The ultimate purpose behind any work done by an individual is to generate profit.For that matter, MEV stands for Maximum extractable valuemeaning the profit a validator derives from a smart contract-enabled blockchain by including, excluding, or reordering transactions within a block.
In other words, MEV represents a measure of profit that miners/validators can extract for reviewing transactions on the blockchain network. More on MEV – Insights on the pros and cons of protecting your funds from MEV tricks will be the highlight of this blog.
What is MEV? How does it work?
In Proof of Work consensus, miners were responsible for adding transactions, formerly called miner extractable value. However, with Ethereum moving to Proof of Stake, it is up to validators to evaluate modified transactions. Maximum extractable value(MEV).
Generally, users pay a fee on the blockchain to move transactions within the block. That fee amount is an additional fee that users prefer to pay in order for miners to preferentially select transactions.
The amount of this MEV, which is nothing but gas fees paid by users, is filtered by validators in order of highest amount to be more profitable. Bots are used to automate the process of submitting profitable transactions with high gas rates that incentivize validators.
Despite this practice of prioritizing transactions based on gas fees paid, MEV also brings several other implications to the blockchain. In future sections, we will see how MEVs are manipulated to extract profits.
How are MEVs used tactically?
Validators and hackers who exploit MEV to find opportunities put users in financial pain.But what are these methods MEVs Are you familiar with hacker profits?
Let’s dig into the details!
Front running: All transactions that require validation are placed in a mempool, where validators or generalized frontrunners (bots) execute them and make profitable trades. Since the code is publicly available on the blockchain, the bot detects transactions of users with high gas bills and replicates them to help validators find profitable transactions.
In this way, transaction orders are propagated to be preferentially added to blocks.
Sandwich attack: Here is a malicious form of front-running where user transactions are probed to manipulate the price of cryptocurrencies, making deals favorable to hackers at the expense of users.
For simplicity, let’s assume the price difference of a particular crypto coin between DEX, Uniswap and Sushiswap. Users find this and try to profit by buying assets from Uniswap at a lower price and selling them on Sushiswap at a higher price.
In this way, cryptocurrency liquidity is maintained on various decentralized exchanges. But here’s the problem. When a user initiates a buy/sell order transaction, he stays in the mempool for validation.
Bots, on the other hand, identify this potential opportunity to profit and replicate the same transaction with higher gas rates.
As a result, the bot’s buy order will be executed before the user’s, increasing the price of the token.
The user’s buy order is then processed and the user buys tokens at a higher price.
The bot then initiates a sell order for the asset at the increased price, withdrawing a healthy profit as the user learns. Users are ultimately deprived of their intended money.
The price MEV victims pay for the operation isslippage” entered during the transaction.
PS slippage The difference between the price at the time the transaction started and the time the transaction was executed.
By swapping tokens, users can buy tokens from one DEX at a lower price and sell them at a higher price DEX.
DEX Arbitrage: DEX arbitrage is one of the most well-known MEV opportunities where users can profit from the price difference between two DEXs.
Liquidation: Lending protocol liquidations provide an opportunity for MEV to generate revenue from liquidation fees. The DeFi lending protocol allows users to deposit some crypto as collateral and in return borrow the crypto tokens they want.
If the user is unable to repay the borrowed funds, the protocol will allow anyone to liquidate the collateral placed by the borrower. This will incur a hefty clearing fee. This liquidation fee is paid to the liquidator.
It is utilized by MEV searchers to find borrowers who can liquidate their assets and profit from liquidation fees.
The bright side and dark side of MEV
The bright side of MEV claims its role in eliminating financial inefficiencies and facilitating the clearing process on various decentralized exchanges.
Additionally, organizations like Flashbots offer products that provide front-running as a service to permeate the permissionless and transparent MEV ecosystem.
On the downside, front-running and sandwich attacks cause higher revenue loss and lost arbitrage opportunities for users. MEV bots make it rough for new traders to join his DeFi protocol, compromising security.
Additionally, generalized front-runner bots that replicate high-gas-price transactions cause network congestion, increase transaction fees, and impact users.
Depicting a recent MEV bot hacking scenario
Attack plot: MEV bot OxBAD made between $11 and $150,000 by front-running transactions. Shortly after a token swap to make a profit, the MEV bot’s malicious code was exploited in the following transactions: https://t.co/FxXSY8AyhXwill emit 1,101 ETH.
Hack details…
The MEV bot successfully front-runned a $1.8 million swap trade from cUSDC to other stablecoins. This resulted in the user finally getting only $500 worth of assets for him.
However, shortly after that, a MEV bot named Oxbad was tricked by an exploit and lost the profits it had made.
Looking at the hack, the abuser utilized the bot’s callback routine to authorize arbitrary spending leading to a loss of 1,101 ETH.
high on hack
Other exploits around the same time in September 2022 include:
- A bug detected in the Profanity tool, a vanity address generator for Ethereum, exfiltrated $3.3 million in funds from various wallets.
- A week later, vanity wallet addresses were hacked, resulting in the estimated loss of about $1 million worth of ETH.
Understand security practices to follow
Private mempool: Transactions typically stay in the mempool and are broadcast publicly for miners/validators to pick and add to blocks. In a private mempool, transactions are visible only to the pool and not to other nodes, thus reducing potential MEV costs.
Examples: Taichi Network, BloXroute.
Flashbot: Flashbots is a research organization working to address the MEV conflict by democratizing MEV extraction through MEV-Geth. MEV-Geth provides a private block space auction mechanism that allows bots and miners to communicate in order of priority.
This reduces the overall gas cost for users and the failed transactions that bloat the blockchain.
slippage: User can enter a minimum value slippage Value while proceeding with the transaction. So if the price difference is too big, the trade will be automatically canceled. In this way, users can save themselves from big losses.
QuillAudit for Web3 Security
There are ongoing threats from the code level that undermine Web3 security. QuillAudits conducts extensive research into Web3 attack vectors, debugs errors, and protects project and user funds.
Get to know the various security services offered by quill audit Protect yourself from the hassles of Web3.
177 view
0 Comments