In August 2020, Paradigm trader Dan Robinson tried to recover the liquidity tokens originally staked on Uniswap. For this reason, he deployed two contracts, setter and getter, and successively called the two contracts to recover liquidity tokens. However, its contract call was not successfully implemented in its entirety, and it was discovered by the attacker and took the lead. The attacker executed the contract he originally wanted to call. In the following month of the same year, Sam Sun discovered a contract vulnerability in lien finance, which could cause a huge loss of 25,000 ETH once attacked. The author tried to rescue lien finance from contract loopholes, but was worried about encountering Robinson’s similar problems. If the attacker discovers his rescue plan, the attacker will be able to discover the vulnerability, execute the attack and take away 25,000 ETH on the platform.
For this reason, despite the sudden incident of the rescue operation, Sam contacted many people, and with the help of Spark Mine, he finally avoided the attacker’s monitoring and attack, and successfully implemented the vulnerability repair. In this event, Xinghuo Mining Pool puts the executed transaction into its private mempool to prevent it from being monitored by attackers on the chain. And this is also the fundamental reason that determines the success or failure of the two events.
These two events revealed the fact that the current blockchain is a dark forest. In fact, there are a group of arbitrage robots/attackers waiting for opportunities in the dark forest formed by the blockchain node network. All pending transactions waiting to be packaged are exposed in the dark forest in the waiting pool (Mempool). Attackers can view and track every transaction, every internal contract call, and every instruction, and perform the most common rush and sandwich attacks on these transactions.
We believe that the essential reason for the on-chain attack lies in the design of the blockchain.
The first is the mempool design of the blockchain. After all transactions are sent out, they are not directly packaged by the miners, but need to enter the mempool temporarily. The mempool contains pending transactions, and because the mempool is public, anyone can monitor every transaction and every function called in the mempool. This provides the attacker with conditions to monitor transaction events.
Secondly, the block generation time of the blockchain provides execution time for the attacker. According to Etherscan data, the current average block generation time of Ethereum is 13s.
Ethereum average block time, source: Etherscan
In the article “Flashboy 2.0” in 2019, the concept of miner-extractable value (MEV: Miner-extractable value) was first mentioned: it means that miners can include, reorder, insert, or Ignore the extra profit gained from trading. After the development of the blockchain in the past two years and the advancement of the research process of activities on the chain, the current MEV has been extended to the most extractable value (Most extractable value).
Participants in the current MEV predatory war include both non-miners and miners. Non-miners mainly refer to robots such as arbitrage/clearing. Miners refer to individuals who are responsible for selecting transactions and packaging them on the chain. The power of miners is unmatched by non-miners. We have summarized the following chart to show the relevant characteristics of existing MEV plunder.
MEV solutions still have extractable and erasable types
At present, how to solve the problem of MEV plunder and protect the interests of ordinary traders has become a topic of research and development in this field of MEV. At present, there are two main attitudes. One is to recognize the inevitable existence of MEV and solve the current dilemma through extraction, and the other is to obliterate or reduce MEV from the source of the transaction. Based on this, this report discusses the existing MEV solutions based on two ideas: MEV extraction and MEV elimination.
Solution for extracting MEV
Judging from the current research results, there are currently three types of methods for extracting MEV solutions:
Private transactions: By storing transactions in a private mempool, instead of a public mempool, to avoid the interception of attackers.
FRaaS: FRaaS (Front-running as a Service) protects the interests of traders by extracting the MEV of the transaction and redistributing profits. At the same time, miners will give up the attack due to bounty incentives.
MEV Auction: Separate the miners’ power to select transactions and the power to sort transactions. The miners still retain the power to select transactions, while the power to sort transactions is auctioned to a third party through auction.
As mentioned earlier, transactions are waiting to be packaged by miners in mempool, and they also face the risk of being monitored and attacked. Therefore, some protocols hope to bypass the public mempool and make transactions queue up in the private mempool for packaging, so that they cannot be broadcast to other nodes.
