Comprehensive Analysis of MEV Common MEV Attacks, Related Ecosystems, and PBS

Comprehensive Examination of MEV Common Attack Types, Interconnected Ecosystems, and Prevention Strategies

Author: Delta Blockchain Fund; Translator: LianGuaixiaozou

1. Introduction

Although blockchain technology is revolutionary, it also poses challenges to various systems and ecosystems due to some subtle differences. In blockchain, miners and validators act as security supporters to confirm transactions and secure the chain. This means that they are also independent parties who can reorder transactions within a given block for their own benefit.

Maximum Extractable Value (MEV), also known as miner extractable value, refers to the maximum profit that block producers can obtain by arranging, adding, or deleting transactions within the blocks they produce. Their returns mainly come from unilaterally excluding, including, or reordering transactions within the block. Although it is called maximum extractable value, it applies not only to PoW chains but also to validators on PoS chains. This article aims to provide a comprehensive analysis of MEV, explore its origins, its impact on various blockchain networks, and strategies used by different participants in the blockchain ecosystem to leverage or mitigate MEV.

• Clear out while the time is right? FTX and Alameda-related addresses recently transferred $30 million worth of assets.
• A tweet exploded US bonds. What did Bill Ackman, who closed his short position, really see?
• Placeholder Putting AI into the cage of blockchain

2. History and Theory

(1) History

The first recorded case of MEV appeared on the Ethereum blockchain in 2014, discovered by a programmer. He was very interested in and hopeful about this technology until he realized a fatal flaw in the system—the autonomy of validators and miners allowed them to extract value from unsuspecting users.

In 2019, a team of researchers from Chainlink Labs published an article called “Flash Boys 2.0,” which emphasized that MEV is not a theoretical practice but a feature directly exploited by widely adopted protocols.

(2) Theory

Blockchain was originally designed to be protected by a decentralized network of machines known as block producers. These block producers include validators and miners who verify transactions on the immutable distributed ledger system. They aggregate pending transactions into a block, which is then validated by the network and included in the global system.

While measures can be taken to prove that all transactions are valid and not duplicated, there is no way to ensure that transactions are ordered according to their sequence published on the chain. This is why when block producers choose transactions from the mempool (the queue of pending transactions in the blockchain), they can prioritize the highest fee transactions before submission.

3. Technical Infrastructure of MEV

In the current MEV ecosystem, there are third-party robots and actors manipulating transaction fees to ensure that their transactions are prioritized upon block submission. For ordinary users, this may be disadvantageous as they may not have the necessary funds, resources, or technical expertise to exploit MEV.

On the block producer side, there are also third-party participants, including searchers, builders, and relayers. Searchers essentially “search” the mempool for pending transactions to find potential MEV profit opportunities. They bundle these transactions, send them to builders who “construct” complete blocks, and then send them to relayers. Relayers (trusted aggregators of proposed blocks) validate transactions and pass the most profitable one to validators for submission.

4. Common MEV Attacks

As mentioned earlier, MEV attacks are strategies used by miners, validators, or traders to exploit their ability to reorder, include, or exclude transactions within a block in order to maximize their profits. Here are some common types of MEV attacks:

(1) Front-Running

This refers to participants observing profitable transactions awaiting processing in the mempool and quickly creating a similar transaction with higher gas fees. This incentivizes miners to include their transactions first, allowing them to benefit from price movements triggered by the original transaction.

Example: Alice wants to buy a toy, but Bob bribes the merchant with a small fee to prioritize his transaction, ultimately allowing Bob to successfully purchase the toy.

(2) Back-Running

Back-running is similar to front-running, but the attacker doesn’t place their transaction before the target transaction, rather after it. This is often used in scenarios where the attacker intends to profit from price movements triggered by the original transaction.

Example: Alice plans to bid for a painting at an auction. After Alice places her bid, Bob quickly sells an identical painting at the high price Alice bid to people nearby.

(3) Sandwich Attacks

In this type of attack, the attacker places their transaction before and after the target transaction. This allows the attacker to manipulate token prices by buying low and selling high, essentially “sandwiching” the target transaction in between.

Example: Alice wants to buy a toy. Bob buys the toy first, driving up the price. Alice then buys at the high price, and Bob sells his toy at the inflated price, sandwiching Alice’s purchase in between.

(4) Arbitrage

These attacks exploit price differences between different decentralized exchanges (DEXs). Attackers can buy tokens at a lower price on one DEX and sell them at a higher price on another.

Example: Bob discovers that apples are cheaper in another town. He buys apples there and then sells them at a higher price in his own town.

(5) Time-Bandit Attacks

In proof-of-work networks, miners engage in what is known as chain reorganization to manipulate previously confirmed blocks. The purpose is to extract MEV from transactions already included in the blocks. This is not only a more complex form of MEV attack but also potentially more destructive, as it requires altering the existing blockchain structure.

Example: Miner Bob sees Alice discovering a gold mine. He uses his power to manipulate time and arrives at the gold mine before Alice, claiming the gold as his own.

5. MEV Case Study

(1) Market Sentiment and Data

The MEV field in 2023 is a vibrant and diverse space that combines opportunities, challenges, and innovation. Over the past year, the MEV sector has seen significant activity, with robots generating at least $307 million in revenue on Ethereum. The most common activity is arbitrage opportunities, which account for over 47.5% of total revenue. Sandwich attacks and liquidation opportunities have also played a significant role.

Against this backdrop, data from the week starting June 8, 2023, provides a snapshot of ongoing trends. Arbitrage activity extracted $8.48 million, sandwich attacks extracted $559,000, and liquidation attacks, while less prevalent, only extracted $14,000. These figures partially illustrate the complexity and dynamism of the MEV ecosystem.

In 2022, the total MEV involving sandwich bots reached a staggering $287 billion, with Uniswap V3 being a hotbed for arbitrage and sandwich bots. Interestingly, MEV opportunities on the Binance Smart Chain (BSC) were found to be more cost-effective than on Ethereum, indicating a friendlier environment on BSC.

The frequency and nature of MEV opportunities vary depending on market conditions. While arbitrage opportunities are the most common, liquidation opportunities rely more on intense market fluctuations. The income generated by different types of MEV also shows monthly variations, with certain months experiencing significant boosts in revenue due to specific market events.

A monopolistic pattern of MEV has also emerged, where after the Ethereum merge, the top two block builders’ addresses captured over half of the MEV, although most of it was transferred to the proposer in the final transaction of a block. The competitive environment among MEV robots and the distribution of profits among different types of robots further highlight the complexity of the market.

By analyzing specific data, conducting comparative analysis between different blockchain platforms, and understanding broader trends, we can gain a more comprehensive view of this evolving field. These insights contribute to a deeper understanding of the MEV ecosystem, reflecting its multifaceted nature and its impact on the future of decentralized finance. Constant exploration of liquidity data, development of new market-making strategies, and efforts to address fairness and regulatory issues in the MEV market are crucial for navigating this dynamic environment.

(2) MEV Vulnerability Attack

On April 3, 2023, at Ethereum block height 16,964,664, a group of MEV robots suffered a loss of $25.3 million in a vulnerability attack. Analysis of this attack reveals that a rogue validator switched the transactions of the MEV robots and confiscated various encrypted tokens.

This vulnerability attack was a complex operation involving a malicious Ethereum validator and a group of MEV robots. The malicious validator, known as “Sandwich the Ripper,” prepared multiple token assets to entice a group of target MEV robots to front-run his transactions on a low-liquidity V2 Uniswap pool. This process lasted for 18 days.

In a typical sandwich attack, MEV bots read incoming transactions and preemptively execute orders, driving up the asset prices for the original buyers. Then, the buyers further inflate the prices by purchasing the same assets they initially intended to. After that, the MEV bots immediately sell the assets acquired from the original buyer, making arbitrage profits from the buyers.

However, in this case, malicious validators lure the MEV bots with a vulnerable transaction, forcing the bots to arbitrage bait assets in a low liquidity pool, without the attackers actually needing to make a real purchase. Once the MEV bots purchase the bait assets, the attackers promptly modify the transaction order within the same block, selling off all the tokens (already prepared before the attack). Then, the attackers sell their own tokens at a higher price, draining all the WETH in the low liquidity pool in the process, rendering the tokens acquired by the MEV bots worthless.

The malicious validators exhausted 5 MEV bots using the same strategy in 24 transactions. The stolen tokens were then distributed to three different wallets, amounting to $20 million, $2.3 million, and $2.9 million respectively.

In response to this vulnerability attack, the Flashbot community has already released patches for all relays to prevent such attacks from happening again. While some see this attack as “malicious,” others in the crypto community view attacks on MEV bots as part of the game and not a violation of the rules.

(3) The DeFi summer

Although MEV is often associated with challenges and negative impacts, it has also played a beneficial role in certain situations. For example, during the DeFi summer of 2021, the faster transactions and lower gas fees on Ethereum were partly a result of MEV usage.

 

The adoption of MEV extraction software, such as Flashbots’ MEV-geth, has significantly increased, with over 78% of Ethereum miners now using MEV extraction software to bundle sequenced transactions and capture MEV profits. This is achieved through functionalities like miner bribing and bundle rejection without paying gas fees. As shown in the above graph, the diffusion of MEV bundling seems to correlate with lower average gas fees on Ethereum because the MEV software mitigates issues like Priority Gas Auctions (PGA), where bots drive up fees through fee wars.

In the case of sandwich attacks, miners or validators include certain transactions in a block while excluding others. By selectively bundling transactions in this manner, they can facilitate faster execution and reduce the overall cost for users. This selective inclusion allows the network to handle more transaction volume, contributing to increased efficiency and effectiveness during high-demand periods.

In summary, MEV-centric software has taken a dominant position in Ethereum, coordinating incentives for miners and traders through transaction ordering techniques, which may unintentionally alleviate network congestion and reduce network costs.

6. Peripheral MEV Products

(1) Flashbots

Companies like Flashbots mitigate the negative externalities brought by MEV through research and protocol development to help rebalance the ecosystem. They have established an ecosystem where robots directly submit transaction bundles to miners instead of the public Ethereum pool. Miners receive quotes (invisible to others) and include these transaction bundles in the blocks they mine.

Protocols such as MEV-Boost created by Flashbots provide validators with access to relay blocks through a marketplace for builders who want to purchase block space. By using MEV-Boost, validators can choose to include these special blocks that may be more profitable due to transaction reordering. This gives validators the opportunity to earn more revenue from MEV opportunities that builders have already identified and packed into relay blocks. They can also add relayers from Flashbots, Bloxroute, Blocknative, Eden, or Manifold (just a few examples).

(2) Fastlane

Fastlane is another infrastructure company aiming to address security concerns arising from MEV. Fastlane is a protocol designed to reward validators who protect the health of the Polygon blockchain.

Fastlane offers a unique solution that allows validators to generate income from various participants in the blockchain ecosystem, including arbitrageurs, liquidators, and NFT traders. Through a competitive auction process, algorithmic searchers bid for access to Fastlane during specified “sprints.” The winning bidder’s chances of successful transactions increase without directly connecting to the validator’s node, and most importantly, without knowing the validator’s ID, node address, or IP address.

This approach greatly enhances the security and privacy of validator nodes by reducing the economic incentive for bots to flood the nodes with redundant transactions, making the nodes healthier. Fastlane’s design does not promote malicious behavior like frontrunning and sandwich attacks. Instead, it prioritizes the overall health of the Polygon chain. Furthermore, by eliminating randomness in transaction propagation dynamics, Fastlane can potentially reduce data costs for sentinel nodes, further improving the efficiency and reliability of the network.

