Eight anti-MEV programs were comprehensively reviewed

Understanding the Full Picture of MEV

原文来源：Harper Li、Jinbin Xie， Huobi Ventures 

Yahile, chain smell

preface

In August 2020, Paradigm trader Dan Robinson tried to reclaim the original pledge at & NBSP; Uniswap  Liquid token. To do so, he deployed two contracts, the setter and getter, and invoked both contracts to recover the liquid token. However, the contract invocation was not successfully implemented, and the attacker discovered it first. The attacker executed the contract he was going to invoke. In the next month of the same year, Sam Sun discovered a contract flaw in Lien Finance that, if attacked, could result ina massive loss of 25,000 ETH. The author tries to save Lien Finance's contract holes, but fears a similar problem to Robinson's. If the attacker discovers his rescue plan, the attacker will be able to discover the vulnerability, execute the attack, and remove 25,000 ETH from the platform.

To this end, although the rescue action happened suddenly, Sam contacted many people, and finally in spark mine pool with the help of the attacker to avoid listening, attack, successful implementation of vulnerability repair. In this event, the Spark Mine Pool places the executed transaction in its private mempool, preventing it from being monitored by on-chain attackers. And this is the fundamental reason that determines the success of both events.

These two events reveal the fact that the current blockchain is a dark forest. In fact, the dark forest of blockchain nodes is filled with arbitrage bots/attackers waiting in the works. All pending transactions waiting to be packaged are exposed in a Mempool in the dark forest. An attacker can view and trace every transaction, every internal contract call, and every instruction, and perform the most common false start and sandwich attacks on these transactions.

We believe that the nature of on-chain attacks lies in the design of the blockchain.

• 首先是区块链的 mempool 设计，所有交易被发送出去后，并不是直接由矿工打包，而是需要先暂时进入 mempool。mempool 包含着待确认交易（pending transactions），且由于 mempool 具有公开性，任何人可以监听 mempool 的每笔交易、每个调用的函数。这为攻击者提供了监听交易事件的条件。

• 其次区块链出块时间为攻击者提供了执行时间。据 Etherscan 数据显示，目前以太坊的平均出块时间为 13s。

Average block time in Ethereum, source: Etherscan

In 2019 & NBSP;"Flashboy 2.0"  In this article, the concept of Miner extractable Value (MEV) is mentioned for the first time: the additional profit that miners can make by including, reordering, inserting, or ignoring transactions in the blocks they produce. After the development of blockchain in the past two years and the advancement of the research process of on-chain activities, MEV has been extended to the Most Extractable value.

Current MEV pillage participants include both non-miners and miners. Non-miners are mainly arbitrage/clearing robots. Miners are individuals who pick trades and pack them up in chains. The power of miners is incomparable to that of non-miners. We have summarized the following chart to show the characteristics of existing MEV plundering.

Summary of MEV plunder characteristics, source: Huobi Ventures

MEV solutions can be extracted and eliminated

At present, how to solve the problem of MEV pillage and protect the interests of ordinary traders has become the subject of research and development in the MEV field. At present, there are mainly two attitudes: one is to recognize the inevitability of MEV and solve the current dilemma through extraction; the other is to eliminate or reduce MEV from the transaction source. Based on this, this report discusses the existing MEV solutions from two approaches: MEV extraction and MEV elimination.

Extract MEV solutions

According to the current research results, there are three types of MEV extraction schemes as follows:

• 隐私交易：通过将交易存入隐私 mempool，而非公开型的 mempool，以躲开攻击者的监听。

• FRaaS：FRaaS（Front-running as a Service）通过提取交易的 MEV 并进行利润再分配的方式保护交易者利益，同时矿工由于有赏金激励将放弃攻击。

• MEV Auction：将矿工的挑选交易权力和交易排序权力进行分拆，矿工仍然保留挑选交易的权力，而交易排序权力则通过拍卖的方式拍卖给第三方。

MEV extractable solution, source: Huobi Ventures

Privacy trading

As mentioned earlier, transactions are waiting in mempool to be packaged by miners, and are also at risk of being monitored and hacked. So some protocols want to bypass the public mempool by having transactions queued up in a private mempool so they can't be broadcast to other nodes.

Agreements to provide such services currently include 1inch Stealth Transactions, Tai Chi Network and bloXroute.

1inch's Stealth Transactions is currently only available on the 1inch Wallet ios client. This approach now faces the possibility that transactions could be bundled into chunks and made public.

Taiji Network was created by Spark Mine Pool. Users can send transactions directly to spark Mine Pool's privacy pool through the interface provided by Taiji Network. Since Spark Pool does not webcast the transaction, the status of the transaction that was sent out cannot be seen on Etherscan until it is officially confirmed.

BloXroute provides private communications, allowing transactions to go directly to miners without being exposed.

BloXroute's BDN (Blockchain Distribution Network) links the blockchain nodes to the BDN through its own gateway software, which and the blockchain nodes first translate the information entering the BDN from the blockchain. Then, on the second layer, it does block compression. By dramatically reducing the block size, it can then be sent/transmitted more efficiently in the blockchain distribution network (BDN).

MEV Auction - Optimism

MEV Auction first appeared in early 2020, proposed by Karl Floersch. Karl Floersch is the CTO of L2 scenario Optimism. MEVA becomes a good anti-MEV method of matching Optimism.

When talking about MEVA, it is necessary to first explain the two powers that miners, as the biggest winners in the MEV plunder war, have: the power of trade choice and the power of trade sequencing. The MEVA mechanism technically divides the two powers of miners: miners retain the original right to choose deals, but after the choice, miners cannot rank deals. Instead, a Sequencer character has the right to rank the deals selected by miners. Miners select unique sequencers through the auction process.

MEVA flow chart, source: ethresear.ch

In the Optimism L2 system, the roles that miners have (transaction sequencing and validation blocks) are divided into two parts. Sequencers manages transaction sequencing, which Validators add to the Optimism L2 blockchain. This scheme is in line with Layer2 because Sequencer already exists on L2 architecture. The transaction is submitted to a "Sequencer" Sequencer, who generates signed receipts that guarantee the transaction's execution and ordering.

But there are still problems with MEVA's approach:

• Sequencers 之间存在串通、Sequencer 自身作恶，造成人为压低拍卖价格。针对这一问题，目前的解决方案是开发一个开源的 sequencer 软件，增加用户参与 sequencer 竞价活动的容易度。

• 无法完全避免矿工同时仍然保有两个权力：sequencer 可以自己成立矿池。

FRaaS

Front-running as a Service means that MEV is extracted and profits are redistributed to solve the MEV problem. In essence, by compensating the traders and benefiting the miners and attackers, this approach enables multiple parties to cooperate and create a win-win-win situation. In the FRaaS scheme, the attacker becomes the seeker, who is responsible for looking for possible MEV in the trade and extracting MEV through certain strategies. At present, there are many protocols using this anti-MEV mode, and it is a more popular way to solve MEV.

Flashbots

Flashbots is a research and development platform specifically for MEV, currently has three main vertical services:

• Flashbots Auction：矿工和搜寻者之间的隐私通信渠道。

• Flashbots Data：检测 MEV 数据情况；目前具体产品是 MEV-Explore 和 Dashboard。前者目前捕捉覆盖 8 个主要的 defi 协议。 •Flashbots research。：一个开放、透明和合作的研究平台，解决与 MEV 有关的短期和长期的研究问题。

The Flashbots Auction consists of meV-Geth, a Go-Ethereum node client, and MEV-Relay, a transaction bundle repeater.

There are three main characters: searcher, relayer, and Miner. The information transmitted between the three is Flashbots Bundle transactions. Each Bundle transaction contains a list of transactions (indicating the number of consecutive transactions that the sender wishes to Bundle onto the chain, including run-ahead/trailing transactions), block height, minimum timeout, and maximum timeout.

• 搜寻者 Searchers

Current Flashbots searchers fall into three categories: arbitragers, clearing bots, traders looking for a false start defense, and Ethereum dapps like mistX. The Searchers submit bundles directly to Relayers to ensure that the transaction is not detected by other nodes in the network.

