Skip to main content
SpringerLink
Log in

Estimating (Miner) Extractable Value is Hard, Let’s Go Shopping!

  • Conference paper
  • First Online:
Financial Cryptography and Data Security. FC 2022 International Workshops (FC 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13412))

Included in the following conference series:

  • 369 Accesses

Abstract

The term miner extractable value (MEV) has been coined to describe the value which can be extracted by a miner, e.g., from manipulating the order of transactions within a given timeframe. \(\textsc {MEV}\) has been deemed an important factor to assess the overall economic stability of a cryptocurrency. This stability also influences the economically rational choice of the security parameter k, by which a merchant defines the number of required confirmation blocks in cryptocurrencies based on Nakamoto consensus. Unfortunately, although being actively discussed within the cryptocurrency community, no exact definition of \(\textsc {MEV}\) was given when the term was originally introduced. In this paper, we outline the difficulties in defining different forms of extractable value, informally used throughout the community. We show that there is no globally unique \(\textsc {MEV}\)/\(\textsc {EV}\) which can readily be determined, and that a narrow definition of \( \textsc {MEV}\) fails to capture the extractable value of other actors like users, or the probabilistic nature of permissionless cryptocurrencies. We describe an approach to estimate the minimum extractable value that would incentivize actors to act maliciously and thus can potentially lead to consensus instability. We further highlight why it is hard, or even impossible, to precisely determine the extractable value of other participants, considering the uncertainties in real world systems. Finally, we outline a peculiar yet straightforward technique for choosing the individual security parameter k, which can act as a workaround to transfer the risk of an insufficiently chosen k to another merchant.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Concurrent work [2, 26], also attempts to initially define different forms of extractable value. For a comparision we refer to the extended version of this paper on eprint.

  2. 2.

    All source code and artefacts can be found on GitHub https://github.com/kernoelpanic/estimatingMEVishard_artefacts.

  3. 3.

    Also the term players is commonly used to refer to the involved parties.

  4. 4.

    Note that, a naive algorithm for finding the optimal ordering of all transactions is factorial in the number of transactions, which is computationally infeasible even for most current Ethereum blocks which have more than 200 transactions.

  5. 5.

    In Ethereum the extractable fee is a combination of gasPrice multiplied by gasUsed.

  6. 6.

    Another one being propagation times, but we will ignore that for now.

  7. 7.

    Note that, in a model with constant hashrate and difficulty, deviations like selfish mining [10], only increase the relative reward of an actor compared to others and not the absolute reward over time [25, 30]. So in a constant difficulty model, selfish mining would not be more profitable over time than ordinary mining. This observation also holds in a model with variable difficulty until the difficulty is adjusted. In Bitcoin for example, this happens roughly every two weeks (2016 blocks).

  8. 8.

    As an analysis of Bitcoin shows [16], miners more-or-less stick to the rules despite preferring transactions with higher fees and smaller blocks for faster propagation.

  9. 9.

    With the simplifying assumption that no blocks are found concurrently.

  10. 10.

    Pass et al. [27] pointed out that PoW blockchains cannot stop without becoming insecure, so they have to run infinitely long.

References

  1. Talk: A primer on economics for cryptocurrencies. School of Blocks, Blockchain summer school at TU Wien (2019). Accessed 15 Sept 2020

    Google Scholar 

  2. Babel, K., Daian, P., Kelkar, M., Juels, A.: Clockwork finance: automated analysis of economic security in smart contracts. CoRR, abs/2109.04347 (2021)

    Google Scholar 

  3. Bissias, G., Böhme, R., Thibodeau, D., Levine, B.N.: Pricing security in proof-of-work systems. arXiv preprint arXiv:2012.03706 (2020)

  4. Bonneau, J.: Why buy when you can rent? Bribery attacks on bitcoin-style consensus. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 19–26. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_2

    Chapter  Google Scholar 

  5. Bonneau, J.: Hostile blockchain takeovers (short paper). In: Zohar, A., et al. (eds.) FC 2018. LNCS, vol. 10958, pp. 92–100. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-662-58820-8_7

    Chapter  Google Scholar 

  6. Budish, E.: The economic limits of bitcoin and the blockchain. Technical report, National Bureau of Economic Research (2018)

    Google Scholar 

  7. Carlsten, M., Kalodner, H., Weinberg, S.M., Narayanan, A.: On the instability of bitcoin without the block reward. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 154–167. ACM (2016)

    Google Scholar 

  8. Daian, P., et al.: Flash boys 2.0: frontrunning in decentralized exchanges, miner extractable value, and consensus instability. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 910–927. IEEE (2020)

    Google Scholar 

  9. Eskandari, S., Moosavi, S., Clark, J.: SoK: transparent dishonesty: front-running attacks on blockchain. arXiv preprint arXiv:1902.05164 (2019)

  10. Eyal, I., Sirer, E.G.: Majority is not enough: bitcoin mining is vulnerable. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 436–454. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_28

    Chapter  Google Scholar 

  11. Ford, B., Böhme, R.: Rationality is self-defeating in permissionless systems (2019). ePrint arXiv:1910.08820

  12. Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications (2014). Published: Cryptology ePrint Archive, Report 2014/765

    Google Scholar 

  13. Garay, J.A., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications (2020). Publication Title: IACR Cryptology ePrint Archive, Report 2014/765

    Google Scholar 

  14. Gervais, A., Karame, G.O., Wüst, K., Glykantzis, V., Ritzdorf, H., Capkun, S.: On the security and performance of proof of work blockchains. In: Proceedings of the 2016 ACM SIGSAC, pp. 3–16. ACM (2016)

    Google Scholar 

  15. Hopwood, D., Bowe, S., Hornby, T., Wilcox, N.: Zcash protocol specification (2021). Accessed 06 Sept 2021

    Google Scholar 

  16. Hou, B., Chen, F.: A study on nine years of bitcoin transactions: understanding real-world behaviors of bitcoin miners and users (2021)

    Google Scholar 

  17. Judmayer, A., Stifter, N., Schindler, P., Weippl, E.: Pitchforks in cryptocurrencies: enforcing rule changes through offensive forking- and consensus techniques (short paper). In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Livraga, G., Rios, R. (eds.) DPM/CBT 2018. LNCS, vol. 11025, pp. 197–206. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00305-0_15

    Chapter  Google Scholar 

  18. Judmayer, A., et al.: Pay-to-win: cheap, crowdfundable, cross-chain algorithmic incentive manipulation attacks on pow cryptocurrencies. Cryptology ePrint Archive, Report 2019/775 (2019)

    Google Scholar 

  19. Judmayer, A., et al.: SoK: algorithmic incentive manipulation attacks on permissionless pow cryptocurrencies. Cryptology ePrint Archive, Report 2019/775 (2020)

    Google Scholar 

  20. Kappos, G., Yousaf, H., Maller, M., Meiklejohn, S.: An empirical analysis of anonymity in Zcash. In: 27th USENIX Security Symposium (USENIX Security 2018), pp. 463–477 (2018)

    Google Scholar 

  21. Kelkar, M., Zhang, F., Goldfeder, S., Juels, A.: Order-fairness for Byzantine consensus. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 451–480. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_16

    Chapter  Google Scholar 

  22. Kroll, J.A., Davey, I.C., Felten, E.W.: The economics of Bitcoin mining, or Bitcoin in the presence of adversaries. In: Proceedings of WEIS, vol. 2013, p. 11 (2013)

    Google Scholar 

  23. Liao, K., Katz, J.: Incentivizing blockchain forks via whale transactions. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 264–279. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_17

    Chapter  Google Scholar 

  24. McCorry, P., Hicks, A., Meiklejohn, S.: Smart contracts for bribing miners. In: Zohar, A., et al. (eds.) FC 2018. LNCS, vol. 10958, pp. 3–18. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-662-58820-8_1

    Chapter  Google Scholar 

  25. Nayak, K., Kumar, S., Miller, A., Shi, E.: Stubborn mining: generalizing selfish mining and combining with an eclipse attack. In: 1st IEEE European Symposium on Security and Privacy. IEEE (2016)

    Google Scholar 

  26. Obadia, A., Salles, A., Sankar, L., Chitra, T., Chellani, V., Daian, P.: Unity is strength: a formalization of cross-domain maximal extractable value (2021)

    Google Scholar 

  27. Pass, R., Shi, E.: Hybrid consensus: scalable permissionless consensus (2016)

    Google Scholar 

  28. Qin, K., Zhou, L., Gervais, A.: Quantifying blockchain extractable value: how dark is the forest? arXiv preprint arXiv:2101.05511 (2021)

  29. Rosenfeld, M.: Analysis of Hashrate-based double spending, vol. abs/1402.2009 (2014). Publication Title: CoRR

    Google Scholar 

  30. Sapirshtein, A., Sompolinsky, Y., Zohar, A.: Optimal selfish mining strategies in Bitcoin (2015). Publication Title: arXiv preprint arXiv:1507.06183

  31. Sompolinsky, Y., Zohar, A.: Bitcoin’s security model revisited. arXiv preprint arXiv:1605.09193 (2016)

  32. Teutsch, J., Jain, S., Saxena, P.: When cryptocurrencies mine their own business. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 499–514. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54970-4_29

