Living with MEV: a survey of MEV and its treatments
With the blossom of DeFi applications and NFT artworks, Ethereum has been filled with complex transaction compositions, various arbitrage opportunities, and co-occurring traffic load. The hefty use of Ethereum stimulates ecosystem development on the one hand and brings unexpected problems on the other. Among these issues, MEV is tricky but appealing because it is highly related to the underlying consensus protocol of blockchain. ARPA continues to research these fundamental topics from a privacy perspective and tries to figure out how cryptography may help crypto.
The notion of miner extractable value (MEV) was first mentioned by an academic paper in early 2019. It is more like a general term than a concrete definition. Any profitable opportunity caused by arbitrarily including, excluding or re-ordering transactions within blocks can be classified as MEV. From our point of view, MEV is highly related to the consensus protocol and system design of Ethereum, which implies that the issue will accompany the users and impact the on-chain product development for a long time. Even EIP-1559 and ETH 2.0 will not eliminate the problem within a short period. The specific reasons behind this may include the following.
- Public mempool and waiting periods. Due to the underlying asynchronous and decentralized nature of Ethereum, it collects transactions through a global public mempool and waits for the next block. These transactions in plain text reveal the intentions to everyone and will attract others to front-run.
- Ranking fairness. For Byzantine fault tolerance consensus, the ordering of transactions within a block is not a concern at the very beginning. Unlike Bitcoin, Ethereum will sequentially execute the transactions, which will make the front-run, back-run, and sandwich attack possible.
- Atomic execution. The smart contract enables the atomic execution of many trades in a bundle within a single transaction. Previous trades can be reverted if any trade in this bundle fails. The all-or-nothing failure model facilitates arbitrageurs to generate guaranteed revenue in an opportunity.
Considering the complexity of Ethereum applications, MEV is presented in various forms. In general, they can be categorized into three kinds, the good, the bad, and the ugly. The good MEV can be seen as a part of the market mechanism, for example, mitigating the price gap across different DEXes or liquidating under-collateral lending positions. The bad MEV, on the contrary, harms the market operation. The most concerning example is sandwich trading which causes unexpected price slippage. Meanwhile, the priority gas auction (PGA) to capture MEV raises the gas price, which certainly influences all users on Ethereum and aggravates the traffic burden. Last but not least, the ugly MEV will threaten the fundamental security and consensus of the Ethereum. In the publication that first mentioned MEV, it pointed out that with a considerable amount of extractable value, miners will deviate from the protocol and revert or fork the blockchain. These kinds of actions are called time-bandit attacks and fee-based forking attacks.
To mitigate the problems raised by MEV, multiple solutions have been developed. One way is to gather a majority of miners and arbitrageurs and gain MEV peacefully and democratically, like Flashbots and KeeperDao. They attract miners to join the community by distributing MEV captured among them. The arbitrageurs taking part can obtain rewards by providing possible MEV proposals. This method helps to eliminate the endless PGA and traffic overload. The other way is to introduce privacy-preserving computation. By hiding the plaintext transactions using multi-party computation (MPC) or zero-knowledge proof (ZKP), the privacy of transactions in mempool can be protected and arbitrageurs can not replicate or attack the unmined trades. However, the on-chain privacy computation is not native and costly on the current blockchain infrastructure, making this solution an expensive option for Layer-1.
When it comes to Layer-2, MEV remains to be a problem because transactions are still included and ordered in plaintext, only switching from on-chain to off-chain. Thanks to the scalability of Layer-2, more complex solutions targeting MEV can be deployed, like ordering-sensitive consensus, and privacy-preserving mempool. Chainlink proposed a fair sequencing service to achieve ranking fairness and deployed it in Arbitrum. This service relies on the semi-decentralized oracle network to sort the transactions in one block. Optimism, as another optimistic rollup L2, separates the sequencing from miners and auctions the power of it. This solution may either cut the income of miners or increase the expenditure of users.
Apart from those economical or game-theory ways of separating the transactions including and ordering, we would also like to see cryptographic solutions. To obtain ranking fairness, an asynchronous BLS threshold signature protocol may help to sort the transactions according to their arrival time. When a majority of the miners observe and sign a transaction, the shares of its signature can be aggregated and decrypted as proof of its arrival time. Another method to prevent MEV is using verifiable delay functions. Starkware combines Veedo, their VDF, with the zk-rollup to determine transaction sequence. The plaintext of transactions will only be revealed after the ordering, making intentional MEV impossible. The cryptographic solutions may be hard to design and deploy but are more decentralized and robust, like the way how blockchains are made.
In conclusion, MEV has become a significant and concerning problem of the blockchain and its scale has risen up dramatically for the last two years. it is of great chance that we eventually live with it without completely eliminating it. However, the techniques we come up with to solve the MEV problem will help us better understand and improve the blockchain in a fundamental way.
ARPA is a blockchain-based solution for privacy-preserving computation, enabled by Multi-Party Computation (“MPC”). Founded in April 2018, the goal of ARPA is to separate data utility from ownership and enable data renting. ARPA’s MPC protocol creates ways for multiple entities to collaboratively analyze data and extract data synergies while keeping each party’s data input private and secure. ARPA allows secret sharing of private data, and the correctness of computation is verifiable using the information-theoretic Message Authentication Code (MAC).
Developers can build privacy-preserving dApps on blockchains compatible with ARPA. Some immediate use cases include: credit anti-fraud, secure data wallet, precision marketing, joint AI model training, key management systems, etc. For example, banks using the ARPA network can share their credit blacklist for risk management purposes without exposing their customer data or privacy.
Team members have worked at leading institutions such as Google, Amazon, Huawei, Fosun, Tsinghua University, Fidelity Investments. ARPA is currently assisting the China Academy of Information and Communications Technology in setting the national standard for secure multi-party computation. ARPA is a corporate member of MPC Alliance and IEEE and is in partnership with fortune 500 companies to implement proofs-of-concept and MPC products. In 2019, ARPA was named the Top 10 most innovative blockchain companies in China by China Enterprise News and China Software Industry Association.
For more information about ARPA or to join our team, please contact us at firstname.lastname@example.org.
Learn about ARPA’s recent official news：
Telegram (English): https://t.me/arpa_community
Telegram (Việt Nam): https://t.me/ARPAVietnam
Telegram (Russian): https://t.me/arpa_community_ru
Telegram (Indonesian): https://t.me/Arpa_Indonesia
Telegram (Turkish): https://t.me/Arpa_Turkey