A lot of MEV can be avoided. But to combat it, you must first identify where your protocol is exposed.
This article will introduce three perspectives to identify your MEV:
- Arbitrage on price differences;
- Advance knowledge of tx commitments;
- Action potential and information asymmetry between protocols and bots.
1. Arbitrage on price differences
The first perspective is simple, but surprisingly powerful.
A lot of MEV is just price-arbitrage: Buy an asset cheaply in one place and sell it for more somewhere else.
Here are the simple examples:
Arbitrage across AMMs: If your protocol is an AMM, then every time the prices in your pools differ enough from somewhere else, a bot can arbitrage the difference and extract value from both pools in a single transaction.
Off-Chain – On-chain: Likewise if prices differ enough between off-chain and on-chain trading pools. A bot needs two transactions here, in the off-chain exchange and the on-chain exchange. This arbitrage isn’t atomic (the profits are not made within a single block on-chain), but it’s still risk-free profit extracted from your protocol.
Cross-chain: The same arbitrage strategy works across any pair of chains.
Liquidations: In a liquidation, a bot buys cheap collateral from your protocol and sells it higher on the market. The MEV here is paid by the user. Note that the bot can also decide to use off-chain liquidity to finance the trade.
Open/close a lending position: You can also see opening and closing a collateralized loan as a swap with an exchange rate. Bots can use this swap to earn a profit when the rate is better than market rate. The same holds for minting tokens.
But the "different exchange rates" paradigm shows you even more:
Sandwiching: The exchange rate can differ significantly before and after a user’s swap. If the tx slippage allows, a bot can buy cheap before a user’s swap and sell high directly after it, extracting profit from the user.
Oracle updates: The exchange rate on your (and other) protocols might change before and after an Oracle update. A bot can use that difference for risk-free profit, at the cost of your protocol's lps.
This is far from an exhaustive list; with every new protocol, new means of price arbitrage become possible.
2. Advance knowledge of transaction commitments
Another important source of MEV is that transactions and their intended state-transitions are visible before being committed to the chain.
The problem is that when users (or oracles) send transactions, miners don’t include them in a block. The time-gap between user commitment and when the transaction is mined on-chain introduces MEV potential. Bots see pending transaction info in the mempool, and use it in several ways. Here are a few:
Pre-selling: Let’s say you send a large sale for a token I hold, that impacts the price negatively. I can then frontrun you with my sale, by bribing for inclusion before you. I get the current market rate; but you’ll probably have to resubmit and sell at a much poorer rate.
Just-in-time liquidity provision: If I see that your transaction involves a payout, I can try – just for your transaction’s duration – to fulfill the conditions to get most of that payout. Usually the condition for payout involves staking or providing liquidity: I can do this just before your transaction and remove my liquidity immediately after. It’s all in a single block; and with a flashloan, I don’t even need liquidity.
Numerous MEV strategies fit this category. Just-in-time liquidity provisioning for AMMs has made recent news: You make a big trade; the trade pays a good fee to the liquidity providers of the pool you traded in. A bot sees your trade then places two txs in the same block: One provides a lot of liquidity just before your trade and one just after. This then earns the majority of your fee. The bot took no risk or commitment that other LPs took but made most of the profit.
Backrunning: Currently, the most common form of backrunning is to backrun swaps on exchanges: You make a trade, thereby changing the price on a pool. Because of that, an arbitrage opportunity appears with another pool. The bot calculates the right arbitrage and positions its trade right behind yours, capturing the profit.
But bots can backrun multiple transaction types to extract MEV. Some examples:
- Oracle updates: An Oracle update could make a liquidation possible, or change the price a protocol offers.
- Liquidity provision: A user providing liquidity to a pool changes the price-impact of any trade on that pool. This could make a previously impossible arbitrage now profitable.
Advance knowledge of commitment can even span multiple transactions
Looking at a single transaction’s commitment is just the most obvious form of advance knowledge. There are many other forms:
Cross-chain: If your transaction is across multiple chains, it goes through multiple stages of commitment: You first commit your tx to the mempool; then the miners commit it to the chain; then the relayer commits it to the destination chain mempool; and finally the destination chain miners commit it to the destination chain. This creates several stages at which your intent is visible and bots can use this to extract MEV.
Multi-step transactions: Nobody is talking about this yet. But this is where a lot of MEV happens: Reading your intent across multiple transactions. If you approve spending a token against SushiSwap, it's very likely you intend to sell that token in a second transaction. If you happen to hold a significant portion of that token, a bot can short the token several blocks before your sell makes it on-chain. In these cases, even if you use a private mempool relay like flashbots, you’re unprotected. You need a protocol-level solution.
3. Information asymmetry between protocols and bots
Why do protocols struggle to protect themselves against bots? One helpful way to consider this is asymmetry in action potential and information:¨
Action potential: Protocols can do nothing by themselves. Like music boxes that only perform while you turn the crank, they’re just inert pieces of code. They only come alive when someone pays to run their machine for a transaction. So they can only really have passive defenses.
In contrast, bots are arbitrarily complex pieces of software. They can run 24/7 on expensive hardware and their developers constantly improve and fine-tune them. This makes it a very uneven match.
Information asymmetry: What’s worse, protocols only access very limited information: They only see what is available on-chain. The only way a protocol gets off-chain data, without the help of another bot, is to read what Oracles provide. And Oracles are very infrequently updated (minutes to hours between updates) and have low resolution (e.g., 0.5% price delta between updates).
In contrast, bots access whatever is available anywhere in digital form, in near real-time resolution. Bots can even get input directly from human traders.
So how does this asymmetry produce MEV? Here are a few examples:
Arbitrage: Protocols only know the price of pools on their chain, plus some granular data from Oracles. Bots know prices from every chain, every off-chain pool, and even from darkpools and OTC offers – all near real-time. This gives bots a strict advantage over protocols in knowing the current market price of any asset.
Events trading: A bot could learn of a particular off-chain event that will affect your protocol, long before the protocol knows.
Hacks: If a crucial part of infrastructure fails, like a bridge, a bot will know long before your protocol. It can drain assets from your protocol by selling diluted assets, for example.
We’ve covered three ways to recognize MEV: Looking at differences in swap rates; examining information that leaks through visible commitments before they’re mined; and information asymmetry between protocols and bots.
There are other ways to find MEV and many more possible MEV strategies. These are just a few examples. We’ve collected 48 strategies so far and are adding to them weekly.
If you’re worried about losing value through MEV and want to protect your protocol and users, get in touch. We run MEVProtect bots that actively protect you from other bots.
You can meet us at Devcon in Bogota. Or reach us directly on: