By Peter Kris and Gleb Urvanov
One year ago, we were attending a conference at the Technical University of Berlin and watching a panel discussion about the state of Ethereum. Gleb, our CTO, asked something that had been haunting him for a while:
“What prevents miners from replacing user transactions and frontrunning with their own?”
As much as it felt like an elephant in the room, the answer was: “Nothing. We can only hope that miners are honest and won’t do that.”
At the time, it wasn’t a palpable problem, but times have changed. Over the past year, the crypto sub-domain of Decentralized Finance (DeFi), has grown more popular and is on a continuing uptrend. With this rise in DeFi, users are increasingly relying on Decentralized Exchanges, lending protocols and other applications.
With this surge, we’ve also noticed an increasing number of attacks capitalizing on MEV — Miner Extractable Value. It was described in 2019, in a study that appeared at Cornell University’s Arxiv as an attempt of quantifying miners’ malicious actions. Miner Extractable Value refers to a miners’ predictable gains, at the economic loss of a user, through reordering block content in a way most favorable to them.
For practical reasons, we will use Miner Extractable Value terminology in other types of distributed systems, where miners are called block producers or validators (e.g. in Proof of Stake systems)
When interacting with smart contracts, users expose their actions on the blockchain by virtue of its public ledger nature. Miners are able to capitalize on this information through frontrunning, transaction reordering, or other mechanisms.
Miners most frequently capitalize on MEV through frontrunning.
When frontrunning, the miner is monitoring the incoming stream of transactions and is calculating what transactions will cause. Since blockchains are deterministic systems, the effect can be predicted even before the transaction is included in the block.
Example 1: The simple naive scenario is a BUY order that causes elevation of price. Miner can create his own BUY order and put it in front of the user’s order and capitalize on the opportunity of price elevation.
Let’s imagine reordering was not possible. In this case, a miner can still refuse to include a certain transaction into a block. Such action can still result in a similar effect as having a new transaction executed faster than the original one.
Example 2: some amount of tokens are waiting inside a smart contract to be claimed by anyone without specific rights or allowances. The first to claim these free monies will get them. Such situations may occur as a result of a mistake in the contract code, a user error, or may be created intentionally (e.g. for marketing purposes). As soon as a transaction claiming these tokens arrives in the shared memory pool, miners are able to identify the outcomes, and execute similar transactions by themselves. A similar doppelganger transaction with an altered beneficiary is issued and included in the block immediately, guaranteeing the miner will claim the tokens. It is not important whether the original transaction is rejected completely or included in the block after the doppelganger transaction — either way, the entire gain from the free monies, will be received by the issuer of the doppelganger transaction.
Thus, even though the miner has no control over transaction execution order, MEV is still possible due to miners’ power to selectively control which transactions are to be included in a block.
Two types of value extraction
To further hone in on MEV, we’ve identified two types of powers that make it possible. These powers are leading to two types of value extraction: Value extraction by Frontrunning (VEF) and Value extraction by Rejection (VER).
It is worth mentioning that not only block producers, but every participant with one of the powers mentioned above is able to perform value extraction. The ability to pay higher fees could very well be considered a limited power to control transaction order inside a block. In essence, every participant on the Ethereum network has such powers that make frontrunning possible.
However, participants with superior power to control execution order have the final word. If there is a block producer that has decided to extract value by frontrunning, no other frontrunner can extract the value for themselves, regardless of the fee amount. In other words, if every miner on the network performs VEF, attempts to frontrun transactions by paying a higher fee will fail.
Speaking of VER, we can imagine a transaction pool collecting transactions and further propagating them to miners or mining pools. Ethereum nodes not participating in the mining process are good examples of such transaction gateways. These nodes are checking transactions for validity, propagating valid transactions, and discarding invalid ones (which will not be included in a block by miners anyway). In order to perform VER, the node owner has to modify the validity check process to reject the transaction. If the token claiming transaction from our example arrives at the pool, it could be rejected and replaced immediately by the pool software. Thus, even though the pool does not participate in block creation, having the power to reject transactions made it able to extract value by rejection.
How is this solved?
Fundamentally, there are two ways to eliminate opportunities for miners to capitalize on MEV and make the blockchain fairer:
- No value to extract
Blockchains with Turing-complete smart contracts are hard to prove that some contracts can never cause MEV. Because everyone is free to design any application they want, some applications may introduce extractable value.
On the other hand, application-specific blockchains with limited feature sets could be designed with MEV prevention in mind. There will be no operation leading to value extraction in the code of such a blockchain. Thus, even if powers to control block content is provided to some group of participants (e.g. block producers), there will be no value to extract via both VEF and VER.
2. No way to extract the value
This could be achieved by preventing any network participant from being capable of reordering or rejecting. Without these powers, VEF and VER will become impossible. This is the way the Mangata team is currently exploring.
In addition to the two mechanisms of Value Extraction identified thus far, there could be other types of powers that lead to a new, yet unknown type of value extraction mechanism.
A few of these mechanisms may include consensus attacks, such as time-bandits attacks where miners are motivated to rewrite history to capitalize on past blocks or forking attacks where chain forks are more valuable due to MEV. The complexity of the attacks makes it unclear how these should be included in the classification — this is a job yet to be done. Regardless, every attack vector should be considered to protect both chain integrity and value.
With consensus level discussion, it opens up questions about how MEV prevention is affecting the overall safety or liveness of the system.
If we want to bring trust back to trustless blockchains (pun intended), we must seek solutions to minimize malicious attacks and increase equality for all blockchain participants.
Follow Mangata to stay in touch:
2 ways how big players can frontrun users on Ethereum was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.