed liquidation bonus to a Dutch auction for collateral, allowing users to buy collateral at the price they felt is fair and making liquidation less punitive for liquidatees. Other protocols such as Euler are working on similar techniques such as “progressive liquidations”, which give a larger discount the more underwater a position is. All of these reduce the aggressive gas bidding amongst bots for free money.
What might the future hold with respect to MEV? From one angle, we can just project forward current trends and see what they might look like in the end game.
The innovation around restricting bot access to protocols could continue playing forward. What if you need to be part of a DAO to trade on a particular AMM? Bad actors such as sandwichers could easily be detected and slashed or kicked out. You could use a pseudo-Sybil-resilient system like ARCx’s “Know Your Farmer” ID system to gate access to real humans as well. As mentioned earlier, protocol teams could just run their own off-chain sequencing system where MEV goes back to token holders.
A More Level Playing Field
It used to require large amounts of engineering time to have a reliable view into global mempool data. Now, bot devs can easily become competitive using services like bloXroute and Blockdaemon. It used to require sophisticated PGA strategies to win MEV opportunities. Now, bot devs can just bid on Flashbots, and if they don’t like Flashbots, they can use MiningDAO, which attempts to open source and decentralize Flashbots’ bundle auction. The hunt for edge in the bot space will likely continue to inch forward, but it’s unclear how much is left to go. Maybe in the future, generalized frontrunning services will ship standard alongside ETH 2 clients.
Maybe It Was All A Dream?
Much of these shenanigans are possible because miners are willing and able to play ball around transaction reordering to collect additional fees. But what happens in a move to PoS for Ethereum? If other PoS blockchains like Cosmos are any guide, ETH 2 PoS pools will be heavily comprised of known actors with reputations to carry and regulations to follow. Based on deposit contract addresses, ETH 2 seems to be heading this way as well. Will Coinbase risk an SEC investigation to skim a few bps from Uniswap traders, or worse, tank the value of the assets of ETH that they exist to facilitate the trading of? By moving miners out of the shadows, the market for re-organizing blocks shrinks dramatically.
There’s also the possibility that the bulk of economic activity on Ethereum moves to a rollup, which might take its own MEV as mentioned earlier.
Consider that the market for MEV might also just shrink due to protocol changes. Even Uniswap V3 has dramatically less AMM MEV due to reduced slippage on execution, removing ability for bots to arb users’ trades. Protocols might also begin to use Verifiable Delay Functions (VDFs) in order to prevent gaming of transaction ordering, as Solana has done on its base layer to ensure transactions are ordered by time of arrival, or simply delegate ordering to something like Chainlink’s Fair Sequencing Service (FSS).
Ultimately, all of the handwringing about MEV and the demise of Ethereum seems a bit premature. For every footgun that is discovered, 1000 footgun salespeople and 1000 footgun body armor manufacturers will bloom.
Thanks to Saneel Srini, Zack Skelly, and Rahul Bishnoi for reviewing