Everything You Always Wanted to Know About MEV
But Were Afraid to Ask
It’s well known that blockchains, and Ethereum in particular, are highly competitive environments, fun places but dangerous too. Paradigm’s Head of Research, Dan Robinson, brilliantly compared Ethereum and the mempool to the Dark Forest, a highly adversarial arena where being detected inevitably means being attacked. When participants submit a blockchain transaction, such as a DEX trade order via MetaMask, they broadcast it to an open and permissionless network of nodes, making them exposed and vulnerable to attacks and exploits. MEV is the summation of exploiting opportunities within a crypto network.
What exactly is MEV?
MEV stands for Maximal Extractable Value and is the total possible value that can be extracted from block production on top of block rewards and transaction fees. The name was changed from Miner Extractable Value after the Merge, which introduced Proof of Stake as the consensus mechanism of Ethereum and replaced miners with validators as those in charge of including, excluding, and reordering transactions in blocks. The original term MEV was firstly introduced by a group of researchers in their article Flash Boys 2.0: Frontrunning, Reordering and Consensus Instability in Decentralized Exchanges as the
value that is extractable by miners directly from smart contracts as cryptocurrency profits. One particular source of MEV is ordering optimization (OO) fees, which result from a miner’s control of the ordering of transactions in a particular epoch.
MEV can be considered the implicit reward attached to transactions broadcasted to the network, adding up to the explicit reward represented by the transaction fees they carry. MEV exists due to the transparent and permissionless nature of blockchains. In particular, blockchains allow anyone to scan the mempool, the database of unconfirmed or pending transactions waiting to be included in blocks, and ‘intercept’ opportunities and alphas before they get stamped on-chain. MEV is also possible because the process with which transactions are picked and bundled into blocks, and with which blocks are finalized, is not strictly regulated or automated, leaving substantial discretionary power to miners and validators. To make things worse, while only miners or validators can extract MEV directly by managing transactions and blocks, in reality, anyone can participate in the game by deploying bots to search for and exploit opportunities. These individuals, together with their bot armies, are known as ‘searchers’. Since searchers usually pay higher gas fees to be sure their ‘exploiting’ transactions are finalized first, validators can still benefit from MEV indirectly. The Flashbots data show that Searchers capture over half (64.3%) of the MEV revenue.
Searchers usually deploy two categories of bots: generalized frontrunners and specialized bots. Generalized frontrunners inspect the mempool looking for any type of profitable transactions. When found one, the bot will copy it, replacing the address with the owner’s address, double-check that the transaction will result in a profit, and submit the new transaction with a higher gas fee than the original, to be included in a block and finalized first. When multiple individuals try to front-run each other for the same transactions, they compete by bidding up transaction fees in an informal procedure known as Priority Gas Auction (PGA). There are thousands of MEV frontrunner bots exploring the mempool, like sentinels patrolling sewers in The Matrix.
On the other hand, specialized bots are programmed to focus on distinctive types of MEV opportunities, such as arbitrage on specific DEXs or for specific asset pairs. The landscape of MEV opportunities is vast, and each has its associated extraction strategies. The following are the most common types of MEV:
- Reordering, a precursor of MEV. The most basic and primitive form of MEV is the premium miners and validators can make from reordering transactions prioritizing those with higher transaction fees.
- DEX arbitrage. Like traditional financial markets, blockchains are studded with market asymmetries and inefficiencies that can be exploited to generate profit. DEX arbitrage bots cash in on slight price differences of the same asset pairs on two different exchanges, buying on the cheaper and selling on the more expensive in one single atomic transaction. This is a simple, relatively risk-free, and legal way of extracting value, and it also produces some beneficial effects on the ecosystem as a whole. Here is an example of arbitrage that leveraged a price difference of DAI/ETH between Uniswap and Sushiswap. As we can see from the data below, arbitrage is by far the primary source of MEV (over 99%), and DEXs are the source of the vast majority of extracted MEV. One important note is that Flashbots data currently cannot separate healthy arbitrage from frontrunning and sandwich attacks, meaning a portion of this 99% also includes these categories of MEV.
- Liquidations. Decentralized lending protocols allow anyone to liquidate a position when the collateral value falls below the value of the borrowed assets. On Aave, for example, anyone can repay up to 50% of a borrower’s debt and, in exchange, get an equivalent amount of the (discounted) collateral plus a liquidation bonus. The liquidation bonus incentivizes third parties to participate and contribute to the stability and health of the lending/borrowing ecosystem. It also makes liquidation a profitable, crowded, and competitive, business. Interestingly, and perhaps counterintuitively, Flashbots data below show that 7 of 10 of the most significant MEV transactions fall in the ‘liquidation’ category. Hence, while arbitrage accounts for nearly the totality of MEV transactions, liquidations are the most profitable ones
Sandwich attacks, or trading, happen when searchers find a significant DEX transaction in the mempool, which can have a tangible effect on the pair price. Searchers will calculate that price effect and place two trades, one before (front-running) and one after (back-running) the original one, to benefit from the expected price change, thus causing a loss to the victim trader. This type of attack is more challenging than others. Firstly, it’s harder to calculate the potential profit in real time; secondly, the attack cannot be executed in one atomic transaction, which means there is less certainty that the transactions will be executed in the correct order, although certain services allow searchers to create ‘sandwich bundles’ where either all or none, of the three transactions, are executed. This is possible by attaching to a specific bundle a reward expressed as a gas fee, to incentive block producers to include those transactions together and in that specific order.
NFTs: anyone who can freely place strategic trade orders in the blockchain can also scoop their favorite NFTs before others like this trader did when he purchased all Wrapper Punks at the floor price.
While these are the oldest and most common types of MEV opportunities, many more exist. For example, blockchain security and analytics firm PeckShield disclosed an exploit that works similarly to arbitrage. Attackers exploited a bug in the TransactionRequest contract of the Ethereum Alarm Clock, a protocol for scheduling transactions to be executed in the future by pre-determining the receiver address, sent amount, and desired time of the transaction, and pre-paying the gas fees upfront. Hackers called the cancel() method on scheduled transactions and, leveraging the bug which causes the transaction fee refund to be computed incorrectly, obtained a higher gas fee refund than initially paid, allowing them to pocket the difference. Since the exploit targets an asymmetry in the market, and it pays 51% of the profit to the miner (in this case, a Lido validator), this profit can be considered a form of MEV reward.
How big is MEV
Since it first appeared in the Flash Boys 2.0 article, MEV has grown into a million-dollar industry and one of the most researched and debated areas of crypto-economics.
So MEV is big, but how big? Although it’s computationally infeasible to calculate a blockchain’s precise total MEV, here are two figures about extracted MEV worthy of highlighting, as they can give a good understanding of the magnitude of the MEV phenomenon (this is just on Ethereum!):
Since MEV grows with TVL and general activity (transaction numbers, unique number wallets, etc), MEV has skyrocketed since the beginning of 2021:
MEV on DEXs
As mentioned before, the majority of MEV comes from DEXs. Looking at the detailed breakdown, Uniswap V2 leads the race with over 63%, followed by Balancer (19.4%) and Uniswap V3 (16%).
Since MEV can be considered as value leaking from activity DEXs, it will be larger as volumes get bigger. Interestingly, while Curve dominates in terms of TVL, Uniswap’s volume is an order of magnitude larger, which also reflects in a higher Volume/TVL.
Given the supremacy of Uniswap in terms of TVL and volumes, it’s not surprising that V2 and V3 combined represent 80% of the MEV source.
Looking more in detail at Uniswap, arbitrage on Uniswap V3 is much lower than what used to be on V2 up until June 2022 (1.5%. vs 8%). This significant difference could point to the fact that newer protocols can distribute and allocate liquidity more efficiently, thus reducing the amount of ‘waste’ as MEV.