When senders send transactions, they pay the miners a tip, which is not in the form of Gas fees, but through Coinbase transactions, they pay the blockers (i.e., the mining pools) ETH as a commission. This method of payment guarantees that even if the transaction fails, there is no need to pay the cost, but this method has the potential to attack.

• 中继 Relayers

Collect bundles from searchers and send to miners. During this process the Relayers themselves may also become the attacker, so the relayers need to be trusted to act honestly.

• relayers 除了隐私传送 bundle 交易外，还具有缓解 DOS 威胁的功用。由于 searchers 发送失效的 bundles 也为零成本，因此可能出现 searchers 可以随意提交 bundles，即这就为他们提供了用无效的 bundles 向网络发送垃圾邮件的能力，从而对其他网络参与者形成拒绝服务攻击。由于以太坊节点没有能力自行处理这种水平的负载，中继器成为缓解这种 DOS 威胁的手段。

• 矿工

The miner, as the final person to receive the bundle transaction, accesses the Flashbots network by running the MEV-Geth client.

Miners can only package one bundle transaction per block, so in order to maximize their own interests, miners will choose the bundle transaction with the highest tip paid by searchers. Flashbots currently has plans to package multiple bundles in a single block.

Here again, miners cannot be fully trusted. Once the miner has access to the contents of the bundle, MEV can be extracted by parsing the transactions and by being able to reorder or add transactions.

ArcherDAO

ArcherDAO has two separate products: Archer Relay and Archer Swap. However, both products have anti-MEV characteristics.

• Archer Relay

Archer Relay is compatible with the MEV-Geth client, enabling the user to participate in the Flashbots ecology as a seeker.

• Archer Swap

Archer Swap comes in the form of an early-side transaction interface that allows users to directly submit token transactions. Backrunning bots in the Archer Relay network will MEV search, extract, and bundle transactions generated on Archer Swap and send them to miners via Flashbots+Archer Relayer.

ArcherDAO uses Flashbots technology to achieve anti-MEV, but it is still different from Flashbots. ArcherDAO's product divides the roles of seeker and trader more clearly. Archer Relay forwards bundle transactions for searchers, whose task here is to search for MEV retrieval opportunities in each DEX. Archer Swap is for traders seeking MEV defense, who trade on Archer Swap. The split between the roles of seeker and trader is reflected in the fact that searchers in Archer Relay do not have access to transactions published through Archer Swap, only the Backrunning bots within the ArcherDAO do.

Secondly, it is different from the mining pool partners: At present, ArcherDAO clearly collaborates with 2miners and Ezil; Flashbots reported in March that it had worked with 12 mining pools.

mistX by  alchemist

Alchemist, which began in February with a Tweet from @thegostep, has no development team, no roadmap and is entirely community-driven. @thegostep is active in the blockchain space and is one of the core developers of Ethereum, Ampleforth, and also involved in Flashbots. The Alchemist team has five core projects in progress: Crucible, Copper, mistX, Sandwitched Query, and Crucible NFT Design.

MistX also uses Flashbots technology to protect user-initiated transactions from being sent to the public mempool, but bundled into the Flashbot system. In addition, the team has also developed & NBSP;sandwiched.wtf  The query tool can be used to check whether a particular smart contract account has been hit by a sandwich attack.

KeeperDAO

The overall KeeperDAO project is divided into three main business lines: Hiding Game, Coordination Game and Incentive Game. These three businesses solve three problems: Hiding Game solves MEV problems in existing transactions and clearing problems, Coordination Game mainly motivates keepers to cooperate with each other, and Incentive Game mainly focuses on $ROOK and platform governance issues. These three businesses are integrated in an organic way and support each other.

KeeperDAO also believes that since swap inevitably generates slippage, an attacker can attack with a run-first/trailing transaction, causing losses to traders. Moreover, as transactions are exposed in mempool, it is easy to cause competition or "bidding" between multiple parties, which leads to Gas war.

In both cases KeeperDAO thinks he can get traders to work with Keepers. The main process is for the trader to first submit the transaction to the KeeperDAO, and for the Keepers within the KeeperDAO to analyze the transaction and determine whether the profit can be made through the run first/follow strategy. If there is a profit to be made from the transaction, Keepers will make the profit by executing the transaction according to the order of transactions predetermined by the platform. The benefits obtained shall be returned to the project platform for daily summary and distribution by the project.

For the trader, they get a better price on the trade because the trader's trade slip is offset by the $ROOK cast by the platform. So traders working with Keepers is a win-win situation.

Throughout the system, the KeeperDAO is sorted every 100 blocks, and the results determine the order of transactions for the existing Keepers. Keepers are spared the troubles of Gas War because of their sequential trading. But Keepers within the KeeperDAO still had to compete with traders outside the KeeperDAO.

BackRunMe by bloXroute -- Profit distribution of MEV

In addition to the privacy transaction mentioned above, bloXroute also utilizes the transaction slippage feature of DEX to develop the transaction design for MEV.

The specific implementation process is as follows:

• bloXroute 发送 metadata 给搜寻者，由搜寻者执行 backrun 交易。

• 搜寻者将根据交易创建并发送 bundles，bloXroute 检测 searcher 的回复。

• bloXroute 以隐私通讯方式发送收益最高 backrunning MEV bundle 给 pools。

• 当然若搜寻者发现不存在 backrun 的机会，则这笔交易将变成普通的隐私交易发送到矿工手中。

other

• MiningDAO

The project allows any Ethereum user to propose an entire block to a miner, and each block is attached with a reward that will be paid to the miner if it is successfully chained. Therefore, miners will choose the block with the highest reward in order to maximize their own profit. Unlike the previous protocols, this protocol deals with the next block, not a transaction.

As shown in the figure below, the project treats the competition for the next block as the order market DEX. Each user can submit a block that can be packaged, in this case the order object, forming the block Order Market DEX. The cost paid by the user is the reward bounty paid by the user attached to each block order, and the miner selects the block order with the highest reward bounty from the block order market. Once a deal is done, the miner wraps the block order up the chain and receives a reward paid by the user.

• BackBone Cabal

For Sushiswap's project, the user sends transactions to the YCabal, creating arbitrage opportunities such as slippage, and then the miner performs a run first/run back strategy.

• 提取 MEV 方案的优缺点

This camp believes that MEV is generated by users and is an inevitable on-chain transaction. Based on this, this camp's scheme adopts a receptive attitude towards MEV to protect users. At present, there are three types of protocols in this camp, and the three types of schemes have their own characteristics: private transaction schemes protect users' MEV from being extracted by bypassing public mempool and public eavesdropping; MEVA divides miners' rights into technical divisions to protect users' rights; FRaaS achieves a multi-win situation with MEV extraction as a service and profit division.

Solution to eliminate MEV

The emergence of MEV is the product of the miners, as a privileged class, using the privileges of the block to seek power rent. As described above, the MEV extraction scheme covers more than 10 protocols that, because MEV is considered inevitable, embrace MEV and solve existing MEV problems. If this camp is described as dove, there is another camp, as hawks, who believe MEV can be eliminated. This part of this article will explain how hawkish developers have chosen to use a variety of tools to minimize or eliminate the space for power rent-seeking.

How can MEV be minimized or prevented? Miner extractable value (MEV) is a measure of how much a miner (or verifier, sequencer, etc.) earns from the ability to arbitrarily include, exclude, or reorder transactions within the block he or she produces. So the current anti-MEV protocols on the market try to take action when a deal is submitted to the mining pool. So far, it has been summarized in the following four ways:

• 链内操作

• 链下操作

• 加密

• 新型交易模式

In the chain operation

Chainlink  Scheme - Without changing L1 main chain, the transaction queue information and predictor report are submitted to the predictor, the serial number and Nonce value are generated, and broadcast over the predictor network. At the same time, the predictor can monitor the message pool and proactively obtain the transaction queue. The smart contract can then retrieve the correct sequence from the predictor.

LibSubmarine solution -- an on-chain smart contract that protects the privacy of trade information from arbitraggers.

Veedo scheme - Using VDF (Time delay function), using a time lock to delay the transaction information for a period of time, and then open. Arbitrageurs are unable to obtain timely arbitrage space.

Under the chain operation

Automata scheme -- The transaction queue generates a unique signature based on the current transaction queue through encrypted middleware service. Miners cannot insert new transactions into the transaction queue, otherwise the signature will change. In this case, when Dex receives the transaction queue, it can recognize the signature change and reject the transaction.

Arbitrum scheme - some schemes feel that can not completely prevent the appearance of MEV, as far as possible to minimize the appearance of MEV. Aggregate the transaction into the smart contract's CallData so that L1 cannot modify the transaction. In L2, the settlement of transactions is completed within a minimum window of 15 minutes. The entire process minimizes the presence of MEV.

Vega Protocol -- establish a new main chain, at the level of the chain itself, in a unit of time, to the first broadcast, known by the node most transactions are executed first, "if there is a time T, so that all honest verifiers see a before T, after T to see B, Then A must be placed before B ".

encryption

The Sikka scheme - as a privacy middleware, encrypts the transaction information and its own message pool. After the transaction is packaged and verified by 2/3 of the nodes, it is made public.

Shutter Network scheme -- Utilizes DKG distributed key generation services to encrypt transactions before they are sent, confirm that they are bundled into blocks after the miner message pool, and then decrypt the transaction information.

New trading model

The CowSwap scheme - where two people holding assets each wanted can match trades directly, without the need for market makers or liquidity providers to match trades. This would result in the best price for individual traders and would eliminate the fees incurred through market makers or liquidity providers. CowSwap allows users to make direct transactions using CoW. Orders that cannot be settled through CoW are directly matched to trades by automated market makers (AMM). If there's a CoW order in the bulk auction order. After the small orders are fully matched, the remaining orders that do not pass CoW matching will be matched by the liquid market integrated by CowSwap. The entire order settlement price is subject to the remaining order price obtained through external liquidity.

Eliminate MEV scheme/protocol comparison:

Eliminate the pros and cons of MEV solutions

Miners, validating nodes, and collators are all roles that have privileges over the order, and there are a number of advantages and disadvantages to eliminating MEV in the following ways.

• 利用 L2 第三方公证组织，对确定的交易序列进行全网公开并进行标记，公开程度越大，越难被篡改。但是需要不同的 DeFi 协议支持该公证结果并且配合。

• 利用对交易信息进行加密，让容易被套利的信息，隐藏在黑暗森林中，让套利者无法进行追踪。但是对信息的加密和解密，带来的资源消耗，从而导致交易体验上的损耗，也是需要考虑的因素。

• 新的交易模式，在模式上进行范式转移，却需要经过市场去检验是否能成功。

conclusion

After more than a decade of development, blockchain has become more mature and complex, which has resulted in more and more systemic problems, such as the MEV issue, which is briefly discussed in this paper. As Paradigm's & NBSP;MEV and Me  As described in this article, compared to the original bitcoin, the MEV generated by the later Ethereum due to the high complexity of its application layer behavior is much higher than that of Bitcoin.

Currently, the MEVs captured by Flashbots only cover 8 protocols, and the MEVs identified on each protocol are limited to the types that can be extracted by run-first/run-back/sandwich, etc.

Flashbots deepen users' understanding of blockchain by studying the phenomenon of MEV. Users begin to understand the risk-benefit structure corresponding to their actions on the blockchain, and in turn develop and improve protocols to make the blockchain more truly valuable.

This article briefly examines the various MEV solutions available on the market and summarizes them into two camps. First of all, MEV can be extracted, which aims to achieve a fair distribution of power, but it is difficult to avoid the situation that the dragon will become a dragon at the end of the year. The second is MEV eliminable type, which tells the story of no matter how to stealth in the dark forest, power transfer, it is better to really use encryption means to achieve cross-dimensional compression of power rent-seeking space.

The original link

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia