Loader
logologo
Alpha Zone
Analysts
My Reading List
Log in
DeFiGaming & MetaverseInfrastructureMarketsNFTs
Extractable Value
Amber Group
main

Introduction

In the early 1800s, the five sons of Mayer Rothschild branched out from their base in Frankfurt, establishing branches in London, Paris, Vienna, and Naples. They built out an information network, using carrier pigeons, couriers, and chartered boats to shuttle information across Europe faster than anyone else. Through this network, the Rothschild received news and information faster than anyone else, which they leveraged to make fortunes in arbitrage and trading. Famously, it also enabled Nathan Rothschild to hear of Napolean’s defeat at Waterloo a full 36 hours before London’s official messenger.

Within all markets, information is valuable. And the competition for privileged access to information is fierce. Even today, in traditional markets, high-frequency trading firms and hedge funds spend billions of dollars on towers and cables across the world, in an arms race to gain information edges measured in mere milliseconds.

Crypto is no exception. On-chain, there is intensifying competition for superior access to order flow and ordering rights. This concept of “maximal extractable value” - or MEV for short - has emerged from a niche topic to the forefront of virtually all crypto protocols. We see increasing dialogue within the community on MEV’s impact on a protocol’s transparency, sustainability, decentralization, security, censorship resistance, valuation, and more.

We aim to discuss several key topics around MEV in this report. We first introduce what MEV is and why it matters. Then, we outline why we believe MEV is fundamental and the trade-offs in managing MEV. We also summarize the current state of MEV and some of the major players in the field. Finally, we touch on future trends and open questions.

Key Takeaways

  • Understanding MEV is important. MEV affects the security, stability, and user experience. It is also a key component of how blockchain tokens accrue value. Above all, it impacts two fundamental properties of blockchain networks: decentralization and censorship resistance.
  • MEV is fundamental. There are solutions to mitigate some forms of MEV. But ultimately, some amount of MEV will always exist. A blockchain network’s gift as a limitless and permissionless smart contract platform is also a curse for more MEV to manifest. Protocols and applications need to think carefully about managing trade-offs in dealing with the MEV.
  • We estimate that under PoW Ethereum, MEV contributed to at least 5.8% of total miner revenue since 2020. Capturing MEV opportunities in the major categories - arbitrage, liquidations, and sandwich attacks - are incredibly competitive and consolidated by a handful of searchers.
  • While arguably negligible in impact today, cross-chain MEV is likely a highly centralizing force that impacts all blockchains. Multi-block MEV is also a remote but growing threat to the stability of blockchain networks.
  • We can foresee scenarios where payment-for-order-flow (PFOF) or transaction flow auctions exist, returning some amount of MEV to users. Under these scenarios, it appears the most likely path is greater centralization of block builders and reduced yields for validators, but more research needs to be done.

Into the Mempool

MEV was first defined in a seminal report Flash Boys 2.0 by Daian et al. The researchers found and studied multiple bots on Ethereum competing against each other to gain priority ordering and detailed their impact on the blockchain. The paper was also the first to propose a working definition for MEV as “the total amount of Ether miners can extract from manipulation of transactions within a given timeframe, which may include multiple blocks' worth of transactions.”

That’s a mouthful. To better visualize MEV and understand how MEV is created from first principles, it is helpful to walk through the typical lifecycle of a simple Ethereum transaction.

Lifecycle of an Ethereum Transaction

Suppose Joe wants to swap 100 ETH to USDC on a decentralized exchange. Joe navigates to Uniswap’s front end and connects his MetaMask wallet. He specifies inputs for the trade - 1,000 ETH for $1,300,000 USDC with a 1.0% slippage tolerance - and signs the trade.

His trade is first sent through MetaMask's default RPC endpoint to Infura. Infura propagates this request to other nodes in the Ethereum network, who all similarly propagate to nodes that they are connected to.

Each validator keeps its own mempool, which is a database of pending transactions that every validator maintains. It builds blocks of transactions based on its own mempool. Typically, these transactions are ordered by gas price. Alternatively, the validator could run custom software to order transactions according to its own rules and logic.

Every 12 seconds, one Ethereum validator is randomly chosen to build and propose a block of transactions. The proposer broadcasts a new block to the network. A committee of other validators is randomly chosen to determine the validity of the block and create attestations to it. After transactions are submitted, they are removed from a node’s mempool.

How MEV is Created

The mempool is viewable to all. Because Joe’s transaction was submitted publicly, it created a couple of potential profit opportunities:

  • Sandwich: Joe’s ETH to USDC trade has an unusually large slippage tolerance of 1%. Although he expects to receive $1,300,000, Joe signaled to the world that he would accept $1,287,000. Other entities monitoring the mempool will see Joe’s tolerance and attempt to “sandwich” it to give Joe the worst possible execution price and capture a risk-free profit. They do so by selling ETH in front of Joe (frontrunning his transaction), allowing Joe to sell at his lowest defined limit, then buying back ETH at a relatively deflated price.
  • Arbitrage: After Joe’s transaction, there will be a temporary price discrepancy in the ETH-USDC pair among Uniswap and other DEXs. There are bots continuously looking for these discrepancies and will automatically execute arbitrage after Joe’s trade (backrunning his transaction) to capture risk-free profit.

Validators are in a privileged position to extract this profit. Ethereum’s consensus protocol only enforces agreement at the block level, allowing validators to choose what happens within each block. Therefore, validators can decide what transactions to include and in what order these transactions are executed.

For instance, suppose that there is $100 of arbitrage profits to be made across DEXs. Alice could submit a transaction that attempts to capture this profit, offering to pay $1 in transaction fees. But, again, the mempool is viewable to all. Bob, seeing Alice’s transaction in the mempool, copies her transaction and offers to pay $2 in gas fees. Others could pile into this trade.

Unmanaged, this dynamic creates incentives for users to create off-chain agreements with validators/miners to guarantee transaction inclusion or ordering. Or, instead, validators/miners themselves can submit and prioritize their own transactions to capture the full $100 arbitrage profit.

Hence the term “maximal extractable value” - or MEV for short. The term was historically referred to as “miner extractable value” but since changed to acknowledge Ethereum’s shift to PoS and growing market share of PoS-based blockchains.

MEV Supply Chain

Generalizing the lifecycle from above, we can form a supply chain of MEV. This supply chain becomes a useful framework to understand various stakeholders in the ecosystem, where MEV accrues, and how best to mitigate and manage MEV.

Source Flashbots

  • User: Anyone who would like to express and submit intent to change the state of the blockchain.
  • Wallet / Application: The user interface that translates user intent into a blockchain transaction.
  • Searcher: Entities that monitor the mempool and submit transactions to extract MEV.
  • Builder: Aggregate transactions from various sources to create a full block, ideally one that maximizes rewards.
  • Validator: Perform consensus duties, such as proposing and attesting to blocks.

Defining MEV

An updated definition of MEV for PoS-blockchains:

The total value a validator can extract across a block (or a series of blocks) given the state of its environment and all the actions available to it.

Validators usually cannot change the state of their environment. This includes the blockchain’s rules, smart contract code on top of the blockchain, the set of transactions in their mempool, etc.

Actions can include reordering, censoring, and inserting transactions. They can also include more niche strategies, such as changing block timestamps, manipulating “randomness”, DOS’ing other validators, and more.

MEV Types

The three largest and most competitive MEV revenue pools are arbitrage, liquidations, and sandwich attacks. We outline these three below and some other interesting, more niche MEV opportunities that give a better sense of what MEV is.

Arbitrage

Arbitrage is the largest source of MEV revenues. It is considered MEV because ordering matters here.

Arbitrage trading occurs in all markets. But whereas arbitrageurs in traditional markets are exposed to some inventory or timing risk, a lot of MEV arbitrage can instead be performed atomically. Either all the desired trades go through, netting a risk-free profit, or none of the transactions go through. Another aspect of atomic arbitrage is the ability to use flash loans, allowing searchers to operate with minimal capital on hand in some cases. But there also exists classic statistical arbitrage trades that have inventory and timing risk, such as arbitraging prices between a CEX and DEX.

Atomic arbitrage is now incredibly competitive. Winning arbitrage entails 1) running optimized hardware + software for quickly finding opportunities across thousands of pairs, and 2) submitting extremely efficient trades to minimize gas usage. This second phenomenon is called “gas golfing,” and allows MEV searchers to competitively bid for a trade.

Liquidations

Money markets like Aave, Compound, and Maker allow users to deposit some assets as collateral and borrow others. As the value of collateral assets fluctuates, so too does users’ borrowing power.

These protocols rely on market participants to liquidate borrowers if the borrowers exceed their allowed budget. But market participants will not do this for free. To incentivize liquidations, protocols charge a liquidation fee on borrowers and give some of these fees to liquidators.

