How Ethereum Miners Could Exploit the Network and How to Fix It
Miners are the oft-unacknowledged heroes of the Ethereum blockchain. They process user transactions, add blocks to the chain, and help keep the whole enterprise running by competing to solve cryptographic puzzles.
While they’re rewarded with 2 ETH (about $4,000 at current prices) plus transaction fees for any block they’re able to mine, they can often bag more.
The catch: To do so, they have to tinker with your transactions.
Welcome to the world of MEV, also known as miner extractable value or sometimes maximal extractable value. It refers to how much Ethereum miners can make—not simply from processing users’ transactions and adding blocks to the chain, but by choosing what goes into each block and in what order.
Miners have a lot of power in this regard. As Charlie Noyes, a partner with cryptocurrency investment company Paradigm, wrote in a blog post in February, miners can “arbitrarily include, exclude, or re-order transactions within the blocks they produce.”
Why would they care what order transactions come in? To capitalize on arbitrage opportunities on trading platforms such as Uniswap. That’s because timing matters on Ethereum and the decentralized finance (DeFi) applications that use it. The network is constantly being scoured by bots looking to buy cheap on one platform and sell high on another before the prices converge.
When you’re looking to arbitrage between protocols, you want to make sure your transaction gets through the network right now. But DeFi—the booming sector built on Ethereum that allows people to get loans, earn interest, or swap assets without intermediaries—often clogs up the Ethereum blockchain, making people wait for transactions to become final. That’s a big risk for time-sensitive swaps. If you’re a block late, someone might have already taken advantage of the arbitrage opportunity.
You can get around this by purposely overpaying on the transaction fee (knowing you’ll make plenty on the transaction itself to make up the difference). Since miners—or, really, the software they run—get a say in which transactions go in which block, they’ll pick the highest-paying ones and pocket the cash.
And that can be fine. Arbitrage bots, which are more often than not run by traders rather than miners, can help balance out prices across the markets, resulting in what Noyes calls a “benign MEV transaction.”
It becomes problematic when those bots “recognize the user’s trade before it’s executed and ‘sandwich’ their transaction between a buy and sell order of its own,” Noyes wrote. That is, the bots can see that the trade is going to make somebody a lot of money, so they swoop in to do it themselves. The user gets screwed.
Such arbitrage bots are especially problematic when they are run by the miners themselves, as they create a conflict of interest.
Noyes painted it in troubling terms. “MEV is not just a curiosity,” he wrote. “These little financial games create incentive ripples, a winding chain of cause and effect that must be followed to see the contagion.”
One thing this could lead to, wrote Noyes, is a breakdown of consensus by making it too enticing for miners to try to mess with blocks that have already been created as they look for arbitrage opportunities—though he noted in February that this was not yet happening.
As Saneel Sreeni of Dragonfly Research wrote this week, it’s still mostly hypothetical: “MEV profits are becoming an increasingly large part of miner’s economic rewards, making the threat of time bandit attacks [accumulating computing power in an attempt to remine old blocks] and reorgs more likely. It also means that it should theoretically be possible to actually bribe miners to reorg the chain.”
Reorgs, or reorganizations, occur when there are competing chains on the blockchain due to blocks being mined at around the same time. Sometimes, miners can build atop another block before realizing a parallel block is also there. In such cases, the software clients will essentially go back and decide which of those chains is the chain. Ethereum reorgs about one block deep are fairly common. And as Noyes’ colleague, Georgios Konstantopoulos, and Ethereum creator Vitalik Buterin wrote this week in a paper that looks at a hypothetical attack on DeFi protocols via reorgs, even two- to five-block reorgs aren’t all that rare or malicious.
During the last few weeks there has been a lot of discussion around the possibility of miners running custom software that accepts bribes to reorg the chain.@gakonst and I explain how this will become harder after the proof of stake merge:https://t.co/ghwikceVBr
— vitalik.eth (@VitalikButerin) July 20, 2021
But reorganizations have several negative effects on the network, Konstantopoulos and Buterin said: they add costs to those running nodes (the hardware running the blockchain), they result in the user having to wait longer for transactions to be confirmed, and they make attacks on the network more likely.
All three men agree that there’s a potential problem with miners playing a game that has them not extending the longest chain but backing competing chains to capture MEV.
Konstantopoulos and Buterin refer to reorg mining as “myopically rational.” Doing it works in the short run, but threatens to reduce trust in the network over the long term, thereby devaluing their ETH. Which isn’t to say it can’t happen.
They believe, however, that Ethereum’s planned move away from a proof-of-work system, in which miners create new blocks, to proof of stake, in which validators deposit their ETH for the right to make new blocks, solves for this.
That’s because, with nearly 200,000 validators already participating in Ethereum 2.0, the network is much more distributed. When coupled with pseudorandom selection of several thousand validators to attest to each block, there are few opportunities for selfish actors to concentrate their resources. “Even single-block reorgs are extremely difficult, because an attacker controlling only a few validators has no way to beat the honest majority of thousands of attesters,” wrote Buterin and Konstantopoulos.
In Ethereum‘s PoS implementation, miners are no longer doing any proof of work, so need a different solution:
Leader lottery: The leader is still chosen at random, but by a commit-reveal scheme to generate secure randomness called RANDAO
— Hasu (@hasufl) July 21, 2021
The solution, they said, is for Ethereum to push forward with the merge and work as quickly, but safely, on it as possible.
Hasu, a pseudonymous researcher who has written about this problem, told Decrypt that while the merge to ETH2 will essentially make such reorgs much more difficult, it won’t have much effect on the MEV problem.
Asked whether it will solve MEV, Hasu said, “Only in the very limited sense that short-term reorgs become harder, but we are not seeing these in Ethereum today anyway.”
MEV, that is, will still be a thing even if miners no longer exist. As Hasu pointed out, “In ETH [proof of stake], the block producers of the next 12 minutes are known in advance and can work together better than miners could to extract multi-block MEV.”
Hasu suggested that likely won’t be much of a concern because it’s a mostly theoretical problem. But if chain reorgs do start happening, don’t blame miners.
22 July 2021 19:48