(3) Cow Protocol

There are also applications or software with specific use cases that utilize MEV for different purposes, such as the Cow protocol. The Cow protocol aims to match peer-to-peer transactions as much as possible, eliminating the need for intermediaries and saving users funds. This is known as CoW (Demand for Coincidence of Wants). They search all exchanges and aggregators to ensure users get the best prices, eliminating the hassle of comparing prices on different platforms. They can also protect users from frontrunning and sandwich attacks, which could cause significant losses for traders. The Cow protocol achieves this by matching transactions peer-to-peer and utilizing batch auctions, making the transaction order irrelevant.

If after placing an order, the price moves in favor of the user, the Cow protocol will provide the user with the price at execution. It collects orders every 30 seconds to be packaged. This process happens off-chain and has several benefits, such as not charging fees for failed transactions and fees collected for selling tokens (non-ETH). The solvers (external solvers) of the Cow protocol compete to find the best sources of liquidity for your transactions on all decentralized exchanges and aggregators. They submit transaction packages on-chain and hide them in the public memory pool, protecting transactions from manipulation by miners and bots (front-running and other forms of MEV).

(4) Kolibrio

Now let’s look at Kolibrio, which aims to completely change the MEV field by becoming one of the first protocols to offer broadcast extractable value (BEV) relays. This technology ensures that transaction broadcasters (such as node providers, DeFi wallets, bridges, and other dApps) can own the order flow they create and monetize it. This is possible when automatically searching for MEV opportunities before the transaction enters the memory pool. When there is an MEV opportunity in a transaction, the BEV passes that information to the searcher, who then shouts the transaction based on that information.

By keeping transactions in a broadcast state and introducing an MEV auction mechanism, it democratises MEV extraction and reduces the chances of exploiting vulnerabilities such as transaction ordering or front-running attacks. The validation and waiting mechanism of the system acts as a buffer against malicious MEV strategies, and transaction aggregation ensures efficient and tamper-proof transaction processing. Furthermore, by automatically distributing MEV profits to broadcasters, the system ensures fair distribution and incentivizes entities to prioritize user interests, creating a more secure and user-centric blockchain ecosystem.

7. MEV beyond Ethereum

(1) Solana

MEV can be realized through various strategies, including front-running, sandwich attacks, and trailing transactions. However, as we transition from Ethereum to Solana, the MEV landscape undergoes significant changes due to the fundamental architectural differences between the two blockchains.

In Solana’s PoS system, validators who stake a large number of tokens are responsible for the final determination of transactions. Solana’s unique validator cluster functionality further strengthens the system. Validators are organized into multiple clusters, taking turns as the leader validator. The leader’s role is limited to determining the order of vote transactions, not their final determinism, adding an extra layer of security against potential malicious actors.

Another key difference between Solana and Ethereum is the absence of a memory pool in Solana. While Ethereum’s memory pool plays a crucial role in many MEV strategies, Solana does not have one. This means that independent network participants (commonly known as “searchers”) cannot extract MEV for individual transactions unless they act as validators. Additionally, Solana recently introduced priority processing fees on top of fixed fees, allowing searchers to get their transactions included in a block faster.

Despite these structural differences, Solana is not completely immune to MEV. One common form of MEV activity on Solana is decentralized exchange (DEX) arbitrage. In this case, traders take advantage of price differences between different DEXs. For example, a trader may identify a SOL/USDC exchange rate difference between two decentralized exchanges on Solana, Raydium and Orca, and execute a profitable arbitrage trade.

Interestingly, sandwich attacks, a common MEV strategy on Ethereum, are not seen on Solana. This may be due to Solana not having a mempool and only leader validators being able to access transactions before they are finalized.

In the NFT space, MEV manifests in the form of NFT bots. These bots flood popular NFT releases with minting requests, aiming to ensure immediate resale of as many tokens as possible. This not only disrupts the NFT market but also leads to network congestion. To address this issue, Solana has proposed solutions such as adjusting transaction gas fees to increase the cost of junk requests and imposing a “tax” on invalid transactions.

Additionally, a company called Jito Labs offers a suite of specialized products that could have a significant impact on Solana’s MEV landscape. Details are as follows:

· Better validation performance and higher yield—Jito-Solana client:

By providing an open-source validator client, Jito Labs helps Solana validators better utilize their hardware and earn higher income. This can incentivize more competitive validation, reducing the potential for MEV extraction in transaction ordering. The Jito block engine aids in building the most profitable and efficient blocks for validators. By optimizing block construction, it can reduce opportunities for transaction reordering (a common MEV strategy) and make the network more resilient to certain MEV attacks.

· Outsourcing junk request mitigation and signature verification—Jito Relayer:

This tool allows validators to outsource junk request mitigation and signature verification, reducing congestion and achieving more efficient block creation. This can lower the likelihood of malicious actors exploiting MEV through junk request attacks.

· Sequential execution and enhanced transaction capabilities—Jito Bundles:

By supporting sequential execution of transactions, Jito Labs adds an additional layer of control to transaction ordering. This can mitigate some MEV strategies such as frontrunning and sandwich attacks. Jito MemPool: Traders can leverage the Jito MemPool for higher transaction delivery assurance. This ensures more reliable transaction execution and reduces the possibility of MEV through transaction reordering or exclusion. ShredStream: This feature allows traders to receive shards directly from leaders, saving a significant amount of time. By improving transaction efficiency, it can reduce the opportunity window for MEV attacks, such as arbitrage vulnerabilities.

Jito Labs’ products offer multidimensional approaches to strengthen the Solana blockchain. By focusing on optimizing validator performance, ensuring efficient block construction, mitigating junk requests, and enhancing transaction capabilities, Jito Labs contributes to a more secure and resilient network.

These innovations can make the Solana chain less susceptible to common MEV attacks, creating a more fair and transparent trading environment. While it may not completely eliminate MEV, the integration of Jito Labs’ products with Solana represents a proactive step in mitigating the negative impacts associated with MEV.

In the rapidly evolving blockchain space, these technological advancements by Jito Labs offer valuable insights for addressing the challenges of MEV, not only within Solana but also in other blockchain networks.

In conclusion, although the nature and manifestation of MEV on Solana differ significantly from Ethereum due to architectural differences, MEV remains a prevalent issue. The Solana community continues to explore and implement solutions to reduce the impact of MEV on its network, ensuring the integrity and efficiency of its blockchain operations.

(2) L2 and Cross-Chain

MEV on L2 extends from the original MEV on Ethereum L1. However, in the case of EVM chains, there is no significant difference in the ability for participants to manipulate the order, inclusion, or inspection of transactions between L1 and L2. Both layers share the same concept of MEV, which primarily comes from the ability of miners (or validators in proof-of-stake systems) to reorder, include, or inspect transactions within the blocks they produce.

This ability can be used for arbitrage opportunities, frontrunning, or extracting rent from users. However, with the introduction of Ethereum 2.0 and the increasing usage of L2 solutions for scalability, everything is subtly changing the MEV landscape.

Specific chains like Avalanche (AVAX) have presented a distinctive difference in the MEV space, namely that these chains do not share the memory pool data unless it is shared with validators. This unique approach can alter the dynamics of MEV as fewer entities have access to transaction data, potentially affecting the scope of transaction manipulation and value extraction.

However, the L2 environment also offers opportunities for innovative solutions to the MEV problem. For example, the concept of proposer-builder separation (PBS) can be applied to L2 solutions, where the roles of proposing blocks and building blocks are separated, potentially alleviating MEV-related issues to some extent.

In addition, the exploration of cross-chain MEV, including the extraction of MEV across different blockchain networks, is also an important component of L2 MEV. This introduces a new dimension that does not exist in L1, opening up a new research field and potential strategies for MEV extraction and mitigation.

In summary, while L2 MEV shares fundamental concepts with L1 MEV, the unique architecture and operational characteristics of L2 solutions introduce new dimensions to the MEV problem. Ongoing research and development in this field are crucial for ensuring the reliability, fairness, and decentralization of Ethereum and other blockchain networks as they scale.

8. Proposer-Builder Separation (PBS)

(1) What is Proposer-Builder Separation?

Proposer-Builder Separation (PBS) is a solution proposed to address the challenges of review and MEV attacks in blockchain networks. The concept of PBS is rooted in the idea of separating the roles of block construction and block proposal within the network. This separation of responsibilities aims to create a more decentralized and secure network while also addressing the MEV problem.

(2) Before PBS

In blockchain networks, specialized participants called validators play a crucial role in operations like transaction processing and block creation. In early blockchain protocols like Ethereum, validators were assigned two key tasks – block construction and block proposal. The same validators would collect pending transactions, determine the block content, order transactions, and construct complete new blocks. Then, these same entities would broadcast the completed blocks they created as proposals to other participants in the network for validation and inclusion in the chain.

This consolidation of responsibilities presented issues as it gave validators excessive control over which transactions were included in the blocks and in what order. Validators could leverage this influence to implement strategies that create additional profit for themselves. For example, they could prioritize transactions based on fees, extracting the highest fees from users who want their transactions processed faster. Validators could also manipulate the market by including or excluding specific transactions to influence token prices in their favor. These practices align with the concept of maximizing extractable value, where validators optimize transaction ordering and review to maximize their own profits.

Large validators with abundant resources are naturally more suited to fine-tuning blocks and implementing these MEV strategies. This leads to centralization risks, as smaller validators struggle to compete in extracting maximum value from transactions. Overall, combining the responsibilities of block construction and block proposal within a single validator entity creates vulnerabilities in terms of fairness, security, and decentralization.

(3) After PBS: Mitigating MEV and enhancing blockchain security

To address these issues, innovative approaches like Proposer-Builder Separation (PBS) have been introduced. PBS formally separates the two validation responsibilities (block construction and block proposal) into independent roles handled by different types of nodes.

In PBS, block construction is performed by specialized builder nodes. Their sole function is to construct block content in an optimized way to maximize the value of the entire network without favoring any entity. Transaction ordering, inclusion, and sequence are determined using algorithms designed to limit manipulation opportunities. The completed block packages are then passed on to dedicated proposer nodes.

The role of proposer nodes is simple – they receive the complete blocks from the builders and propose them to the rest of the validator network for approval and inclusion in the blockchain. Importantly, proposers do not participate in block construction within PBS. This prevents them from applying preferential transaction ordering or making other changes to serve their own interests, as they can only see the block content after block construction is completed.

By formally decomposing these two responsibilities into separate specialized roles, PBS limits the impact of a single node on the end-to-end transaction process. This in turn enhances the decentralization, security, and fairness of blockchain networks like Ethereum. PBS represents an important evolution in blockchain network architecture and governance.

9. Conclusion and Future Development

Due to the rise of DeFi and the development of blockchain technology, the future of MEV is a complex situation. While MEV can bring considerable profits to certain participants in the blockchain ecosystem, it also poses challenges, including potential negative impacts on transaction initiators and centralization risks among validators.

The Ethereum community is actively exploring strategies to mitigate these challenges while preserving the benefits of MEV. These strategies include MEV burning, MEV smoothing, and MEV sharing, each with their own unique advantages and trade-offs that require careful consideration and substantial resources for successful implementation.

The introduction of the Ethereum Merge and the PBS concept further adds to the complexity of the MEV landscape. The widespread adoption of MEV-Boost brings an increase in block rewards but also introduces potential risks of validator centralization.

In summary, the management of MEV is a critical issue for the future of Ethereum and other blockchain networks. As these technologies continue to evolve, MEV management strategies will also evolve. Future research should continue to explore these strategies, as well as the emergence of new types of MEV and their impact on various blockchain networks. Ongoing exploration and development in the MEV field are crucial to ensuring the reliability, fairness, and decentralization of networks as they expand.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!