This is where the MEV opportunity resides. Searchers compete to monitor the positions of all borrowers and attempt to be the first to liquidate those with underwater positions, thus collecting liquidation fees for themselves.

Similar to arbitrage, liquidation events are highly competitive. During sharp market downturns, the competition to liquidate borrowers has led to enormous gas fees. Again, searchers who can optimize their code can bid most competitively for liquidations.

Gas Prices Paid by Liquidators

_Amount of dots represents the amount of liquidators participating. Grey line reflects the average gas price. Source: Qin et al. “An Empirical Study of DeFi Liquidations”_

Sandwich Attacks

Transactions on blockchains do not incur instantaneously. When users send swap transactions, they define an acceptable percentage price change (“slippage”) that could occur while a submitted transaction is pending.

“Sandwich attacks” occur if users set too high a slippage for their trades. Searchers exploit these mistakes by first front-running the user’s transaction to the highest acceptable slippage, allowing the trade to occur at an unfavorable price. The user’s trade is then executed, further moving the price. Subsequent to this, the searcher would back-run the trade, netting a profit. In the below example, assuming the searcher paid 4 ETH in gas and priority fees, its risk-free profit is 3 ETH.

Illustrative example. A user wants to swap 1,000 WETH to USDC with a 1% slippage tolerance. The searcher sees transaction 1 in the public mempool and constructs a bundle of frontrunning and backrunning transactions, and sends it to validators via mev-boost

As the above example demonstrates, sandwich attacks are more reliant on transaction ordering privileges. If either half of the sandwich attack fails to execute, the searcher faces potential loss.

As the name connotes, sandwich attacks are seen as toxic MEV and frowned upon by most of the crypto community. Whereas arbitrage and liquidation activities can be either malignant or benign, sandwich attacks are mostly seen as purely value extractive, probably because most users don’t know if and when they were sandwiched. Even several searchers publicly state that they refrain from sandwiching - admitting otherwise so would likely invite criticism and backlash.

Spotting Sandwich Attacks on Charts

Source

Long-Tail MEV

Long-tail MEV opportunities abound. Some examples:

  • Apecoin airdrop: Yuga Labs decided to airdrop tokens to holders of BAYC. NFTX was an application that tokenized NFTs into fungible tokens. One MEV searcher bought up all of the fungible BAYC tokens in NFTX, redeeming the entire pool for an actual NFT, claimed the Apecoin airdrop, then re-supplied the NFTX pool. This earned the bot ~61k APE, equivalent to around $278k at the time. The bot paid $310 in gas price.
  • Fat finger: Someone accidentally listed an EtherRock NFT for 444 gwei instead of 444 ETH. A bot immediately sniped it up and sold it for 234 ETH - roughly $600k at the time.
  • 1inch dust: 1inch occasionally leaves tiny amounts of tokens in its router for reasons. There is an MEV bot programmed to sweep this router for as little as $4.

MEV Matters

Understanding MEV is important. MEV affects the security, stability, and user experience. It is also a key component of how blockchain tokens accrue value. Above all, it impacts two fundamental properties of blockchain networks: decentralization and censorship resistance.

MEV Creates Negative Externalities

MEV-related activities create negative externalities. For instance, without an effective fee market, competition for MEV can lead to Priority Gas Auctions (“PGAs” - sometimes called Probability Gas Auctions). During PGAs, searchers and bots compete against each other by strategically setting their gas fees to have their transactions included in front of (or behind) certain transactions. This leads to:

  • Network congestion, which may cause other transactions to get stuck or dropped by the network
  • High and volatile gas prices, crowding out other crypto users and disadvantaging less savvy participants
  • Failed bids that unnecessarily consume block space (even failed transactions use up block space)

A high profile example is Yuga Lab’s Otherdeed land sale. Due to the peculiarities around the sale’s auction format, gas prices spiked to an absurdly high level as bidders jostled to have their transaction to be included in a block. Several users bid over 2ETH in gas, only to see failed transactions. Other users were priced out of Ethereum for hours, relegated to simply waiting for the sale to end.

Source Finbold

PGAs also create an arms race to win latency wars, as the searcher that has lower latency is better positioned to place the winning bid. PGAs occur less frequently on Ethereum, due to the advent of Flashbots and other mempool services. But they still happen regularly on high-throughput, low-fee chains like BNB Chain, Polygon side-chain, Aurora, and more.