    Chapter  Google Scholar 

  33. Torres, C.F., Iannillo, A.K., Gervais, A., State, R.: The eye of horus: spotting and analyzing attacks on Ethereum smart contracts (2021). ePrint 2101.06204

    Google Scholar 

  34. Tsabary, I., Eyal, I.: The gap game. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 713–728. ACM (2018)

    Google Scholar 

  35. Zhou, L., Qin, K., Cully, A., Livshits, B., Gervais, A.: On the just-in-time discovery of profit-generating transactions in DeFi protocols (2021). ePrint: 2103.02228

    Google Scholar 

  36. Zhou, L., Qin, K., Gervais, A.: A2MM: mitigating frontrunning, transaction reordering and consensus instability in decentralized exchanges. arXiv:2106.07371 [cs] (2021)

  37. Zhou, L., Qin, K., Torres, C.F., Le, D.V., Gervais, A.: High-frequency trading on decentralized on-chain exchanges. arXiv preprint arXiv:2009.14021 (2020)

Download references

Acknowledgements

This material is based upon work partially supported by (1) the Christian-Doppler-Laboratory for Security and Quality Improvement in the Production System Lifecycle; The financial support by the Austrian Federal Ministry for Digital and Economic Affairs, the Nation Foundation for Research, Technology and Development and University of Vienna, Faculty of Computer Science, Security & Privacy Group is gratefully acknowledged; (2) SBA Research; the competence center SBA Research (SBA-K1) funded within the framework of COMET Competence Centers for Excellent Technologies by BMVIT, BMDW, and the federal state of Vienna, managed by the FFG; (3) the FFG Industrial PhD projects 878835 and 878736. (4) the FFG ICT of the Future project 874019 dIdentity & dApps. (5) the European Union’s Horizon 2020 research and innovation programme under grant agreement No 826078 (FeatureCloud). We would also like to thank our anonymous reviewers for their valuable feedback and suggestions.

Author information

Authors and Affiliations

  1. SBA Research, Vienna, Austria

    Nicholas Stifter & Philipp Schindler

  2. University of Vienna, Vienna, Austria

    Aljosha Judmayer & Edgar Weippl

Authors
  1. Aljosha Judmayer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nicholas Stifter
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Philipp Schindler
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Edgar Weippl
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Aljosha Judmayer .

Editor information

Editors and Affiliations

  1. Georgetown University, Washington, DC, USA

    Shin'ichiro Matsuo

  2. Imperial College London, London, UK

    Lewis Gudgeon

  3. Cornell University, Ithaca, NY, USA

    Ariah Klages-Mundt

  4. Imperial College London, London, UK

    Daniel Perez Hernandez

  5. Imperial College London, London, UK

    Sam Werner

  6. The Australian National University, Canberra, ACT, Australia

    Thomas Haines

  7. Western University, London, ON, Canada

    Aleksander Essex

  8. University of Stirling, Stirling, UK

    Andrea Bracciali

  9. University of Trento, Trento, Trento, Italy

    Massimiliano Sala

Appendices

A Figure to Approximate \(\delta \)

Fig. 1.
figure 1

Figure to approximate \(\delta \) by comparing the average block rewards received by a miner with \( p = 0.1 \), to the expected infinite game rewards for the same miner with different discount factors \( \delta \). All rewards are given in normalized block rewards.

Full size image

B Illustration of Different Events and Their Consequences

Fig. 2.
figure 2

Visual illustration of different events and their consequences on a participant with \(\mathcal {R}{:}{=}\{ R_0,R_1 \}\). The total valuation of a participant before the respective event is normalized to 1. This means that the values for the initial exchange rates are \(e_{0,1}=1\) (s.t. \(f(r_{0,1},1)=r_{0,1}\)), and that \(\delta \) is static and thus ignored (\(\delta _{0,1}=0\)). In other words expected future rewards where already accounted for in the relation between \(p_{0,1}\) and \(r_{0,1}\), s.t. \(p_0+r_0+p_1+r_1 = 1\).

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Financial Cryptography Association

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Judmayer, A., Stifter, N., Schindler, P., Weippl, E. (2023). Estimating (Miner) Extractable Value is Hard, Let’s Go Shopping!. In: Matsuo, S., et al. Financial Cryptography and Data Security. FC 2022 International Workshops. FC 2022. Lecture Notes in Computer Science, vol 13412. Springer, Cham. https://doi.org/10.1007/978-3-031-32415-4_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-32415-4_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-32414-7

  • Online ISBN: 978-3-031-32415-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation