Theft-as-a-Service on Ethereum
Predatory trading is a growing threat in both traditional and cryptocurrency exchanges. Some aspects of these behaviors have been popularized in the news, such as in the recent downfall of FTX and its CEO Sam Bankman-Fried. These however, only tell part of the story of fraud and theft that regularly occur within the most popular cryptocurrencies. Under less public scrutiny has been the unethical monetary extraction, which is occurring trade-by-trade in cryptocurrencies, and the ad-hoc solutions designed to ameliorate their negative consequences.
One such solution, the Flashbots project was created to address the negative externalities associated with some types of predatory trading in cryptocurrency exchanges, specifically, frontrunning on Ethereum. With a market cap of nearly 150 billion USD, Ethereum is the second-most valuable cryptocurrency in the world. In Q3 2022, Ethereum saw over 16 million active users. Anyone can make an account in Ethereum for free using a well-known procedure not much more complicated than generating a public key pair. There is no doubt that this is an immensely popular system, with critical implications for the global economy. Frontrunning is a threat to traders on Ethereum that results from a gap in the system’s security model and it must be addressed.
Riding on Ethereum’s coattails, Flashbots has grown quite popular. However, it is unclear how effectively it is achieving its chartered goals, and whether or not these goals are even worthwhile. My collaborators and I have recently published a paper titled A Flash(bot) in the Pan: Measuring Maximal Extractable Value in Private Pools (at IMC 2022), which addresses exactly these questions. We measured a few types of predatory trading behaviors in Ethereum and reached some unexpected conclusions. But before we discuss our findings, let’s take a step back.
Frontrunning as a Form of Theft
As a thought experiment, imagine you’re a stock market researcher. You see that two exchanges disagree with how much a stock is worth. This presents a profit opportunity: simply buy the asset from the cheaper exchange, and sell it on the other. This is called arbitrage and it’s generally regarded as a good thing for keeping exchanges balanced.
Now imagine that someone else, someone you do not know, saw this trade before it was executed and decided to make the same trade, and due to some complexities in how trades are processed, they are able to execute their trade before yours. The problem may not seem clear immediately, but consider the fact that this trade can only be profitable once. After the trade executes, the exchanges value the asset equally, so the arbitrage opportunity is lost. From the perspective of the original trader who put in the effort to find this arbitrage opportunity this is theft, plain and simple. It is a cyber crime no less damaging than traditional insider trading. This type of behavior has a name in traditional stock exchanges: frontrunning. Frontrunning was brought to public attention by Michael Lewis in his bestselling book Flash Boys: A Wall Street Revolt. Since then, it has not only grown in complexity (there are more types of frontrunning than just arbitrage), but also in scope and scale.
Not to be outdone by traditional exchanges, cryptocurrency exchanges are now seeing frontrunning on extraordinary levels. In 2020, a paper by Phil Daian and his collaborators measured the occurrence of frontrunning in Ethereum. The news was bad. Frontrunning was occurring with alarming regularity, and could lead to disastrous outcomes. Among them is consensus instability, when previously settled transactions are brought into question by an alternate blockchain history. Other researchers followed suit, finding that frontrunning on the blockchain (called in this context: maximal extractable value, or MEV) had harmed users to the tune of nearly $20 million.
What is Flashbots?
Enter Flashbots. Flashbots is a purported solution to Ethereum’s MEV woes. In less than six months, Flashbots was adopted by nearly all the important miners (by hash power) in Ethereum.
Miners are a type of peer in Ethereum that check transaction validity, e.g., no one is paying more than they have available in their account. They then compile those transactions into blocks. When a miner has successfully mined a block, it propagates that block to all the peers in the network. Upon receiving a mined block, the peers append that block to the list of blocks they have already received. This list of blocks is called the blockchain and is append-only by way of basic cryptography. At the time of our study, Ethereum mining operated by a process called Proof-of-Work where the miners try to solve a computationally difficult math problem. Whoever solves it first propagates the block (and solution) and thus a block is mined.
The Three Flashbots Roles: Miners, Relays and Searchers
Flashbots is an ecosystem of Ethereum users interacting in such a way as to ostensibly counteract the negative aspects of MEV. It is a cyber defense against the fraud that defines frontrunning. The system consists of three roles: searchers, relays, and miners. Flashbots is a private pool used by these three types of peers. It is a private pool in the sense that participants do not submit transactions to the public Ethereum network. They submit them only to other Flashbots peers. Specifically, they submit them to relays who in turn forward the transactions to miners. However, transactions are not submitted independently in Flashbots, and this is where the relationship to MEV comes in.
Flashbots peers communicate through bundles. A bundle is a cryptographically immutable ordering of transactions. Ethereum peers who want to avoid being frontrun can submit their transactions within bundles. The order-invariance of bundles means that if your transaction appears before another one in the bundle, then it will be executed before the other. In order to make sure that your bundle ends up in a block, peers can (and in practice must) include a transaction fee that goes to the miner. It should be noted that the order-invariance is enforced by fiat; there is no technical mechanism at play. Peers that violate the mandate are manually removed from the Flashbots ecosystem.
The third role within Flashbots is that of searchers. Searchers are peers that search the pool of pending transactions for MEV opportunities (arbitrage and otherwise). They then collect these opportunities, assemble them in bundles and forward them to the relays (which in turn forward them to miners). This means that far from preventing MEV, MEV opportunities are actually codified in Flashbots. Given this (the purported solution to a problem, that in fact makes the problematic behavior more abundant), it seems reasonable to question exactly what the goals of Flashbots are, if they are being achieved, and whether or not they are worthwhile.
The Three Flashbots Project Goals
The project charter declares three goals:
- Increase transparency of MEV.
- Democratize MEV extraction.
- Distribute the benefits of MEV.
Researching Flashbots Popularity and the Incidence of MEV
Our study consisted of measurements and analyses of the incidence of MEV on Ethereum and the popularity of Flashbots. Starting from an archive of the full Ethereum blockchain, we analyzed every block (over four million) going back several years until the advent of Flashbots (January 2021). We looked for the prevalence of different types of MEV that both used Flashbots and did not. What we found was striking: Flashbots’ popularity is undeniable and it is used by nearly everyone. One way to measure adoption in the crypto world is by hashing power. Hashing is an operation performed by miners in some Proof-of-Work cryptocurrencies which is CPU intensive. The hashing power of participating miners can give us an idea of how popular something is. After only five months, more than 97% of the hashing power in Ethereum was enrolled in Flashbots. After ten months, it was 99.9%.
This is not as surprising as it may seem. Hashing power is heavily skewed, so 99.9% is actually only a few hundred miners. Additionally, Flashbots participation is a pure profit opportunity for miners. They do not need to expend any effort, computational or otherwise, into finding MEV opportunities, and more importantly, they do not need to engage in any MEV themselves, which can entail risk. They simply collect rent in the form of transaction fees.
Given the adoption rates of Flashbots by miners since its inception, the fact that over 30% of MEVs have been performed through Flashbots falls well within reasonable expectation.
Ethereum: From Proof-of-Work to Proof-of-Stake
Since our paper was published, Ethereum has completed a years-long transition away from Proof-of-Work to a system called Proof-of-Stake. Proof-of-Stake rests its laurels on economics and game theory by claiming that those who hold the most ether (the currency of Ethereum) have the most incentive to see its continued operation. Thus the more ether you hold, the more likely you are to be chosen (by the system, through a random process) to create the next block. Proof-of-Stake is an eco-friendlier process with no computationally expensive math involved, i.e., repeated hashing. Despite this recent transition, however, we expect similar adoption by validators, formerly called miners, for the same reasons: it’s easy and profitable.
Where’s the Money?
Flashbots has been immensely popular with miners because it results in easy profit for them. However, the same cannot be said for searchers. Since multiple searchers can submit bundles containing the same or similar MEVs, and only one can be successful, they need to incentivize the miners to choose their bundle. The only in-protocol lever they have available is transaction fees. This quickly turns the system into a blind auction, which has led to searchers increasing their transaction fees so high that they are barely making any profit (less than 1/6th of the pre-Flashbots days).
Additionally, after a steep rise in popularity in the early months after inception, Ethereum has seen a gradual decline in the proportion of blocks including at least one Flashbots bundle. This is, again, predictable given how little non-miners are making in Flashbots MEVs.
Flashbots: Mission Accomplished?
Let’s check back in on those three Flashbots goals:
Q1: Is the MEV ecosystem any more visible than it was before?
A1: Probably yes, but it’s hard to be certain. Flashbots’ mev-inspect includes a very nice dashboard and public API, but on the flip side, Flashbots usage appears to be in decline which suggests that more and more of these MEV transactions may be occurring in even less auditable places than the public mempool.
Q2: Has MEV been democratized?
A2: Well, the tool mev-geth is certainly easy to find and use, so if the bar for democracy is simple participation, then it seems to be doing a pretty good job. But…
Q3: Have the benefits of MEV been distributed?
A3: Not really. In fact, they are less distributed than before. Now the only way to make a meaningful profit is to mine—a procedure far too expensive for all but a few.
The Logical Follow-up Question
- This, of course, begs the question: are these even good goals?
Three researchers from Cornell Tech have made their opinion known in their op-ed titled Miners, Frontrunning-as-a-Service Is Theft and Ed Felten at Princeton penned the blog post MEV Auctions Considered Harmful. I tend to agree with them; selling the right to extract money from innocent users hardly seems like the path to the future we want. The users of a financial system deserve to be secure in their dealings and not subject to systemic fraud.
There is hope, however. New cybersecurity research is pointing to some promising solutions such as cryptographically-ensured fair ordering and commit-and-reveal schemes. While our work does not advise any specific technical changes to the Ethereum protocol, it does shed light on how effective certain cyber defenses appear in practice. In fact, these lessons likely apply to any smart contract supporting cryptocurrency, even if Ethereum is by far the most popular.
In the battle to reign in exploitative practices in cryptocurrencies, I’m reminded of a quote from Winston Churchill:
Now this is not the end. It is not even the beginning of the end. But it is, perhaps, the end of the beginning.
For more details and a deeper analysis, pleaseread our paper
- Hero image courtesy of De an Sun on Unsplash.