MEV Can Destabilize the Network

More broadly, MEV drastically alters the incentives to a blockchain network’s stakeholders. If high enough, MEV rewards can encourage validators and miners to engage in malicious activity, such as performing reorg attempts. In fact, some community members have previously published code that would enable Ethereum miners to reorg the Ethereum network to capture prior MEV revenues. At that time, Ethereum’s social layer stopped miners from implementing it.

However, this threat has already materialized on other blockchains. Prior to Avalanche’s Apricot Phase Four upgrade, it was possible for any validator to propose a block. After one validator proposed a block that included meaningful MEV rewards, another validator could publish a longer chain of blocks to “steal” the MEV. So a race to reorg emerged. Clearly, this hinders a blockchain platform’s usability. Even today, other blockchains experience deep reorgs on an almost daily basis that are likely motivated by MEV.

Casual 194 Block Reorg

Source Polyscan, @Dogetoshi

Aside from reorgs, MEV also encourages spam transactions on high-throughput blockchains with ineffective fee markets. For instance, spam transactions contributed to Solana’s multiple network outages earlier this year. With significant economic activity on Solana, low transaction fees, and no way for searchers to express their willingness to pay for transaction order preferences, searchers are incentivized to extract MEV by sending an enormous amount of transactions to validators, effectively DOS’ing them.

MEV Affects All Chains

MEV Is a Centralizing Force

MEV is a centralizing force on all blockchains.

Block producers can extract MEV in two ways. Either they capture MEV themselves, or they sell reordering rights to others.

The first case is highly centralizing at the validator level. Professional block producers are more effective in capturing MEV compared to solo validators. There are high returns to sophistication. Professionals can better invest in infrastructure and human capital to optimally capture MEV. They are also better positioned to secure exclusive order flow, giving them a larger set of transactions to build blocks on, or partner with searchers to gain exclusive access to MEV bundles. Moreover, institutions with larger balance sheets can take advantage of capital-intensive MEV strategies (e.g., cross-chain MEV).

Therefore there are strong incentives to vertically integrate (validators that acquire and run their own searchers) and horizontally merge (combining different MEV searching strategies).

Under this scenario, professional validators will gradually accrue a greater stake in the network from their own profits. Furthermore, if in-protocol delegation is allowed (where users can delegate their tokens to other validators), other users are incentivized to delegate their tokens to these validators, further strengthening their lead.

In the second case, if block producers cannot efficiently run MEV strategies themselves, they can sell reordering rights to others. Ethereum’s roadmap effectively plans to enshrine this by separating block producers and block builders (Proposer-Builder Separation). This diverts MEV’s centralizing force from validators to block builders. However, several questions remain about how best to design this structure.

And, in either case, MEV rewards are highly variable. This dynamic favors large institutions and validator pools that can socialize/smooth MEV rewards, as most users prefer stable and predictable income.

Inequality Between Validators Without MEV (Left) and With MEV (Right)

_Note the distance between the green and red lines significantly widens with MEV extraction Source: Flashbots_

Note also that MEV profits will likely scale superlinearly. MEV extraction within a single block itself scales linearly with the proportion of hashpower/stake of the network. But in addition to this, the potential for capturing multi-block MEV increases as network dominance grows.

MEV Is Important for Economic Security

Yet MEV should not be left untouched. MEV revenues increase the security budget for a blockchain and must be extracted to keep blockchains secure. Both benevolent and malicious actors should attempt to extract as much MEV as possible. Otherwise, MEV left on the table gives malicious actors a clear subsidy to attack the protocol.

This is not to say that blockchains should blindly increase MEV on the platform to increase economic security. As mentioned above, many types of MEV have negative externalities that detract from user experience. If this type of MEV continues to increase, users will simply leave the network, decreasing fees and economic security. Nonetheless, some amount of MEV is unavoidable. It is a consequence of user activity.

A robust blockchain design should strive to democratize MEV extraction so that every validator can extract MEV at around the same rate. MEV redistribution systems can also help to improve economic security, as Chitra and Kulkarni’s recent research also suggests. Finally, designs should endeavor to allow new entrants to easily enter the field, nudging the field closer to perfect competition instead of oligopoly.

MEV Reduces Costs

MEV is not all bad. It can also reduce costs for users. For instance, users who perform swaps on DEXs rely on arbitrageurs making sure that prices on DEXs are in line with CEXs’. In fact, a type of MEV, JIT liquidity, actually improves execution prices for traders. MEV also helps keep algorithmic stablecoins at peg, limit bad debt from accruing on money market protocols, and enable unique DeFi designs (e.g. Primitive’s RMM, Opyn’s Squeeth).

Opyn’s No-Liquidation Power Perpetual Relies on MEV Searchers

MEV Creates Token Value

Validators earn income from issuance rewards + base transaction fees + MEV/priority fees. Issuance rewards are effectively a redistribution of ownership from passive holders to stakers. And base transaction fees should, for the most part, be minimal and trend to near zero.

Thus, we argue the long-term value of L1/L2 tokens is rooted in monetary premium (e.g., BTC, ETH) and/or through MEV. Fundamentally, blockchains sell blockspace. Greater MEV opportunities -> greater demand for blockspace.

Therefore, these platforms need to think carefully about the MEV they create and capture, lest they allow it to leak to other entities.

Below, we list some examples of designs by current protocols to capture and internalize MEV:

  • Optimism - running MEV auctions. Optimism is an Ethereum L2. Currently, it runs a centralized sequencer that determines transaction order flow. Based on latest disclosures, Optimism aims to run MEV auctions that auctions off the right to reorder transactions within an N-block window to the highest bidder. Excess profits from these auctions will be directed toward protocol development via retroactive public goods funding.
  • Aurora - managing and internalizing MEV order flow. Aurora is an EVM implemented as a smart contract on NEAR. Aurora used to offer gasless transactions until the network continuously got hit with spam transactions. Aurora recently announced an MEV program that manages MEV flow to reduce spam transactions and incentives for Sybil attacks. They are partnering with Kolibr.io to create an open and competitive market for order-flow payments, where transactions are checked for MEV opportunities before they move to public mempool.
  • Osmosis - minimizing and capturing MEV. Osmosis is a Cosmos DeFi app chain that aims to mitigate MEV in the long term through threshold encryption. It also aims to implement a system that allows Osmosis to “MEV itself” - such as arbitrage after large transactions - with profits flowing to Osmosis stakers.
  • Cosmos - creating cross-chain block space markets. Cosmos is an internet of blockchains and created the backbone of several important blockchains, including BSC, Polygon, and Cronos. But a common criticism is that the native token, ATOM, does not capture value from Cosmos’ contributions. Recently, members of the community put forth a new proposal that seeks to improve value accrual. One proposal includes an Interchain Scheduler, which creates a cross-chain blockspace market that generates revenue from cross-chain MEV activity.

MEV Will Increase

MEV grows with complexity, and we expect MEV to exponentially increase in the next decade.

Even on Ethereum alone, there has been a step change in MEV growth since the release of Flash Boys 2.0 due to the growth of new protocols and primitives. The rise of a whole new class of assets (NFTs) and various financial experiments related to it also drastically expanded the vectors for MEV to arise.

This trend is bound to continue. Ethereum’s gift as a limitless and permissionless smart contract platform is also a curse for more MEV to manifest.

The emerging multi-chain world supercharges this trend. MEV already exists on each chain individually. But because different blockchains have different trust assumptions, there will always exist additional MEV at the boundaries.

There Are No Solutions, Only Trade-Offs

To better understand MEV dynamics, it is helpful to break down blockchains into their three essential elements:

  • Virtual machine: VMs determine dimensionality - what a protocol can do. They range from extremely limited to Turing completeness. As mentioned above, greater complexity creates wider vectors for MEV. Allowing any developer to deploy smart contracts that can hold billions of dollars in value is both a boon and a curse.
  • Consensus mechanism: A fundamental property of blockchains is coming to consensus on valid transactions and the order they are executed. Cryptographic transcripts are created to prove that transactions are valid and show us the state of the world. But there are a lot of people trying to change the state of the world at the same time. There will be users that have a higher preference for their proposed state of the world and are willing to spend money to secure that preference.
  • Blockspace markets: Blockspace is limited. Markets are required to allocate blockspace efficiently. Due to the factors mentioned above, if markets are designed poorly, users will instead secure order preferences off-chain.

We argue that, due to the above factors, MEV will manifest as long as blockchains allow anyone to deploy smart contracts and move value.

Hence, we believe that instead of thinking about how to eliminate MEV, it is more productive to think about managing the different trade-offs in managing MEV across those three dimensions. We walk through some considerations for each factor below

Blockspace Markets

Perhaps the lowest-hanging fruit to managing MEV is designing an appropriate blockspace market. Small changes in design can lead to large changes in user experience and externalities (see: EIP-1559).

It is helpful to think of how different designs play out during major market events, such as an intense crypto sell-off or a popular NFT mint. Order preference matters most during these events.

As the table below shows, most markets without an efficient auction mechanism incentivizes entities to spam the chain with transactions. For example, if winning a MEV opportunity can yield millions in profits, and the chain determines ordering on a “first-come-first-service” basis, searchers won’t hesitate to spam thousands of transactions to validators to secure that profit.

Blockspace markets also determine the dominant MEV strategy, and therefore, where the “centralizing energy” of MEV is directed.

Consensus Mechanisms

One of the more promising solutions to reducing toxic MEV is encrypting the mempool. How to effectively do so is still a subject of debate.

For instance, Osmosis, a DeFi app chain in Cosmos’ ecosystem, plans to reduce toxic MEV through threshold encryption. Transactions are encrypted once they enter the mempool, which hides the transaction information, preventing censorship/ordering. The private key used to decrypt the information is shared across all validators. The block is only decrypted after it is finalized. Shutter Network is also working on this solution for Ethereum rollups. On Ethereum itself, Flashbots has discussed using trusted hardware (MEV-SGX) instead of cryptography to achieve similar effects.

A key trade-off here is latency. Threshold encryption by committee is bandwidth-intensive, particularly for large and dispersed committees. Even using trusted hardware like SGX introduces additional latency into the system. These systems also introduce greater complexity, technological risks, and extra trust assumptions to the protocol.

Other consensus mechanism considerations include:

Virtual Machine

Limiting what a virtual machine can do reduces MEV. For example, the Bitcoin network is rather limited in what it can do and the breadth of applications built on top of it, so minimal MEV exists on the platform.

Developers can also decide to create a permissioned platform, which allows the blockchain to focus on a specific vertical and helps control user experience. For instance, Osmosis and Sei are blockchains architected for DeFi. Developers need to submit proposals and get approved before they can deploy smart contracts. This drastically lowers the vectors where MEV can appear.

The Current State of MEV

Flashbots’ role in shaping the MEV landscape on Ethereum has grown significantly. More recently, the crypto community has grappled with its role in order flow and block building after the US Treasury sanctioned Tornado Cash smart contracts and various related addresses. We describe Flashbots’ origins, its design in both pre- and post-Merge Ethereum, and why censorship concerns only recently cropped up.

Flashbots Origin and MEV-Geth

Flashbots is a research & development organization formed in July 2020 to mitigate the negative externalities of MEV.

They launched “MEV-geth” in 2021, creating an off-chain private transaction pool and sealed bid blockspace auction for Ethereum. This allowed searchers to create and send “bundles” of transactions. Bundles allowed searchers to describe under what conditions a set of transactions should be executed. Notably, they allowed for atomicity. Either all the transactions go through, or none do. This is particularly beneficial for certain types of trades (e.g., sandwich attacks). Searchers sent bundles to a Flashbots relay. The relay was used to validate bundles and mitigate denial-of-service attacks. Valid bundles are then sent to miners. Miners can evaluate all the bundles they receive and create a block with the most profitable ones.

The benefit of this architecture includes:

  • Privacy
    • transactions are only publicly revealed after they are included in a block. Failed trades are not publicly exposed. Nor do they cost gas. Thus, searchers can be more confident in capturing MEV without the risk of other bots identifying and front-running the opportunity.
  • Efficiency
    • the design creates an efficient market for MEV opportunities. Bids for the most obvious MEV opportunities will be incredibly competitive without consuming unnecessary resources on-chain. New entrants that can capitalize on longer-tail or niche opportunities can freely enter the market.

Important to note about the above architecture is that the design was not a trustless solution. Both relayers and miners could peer into the bundles that searchers submitted. They could have stolen bundles (and allegedly, did). However, reputational costs kept the system intact.

MEV in PoW

From January 2020 up until the Merge, Flashbots estimates the total gross profits of MEV opportunities from arbitrage and liquidations on a select number of DeFi protocols to be ~$675M. This figure should be considered the lower bound estimate of MEV, as it excludes sandwich attacks, NFT MEV opportunities, long-tail DeFi activities, etc. It also only counts Flashbots data - searchers could use other solutions too.

Source: Flashbots Explore

Additionally, Chorus One estimates that there is nearly $1 billion of profits made from sandwiching trades since August 2020. During the same time frame, Messari estimates that total Ethereum miner revenue was ~$28.9 billion.

This suggests that, from 2020 until the Merge, MEV contributed to at least 5.8% of total miner revenue.

Looking at extracted MEV by sandwichers gives some insight into the competitiveness of MEV: the top five MEV bots capture ~57.5% of total extracted MEV.

Boosting MEV in PoS

MEV-geth’s design does not work post-Merge. Note that in PoW Ethereum, only a handful of mining pool operators dominated hashpower. Any operator that “cheated” by stealing Flashbots bundles could be punished (e.g. exempted from future order flow). To most miners, it’s not worth losing this business.

Post-Merge, anyone can spin up a validator. The prior MEV-geth design doesn’t work. If you send bundles to solo validators, they would occasionally be incentivized to steal high-value MEV transactions as their own. Punishment does not deter. Furthermore, as mentioned previously, requiring that validators are both builders and proposers can act as a centralizing force - solo operators are unlikely to be as efficient in building optimized blocks as institutional ones.

Therefore, the concept of specialized “builders” emerged with the introduction of “MEV-boost”, Flashbots’ post-Merge MEV solution. Builders are entities solely focused on receiving transactions and building optimized blocks. Builders forward their blocks to relays.

MEV-boost acts as a relay aggregator. It identifies the most profitable block and submits to it the block proposer.

Validators can opt-in to receiving full blocks from builders via relays and receive rewards. These blocks are blinded - validators cannot see the transactions until it has been sent to the network, and risk being slashed if they attempt to steal MEV.

Ultimately, this architecture mitigates MEV’s centralizing impact on validators. Instead, the architecture nudges centralization to block builders.

Censorship and Filtering

This new architecture introduced new censorship chokepoints. Only a handful of entities run relays and builders, and some of those entities have to abide by local regulators. Notably, several relays and builders, including Flashbots’ own ones, filter out OFAC-sanctioned addresses. They will not include any transactions that interact with any smart contract or addresses specified by the US Treasury Department.

In fact, only 3 relays consisting 12.5% of mev-boost market share do not censor transactions.

Why the headlines now? Censorship concerns were less prevalent in Ethereum when it was PoW, as mining pools acted as their own block builder. Even if Flashbots attempted to censor transactions, these miners could append censored transactions after Flashbots bundles.

50% of All Block Production were OFAC Compliant

Source mevwatch.info

Overview of All Relay Operators

Cross-chain MEV

Suppose there is a price discrepancy between Uniswap on Ethereum L1 and Uniswap on Arbitrum. ETH is priced at $1,400 on Ethereum, but $1,300 on Arbitrum. How could one arbitrage this?

  1. Official bridge: Buy 1 ETH on Arbitrum and use Arbitrum’s official bridge to move ETH to Ethereum L1, which takes 8 days. Hope that prices don’t move much by then (or maybe hedge with perpetual futures). Sell on Ethereum L1.
  2. Third-party bridge: Instead, use third-party bridges to move ETH to Ethereum L1. Currently, it takes anywhere between 5-20 minutes, depending on a user’s priority on speed, security, and return.

Source: Bungee Exchange by Socket

  1. CEX: Some exchanges accept deposits directly from Arbitrum. The time to deposit and withdraw is variable, but roughly between 5-20 minutes as well.
  2. Proprietary balance sheet: Hold a mix of ETH and USDC on both chains, and conduct arbitrage between the two chains when opportunities arise. Rebalance every now and then to ensure sufficient inventory on both chains.

Clearly, option 4 will capture the opportunity virtually all of the time. But this strategy is also the most capital intensive option, favoring professional market makers and institutions.

In fact, this dynamic creates incentives to collude across multiple chains. Executing cross-chain MEV is probabilistic. An institution could set up validators on a number of chains to minimize risks and more efficiently capture MEV.

Open questions:

  • How do vertically integrated entities play into this? Consider the potential synergies between Binance / Coinbase’s centralized exchange and on-chain operations (withdrawals, deposits, running validators, etc.). Or the synergies between trading firms and bridges (Jump <> Wormhole, Alameda / FTX <> Layer Zero / Stargate, etc.)
  • Can bridges that have liquidity on multiple chains capture some of this revenue themselves?
  • How do centralized chains affect the decentralization of other chains? A BNB validator could be well-positioned to invest in Ethereum validators and gain greater stake in the network over time.

Multi-Block MEV

Multi-block MEV was previously not feasible on Ethereum due to PoW. No one knew in advance who the next block proposer was.

However, after the Merge, anyone knows who is going to propose the next 32 blocks in an epoch. There are currently over 445k active validators, so at first glance it does not seem likely that a validator gets selected to propose multiple blocks in an epoch, let alone multiple contiguous blocks. However, multiple validators are often under one entity or pool. Coinbase alone controls 13% of all active validators - giving them a ~39% chance of proposing at least 2 blocks in a row.

Probability of Proposing Multiple Consecutive Blocks

_Source: Alvaro Revuelta Note: p denotes share of total validator, k denotes number of consecutive blocks_

Probably the biggest threat of multi-block MEV is manipulating TWAP price oracles to exploit money market protocols. Although not a major threat now, when TVL returns on-chain, the risks of these attacks grow.

Source Twitter

But that’s just one vector, and we have yet to see what other maneuvers are possible with multiblock MEV, especially ones that last several blocks. Five consecutive blocks mean that an entity could control block production for an entire minute on Ethereum.

Open questions:

  • What other attack vectors exist with multiblock MEV?
  • What measures can be put in place to prevent the possibility of executing multiblock MEV?

PFOF and Transaction Flow Auction

Ultimately, user intent and transaction flow are the primary originators of MEV opportunities. We can therefore imagine a scenario where wallets or applications auction their transaction flow to builders. Wallets, applications, and infrastructure providers are well-positioned to benefit from aggregating and auctioning order flow, giving them another avenue for monetization.

Open questions:

  • How to design an auction market that prevents greater centralization of block builders and searchers with exclusive order flow?
  • How much would validator staking yields contract if wallets and applications auctioned off their transaction flow, returning MEV revenues to users instead of flowing to stakers?

Concluding Thoughts

At first glance, the outlook appears bleak. It may seem like crypto’s market structure is trending to be more similar to traditional finance: transactions and trades enter a black box, managed by privileged intermediaries, and results come out the other end.

Fortunately, we see a step change in the number of people engaged in MEV, from debating what is fair and researching appropriate market designs, to actually implementing solutions that mitigate MEV across the supply chain.

This is a long report, and we only scratched the surface of MEV. We list some additional resources below for readers interested in diving deeper in certain topics.

If you’d like to reach out and discuss these topics with us, please do not hesitate to reach out

Acknowledgements

Special thanks to Flashbots, Shutter Network, Alkimiya, Bryan Zheng, snoopy, and defi guy for inspiration and feedback for this report.

Author

Steven Shi is an Investment Partner for Amber Group's Eco Fund, the company's early-stage crypto venture fund.

Additional Resources

Reading Materials

Repositories

Data

Disclaimer

The information contained in this post (the “Information”) has been prepared solely for informational purposes, is in summary form, and does not purport to be complete. The Information is not, and is not intended to be, an offer to sell, or a solicitation of an offer to purchase, any securities. The Information does not provide and should not be treated as giving investment advice. The Information does not take into account specific investment objectives, financial situation or the particular needs of any prospective investor. No representation or warranty is made, expressed or implied, with respect to the fairness, correctness, accuracy, reasonableness or completeness of the Information. We do not undertake to update the Information. It should not be regarded by prospective investors as a substitute for the exercise of their own judgment or research. Prospective investors should consult with their own legal, regulatory, tax, business, investment, financial and accounting advisers to the extent that they deem it necessary, and make any investment decisions based upon their own judgment and advice from such advisers as they deem necessary and not upon any view expressed herein.

You might also like
Article cover
Ultimate Narrative Traders
In terms of portfolio allocation, ETH and BTC are the top holdings amongst the Top 15 narrative traders, followed by JOE. Ethereum Mainnet remains the
Professional
Disclosure: The authors of this content and members of Nansen may be participating or invested in some of the protocols or tokens mentioned herein. The foregoing statement acts as a disclosure of potential conflicts of interest and is not a recommendation to purchase or invest in any token or participate in any protocol. Nansen does not recommend any particular course of action in relation to any token or protocol. The content herein is meant purely for educational and informational purposes only and should not be relied upon as financial, investment, legal, tax or any other professional or other advice. None of the content and information herein is presented to induce or to attempt to induce any reader or other person to buy, sell or hold any token or participate in any protocol or enter into, or offer to enter into, any agreement for or with a view to buying or selling any token or participating in any protocol. Statements made herein (including statements of opinion, if any) are wholly generic and not tailored to take into account the personal needs and unique circumstances of any reader or any other person. Readers are strongly urged to exercise caution and have regard to their own personal needs and circumstances before making any decision to buy or sell any token or participate in any protocol. Observations and views expressed herein may be changed by Nansen at any time without notice. Nansen accepts no liability whatsoever for any losses or liabilities arising from the use of or reliance on any of this content.