The protocols that provide such services currently include 1inch Stealth Transactions, Tai Chi Network and bloXroute.
1inch Stealth Transactions is currently only available on the 1inch wallet ios client. At present, this method faces that the transaction may be packaged into the uncle block and thus be made public.
Tai Chi Network was founded by Xinghuo Mining Pool. Users can directly send transactions to the privacy pool of Xinghuo Mining Pool through the interface provided by Tai Chi Network. Since Spark Pool does not broadcast this transaction online, the status of this transaction cannot be seen on Etherscan before the sent transaction is officially confirmed.
bloXroute provides private communication functions, allowing transactions to reach miners directly without being exposed.
bloXroute’s BDN (blockchain distribution network) links blockchain nodes with BDN through its own gateway software. The gateway software and blockchain nodes first translate the information from the blockchain into the BDN. Then, in the second layer, it will perform block compression. By greatly reducing the block size, it can then be sent/transmitted more efficiently in the Blockchain Distribution Network (BDN).
MEV Auction first appeared in early 2020 and was proposed by Karl Floersch. Karl Floersch is the CTO of Optimism, an L2 project. MEVA has become a good anti-MEV method that fits Optimism.
When talking about MEVA, it is necessary to first explain the two major powers that miners have as the biggest winners in the MEV predatory battle. The MEVA mechanism technically splits the two powers of the miner: the miner retains the original transaction selection power, but after the selection, the miner cannot sort the transaction, and a role named Sequencer sorts the transaction selected by the miner. . The miner selects the only Sequencer through the auction process.
In the Optimism L2 system, the roles of miners (transaction sequencing and block verification) are divided into two parts. Sequencers manage transaction sequencing, and Validators add it to the Optimism L2 blockchain. This solution fits Layer 2 because Sequencer already exists on the L2 architecture. The transaction is submitted to the “Sequencer” sequencer, which generates a signed receipt that guarantees the execution and ordering of the transaction.
However, there are still problems with the MEVA approach:
There is collusion between Sequencers and Sequencer’s own evil, causing artificially lower auction prices. In response to this problem, the current solution is to develop an open source sequencer software to increase the ease for users to participate in sequencer bidding activities.
It is impossible to completely avoid miners while still retaining two powers: the sequencer can set up a mining pool by itself.
Front-running as a Service refers to solving MEV problems by extracting MEV and redistributing profits. This method essentially compensates traders and profitable miners and attackers, so that multiple parties can achieve cooperation and create a win-win situation. In the FRaaS solution, the attacker becomes a searcher, and the searcher is responsible for searching for the MEV that may appear in the transaction, and completes the MEV extraction through a certain strategy. At present, there are many protocols adopting this anti-MEV method, and it is currently a more popular method to solve MEV.
Flashbots is a research and development platform dedicated to MEV. Currently, there are three main vertical businesses:
Flashbots Auction: A private communication channel between miners and searchers.
Flashbots Data: detect MEV data; the current specific products are MEV-Explore and Dashboard. The former currently captures and covers 8 major defi protocols. Flashbots research. : An open, transparent and cooperative research platform to solve short-term and long-term research issues related to MEV.
Flashbots Auction consists of: MEV-Geth and MEV-Relay. The former is a go-ethereum Ethereum node client, and the latter is a transaction bundle relay.
Three main roles: searcher, relay, and miner. The information transmitted between the three is the Flashbots Bundle transaction. Each bundle transaction includes a transaction list (indicating that the sender wants to pack multiple consecutive transactions on the chain, including transactions such as first run/tail), block height, and minimum timeout Time, maximum timeout time.
At present, Flashbots searchers can be divided into three types of people: arbitrage, liquidation robots, traders looking for defense against running away, and Ethereum Dapps such as mistX. Searchers directly submit bundles to relays to ensure that the transaction is not discovered by other nodes in the network.
The sender needs to pay a certain tip to the miner when sending the transaction. This tip is not realized by the gas fee payment method, but through the coinbase transaction to pay the block producer (ie the mining pool) ETH as a commission. This payment method ensures that even if the transaction fails, there is no need to pay the cost, but this method has potential attacks.
Collect bundles from searchers and send them to miners. In this process, the relayers themselves may also become attackers, so here you need to trust the relayers to act honestly.
In addition to privately transmitting bundle transactions, relayers also have the function of mitigating DOS threats. Since searchers send invalid bundles at zero cost, it is possible that searchers can submit bundles at will, which provides them with the ability to use invalid bundles to send spam to the network, thereby forming a denial of service attack on other network participants. Since Ethereum nodes are unable to handle this level of load on their own, repeaters have become a means of mitigating this DOS threat.
The mine worker is the ultimate person who receives the bundle transaction and accesses the Flashbots network by running the MEV-Geth client.
Miners can only pack one bundle transaction per block, so in order to maximize their own interests, miners will choose the bundle transaction with the highest tip paid by searchers. It is reported that Flashbots currently has plans to develop multiple bundles in one block.
Likewise, the miners cannot be fully trusted here. After the miners are exposed to the contents of the bundle, they can parse the transaction, and perform MEV extraction by reordering or adding transactions.
ArcherDAO has two independent products: Archer Relay and Archer Swap. However, both products have anti-MEV features.
Archer Relay is compatible with the MEV-Geth client, allowing users to participate in the Flashbots ecosystem as a searcher.
Archer Swap appears in the form of an early-end transaction interface, allowing users to directly submit token transactions. Backrunning bots in the Archer Relay network will perform MEV search, extraction, and bundling of transactions generated on Archer Swap, and send them to miners through Flashbots+Archer relayer.
ArcherDAO utilizes the technology of Flashbots to complete anti-MEV, but it is still different from Flashbots. ArcherDAO’s products clarify the roles of searchers and traders. Archer Relay forwards bundle transactions for searchers. The task of searchers here is to search for MEV extraction opportunities in each DEX. Archer Swap is aimed at traders seeking MEV defense, and this trader conducts transactions on Archer Swap. The differentiation of the roles of searchers and traders is reflected in the fact that Archer Relay searchers cannot access transactions published through Archer Swap, only the backrunning bots inside ArcherDAO can.
Secondly, it is different from the mining pool partners: ArcherDAO has clearly reached cooperation with 2miners and Ezil; Flashbots’ March report stated that it has cooperated with 12 mining pools.
mistX by alchemist
Alchemist started with a twitter posted by @thegostep in February. There is no development team, no roadmap, and it is completely driven by the community. @thegostep is active in the blockchain field, is one of the core developers of Ethereum and Ampleforth, and also participated in Flashbots. The alchemist team has 5 core projects in progress: Crucible, Copper, mistX, sandwitched query and Crucible NFT Design.
mistX also uses Flashbots technology, which protects that transactions initiated by users will not be sent to the public mempool, but bundles will enter the Flashbot system together. In addition, the sandwiched.wtf query tool developed by the team can be used to query whether a smart contract account has been subjected to a sandwich attack.
The overall KeeperDAO project is divided into three main business lines: Hiding Game, Coordination Game and Incentive Game. These three businesses solve three problems respectively: Hiding Game solves the MEV problems in existing transactions and clearing issues, Coordination Game mainly encourages cooperation between keepers, and Incentive Game mainly focuses on $ROOK and platform governance issues. These three businesses are combined in an organic way to support each other.
KeeperDAO also believes that due to the inevitable slippage of swap, an attacker can attack by running/tailing the transaction, causing losses to traders. And because the transaction is exposed in the mempool, it is easy to cause multi-party competition or “bidding” between the two parties, triggering a gas war.
For these two situations, KeeperDAO believes that traders can cooperate with Keepers. The main process is that the trader first submits the transaction to KeeperDAO, and the Keeper in KeeperDAO analyzes the transaction and judges whether it can gain profits through the first run/tail strategy. If there is a profit that can be obtained from this transaction, the keeper will execute the transaction according to the transaction sequence pre-defined by the platform to obtain the profit. The benefits obtained need to be returned to the project platform, which will be aggregated and distributed daily by the project.
For traders, they get a better price in the transaction, because the trader’s trading slippage can be offset by the $ROOK minted on the platform. It can be seen that the cooperation between traders and keepers has brought a win-win situation.
In the entire transaction system, KeeperDAO will sort every 100 blocks, and the sort result determines the transaction order of existing Keepers. Due to sequential transactions, keepers avoid the trouble of gas war. However, Keepers within KeeperDAO still need to compete with traders outside of KeeperDAO.
BackRunMe by bloXroute-MEV’s benefit distribution
In addition to the aforementioned private transactions, bloXroute also uses the feature of DEX transaction slippage to develop a transaction design for MEV.
The specific implementation process is as follows:
bloXroute sends metadata to the searcher, and the searcher executes the backrun transaction.
The searcher will create and send bundles based on the transaction, and bloXroute will detect the searcher’s reply.
bloXroute uses private communication to send backrunning MEV bundles with the highest revenue to pools.
Of course, if the searcher finds that there is no opportunity for backrun, the transaction will become an ordinary private transaction and sent to the miners.
This project allows any Ethereum user to propose the entire block to the miner, and each block is accompanied by a certain reward. If it is successfully packaged on the chain, the reward will be paid to the miner. Therefore, in order to maximize their own interests, miners will choose the block with the highest reward. Unlike the previous protocols, this protocol targets the next block, not a certain transaction.
As shown in the figure below, the project regards the next block in the competition as the order market DEX, and each user can submit a block for packaging, here is the order object, which constitutes the block order market DEX. The cost paid by the user is the reward bounty paid by the user attached to each block order, and the miners select the block order with the highest reward bounty from this block order market. Once the transaction is completed, the miner packs the block order provided by the user on the chain, and at the same time obtains the reward bounty paid by the user.
This agreement is aimed at the sushiswap project. Users send transactions to YCabal to generate arbitrage opportunities such as slippage, and then miners will perform the first run/back run strategy.
Advantages and disadvantages of extracting MEV solutions
This type of camp believes that MEV is generated by users and is an inevitable characteristic of on-chain transactions. Based on this, the camp’s plan adopts an acceptance attitude towards MEV to protect users. At present, there are three types of agreements in this camp, and the three types of schemes have their own characteristics: the private transaction scheme protects the user’s MEV from being extracted by bypassing the public mempool and bypassing public monitoring; MEVA technically divides the power of miners to protect the rights of users; FRaaS Then, MEV extraction is used as a service and profit is divided to achieve a win-win situation.
Solution to eliminate MEV
The emergence of MEV embodies the product of the privileged class of miners who use the privileges of the block to carry out power rent-seeking. The MEV extraction solution introduced in the previous article covers more than 10 agreements. Because these agreements believe that MEV is inevitable, they adopt an attitude of embracing MEV to solve existing MEV problems. If this camp is described as a dovish faction, another faction thinks MEV as a hawk Can be eliminated. This part of this article will explain how hawkish developers choose to use a variety of methods to minimize or even eliminate the space for power rent-seeking.
How to minimize or prevent MEV from appearing? The so-called miner extractable value (MEV) refers to a measure of the profit obtained by miners (or verifiers, sequencers, etc.) through the ability to arbitrarily include, exclude, or reorder transactions in the blocks they produce. Therefore, the anti-MEV protocols currently on the market try to take measures when the transaction is submitted to the mining pool. At present, the following four methods have been summarized:
New trading model
Chainlink solution – without changing the L1 main chain, submit the transaction queue information and oracle report to the oracle, generate the serial number and the Nonce value, and broadcast it on the oracle network. At the same time, the oracle can monitor the message pool and actively obtain the transaction queue. Subsequent smart contracts can obtain the correct sequence from the oracle.
The LibSubmarine scheme-smart contracts on the chain to protect the privacy of transaction information to avoid being discovered by arbitrageurs.
Veedo plan – use VDF (time delay function), use time lock to delay transaction information for a period of time, and then make it public. Arbitrageurs cannot obtain arbitrage space in time.
Automata solution-The transaction queue uses encrypted middleware services to generate a unique signature based on the current transaction queue. Miners cannot insert new transactions into the transaction queue, otherwise the signature will change. At this time, when Dex receives the transaction queue, it can recognize the signature change and reject the transaction.
Arbitrum scheme-some schemes feel that they cannot completely prevent the emergence of MEV, and try to prevent the emergence of MEV as much as possible. The transaction is aggregated and packaged in the CallData of the smart contract, so that L1 cannot modify the transaction. At the L2 level, the settlement of the transaction is completed within the shortest 15-minute window. The entire process minimizes the appearance of MEV.
Vega Protocol scheme-to establish a brand new main chain, at the level of the chain itself, within a unit of time, the transaction that is first broadcast and known most by the node will be executed first. “If there is a time t, all honest verifiers will be If you see a before t and b after t, then a must be arranged before b”.
Sikka scheme – As a privacy middleware, it encrypts transaction information and its own message pool. After the transaction is packaged and verified by 2/3 nodes, it is made public.
Shutter Network solution – Use the DKG distributed key generation service to encrypt before the transaction is sent, and after passing through the miner message pool, confirm that it is packaged in the block, and then decrypt the transaction information.
New trading model
CowSwap program – two people hold the assets they want at the same time, and they can directly match the transaction without the need for market makers or liquidity providers to match transactions. In this way, the best price can be brought to individual traders, and the commissions incurred by market makers or liquidity providers can be exempted. CowSwap allows users to directly trade using CoW. Orders that cannot be settled through CoW are directly matched to transactions through automatic market makers (AMM). If there is a CoW order in the batch auction order. After the small orders are fully matched, the remaining orders that have not been matched by CoW will be handed over to the liquidity market integrated by CowSwap for matching. The entire order settlement price is based on the remaining order price obtained through external liquidity.
Eliminate MEV plan/protocol comparison:
Eliminate the advantages and disadvantages of MEV solutions
Regardless of whether it is a miner, a verification node, or a sequencer, they are all privileged roles. To eliminate the emergence of MEV in the following ways, there will be more or less advantages and disadvantages.
Use the L2 third-party notary organization to publicize and mark the determined transaction sequence on the entire network. The greater the degree of publicity, the harder it is to be tampered with. However, different DeFi protocols are required to support the notarization result and cooperate.
Encrypting transaction information allows information that is easily arbitrage hidden in the dark forest, making it impossible for arbitrageurs to track it. However, the resource consumption caused by the encryption and decryption of information, which leads to the loss of transaction experience, is also a factor that needs to be considered.
The new trading model, the paradigm shift in the model, but needs to go through the market to test whether it can be successful.
After more than ten years of development, the blockchain has become more mature and complex, and as a result, more and more systemic problems have arisen, such as the MEV problem roughly discussed in this article. As described in Paradigm’s “MEV and Me” article, compared to the earliest Bitcoin, the later Ethereum has a much higher MEV than Bitcoin due to the high complexity of its application layer behavior.
At present, the MEV captured by Flashbots only covers 8 protocols, and the MEV identified on each protocol is also limited to the types that can be extracted by running first/running later/sandwich.
Flashbots has deepened users’ understanding of the blockchain through the study of the MEV phenomenon. Users begin to understand the risk-return structure corresponding to their behavior on the blockchain, and on the contrary, through the development and improvement of the agreement, the blockchain has more real use value.
This article roughly discusses the various MEV-specific solutions available on the market, and summarizes them into two camps. First, the extractable MEV aims to achieve a fair distribution of power, but it is difficult to avoid the situation that the dragon slayer will eventually become an evil dragon. The second is the MEV erasable type, which tells that no matter how to sneak in the dark forest and transfer power again, it is better to use encryption to realize the cross-dimensional compression of power rent-seeking space.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/comprehensively-sort-out-eight-options-for-anti-mev/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.