MEV Transparency: Ensuring Fairness In DeFi Markets

Blockchains enable reliable, trustless transactions on a large scale, however the automated nature of the technology leaves room for price manipulation by bots and malicious actors. In this talk, Olga Fetisova of CoW Protocol takes a look at Maximal Extractable Value (MEV) and its impact on the Ethereum ecosystem.

The first part of the talk focuses on defining MEV and considering metrics, while the second part covers transparency initiatives, challenges, and solutions.

What follows is a transcript of Olga’s talk:

What is MEV?

Blockchain technology is great at ensuring the validity of all transactions and creating new blocks with no downtime, however not all transactions are ordered in the same manner that they are submitted.

While block producers have full autonomy over selecting which transactions to include in each block, they usually opt to maximize profits by ordering transactions based on the highest gas price. This means that validators may censor or re-order transactions before creating the block. Re-ordering transactions with a profit motive is known as “maximal extractable value” (MEV).

In other words, MEV is the profit extracted by miners or other actors in the blockchain network who insert, remove, and re-order transactions.

According to Flashbots, a research and development organization focusing on MEV, over $500 million in MEV has been extracted just since The Merge. This value is only the recorded amount paid out to Ethereum validators; the attackers themselves have earned much more.

As we can see, MEV creates a set of skewed incentives. On certain days, Ethereum validators earn more ETH from extracting MEV than from network fees themselves.

Some MEV activities are indeed legitimate, as the practice makes sure that transactions are ordered in an optimal way. Overall, however, the practice creates unfair advantages for a small minority.

Today we will talk about the most common types of MEV.

Frontrunning attacks

Frontrunning is when a bot sees a profitable transaction in a public mempool, duplicates it, and places their own order in front of the victim transaction, extracting its value for themselves.

Backrunning attacks

Very similar to frontrunning, but in reverse. In backrunning, the attacker places a transaction after the victim transaction to capitalize on any arbitrage left by the victim’s order.

Frontrunning and backrunning transactions are not very common by themselves, but a combination of the two, known as a “sandwich attack,” accounts for most MEV.

Sandwich attacks

Sandwich attacks combine frontrunning and backrunning, placing a buy order before the victim transaction and a sell order directly after. This creates a “sandwich” of the victim transaction.

Let’s take a deeper look into sandwich attacks.

Sandwich attacks on the blockchain

A sandwich attack begins after a user places a transaction in the mempool.

During order placement, the user indicates a slippage tolerance. Slippage is the necessary deviation in price that a trader is willing to accept for their transaction. Since the user indicates that they are willing to accept a particular sub-optimal price, MEV bots take this opportunity to exploit the price of the asset and capture the value for themselves.

The bot frontruns the user by placing a transaction directly in front of the victim’s trade. This strategically raises the price of the token by the exact amount necessary to make the victim transaction clear at its maximum slippage tolerance.

After the user’s transaction goes through (at the max slippage), it pushes the price of the asset up even further. The bot places a sell transaction (backrunning) directly after, benefiting from this artificial price arbitrage.

In essence, the bot places a transaction at a low price, rides the user’s slippage and price impact up, and sells at a higher price.

The user loses out, as they have to pay more than they would have otherwise and they receive fewer tokens for their trade. This is not fair.

MEV Attacks in Practice

We can look at the chain to examine sandwich attacks directly. If we see the same token trading multiple times in one block, this may be an indicator that MEV attacks are occurring.

In a block analyzed by the research organization ZeroMEV, we can see that the DAI token was traded multiple times, suggesting actions by MEV bots.

The ZeroMEV analysis indicates that this block contains nearly $40 of lost value. The last transaction in the block was a payment to the miner in the form of 0.41 ETH, meaning that the attacker themselves earned an even higher amount.

To put this into perspective, the average MEV payout per block is about $100. On certain days of volatile market activity, however, this value can be much higher.

Looking at a block from November 2022 around the time of the FTX crash, we can see a completely different set of numbers.

In just one block, a bot caused over $5,000 in user losses and the validator received a kickback of over 3.5 ETH, suggesting, once again, that the gains for the MEV bot were significantly higher.

One notorious MEV searcher is known as “jaredfromsubway.” In a report by The Block, this searcher earned $34 million through MEV extraction in just the span of 3 months.

Using on-chain data, we can break down MEV price exploits by DEX. In the below image, we can see that Uniswap V2 and V3 account for over 90% of all MEV attacks on Ethereum.

This, of course, is primarily as a result of Uniswap capturing the majority of trading liquidity — the more trades, the more potential MEV.

Thankfully, it’s quite simple to check if you have been MEV attacked. One of the easiest methods is by entering your Ethereum address on ZeroMEV’s website. You can also use a transaction hash or a particular block number.

Transparency Initiatives

Several organizations specialize in tracking MEV. These include Flashbots, Eigenphi, and ZeroMEV, among others. There are, however, practical ways that you can protect yourself from MEV exploits.

One of the most effective methods involves using a specialized RPC (remote procedure call) endpoint. RPC endpoints send calls to the blockchain for data and stand as an intermediary between your wallet and the blockchain itself.

RPC endpoints can be swapped out by the user depending on their needs. Most wallet applications such as MetaMask make it relatively straightforward to add custom RPC endpoints. Some well-known examples of specialized RPC endpoints include MEV Blocker, MEV-Share, and BackRunMe.

MEV Blocker

MEV Blocker was developed by CoW DAO and, as the name suggests, it provides MEV protection for users.

When a user submits a transaction using MEV Blocker, rather than sending it to the public Ethereum mempool, the RPC sends the transaction to a specialized private pool. This conceals the transaction from public exposure, protecting it from exploitation by MEV searchers.

As an extra layer of security, MEV Blocker generates fake transactions that prevent probabilistic exploitation by advanced searchers. In addition, MEV Blocker offers rebates on trades by capturing value from potential backrunning opportunities. If a user transaction creates a backrunning opportunity, MEV Blocker guarantees that at least 90% of the backrunning value will be forwarded back to the user in the form of a rebate.

While it’s relatively new, MEV Blocker has already enjoyed a meteoric rise. So far, the RPC endpoint accounts for $16 billion in protected volume and 370 ETH in user savings.

To add MEV Blocker to your wallet, check out the MEV Blocker website: https://mevblocker.io/

Dedicated dApps

While RPC endpoints protect against price exploitation, the most extensive MEV protection comes at the application layer.

One dApp that provides comprehensive MEV protection is CoW Swap. CoW Swap is a meta-DEX aggregator that matches orders with the best liquidity available on-chain and protects trades from MEV exploitation.

CoW Swap actually sends all transactions through MEV Blocker by default, but the dApp also uses some extra techniques to combat MEV.

1. Delegated Trade Execution: On CoW Swap, dedicated parties known as “solvers” execute transactions on behalf of the users. This means that users are never directly exposed to the chain, as they only sign an “intent to trade” message which the solvers execute as a blockchain order.
2. Coincidence of Wants (CoW): CoW Swap enables users to trade off-chain with each other through a peer-to-peer trading mechanism. These trades don’t have to go through the public mempool, so they avoid the dangers lurking there.
3. Uniform Clearing Prices: Transactions on CoW Swap get grouped together into “batches.” Each time a particular asset (such as WETH) trades in a batch, it trades for a constant price. This mechanism obviates the price advantages of reordering transactions, preventing MEV exploits.

These two categories of protection — RPC endpoints and dedicated dApps — are the current ways that we can protect ourselves from MEV attacks. It’s important to remember, however, that MEV is a broader problem that evolves quickly, with bots constantly finding new ways to attack us and steal our precious ETH.

Conclusion

There are many challenges in combating MEV.

For one, there is a lack of data availability. Centralized exchanges, for example, don’t share their data so it’s difficult to understand the full scale of the MEV problem and come up with a complete solution.

While lots of organizations focus on combating MEV, the issue continues to pose a significant challenge. This also creates opportunities, however, for the community to come together, innovate, and ensure that Ethereum remains the gold standard in the blockchain world.