The Ethereum network’s pivot to a new consensus mechanism in September 2022 caused a dramatic shakeup to the reward system available to blockbuilders. Maximal extractable value, previously merely a popular side project for Proof of Work miners, has now become the most attractive reward stream for validators, and understanding its nuances is key to a profitable validator operation.
Maximal Extractable Value (MEV) was first discussed in a Reddit post in August 2014, a date that precedes the launch of the Ethereum Network. The term refers to revenue that can be generated by any permissionless actor in the ecosystem such as block builders (miners or proposers), nodes, or users by taking actions such as the reordering, inclusion, or exclusion of transactions within a block in order to capture the value that is emitted onchain using onchain actions. Whilst other off-chain opportunities for value extraction exist for block builders, we do not include them in our discussion of MEV.
This definition implies that these actors must influence the ordering of transactions on the blockchain. By including transactions before other users, actors can essentially extract revenue that is emitted by transactions in the mempool. They can exert this control by either building blocks themselves, or incentivising block builders to prioritise their transactions. Blockchains such as Bitcoin’s and Ethereum’s are public ledgers whose contents are visible to anyone willing to check. This transparency enables any actor within the ecosystem to pay block builders and have their transactions included before the target transaction.
Blocks within Blockchains, by design, can carry only a limited number of transactions which has numerous implications for the ecosystem. Block builders, such as PoW’s miners and PoS’s proposers, search the mempool for transactions to include inside their blocks and because these block builders are driven by profit, they will choose to prioritise transactions with higher gas fees attached to them. Users in the ecosystem leverage this feature and express their preference to have their transactions prioritised by the block builders, by attaching a higher gas fee to the transaction. Searchers leverage this transaction ordering preferences of miners so they can be the first to capture value emitted within the blockchain ecosystem. As there are no strict transaction ordering requirements by protocols, block builders are free to choose the transactions to include and which order to include them in their blocks. The lack of ordering requirements coupled with the limited amount of blockspace allows MEV opportunities to readily present themselves in blocks.
Block builders can auction off their blockspace to entities who specialise in capturing this MEV. These specialised entities are called searchers, who submit bundles of transactions to block builders to be included in blocks in the exact order that they specify. These searchers deploy specialised algorithms and bots to parse blockchain data for MEV opportunities, such as liquidating other users’ loans or exploiting arbitrage opportunities between Decentralised Exchanges (DEXs). Alongside their own bundle of transactions, the searchers submit a bid to the block builder to have their bundles included first.
When it comes to being a searcher, timeliness is of utmost importance. Many of the MEV extraction techniques rely on including transactions before other users. At the same time, searchers also have to compete with other searchers looking to capitalise on the same opportunities. As such, searchers can bid very high gas prices on their bundles to have them included onchain. These are formally known as Priority Gas Auctions (PGA), a term coined by the Flash Boys 2.0 paper which was the first to extensively review the MEV problem. PGA’s create unfavourable environments for end users; they must compete with the high gas prices that these searchers bid to have their regular transactions included inside blocks.
MEV occurs on smart-contract-enabled blockchains such as Ethereum and Solana, by the design of the applications built on top of it such as Decentralised Exchanges (DEX) and Lending protocols, present MEV opportunities to anyone willing to commit enough resources to identify and extract them. When a user makes a trade on a DEX, they open the door for themselves to be front-run on that particular trade. Similarly, when a user takes out a loan on a lending platform, they put themselves at risk of being liquidated at a future date.
Types of MEV
When builders are elected to produce a block, they, at that moment, have full autonomy in controlling what the next network state will be provided that their block does not violate the rules of the protocol. The effects of MEV can be felt on either a user level or a protocol level. Different types of MEV can align or misalign the incentives of the block builder with those of the protocol. Here, we will explore the different types of MEV extraction techniques, some of which can be good or bad for users and the network itself.
Good MEV refers to the type of MEV that has a net positive impact on the health of a blockchain ecosystem. Though some users directly involved in this type of MEV may be negatively affected (as will be discussed below), the impact it has on the health of the ecosystem outweighs these negatives. Bad MEV referees to MEV have a net negative effect on both users and the ecosystem. These types of MEV aim to directly extract value from the hands of users and might, in some cases, disrupt the functionality of the protocol.
‘Good’ MEV
DEX Arbitrage
Decentralised exchanges facilitate the onchain peer-to-pool trading of token pairs. In an efficient market, we expect all exchanges to quote the same price for a given asset pair. Token exchange rates are not determined by an order book model (as is the case with centralised exchanges) but are instead based on the ratio of tokens inside of liquidity pools in DEXs that use Constant Function Market Maker (CFMM) algorithms. The details of this mechanism are covered by a previous Block Scholes report that is available on request. Many such DEXs exist and may, at times, quote different prices for a given token pair. The design of the DEX ecosystem creates an opportunity for arbitrageurs to extract some value by providing a service to the market.
On Ethereum, Smart Contracts can encode multiple transactions into one transaction that is executed atomically. This means that all its constituent elements are executed in an “all-in or nothing” fashion. If any of its constituent transactions fails, then the entirety of the transaction gets reverted. This feature allows arbitrageurs to use smart contracts to deploy trades across multiple exchanges in a single atomic transaction. By trading across multiple exchanges in one atomic transaction, arbitrageurs are able to conduct trades in the smallest unit of time allowing for deterministic returns.
An example of this type of arbitrage transaction can be seen here, where an arbitrageur deployed such a smart contract utilising atomic transactions and obtained approximately 45 ETH by taking advantage of the price disparities of the ETH/DAI pair on UniSwap and SushiSwap. The ETH/DAI exchange rate on SushiSwap was greater than it was on UniSwap, meaning that the arbitrager could redeem more ETH for the same amount of DAI on SushiSwap. A possible reason for this was that the token pair was much more popular on UniSwap than it was on SushiSwap, so the price was updated more frequently. The exchange rate on Uniswap would therefore reflect a more “fair” estimation of market participants.
To capitalise on the opportunity, the arbitrageur did the following:
1. Took a flash-loan (a loan that must be repaid in the same transaction and requires no collateral) of 1000 ETH on Aave
2. Swapped this 1000 ETH for 1,293,896 DAI on UniSwap (the exchange quoting a higher ETHDAI price). By depositing ETH and removing DAI from the liquidity pool, the ratio of ETH to DAI in the liquidity pools also increased thereby decreasing the ETHDAI exchange rate on Uniswap.
3. Exchanged 1,293,896 DAI for about 1045 ETH on SushiSwap. On this exchange, they withdrew ETH and deposited DAI which has the effect of increasing the ETHDAI exchange rate for the SushiSwap pool.
4. Repaid the loan of 1000 ETH back to Aave, which resulted in the arbitrageur securing a profit of 45 ETH (before accounting for transaction fees).
By executing these steps in one atomic transaction, the arbitrager was able to change the ratio of ETHDAI tokens in the respective liquidity pools across each exchange in a direction that brings their prices closer together. The arbitrageur’s profits are a direct result of impermanent loss incurred by the liquidity providers in both pools. In doing so they obtain a risk-free return for their actions. This type of MEV produces an efficient market for users to trade tokens in and is most profitable when a user is a miner/proposer themselves.
Liquidations
Decentralised lending and borrowing platforms like Compound and Aave allow users to take out overcollateralised loans, meaning that users must deposit more value as collateral than the value of the token that they wish to borrow. One use case of this functionality is shorting tokens by borrowing them from the lending platform and selling them in the market. You can read more about different types of decentralised lending and borrowing platforms in a previous report which can be made available upon request.
