What is MEV in crypto?

MEV (Miner Extractable Value) is deemed both a problem and a feature of blockchains. Here’s our guide to understanding and dealing with it.

What is MEV in crypto?

Table of Contents:

The term MEV stands for Miner Extractable Value, lately referred to as Maximum Extractable Value or Maximal Extractable Value (MEV in all cases). It is a measure of the profit a miner (or validator, sequencer, etc.) can make through their ability to arbitrarily include, exclude, or re-order transactions within the blocks they produce on a smart-contract enabled blockchain network.

What is MEV (Miner Extractable Value)?

Simply put, MEV is a dynamic that allows miners to maximize their profit by determining the order of pending transactions on a blockchain network to their advantage. This includes arbitrarily reordering, including, or excluding pending transactions within a block at the expense of users.

The term Miner Extractable Value was first coined in 2019 by a team of researchers highlighting the issue by publishing a paper called Flash Boys 2.0. Interestingly, the problem of MEV was first identified even earlier by a Reddit user in 2014 who raised the issue of ‘miner front-running’ given that all transactions are public on the Ethereum network. Interestingly enough, due to how much MEV is connected to Ethereum, there will be significant changes on how MEV occurs on-chain after The Merge, the long awaited transition from a proof-of-work protocol to a much more efficient proof-of-stake setup.

Subsequently, the concept of Miner Extractable Value and the problems surrounding it gained notoriety after the research team of a Web3 investment firm, Paradigm, dove into them. Head of Research at Paradigm, Dan Robinson, published the article Ethereum is a Dark Forest, in 2020. In it, Robinson states that some issues to capture MEV, such as front-running bots, potentially incentivize miners to reorder and submit transactions in their mempools for their benefit.

Despite the original term being Miner Extractable Value, the term Maximal Extractable Value is becoming progressively more popular. This is because it applies to validators in proof-of-stake (PoS) and other types of networks as well, and is not simply restricted to miners in proof-of-work (PoW) blockchains.

Total MEV on the Ethereum network since 2020. (Source)

Today, MEV is one of Ethereum’s biggest issues, with more than $663 million worth of value extracted from users since 2020. This shows that it's not merely a minor issue, but a significant problem occurring at a massive scale and a matter of concern for Ethereum users.

Let’s look at the different types of extractions, examples, and effects of Miner Extractable Value, as well as the measures users can take to mitigate its effects.

Types of Miner Extractable Value

Today, users suffer the economic effects of MEV in more than one form. Terms like gas golfing and generalized front-runners often occupy crypto headlines. However, before we venture into discussing the various types of MEV, let’s first examine the theory behind it and how it impacts miners and validators.

As we have stated, Miner Extractable Value allows miners and validators to profit from re-ordering transactions, as they have access to confirming blocks. Despite this, a good portion of MEV is performed by autonomous network partakers called searchers.

Searchers are users (not necessarily miners) that handle intricate algorithms in the blockchain ecosystem. These algorithms are then used to detect available profitable MEV opportunities. Searchers make use of bots to automate the submission of profitable transactions to the network. Since searchers have a “secure” profit opportunity, they are able to pay high gas fees, incentivizing miners and validators to accept their proposed order of transactions.

Below are the different types of extractions that take place as forms of MEV.

Gas golfing

Gas golfing is the process of optimizing the existing functionalities of smart contracts in a way that minimizes the amount of gas involved. This involves programming transactions in a way that takes advantage of contracts’ design to use the least possible gas.

Gas golfing gives a competitive advantage to searchers, as it allows them to set higher gas prices while keeping their total gas fees constant (since gas fees = gas price*gas used).

To understand the concept of gas golfing, one must understand the cost of storage in a decentralized network. Unlike data centralized in servers, blockchain data is not stored in just one place but on tens of thousands of disks distributed across the globe. Furthermore, data has to be readily available to every node in the network if a future transaction comes along to access or change it. Because of this, the cost of data access is charged by the network in the form of gas fees.

Gas golfers use techniques such as:

  • Saving data space within transaction code whenever they can.
  • Only storing data when it is really required.
  • Keeping a check on how many times a function is accessing or changing storage.

Other gas golfing techniques involve using addresses that start with a long string of zeroes, as they take less storage space. Another involves leaving small ERC-20 token balances in contracts to re-use them, since it costs more gas to initialize a storage slot than to update one (SSTORE vs SLOAD).

It’s worth noting that SSTORE (to store data in a storage slot) and SLOAD (to load data from the slot into memory) are some of the most expensive opcodes on EVM in terms of gas fees.

Generalized front-running: What is front-running and why it’s so common

Unlike gas golfing, front-running doesn’t deal with optimizing smart contracts to detect profitable MEV opportunities. Instead, it involves keeping an eye on unconfirmed or pending transactions, looking for profitable trades, and then front-running the original transactions by submitting them with higher gas fees.

By effectively executing a winning trade first, front-runners secure a profit at the expense of the original honest trader. Front-running bots that use specific algorithms and parameters to identify transactions before they happen are called generalized front-runners.

Let’s illustrate this with an example.

Imagine a trader finds an arbitrage opportunity. As it turns out, there’s a price difference for a certain coin between Uniswap and Sushiswap. Let’s say wBTC/USDC is $20,904 in one and $20,916 in the other. To profit from this opportunity, the trader has to initiate a transaction to buy the asset for a lower price on Uniswap and then sell it at a higher price on Sushiswap. Once the trader initiates the transaction, it will have to wait in the mempool (the pool of pending transactions) to be picked by a miner and get executed.

However, what our trader doesn’t know is that this opens up a window for a front-runner bot to sweep in. The bot would detect the transaction while it’s waiting to be executed, copy it, add in higher gas fees, and have its transaction executed beforehand. This will effectively rob the trader of her arbitrage opportunity, profiting at her intellectual, monetary, and creative expense.

Back-running

Similar to front-running, back-running involves the monitoring of a mempool to execute a transaction immediately after a target (the chosen pending transaction) is done. To achieve this, MEV searchers employ back-running bots eavesdropping on big transactions that often results in an imbalance in an AMM pool and in heavy price slippage.

The back-running bot then executes an opposite trade on the same pool to maximize its owner’s profit. In other words, back-running works by leveraging the price difference caused by an original transaction.

Back-running bots also monitor mempools for new token pair listings and place transactions to immediately scoop the initial liquidity by buying a large quantity of one token from the pair. This subsequently increases the price of a token, creating FOMO among other traders and pushing the price even higher. The bot then sells the token at a higher price maximizing the searcher’s profit, wrecking small buyers on its way out.

Sandwich attack

Sandwich attacks deal combine both front-running and back-running strategies. They are particularly useful in decentralized exchanges (such as Uniswap) that utilize an AMM concept. As you saw in the back-running example, the price of an asset can substantially increase or decrease with a single big trade under this model.

Illustration of a sandwich attack for a given token. (Source)

MEV extractors leverage AMMs for a profit by monitoring the mempool for large transactions and sandwiching them. To do so, they simultaneously front-run and back-run them.

For example, let’s say a victim wants to swap a large amount of ETH for an obscure altcoin on Uniswap. Once the MEV searcher sees this transaction in mempool, it can front-run the victim’s transaction by executing the same transaction prior to the victim's transaction.

As the searcher’s transaction hits, it will invariably result in price slippage, which will subsequently increase the price of the altcoin within the pool. This, in turn, will make the victim pay substantially more per coin than they originally expected. To complete the job, once the victim’s transaction is executed, the searcher can then swap its altcoins back to ETH at the original trader’s expense, back-running to make a profit.

Time bandit attacks

Another form of MEV attack is the so-called time bandit attack. As you will see, these are perhaps the most worrying types of attacks, as they could destabilize the consensus and trust in a network.

Time bandit attacks involve the re-mining of blocks in order to maximize profits. An opportunity for a time bandit attack might occur when block rewards are small enough compared to MEV. This incentivizes miners to destabilize the consensus to reap the maximum profits.

For example, let’s say the highest block of a blockchain network is numbered #B10 and its block reward is $100. Incidentally, a miner notices an MEV opportunity worth $1000 on block number #B7. This opportunity might incentivize the said miner to remine the #B7 block and all subsequent blocks to reap the MEV rewards while adhering to the longest-chain rule.

As you can imagine, this is unlikely to happen in big chains without a certain degree of collusion between several miners. However, block re-mining is still a problem in novel chains and could become more prominent as mining power progressively centralizes.

Uncle attacks

Another peculiar kind of attack is uncle attacks. Uncle attacks can bypass and perform MEV even from bundled transactions, a common defense tactic that consists of sending transactions in batches. To understand how uncle attacks work, we need to first understand bundled transactions.

Flashbots is a research organization that democratizes access to MEV (a controversial take that we’ll address below) by creating an off-chain MEV auction marketplace. This is called front-running as a service (FaaS). Once Flashbots’ auctions conclude, a batch of front-running transactions is bundled together to avoid getting front-run by other searchers (in other words, out-speeding front-runners). Bundled transactions must be included in the order submitted, and either the whole bundle is included, or nothing is. They are also not allowed to split.

However, there are cases in which a bundle of such transactions is mined on an uncle block. In Ethereum, occasionally two blocks can be mined at roughly the same time, with only one of them being allowed into the chain. The block that gets discarded is then called an "uncle" or “orphan”. Transactions that get written into uncle blocks then create a small window of opportunity for an attack.

When bundled transactions are mined into an uncle block, they’re open for everyone to see. In this case, an attacker can select transactions from the bundle to front-run or back-run them. This also shows that attacks extend beyond the mempool and into uncled blocks as well.

Effects of Miner Extractable Value – the good, the bad, and the ugly

Surprisingly, there are numerous arguments for MEV and its role in the blockchain ecosystem.

Let’s start out with the side that believes MEV is unsolvable and inevitable before we look into the negatives.

The good side of MEV

This side argues that the crypto community should be building the tools to democratize access to MEV instead of trying to solve it.

The proponents of MEV believe that it ensures the usefulness of DeFi projects such as lending protocols, enabling them to speedy and smooth liquidation processes. The proponents argue that MEV extractors are rational actors seeking and fixing economic inefficiencies of DeFi protocols making them robust.

A group of researchers belonging to the proponents camps have built an organization called Flashbots working on mitigating the negative externalities of current MEV extraction techniques. Flashbots has built a product called MEV-Geth, which offers front-running as a service with a primary focus on enabling a permissionless, transparent, open-source infrastructure and fair ecosystem for its extraction.

The proponents argue that offering front-running as a service (FaaS) makes up for the miners’ lost revenue caused by Ethereum’s EIP-1559 fee-burning update. Hence, it indirectly increases Ethereum’s security by incentivizing miners to compete for MEV with higher hash power.

The bad

On other hand, there are obvious reasons for MEV causing a worse experience for users. Particularly, it causes more expensive transactions and revenue loss.

For example, at the application layer, front-running and sandwich attacks are causing users millions of dollars worth of losses in terms of increased price slippage and lost arbitrage opportunities. In the 30 days before publishing this article, MEV searchers and miners have extracted over $28 million from Ethereum users.

The existence of front-running bots makes arbitrage trading an unwinnable game for amateur traders. This especially hurts the proposed functionality of DeFi protocols that rely on third-party arbitrage to function properly. The presence of bots creates an unfavorable environment for real arbitrageurs to participate in such protocols, which in turn is detrimental to the protocol’s security.

Additionally, at a network level, generalized front-runners compete against each other by increasing gas fees. This often results in network congestion and high transaction fees. Network users (and the network itself, which turns inefficient and costly) suffer as a consequence.

The ugly

There are also arguments put forth claiming that it worsens the network itself at a protocol level. For example, for any given block, if MEV rewards are larger than block rewards, this might incentivize miners to remine blocks to capture MEV, destabilizing the network’s consensus.

Depending on who you ask, allowing miners to reorganize and reorder the transactions in blocks for profit might be seen as breaking the entire premise of blockchains being a secure, immutable, and permissionless technology. It also makes miners’ take an active role in influencing transactions and balances, as opposed to being neutral parties competing for a different set of benefits. In fact, we encourage you to think about what may happen when miners decide it’s worth their time to utilize their mining privileges to conduct MEV themselves.

Mitigating Miner Extractable Value

We have looked into the bad and ugly sides of MEV and considered the millions of dollars lost due to MEV extractions. It is now crucial to close this article by discussing how to mitigate or minimize the effects of MEV.

The crypto ecosystem as a whole is actively discussing and working on solutions to mitigate or at least minimize MEV’s effects. Numerous solutions have been proposed from both camps – those who believe MEV is inevitable and access to it should be democratized, and those who are trying to prevent it.

Let’s have a look at the solutions both camps propose.

MEV democratization, Flashbots, and more

In the “proponent” camp, several organizations such as Flashbots (see above) aim to democratize MEV extraction through a sealed-bid block space auction mechanism. This auction mechanism creates a parallel private relay to reduce mempool bidding wars, failed transactions bloating the blockchain, and overall gas costs for users.
Flashbots is an open-source effort that aims to make high-end value extraction code available to all miners.

Meanwhile, Optimism has led a movement that proposes MEV Auction (MEVA) to minimize the effects of MEV on network traffic. With MEVA, an auction is created in which the winner has the right to reorder submitted transactions and insert their own, as long as they do not delay any specific transaction by more than N blocks.

Against Miner Extractable Value (MEV)

On the other side, those who believe that MEV is bad and should be minimized have built a couple of solutions as well.

Arbitrum, a Layer-2 solution for Ethereum, has openly positioned itself against MEV and FaaS. To mitigate MEV, Arbitrum has proposed a solution to avoid reordering of transactions by having no sequencer on Layer-2 chains.

As per Arbitrum, a chain can be created in which no permissioned entities have sequencing rights. Ordering then is to be determined entirely by inbox contracts. A Layer-2 chain without sequencers might lose the ability to get lower latency than its Layer-1 chain but, without any party involved in the Layer-2 (including Arbitrum validators) having a say in transaction ordering, MEV cannot enter the picture.

Well-known oracle network Chainlink has also built a solution to avoid the reordering of transactions called Fair Sequencing Service. The idea behind FSS is to have an oracle network order the transactions sent to a particular contract, including both user transactions and oracle reports. Through FSS, oracle nodes ingest transactions and then reach consensus on their ordering, rather than allowing a single leader to dictate it.

Another approach is that of Taichi Network (now defunct) or bloXroute, which allows users to send private transactions directly to a mining pool, bypassing the public mempool. This eliminates the attack surface within the mempools (where, as we have established, transactions are public and can be monitored by MEV bots).

A diagram showing how Taichi Network enables users to avoid getting front-runned. (Source)

Conclusion: Miner Extraction Value is not going away soon.

It is a well-established fact that MEV problems, as they stand, are quite serious in nature, and need to be addressed or minimized at least. Even though there are conflicts about the good and bad sides of MEV, both sides are actively working on various solutions. The ones we covered are just the tip of the iceberg –the MEV wiki and other sources offer a comprehensive list for those interested in knowing more about the MEV ecosystem.

At Panther, we're building privacy-centric solutions with an emphasis on users' privacy and autonomy. As such, MEV as a problem is deeply relevant to our research and interests. Panther is an integral part of the Private Finance ecosystem, enabling users to navigate the world of DeFi applications with full control of who sees their data. We're also working hard to foster fairness in the blockchain ecosystem to mitigate data-privacy issues.

Check out the Panther blog and subscribe to our newsletter to read more about what Panther stands for and how it aims to achieve it. You can also visit the Panther Academy for more information related to Web3, data privacy, and DeFi.

About Panther

Panther is a decentralized protocol that enables interoperable privacy in DeFi using zero-knowledge proofs.

Users can mint fully-collateralized, composable tokens called zAssets, which can be used to execute private, trusted DeFi transactions across multiple blockchains.

Panther helps investors protect their personal financial data and trading strategies, and provides financial institutions with a clear path to compliantly participate in DeFi.

Stay connected: Telegram | Twitter | LinkedIn | Website

Share this article on: