# From MEV to MEV SoK of attack & defense <small>silur@bday6</small> --- ## [silur@bday6 ~]$ whoami - Independent tech consultant - Researcher - Ethical hacker - Developer - VC "due diligence guy" --- ## Agenda - MEV 101 - Attack types - dApp level defenses - Transaction timestamping - Blind ordering - MEV auctioning - Paradigm Artemis --- ## MEV has been here since forever - The power of order txes is bigger than we thought - ... But only mass-exploited since DeFi - First formalized by Daian et al. "Flashboys 2.0" - Popularized by the blog post "Ethereum is a dark forest" - 90% of current ETH blocks are produced by MEV marketplaces ---  --- ## Most common MEVs - Frontrunning - Backrunning - Sandwitching - Bribing --- ## Frontrunning - You listen for "good deals" on the mempool without any research - Place an enormous fee (with less utility than the opportunity) - ... or be a block producer yourself :shrug: - Force the original transactor out - CryptoPunk 3860 exchanged hands with a 22ETH frontrun --- ## Backrunning - Watch the mempool for large swaps - Place an arbitrage order right after a large swap between 2 DEXes - Basically HFT with 12 second ticks :) - HFT WITH 12 SECOND TICKS!!! --- ## Sandwiching - A combination of the two - You profit by observing someone's loss in the mempool - No need to speculate, only react! - Highest risk-reward ratio --- ## Bribery - Can censor other peoples transactions - State-channels/HTLC are especially vulnerable - Extremely dApp specific -> lots of innovation and - Modelled as a Markov game between miners --- - Bribery expects a special bribing contract - Without that, the dominan strategy is honest mining as per the yellowpaper - With a publicly known bribing contract however, you can directyl manipulate the Markov game's utility functions ---  :arrow_up: `block.coinbase` is payable :scream: --- ## Bribery example - how to lock a pool - Store `slot0.sqrtPriceX96` from the uniswap pool - Set a target block count to censor - Set up an `ecrecover` verifier for the miner to prove successful censorship - Check state change for `slot0` and reward the `ecrecover`-ed miner for each censored block - You DoSed a token :shrug: --- ```solidity= function check32BytesAndSend( address _target, bytes memory _payload, bytes32 _resultMatch ) external payable { _check32Bytes(_target, _payload, _resultMatch); block.coinbase.transfer(msg.value); } ``` --- ## Defense mechanisms --- ## dApp-level protections - Transaction batching - CoWSwap - MPC - needs another P2P layer :tired_face: - $A^2MM$ - optimal routing between multiple AMMs - Rational slippage --- ## Additional ordering - FIFO - usually needs total node synchrony - Absolute-valued - Blind ordering - double gas, at least two transactions :( <aside class="notes"> FIFO examples: Themis, Aequitas Absolute-valued: Wendy, Pompe Commitment: submarine, sikka, osmosis, shutter, Fino Timelock: TEX TEE: Tesseract </aside> --- ## MEV auctions - Miners basically rent out their block space - You search for MEV "bunldes" as a new type of player - Miners select best MEV proposals and pay you a fraction of the fees - A second form of mining/staking - This is called PBS - Trusted relay :x: <aside class="notes"> Flashbots, MevBoost, Eden-Network </aside> --- - PBS is coming as a native ETH feature :tada: - ....... in at least a year - You have time to jump in! - MEV is a centralization risk - The only way to reduce it is that you start MEVing too! ---