As the value of the collateral fluctuates due to market conditions, so too does the amount the user can borrow. If, due to price fluctuations, the value of the borrowed assets exceeds the allowed amount based on the value of the collateral they have deposited, the user will have a portion of their collateral sold and repaid to the platform in order to return their loan to collateral ratio to an acceptable level. This action can be done by any external party who sees that the loans are “unhealthy”. The protocols usually incentivise these actors by paying them a percentage of the collateral being liquidated.
Searchers run specialised bots that constantly monitor the loan landscapes of these platforms, looking for liquidation opportunities to capitalise on. Once these are found, the liquidation is executed atomically alongside any other sub-transactions the bot wishes to make such as selling its profits on a DEX.
To illustrate this process, consider a loan of 15,000 DAI collateralised by 10 ETH at a price of $2,000 per ETH. This position has total collateral of $20,000 worth of ETH and, assuming that each DAI is worth $1 throughout, a loan-to-value ratio of 1.33. If the value of ETH then drops to $1,800, the collateral ratio drops to 1.2. If this is enough to bring the borrower’s “health factor” below the minimum level allowed by the protocol then the position will be liquidated.
A searcher can profit from restoring this loan to a healthy state by taking the following steps:
1. Take out a flash loan for 7,500 DAI.
2. Pay up to 7,500 DAI (50% of the loan) to the loan’s smart contract.
3. Receive 7,500 DAI worth of ETH, with an added 5% liquidation bonus for a total of 7,875 DAI worth of ETH. At the new price of $1,800 per ETH, the liquidator receives a total of 4.375 ETH (the bonus 5% fee translates to the 5% return available by liquidating, before transaction fees).
4. Swap 4.16 ETH for 7,500 DAI on a DEX at an ETH price of $1,800.
5. Pay back the flash loan of 7,500 DAI.
6. Keep the 0.215 ETH as profit.
After the liquidation process, the outstanding loan of 7,500 DAI is backed by 5.625 ETH which, at an ETH price of $1,800, is worth $10,125. Therefore the borrower’s loan-to-value ratio has been restored above the liquidation ratio to 1.35. This type of MEV extraction maintains the integrity of the lending platforms, preventing them from becoming insolvent. Again, this opportunity is most profitable when the liquidator is in control of the inclusion of the transactions in a block.
‘BAD’ MEV
Generalised Frontrunning
Usually, searchers tend to specialise in one type of MEV; a searcher will often choose to specialise in solely capturing MEV from liquidations and may choose to do so for one lending platform only. There also exists a class of searchers called generalised frontrunners who deploy generalised scripts that try to detect any profitable transactions in the mempool such as the arbitrage example detailed above.
To find these transactions, the searcher executes the transactions locally on their computer and observes if the transaction resulted in an increase in the balance of the sender of the transaction. Once a bundle of transactions is determined to be profitable, the searcher’s algorithm will duplicate the transactions but will instead use their own address instead of the original user’s address, bid a higher gas price for their transaction to be included first, and secure the profit for themselves.
One famous example is detailed in the Ethereum is a Dark Forest article where a couple of users spotted a profitable opportunity onchain, but in trying to capitalise on this opportunity had their transaction nullified as bots were able to execute the profitable transactions first. In a companion article, Escaping the Dark Forest, the authors share a similar experience where they manage to overcome the front-running bots by employing various techniques. One such technique was sending the transactions directly to a miner to avoid the transaction being seen by searchers looking inside the mempool. Searchers running these bots use their speed as an advantage to bid higher gas prices and essentially steal profit from users in the ecosystem.
Sandwich Trading
Sandwich trading occurs when an MEV searcher sees a large trade on a Decentralised Exchange inside of the mempool. When the size of the trade is large in comparison to the size of the pool, it results in a dramatic price change between the two assets the user is trading. This presents an opportunity for a searcher to take advantage of their advanced knowledge of that price change. Consider an example with an ETH/DAI pool. If a user submits a transaction to buy a large amount of ETH from this pool, they deposit a large amount of DAI which will have the effect of reducing the amount of ETH in the pool and increasing the amount of DAI.
For a searcher to capitalise on this large trade they see going to a decentralised exchange in the mempool, they submit a bundle with the following transaction sequence:
1. The first transaction will remove ETH from the liquidity pool and deposit DAI. This action has the effect of increasing the ETH/DAI exchange before the original user makes their trade.
2. The second transaction in the searcher’s bundle will be the user’s large trade which deposits a large amount of ETH into the liquidity pool, further increasing the ETHDAI exchange rate. The user is forced to buy ETH from the Liquidity Pool at a higher exchange rate than if the searcher had not placed their transaction.
3. The searcher thereafter includes a second transaction of their own directly after the user’s transaction which deposits ETH into the pool and redeems DAI from it, selling ETH at a higher exchange rate than at which they bought it, with the difference in prices being accredited to the large trade made by the original user.
Users who wish to make large trades on Dex’s are likely to be sandwich attacked by MEV bots and will therefore get unfavourable exchange rates when executing their trade. This is a direct result of the first leg of the searcher’s trade which initially increased the exchange rate of the token pain the user wished to trade.
Time Bandit
A Time-bandit attack is possibly the most harmful type of MEV that can occur. It targets unextracted MEV opportunities that occurred in previously mined blocks and bears a close resemblance to a 51% attack. These unextracted MEV opportunities could be any one of the aforementioned types. To capitalise on these opportunities, miners would need to re-mine previously mined blocks and obtain a new state of the network. This is a direct attack on the consensus of the network thus having many implications for its users. Transactions that were previously thought to be finalised could be reverted to a network state recognising a different block as the current state of the network.
If the MEV incentive is large enough, miners might instead opt to re-mine previously mined blocks in order to extract the MEV contained within it. This of course means that they will have to re-mine every subsequent block after their target block for this attack to be successful. The MEV incentive needs to exceed the cost of re-mining all previous blocks for miners to even consider this type of attack.
Searchers can auction off this MEV opportunity to the miners of a protocol, offering large payoffs to the miners that re-mine the block containing the MEV opportunity, and subsequent blocks thereafter. In this way, consensus on the current state of the network will be put up for auction should a large enough MEV opportunity present itself.
A large coordination effort is needed between block proposers on the network for an attack like this to take place. The block builders need to consistently commit their resources towards achieving this attack, which gets harder as more blocks are added to the canonical chain. Though this type of attack may only be viable in blocks that are in very close proximity to the most recently mined blocks, its existence could potentially have damaging consequences on the network.
Searcher Incentives & Strategies
In Ethereum, block producers are granted rewards denominated in ETH for producing valid blocks and appending them to the canonical chain. Following the deprecation of block rewards after the Ethereum network transitioned from PoW to PoS, there is a larger incentive for validators to participate in MEV extraction. These validators leverage their privileged positions as block builders to boost the total revenues they receive by participating as a searcher themselves or working with searchers to extract MEV.
Searchers commit extensive hardware and technical resources to readily capture MEV opportunities that present themselves. Profitably capturing MEV requires the searcher to be as competitive as possible, as the main obstacles are generally other searchers competing for the same MEV opportunity. They outcompete other searchers by being faster at detecting MEV-emitting transactions and by being able to bid higher gas to have their bundles included first.
Generally, there are two ways to achieve this; by either being able to recognise and capitalise on MEV opportunities more frequently or by reducing the cost incurred in doing so. Below, we discuss some tactics that searchers employ to allow them to be more competitive.
Low-Latency Infrastructure
One such technique that searchers use to gain a competitive edge against other searchers is to have a lowlatency monitoring infrastructure. A view of the network state and mempool that is updated more frequently than other searchers allows them to detect MEV opportunities before other searchers do. This allows them to extract MEV at a more frequent rate than their competitors. Searchers can also optimise their smart contracts for speed by writing them in lower-level languages like Rust that are closer to the low-level assembly code that the Ethereum Virtual Machine (EVM) operates on. Smart contracts written in high-level programming languages like solidity (a popular smart contract scripting language) are always translated into assembly code to be processed by the EVM. Searchers can choose to write smart contracts in assembly code itself, though the level of technical expertise required may substantially outweigh the increase in processing speed that it gives the searcher.
Strategy
As previously mentioned, searchers tend to specialise in one category of MEV, which means that their smart contracts are fine-tuned to maximise the MEV they capture in that one category. A smart contract written to capitalise on liquidations will look very different from one that looks to capitalise on a DEX arbitrage. As such, searchers usually benefit from specialising in one type of MEV and optimising their strategies for capturing it. Searchers may also choose to explore less popular MEV opportunities in order to face less competition from other searchers. In the case of a DEX arbitrage, a pool such as ETH/DAI across different exchanges may be saturated with other searchers looking for the same opportunities. It may be profitable for searchers to instead narrow their attention to much less popular token pairs for more lucrative MEV opportunities.
Gas Optimisation
When builders are elected to produce a block, they, at that moment, have full autonomy in controlling what the next network state will be provided that their block does not violate the rules of the protocol. The effects of MEV can be felt on either a user level or a protocol level. Different types of MEV can align or misalign the incentives of the block builder with those of the protocol. Here, we will explore the different types of MEV extraction techniques, some of which can be good or bad for users and the network itself.
Good MEV refers to the type of MEV that has a net positive impact on the health of a blockchain ecosystem. Though some users directly involved in this type of MEV may be negatively affected (as will be discussed below), the impact it has on the health of the ecosystem outweighs these negatives. Bad MEV referees to MEV have a net negative effect on both users and the ecosystem. These types of MEV aim to directly extract value from the hands of users and might, in some cases, disrupt the functionality of the protocol.
Gas golfing
Larger, and more complex smart contracts require more computation and therefore more gas to be deployed on-chain. It is therefore in a searcher’s best interest to optimise their smart contracts to achieve the same functionality while decreasing the gas costs incurred in its deployment. In addition to this, searchers can use addresses that start with multiple 0’s, an example address of which can be seen here. These types of addresses use less storage space on the blockchain and so have fewer gas costs associated with them when making transactions.
Gas tokens
One interesting property of the EVM is its provision of a gas refund when storage elements are deleted from smart contracts, or when smart contracts are deleted entirely. This gas refund can be up to half of the Gas costs of the transactions that execute it. The protocol does this to incentivise the liberation of storage space on the ever-growing blockchain.
Gas Tokens tokenise gas on the Ethereum blockchain by leveraging this concept to allow users to “buy” gas when it is cheap, and “sell” gas when it is expensive. To do this, users mint gas tokens when gas is cheap on the network, thereby initialising storage slots on the blockchain. By doing this, the user pays a relatively small amount of Ether for this gas. When the price of gas is high, these gas tokens are destroyed thereby freeing up space on the blockchain, which earns a user a refund for this. The total Etherdenominated value of the gas they receive must be higher than what they paid for this method to be viable.
Searchers leverage this by minting these gas tokens when gas is cheap, and by later including transactions that destroy the tokens in their MEV-extracting bundles. In doing so, they receive a gas refund thereby reducing their overhead costs in extracting the MEV. This allows them to bid higher gas prices and outcompete other searchers in extracting this MEV opportunity.
MEV in the future
The continued widespread adoption and use of applications built on smart-contract-enabled blockchains will only increase the amount of value emitted on-chain. Searchers will continue to capitalise on this and will exacerbate it in unfavourable examples such as sandwich trading. MEV can be seen as an inherent feature of smart contract-enabled blockchains, and so both protocol and network developers must take this into account when designing their systems. In subsequent reports, we will further explore the protocol-level effects of MEV as well as protocol-level and non-protocol-level mitigation techniques.