Arbitrage and Frontrunning in DeFi
Mar 16, 2021
Last week, Ethereum Improvement Proposal 1559 (EIP-1559) was included in the London hard fork, expected to take place in July. EIP-1559 will change the transaction fee markets on Ethereum: Instead of blindly bidding a gas price and hoping for inclusion in a block, users will know how much it costs to get into a block before submitting the transaction. A “basefee” will have to be paid, plus a “tip” to the miner to get priority inclusion. This change will not necessarily lead to lower fees, but it will improve the user experience by minimizing cases of overpaying for transaction fees or cases of stuck transactions.
On top of that, EIP-1559 has further implications for ETH. The basefee will be burned, which might lead to deflationary supply in the future – especially when combined with the issuance decrease of the transition from proof-of-work to proof-of-stake (currently 4.4% annual supply inflation down to ca. 1%). Additionally, it prevents “economic abstraction” and ensures that only ETH, and no other currency, can be used to pay for transaction fees in Ethereum.
EIP-1559 enjoys strong community support, but some miners oppose this proposal. This seems logical, since it would decrease their revenues – transaction fees have become an important source of overall miner income.
Illustration 1: Transaction fees currently account for almost half of miner revenues on Ethereum.
The switch to proof-of-stake will also render much of the mining hardware useless, since there is no other GPU-mined blockchain that could accommodate such a high hash rate. Incidentally, this might bring some relief to the currently high prices of graphic cards. Ethereum mining is ending soon, so miners have an incentive to maximize their profits while they still can to recoup capital expenditures.
This has also brought up the discussion around “miner/maximum extractable value” (or “MEV” for short). Besides block rewards and transaction fees, MEV represents another significant revenue stream for miners, as a recently published analysis shows.
What is MEV?
MEV stands for the maximum value that can be extracted by reordering, inserting, or censoring transactions in a block. Miners are in a privileged position here since they can construct and order the blocks as they like. MEV applies to any blockchain, but especially those with smart contract capabilities which enable more complex (financial) activities.
MEV was originally described and termed in 2019, including an analysis of the impact on blockchain security. It was later studied again in detail. Recent data reveals that ca. $324M in total has been extracted since Jan 1, 2020.
Illustration 2: Total extracted MEV has grown by $300M over the past 6 months. Data for Aave, Balancer, Compound, Curve, dYdX, Sushiswap, Uniswap and 0x.
Examples of such transactions in real time can be found here. One case of MEV would be the arbitrage between various decentralized exchanges – which is a net positive for the ecosystem, since it increases market efficiency.
A less friendly occurrence of MEV in the decentralized world is frontrunning on Uniswap. When a trader submits a transaction to buy or sell a token, there is a delay between broadcasting the transaction to the network and inclusion in a block (transactions rest in the mempool until inclusion), which savvy frontrunning bots can exploit by “sandwiching” the transaction with a buy and sell of its own.
Illustration 3: An example of a “sandwiching” attack. In this case, a purchase of MANA with ETH on Uniswap was affected. The attacker drained 0.056 ETH from the Uniswap user.
The example in Illustration 3 includes three transactions (#1, #2, #3). Transaction #2 was a user, whereas transactions #1 and #3 originated from a frontrunning bot. Transactions are executed in the order of their position in the block (positions 96, 105, 107 in block no. 12036086, respectively). This means that the bot spotted the user’s transaction in the mempool, and quickly submitted his own buy (#1) and sell (#3) transactions. The bot’s buy is executed first, then the user’s, and lastly the bot’s sell for a profit of 0.056 ETH. This type of MEV is detrimental to the ecosystem since it imposes hidden losses on users. As a DeFi trader, these bots can be largely avoided by paying a high gas fee as well as correctly setting the maximum slippage before the trade (a feature which many decentralized exchanges offer).
There also exist generalized frontrunning bots: These check whether a transaction in the mempool would yield an immediate profit to the sender and then submit their own transaction with a higher gas price to capture that profit. This is especially relevant in the face of larger exploits, where millions of dollars can sometimes be made with a single transaction. A more in-depth description and an example of the pitfalls that this creates for white hat hacking can be found here.
Who extracts MEV?
Currently, miners are not extracting a lot of MEV, even though they are in a prime position to do so. Nevertheless, miners benefit indirectly since MEV extraction bots compete and bid up gas prices. So far, 88% ($285M) of the total MEV went to transaction senders (the extraction bots), and 12% ($39M) to miners through transaction fees. Of the top 20 transaction fee payers, at least three are most likely arbitrage/frontrunning/backrunning bots (example #1, #2, #3). Such bots are part of the reason for the high gas prices on Ethereum.
Blockchains such as Bitcoin or Ethereum are open and permissionless. This is great for transparency, but creates a highly adversarial environment: What can be exploited, will be exploited – be that a hackable smart contract, a poorly secured brain wallet, or a front-runnable transaction on a decentralized exchange. Progress is being made on such issues, in the case of MEV, novel auction mechanisms for transaction ordering might alleviate the potential problem for blockchain security.
In the long run, surviving in such an environment creates robust systems. The power of open-source technology is combined with economic incentives to uncover weaknesses – which means that brain power around the world is constantly screening both base layer protocols and applications on top to make them more secure.