MEV mostly comes from DEXs as arbitrage, frontrunning, and sandwich attacks. While healthy arbitrage has a positive effect on the DEXs ecosystems as it incentivizes participants to balance the price and liquidity of asset pairs across various exchanges, malicious frontrunning, and sandwich attacks are responsible for magnifying slippage and thus seriously impairing user experience.
Did MEV increase after the Merge?
The Merge had extensive effects on MEV, and the name change from Miner Extractable Value to Maximal Extractable Value hides more profound consequences on MEV extraction. As the Bankless team was writing just before the Merge:
The competitive dynamics of MEV are set to change drastically following the implementation of proposer-builder separation which will separate the production of blocks (deciding what transactions go in one) from the validation of blocks.
The proposer-builder separation was proposed to promote greater competition, decentralization, and censorship resistance for Ethereum. MEV-Boost from Flashlinks, for example, allows outsourcing to the open market the role of block builder. Block builders would produce complete blocks and offer them to validators together with a fee. Validators would then choose the blocks carrying the highest fee, independently of the value of those blocks’ transactions. Since validators in ETH PoS are, indirectly, token holders who staked their ETH, holders sit at the top of the MEV chain and are posed to benefit from all the value collected along the way. While in PoW, miners were those capturing all MEV, PoS flips the paradigm and brings value back to users who generated it in the first place.
Individuals and bots -> block builders -> block proposers )aka validators, aka ETH stakers/holders)
The Merge drastically reduced the block rewards due to the lower amount of capital needed to participate in validation and block production, which in turn cuts security costs and ETH inflation. As a consequence, the Merge’s second effect is to make MEV even more important and precious as an economic incentive and source of profit for those involved in ensuring the smooth functioning and security of the network.
ETH issuance tldr
- Mining rewards ~13,000 ETH/day pre-merge
- Staking rewards ~1,600 ETH/day pre-merge
- After The Merge, only the ~1,600 ETH per day will remain, dropping total new eth issuance by ~90%
Lastly, the Merge is posed to affect MEV more indirectly, which will play out in the long term. As more Ethereum updates enter into effect, like the Surge, throughput capacity will increase, and the gas price will decrease. Frontrunners and searchers only launch an attack if it’s economically convenient, meaning the prospected profit is higher than the gas fee to submit those transactions, but even then, when they lose the bidding war against other frontrunners, they incur losses. So far, Flashbots calculates:
$1,432,146 = fees wasted on failed MEV transactions since 2020
As transactions get cheaper, sending frontrunning transactions and other types of MEV-related attacks becomes more economically sustainable, even in case of failure and reverted transactions.
Is MEV extraction happening just on Ethereum?
Firstly, it’s important to highlight that MEV opportunities are mostly found on smart contract-capable blockchains, where users can interact with, and send money to, smart contracts, such as those powering a DEX. On the other hand, Bitcoin’s transactions are all atomic swaps, or simple transfers of value between individuals, making transaction manipulation generally unprofitable, although technically possible.
Secondly, despite its higher volumes still making it the most appealing, MEV extraction on Ethereum is highly competitive and it’s hard for newcomers to extract a meaningful share of it. Because of this, some searchers are moving to other smart contracts-capable blockchains like BSC or Solana. However, extraction happens on a smaller scale, given the significantly lower volumes and TVL.
Jito Labs recently launched the first Solana MEV dashboard allowing it to monitor the magnitude of the phenomenon on the two most prominent lending protocols, Mango and Solend.
The dashboard reveals that in 2022 alone:
~$36M = extracted MEV from arbitrages and liquidations.
>96% = arbitrage and liquidation attempts fail.
From <1% to ~25% = blockspace filled by MEV-related transactions.
>50% = share of MEV-related transactions in certain blocks.
MEV: a threat or an opportunity?
MEV is a huge phenomenon and it’s getting bigger by the day. Is this something that should make us worried, and what should we do about it? Different researchers and players have different views; some see it as a problem to solve, and others as an opportunity to regulate and optimize.
Problems of MEV
MEV detractors argue that it generates market distortions, degrades user experience by artificially pumping gas fees and creating network congestion and downtime, and, most importantly, poses a severe threat to blockchain security. MEV is considered an undesirable by-product of economic activity, a negative externality that should be reduced by making the underlying activity more efficient (something similar to CO2 or urban waste).
- User experience. Reordering transactions, frontrunning, and sandwich attacks cause a poor user experience and losses for regular users due to higher slippage on DEXs and missed profit opportunities. On a more fundamental level, this threatens one of the critical tenets of DeFi, the open and equal access to financial services. This is especially true when validators go as far as censoring users’ transactions or colluding with some traders and creating private and permissioned mempools, known as ‘dark pools’. This shields traders’ transactions from the eyes of the entire network, avoiding sandwich attacks or other front-run.
- Inflation and congestion. Both front-running and back-running attacks are inefficient (most of them fail) and lead to negative externalities such as:
- Inflation. PGAs naturally lead to a surge in the gas price that affects all other users on that network. This surge is artificial, as it doesn’t reflect a healthy increase in users’ activity.
2. Network congestion. Since many similar transactions get broadcasted to the peer-to-peer network of validators, it creates long queues of transactions and slows down the validation process.
3. Chain congestion. Since multiple transactions with various gas prices will eventually be included in blocks, MEV artificially increases the blockspace usage. Flashbots estimates that over 567 blocks were wasted on Ethereum due to reverted and failed MEV-related transactions.
- Blockchain security. The above-mentioned paper Flashboys 2.0 introduced the perils associated with MEV, among which are the so-called ‘time-bandit attacks’. When the MEV available in a block significantly exceeds the standard block reward, validators may be incentivized to re-mine blocks and capture the MEV for themselves instead of diligently adding new blocks afterward, causing blockchain re-organization and consensus instability. This could eventually cause block supply chain disruption and jeopardize the integrity of the blockchain. As mentioned earlier in this article, this effect will likely get more significant with the Merge and the drop in block rewards.
Benefits of MEV
While most MEV experts agree that MEV can only be minimized, not eliminated, others wonder whether it should just be regulated into an ordered process so to make it advantageous for the most.
- MEV can be considered a positive force as it helps to correct distortions by incentivizing actors to balance the ecosystem. For example, DEX arbitrage ensures that asset pairs’ prices remain similar across different DEXs so that users can benefit from the best prices on different apps. Liquidations opportunities allow lending protocols to quickly liquidate a position and ensure lenders get paid back when borrowers fall below collateralization ratios. In short, MEV makes the crypto market works more efficiently.
- Another view is that MEV is good in theory, but in practice, it’s poorly managed. This means that only a few players can benefit from it to the detriment of most other users, and as it becomes a more significant phenomenon, it starts generating its own new types of distortions. The logical consequence is that instead of trying to minimize MEV, we should develop tools and best practices to manage it more transparently and democratically. Flashbots is one of the first research and development organizations formed to mitigate the negative externalities and existential risks of MEV, and it develops tools for a permissionless, transparent, and fair ecosystem for MEV extraction to preserve the ideals of Ethereum.
- Therefore, one direction is to create an open market where participants can bid transparently to obtain the right to extract MEV. This would turn MEV as an ‘invisible tax’ into a proficuous open market.
The profits that the blockchain would collect from this open market could be directed back to the community, for example funding public goods or distributing them to token holders as protocol revenue.
Treating MEV: case studies
Even considering MEV’s silver linings, the extent of MEV, and how it is exploited makes it a net detrimental phenomenon for users, networks, and the blockchains themselves. As Dan Robinson effectively demonstrates in his article, and as Sam Sun, another Paradigm researcher, confirmed in his recount, the only way to avoid frontrunning and other bot attacks is to be a skilled coder to carefully hide transactions under layers of disguised transactions and run a node to be able to include transactions in the right time and order. Even assuming that most users could do both things, which unfortunately is not the case, there is no guarantee of avoiding attacks.
Luckily, some organizations and projects are working hard to minimize MEV, or at least contain its negative externalities, depending on their stance. Hereafter some case studies illustrate what is being done at different infrastructural levels.
At the chain level: Arbitrum, Optimism, and Gnosis
While both optimistic rollups for Ethereum, Arbitrum and Optimism take different stances on MEV and adopt different strategies to deal with it. Arbitrum is trying to minimize it by leveraging Chainlink’s Fair Sequencing Services (or FSS), while Optimism aims at optimizing it with MEVA (MEV Auctions) and using the generated revenue to fund public goods.
Arbitrum and Chainlink are together exploring solutions to create fairer smart contracts by eliminating MEV. The mechanism developed by Chainlink, FSS, relies on external and decentralized oracle networks for ordering transactions as well as encryption of transaction details:
user transactions are first encrypted by users to hide transaction details, ordered by a decentralized oracle network, and then decrypted for execution on a blockchain network. As a result, the transaction payload will not be visible to nodes before the ordering process begins, removing the ability to front-run transactions based on early visibility.
By combining the outsourcing of block ordering with solid encryption, Arbitrum and Chainlink aims at eliminating MEV on Arbitrum.
Optimism, on the other hand, seeks MEV optimization. Optimism has played a crucial role in proposing the separation of block production (transactions inclusion) from block sequencing (transaction ordering) and running auctions for assigning the right to order transactions. Optimism formally separates the role of transaction ordering (Sequencers) and transaction inclusion (Validators) and assigns the former via a public auction known as MEV Auction (MEVA). The auctioneer is Optimism, which then distributes the profit back to the community to fund public goods or as dividends to token holders. Although each stakeholder earns a share of MEV during the process, ultimately, participants and token holders benefit are the ones benefiting from MEV. This is how the MEV shall flow with MEVA:
Users -> Sequencers -> Optimism -> User/Token holders
Gnosis Protocol V2 is trying to minimize the MEV problem by leveraging its batch auction mechanism, combined with off-chain order placement known as Coincidence of Wants. The Coincidence of Wants is a situation where two traders each hold an asset the other wants. On GPv2, an order can be settled directly between them without an external market maker or liquidity provider, almost like an atomic swap. Trades that cannot be executed this way go to the AMM and on-chain liquidity pools. Here, the batch auction mechanism settles orders in consecutive, recurring batches, each batch containing trades executed with the same prices for each asset pair, which means no MEV can be extracted by re-ordering these transactions. CoW Swap is the first DEX to leverage these mechanisms to minimize MEV and its detrimental effects on regular traders.
At the tool level: Flashbots
Flashbots is a research and development organization working on mitigating the negative externalities of MEV extraction techniques and avoiding the worst possible consequences on the Ethereum ecosystem. Their strategy relies on three pillars (Democratizing Access to MEV Revenue, Bringing Transparency to MEV Activity, and Redistributing MEV Revenue) and an array of MEV-related products, including Flashbots Auction with the Flashbots Relay, the Flashbots Protect RPC, MEV-Inspect, MEV-Explore, and MEV-Boost.
MEV-Boost, first built by Flashbots as an implementation of the proposer-builder separation (PBS) for PoS Ethereum, is open-source middleware run by validators to access a competitive block-building market. While Flashbots used to be the first and only outsourced block builder that miners could work with, with MEV-Boost validators (aka, block proposers) can access blocks from a marketplace of builders, who produce blocks containing transaction orderflow and a fee. Validators would then choose the blocks carrying the highest fee, independently of the value of those blocks’ transactions. In the future, this separation between proposer and builder will be encoded in Ethereum at the protocol level.
Despite the possibility of having many players operating in a transparent open market, so far, Flashbots has dominated the block production business. This gradual centralization could be an issue, especially considering that Flashbots decided to comply with the US government and censored Tornado Cash transactions. According to Flashbots’ dashboard, these are the numbers about the numbers of blocks proposed and included, which were provided by Flashbots MEV-boost VS others:
BloXroute and Blocknative are two alternative and popular MEV-Boosts providers.
At the application level: Hashflow
If MEV is a negative externality produced by applications and their activity, then every application could optimize its design to minimize the amount of MEV (waste) it creates. One example is the above-mentioned CoW Swap, a DEX leveraging its batch auction and the Coincidence of Wants.
Another example is Hashflow, a decentralized exchange (DEX) that has MEV protection, on top of zero slippage and interoperability, as selling points. This is achieved by allowing liquidity providers to contribute to liquidity pools (Public Pools) but using a request-for-quote (RFQ) model that allows off-chain professional market makers, rather than on-chain curves, to price assets, de facto managing liquidity pools.
Traders go on the Hashflow platform, request a quote for a specific trade, and Professional Market Makers cryptographically sign quotes that remain unchanged for the duration of the trade.
Since PMMs are required to cryptographically sign quotes that remain unchanged for the trade duration, the price is guaranteed. This protects traders from frontrunning or sandwich attacks, while also ensuring against slippage, especially when executing cross-chain trades.
When providing liquidity to a pool, liquidity providers essentially provide a loan to off-chain market makers, who then use their algorithms to price the assets. Instead of LP tokens, liquidity providers receive a tokenized loan share. Since leaving so much operating margin to off-chain players can be risky, Hashflow currently operates under a proof-of-reputation model, allowing only market makers with a proven record to operate Public Pools. Although this is quite a big difference from permissionless decentralized exchanges, Hashlflow plans to gradually move away from this permission model, and, once it develops a reliable reputation model and scoring system, open the protocol and let LPs make their own educated decisions on which Public Pools to trust.
By extension, cross-chain aggregators integrating Hashflow or CoW Swap can leverage their unique mechanisms to protect their traders against MEV and slippage.
MEV, an opportunity to regulate, or a threat to eradicate?
Over two years have passed since a few researchers first formalized MEV and proved its problematic effects at the transaction, network, and chain levels. During this timeframe, MEV has grown by the day and has become an extensive phenomenon that permeates Ethereum and, to a lesser extent, other smart-contract-capable blockchains.
MEV comes in different flavors, and while it can act as a positive force in the blockchain ecosystem, helping correct inefficiencies and market distortions, it’s often extracted by malicious actors in ways that enrich its perpetrators at the expense of regular users. Even more alarmingly, the phenomenon is assuming an extent that risks jeopardizing the open and permissionless nature of the blockchain, as well as the correct functioning of the consensus mechanism and the blockchain itself. As it is, MEV risks destabilizing and potentially destroying the whole ecosystem.
MEV seems inevitable, almost a by-product of blockchain mechanics. Nonetheless, it’s a richly studied and researched area, and many players have proposed ways to regulate the phenomenon and mitigate its adverse effects. At the chain level, the solution generally goes in the direction of separating the role of proposers (aka, validators) from block builders (aka, sequencers, or block ordinators), which promotes greater competition, decentralization, and censorship resistance. Coupling this are various kinds of auction systems. Ethereum, Optimism, and Arbitrum all apply these strategies differently, pursuing different goals. At the application level, especially DEXs where MEV is generally more abundant, the solution is to surpass the tested but too basic design of traditional AMMs with liquidity pools and constant on-chain curves, introducing off-chain mechanisms like request-for-quote on Hashflow or Coincidence of Wants on CoW Swap.
Regardless of the way pursued to minimize MEV, what is sure is that we need to compensate with additional security incentives, to make sure validators and other stakeholders remain honest and motivated to behave in the community’s best interest.
Co-written with Filippo ❤
