Abstract
The term miner extractable value (MEV) has been coined to describe the value which can be extracted by a miner, e.g., from manipulating the order of transactions within a given timeframe. \(\textsc {MEV}\) has been deemed an important factor to assess the overall economic stability of a cryptocurrency. This stability also influences the economically rational choice of the security parameter k, by which a merchant defines the number of required confirmation blocks in cryptocurrencies based on Nakamoto consensus. Unfortunately, although being actively discussed within the cryptocurrency community, no exact definition of \(\textsc {MEV}\) was given when the term was originally introduced. In this paper, we outline the difficulties in defining different forms of extractable value, informally used throughout the community. We show that there is no globally unique \(\textsc {MEV}\)/\(\textsc {EV}\) which can readily be determined, and that a narrow definition of \( \textsc {MEV}\) fails to capture the extractable value of other actors like users, or the probabilistic nature of permissionless cryptocurrencies. We describe an approach to estimate the minimum extractable value that would incentivize actors to act maliciously and thus can potentially lead to consensus instability. We further highlight why it is hard, or even impossible, to precisely determine the extractable value of other participants, considering the uncertainties in real world systems. Finally, we outline a peculiar yet straightforward technique for choosing the individual security parameter k, which can act as a workaround to transfer the risk of an insufficiently chosen k to another merchant.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
All source code and artefacts can be found on GitHub https://github.com/kernoelpanic/estimatingMEVishard_artefacts.
- 3.
Also the term players is commonly used to refer to the involved parties.
- 4.
Note that, a naive algorithm for finding the optimal ordering of all transactions is factorial in the number of transactions, which is computationally infeasible even for most current Ethereum blocks which have more than 200 transactions.
- 5.
In Ethereum the extractable fee is a combination of gasPrice multiplied by gasUsed.
- 6.
Another one being propagation times, but we will ignore that for now.
- 7.
Note that, in a model with constant hashrate and difficulty, deviations like selfish mining [10], only increase the relative reward of an actor compared to others and not the absolute reward over time [25, 30]. So in a constant difficulty model, selfish mining would not be more profitable over time than ordinary mining. This observation also holds in a model with variable difficulty until the difficulty is adjusted. In Bitcoin for example, this happens roughly every two weeks (2016 blocks).
- 8.
As an analysis of Bitcoin shows [16], miners more-or-less stick to the rules despite preferring transactions with higher fees and smaller blocks for faster propagation.
- 9.
With the simplifying assumption that no blocks are found concurrently.
- 10.
Pass et al. [27] pointed out that PoW blockchains cannot stop without becoming insecure, so they have to run infinitely long.
References
Talk: A primer on economics for cryptocurrencies. School of Blocks, Blockchain summer school at TU Wien (2019). Accessed 15 Sept 2020
Babel, K., Daian, P., Kelkar, M., Juels, A.: Clockwork finance: automated analysis of economic security in smart contracts. CoRR, abs/2109.04347 (2021)
Bissias, G., Böhme, R., Thibodeau, D., Levine, B.N.: Pricing security in proof-of-work systems. arXiv preprint arXiv:2012.03706 (2020)
Bonneau, J.: Why buy when you can rent? Bribery attacks on bitcoin-style consensus. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 19–26. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_2
Bonneau, J.: Hostile blockchain takeovers (short paper). In: Zohar, A., et al. (eds.) FC 2018. LNCS, vol. 10958, pp. 92–100. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-662-58820-8_7
Budish, E.: The economic limits of bitcoin and the blockchain. Technical report, National Bureau of Economic Research (2018)
Carlsten, M., Kalodner, H., Weinberg, S.M., Narayanan, A.: On the instability of bitcoin without the block reward. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 154–167. ACM (2016)
Daian, P., et al.: Flash boys 2.0: frontrunning in decentralized exchanges, miner extractable value, and consensus instability. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 910–927. IEEE (2020)
Eskandari, S., Moosavi, S., Clark, J.: SoK: transparent dishonesty: front-running attacks on blockchain. arXiv preprint arXiv:1902.05164 (2019)
Eyal, I., Sirer, E.G.: Majority is not enough: bitcoin mining is vulnerable. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 436–454. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_28
Ford, B., Böhme, R.: Rationality is self-defeating in permissionless systems (2019). ePrint arXiv:1910.08820
Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications (2014). Published: Cryptology ePrint Archive, Report 2014/765
Garay, J.A., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications (2020). Publication Title: IACR Cryptology ePrint Archive, Report 2014/765
Gervais, A., Karame, G.O., Wüst, K., Glykantzis, V., Ritzdorf, H., Capkun, S.: On the security and performance of proof of work blockchains. In: Proceedings of the 2016 ACM SIGSAC, pp. 3–16. ACM (2016)
Hopwood, D., Bowe, S., Hornby, T., Wilcox, N.: Zcash protocol specification (2021). Accessed 06 Sept 2021
Hou, B., Chen, F.: A study on nine years of bitcoin transactions: understanding real-world behaviors of bitcoin miners and users (2021)
Judmayer, A., Stifter, N., Schindler, P., Weippl, E.: Pitchforks in cryptocurrencies: enforcing rule changes through offensive forking- and consensus techniques (short paper). In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Livraga, G., Rios, R. (eds.) DPM/CBT 2018. LNCS, vol. 11025, pp. 197–206. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00305-0_15
Judmayer, A., et al.: Pay-to-win: cheap, crowdfundable, cross-chain algorithmic incentive manipulation attacks on pow cryptocurrencies. Cryptology ePrint Archive, Report 2019/775 (2019)
Judmayer, A., et al.: SoK: algorithmic incentive manipulation attacks on permissionless pow cryptocurrencies. Cryptology ePrint Archive, Report 2019/775 (2020)
Kappos, G., Yousaf, H., Maller, M., Meiklejohn, S.: An empirical analysis of anonymity in Zcash. In: 27th USENIX Security Symposium (USENIX Security 2018), pp. 463–477 (2018)
Kelkar, M., Zhang, F., Goldfeder, S., Juels, A.: Order-fairness for Byzantine consensus. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 451–480. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_16
Kroll, J.A., Davey, I.C., Felten, E.W.: The economics of Bitcoin mining, or Bitcoin in the presence of adversaries. In: Proceedings of WEIS, vol. 2013, p. 11 (2013)
Liao, K., Katz, J.: Incentivizing blockchain forks via whale transactions. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 264–279. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_17
McCorry, P., Hicks, A., Meiklejohn, S.: Smart contracts for bribing miners. In: Zohar, A., et al. (eds.) FC 2018. LNCS, vol. 10958, pp. 3–18. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-662-58820-8_1
Nayak, K., Kumar, S., Miller, A., Shi, E.: Stubborn mining: generalizing selfish mining and combining with an eclipse attack. In: 1st IEEE European Symposium on Security and Privacy. IEEE (2016)
Obadia, A., Salles, A., Sankar, L., Chitra, T., Chellani, V., Daian, P.: Unity is strength: a formalization of cross-domain maximal extractable value (2021)
Pass, R., Shi, E.: Hybrid consensus: scalable permissionless consensus (2016)
Qin, K., Zhou, L., Gervais, A.: Quantifying blockchain extractable value: how dark is the forest? arXiv preprint arXiv:2101.05511 (2021)
Rosenfeld, M.: Analysis of Hashrate-based double spending, vol. abs/1402.2009 (2014). Publication Title: CoRR
Sapirshtein, A., Sompolinsky, Y., Zohar, A.: Optimal selfish mining strategies in Bitcoin (2015). Publication Title: arXiv preprint arXiv:1507.06183
Sompolinsky, Y., Zohar, A.: Bitcoin’s security model revisited. arXiv preprint arXiv:1605.09193 (2016)
Teutsch, J., Jain, S., Saxena, P.: When cryptocurrencies mine their own business. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 499–514. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54970-4_29
Torres, C.F., Iannillo, A.K., Gervais, A., State, R.: The eye of horus: spotting and analyzing attacks on Ethereum smart contracts (2021). ePrint 2101.06204
Tsabary, I., Eyal, I.: The gap game. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 713–728. ACM (2018)
Zhou, L., Qin, K., Cully, A., Livshits, B., Gervais, A.: On the just-in-time discovery of profit-generating transactions in DeFi protocols (2021). ePrint: 2103.02228
Zhou, L., Qin, K., Gervais, A.: A2MM: mitigating frontrunning, transaction reordering and consensus instability in decentralized exchanges. arXiv:2106.07371 [cs] (2021)
Zhou, L., Qin, K., Torres, C.F., Le, D.V., Gervais, A.: High-frequency trading on decentralized on-chain exchanges. arXiv preprint arXiv:2009.14021 (2020)
Acknowledgements
This material is based upon work partially supported by (1) the Christian-Doppler-Laboratory for Security and Quality Improvement in the Production System Lifecycle; The financial support by the Austrian Federal Ministry for Digital and Economic Affairs, the Nation Foundation for Research, Technology and Development and University of Vienna, Faculty of Computer Science, Security & Privacy Group is gratefully acknowledged; (2) SBA Research; the competence center SBA Research (SBA-K1) funded within the framework of COMET Competence Centers for Excellent Technologies by BMVIT, BMDW, and the federal state of Vienna, managed by the FFG; (3) the FFG Industrial PhD projects 878835 and 878736. (4) the FFG ICT of the Future project 874019 dIdentity & dApps. (5) the European Union’s Horizon 2020 research and innovation programme under grant agreement No 826078 (FeatureCloud). We would also like to thank our anonymous reviewers for their valuable feedback and suggestions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Figure to Approximate \(\delta \)
B Illustration of Different Events and Their Consequences
Rights and permissions
Copyright information
© 2023 International Financial Cryptography Association
About this paper
Cite this paper
Judmayer, A., Stifter, N., Schindler, P., Weippl, E. (2023). Estimating (Miner) Extractable Value is Hard, Let’s Go Shopping!. In: Matsuo, S., et al. Financial Cryptography and Data Security. FC 2022 International Workshops. FC 2022. Lecture Notes in Computer Science, vol 13412. Springer, Cham. https://doi.org/10.1007/978-3-031-32415-4_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-32415-4_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-32414-7
Online ISBN: 978-3-031-32415-4
eBook Packages: Computer ScienceComputer Science (R0)