The Art of MEV
The following article is part two of a series of articles covering Miner Extractable Value on Ethereum. This article follows the previous post The Lesser Known Miner Fee and aims to dive deeper into the MEV strategies used by miners.
The current available profit opportunities for traders and miners on Ethereum is primarily expressed through either frontrunning or backrunning. These attacks make up the most of the extractable value and permeate the Ethereum blockchain.
A frontrunning attack is any attack which aims to take advantage of a pending transaction by submiting a transaction before it with a higher gas price so that it gets mined first.
In the previous article within this series The Lesser Known Miner Fee, I highlighted a high level example of a sandwich attack which incorporates frontrunning. Sandwich attacks are a type of insertion attack that depends on another contract executing on a changed contract state. These attacks generally saturate AMMs. Whilst a sandwich attack utilises two transactions to perform, there are some insertion frontrunning attacks that only require one insertion.
An example of such that can occur on a non AMM DEX: Token X exists at a price of one ETH for one token X. Alice is about to buy some Token X in a transaction however she specifies 10 ETH for the token. She realises this error an sends a follow up transaction with the same nonce correting the price. A bot lurking in the mempool sees this and takes advantage of it by specifying a higher gas price than Alice’s rectifying contract. Alice has no choice by to either bid up the gas against the bot where she could lose a significant amount due to the high ceiling or do nothing and accept her fate.
Such an example is horifiying but avoidable with AMMs and the utilisation of front end oracles fetching the correct prices for users saving them from specifying a price. Below is an example of a front run being undertaken by miners to take advantage of an ICO.
F2Pool (geographically distributed mining pool) front runs an ICO by initially depositing 100 ETH into multiple new Ethereum addresses. On the time of the ICO, transactions sent from these addresses to the ICO smart contract were prioritized in their mining pool, resulting in purchasing the tokens.
When an attack is not dependent on the actions of another contract following it to be successful, it is a displacement attack. A generalised frontrunning bot can launch displacement attacks that take advantage of flaws in contracts, two famous examples are highlighted below.
A famous article that popularised MEV and the idea of generalised front running bots. The scenario highlighted is a case where liquidity tokens were accientally sent to the pair contract address. To get those back a user has to pass their own address in when calling the burn function on a core contract. However such an action can result be picked up by generalised front runners.
An exploit in the burn function that means that the sender of the transaction will receive all the ETH in the contract. Again such an action can result be picked up by generalised front runners.
Besides front running attacks, there are also back running attacks where the opposite occurs and a transaction is submitted with a lower gas price so that it gets mined after.
The afformentioned sandwich attack is actually a combination of both frontrunning and backrunning. The backrunning occuring when the “sell off” contract is placed after the target transaction. An example of a pure backrunning attack would be taking advantage of a price oracle update in a contract such that that allow liquidation transactions to be triggered immediately afterwards.
A methodology unique to backrunning is the “spamming” of transactions that hit gas limits. In order to maximise their chances of being mined immediately after their target transaction a backrunner may send multiple identical transactions from different accounts. These transactions have a gas price identical or very close to that of the target transaction in order to increase the chances that one of their transactions is ordered after the target and before competing backrunning bots.
Sophisticated MEV Attacks
There are many more sophisticated MEV attacks that utilise a combination of frontrunning and backrunning and taking advantage of different situations within the DEFI system. An example of such is this bZx token pump and dump attack which utilised mostly backrunning (and could incorporate frontrunning) which is explained very well in the linked article.
The following article in this series will go over time bandit attacks which I have categorised as a structural issue in Ethereum due to it being slightly different to these conventional MEV strategies.