TLDR:
This paper attempts to establish a framework for the concept of Blockchain Extractable Value (BEV). Borrowing and expanding upon the concept of Miner Extractable Value (MEV), BEV defines the many ways value can be extracted from a blockchain.
The researchers analyzed the Ethereum blockchain looking for BEV and found that over two years, various types of BEV activities yielded roughly 28.8M USD in returns.
Core Research Question
Does blockchain extractable value (BEV) promote behaviors that could potentially destabilize blockchain security?
Citation
Qin, K., Zhou, L., & Gervais, A. (2021). Quantifying Blockchain Extractable Value: How dark is the forest?. arXiv preprint arXiv:2101.05511.
Background
Miner Extractable value (MEV): The profit that miners can obtain via manipulation of transactions when mining blocks. Miners are typically compensated simply via transaction fees and block rewards. To obtain MEV, miners can insert, omit, reorder, or replace transactions on a blockchain for the purpose of frontrunning or otherwise exploiting vulnerabilities in DEXes.
Blockchain Extractable Value (BEV): Though BEV is not explicitly defined in this paper, it is considered by the author to be a more general term relative to Miner Extractable Value. If BEV is extractable by a miner, it is referred to as MEV.
Private transactions:
Front-running: When an attacker has prior access to market information and is able to make trades benefiting their position and potentially damaging the position of others.
Transaction Replay attack: An attack in which a transaction is observed, then maliciously rebroadcast to the network by the attacker in an attempt to extract value from the trade before the original transaction can be completed.
Sandwich attacks: Attacks in which a nefarious actor observes a transaction, then front runs the transaction, allows the targeted transaction to take place, then back-runs the transaction.
Mempool: The memory pool in which transactions are stored and ordered to be executed within the next block.
Mempool priority: The priority determines the order of transactions within a queue. If a single transaction is repeated, the transaction with the highest priority will be executed first.
Transaction fee: The financial cost to users for calling smart contract functions, which is then paid to miners. They are usually denominated in Gwei (a fraction of ETH) and are a result of the gas cost of transactions and the current miner-set gas price.
Gas: The unit of measure of computational cost for Ethereum smart contracts.
Destructive Front-running: If an attacker front runs a victim and causes the victim’s transaction to fail, that is considered a destructive front-running attack.
Cooperative Front-running: If a front-runner ensures that the transaction being front-run goes through, that is classified as a cooperative front-running attack.
Back-running: Similar to a front-running attack where an attacker has prior knowledge of market information, which gives them the chance to make a trade that comes after other trades have been executed within a block during an arbitrage attempt.
Clogging: When an attacker jams or spams the blockchain with the intention of preventing users or bots from executing transactions. Would be the equivalent of a Denial of Service attack on a blockchain.
Block State Arbitrage: This occurs when an arbitrage trader listens to confirmed blockchain states, then attempts to destructively front-run all other market participants
Network Arbitrage: If a trader sees a large pending trade on the network (which is likely to raise the value on other exchanges), the trader can attempt to delay other traders’ capacity to arbitrage the trade by clogging the network, and attempting to back-run the transaction.
Summary
From analyzing two years of data gathered, the researchers identified 1,379 independent Ethereum addresses and 455 smart contracts performing 21,001 sandwich attacks on Uniswap v1/v2, Sushiswap, Curve, Swerve, 1inch, and Bancor (which cumulatively represent 82% of the DEX market.)
Over the course of two years, there were 237 blockchain clogging events on the Ethereum blockchain with the longest period lasting 5 minutes (24 blocks with a corresponding cost of 39 ETH).
93.67% of clogging events lasted under 2 minutes (10 blocks).
At least 4/10 of the most significant clogging events attempted to extract monetary value from a gambling protocol.
Method
The researchers analyzed exchanges, blockchain transactions, the relative number of hidden transactions compared to public transactions, as well as the fees associated with those transactions. The researchers established their definitions of attacks and identified indicators of an attack to then analyze blockchain activity to measure observable attacks.
In measuring these attacks, the researchers quantified the value extracted by the attackers to determine the BEV across the analyzed chains within the period observed. The researchers observed a total of 144 cryptocurrencies across 767 exchanges for the period between December 2018 and November 2020.
The researchers also created their own algorithms that would simulate trades based on the arbitrage opportunities seen on the network. These algorithms followed rules established to determine the parameters for extracted value.
Results
Researchers found 1.64% of transactions were privately mined.
8.35% of private transactions invoked smart contracts.
26% of miners mined transactions privately.
There were instances of pools attempting to occlude private mining transactions by paying the gas prices associated with public transactions to prevent the transaction from standing out among other transactions as a flag.
There is a contract referenced by the researcher for which all incoming transactions are mined by SparkPool and not broadcast to the P2P network. This contract appears to be involved in trading based on analysis of the EVM bytecode, suggesting that SparkPool is engaging in MEV.
The replay algorithm produced by the researchers would have yielded an estimated 51,688.33 ETH in profit over two years, giving insight into the potential profit-motive associated with acting as a malicious miner, privately mining, and extracting value through front-running, back-running, or a combination of replay attacks.
Discussion and Key Takeaways
The researchers found no sandwich attacks on Curve, Swerve, or 1inch exchanges. They concluded this was due to those exchanges specializing in pegged assets which experienced very little slippage to create arbitrage opportunities.
These actors yielded a total profit of 1.51M USD paying an average transaction fee of 0.04 ETH.
They found that fixed spread liquidation protocols such as Aave, Compound, and dYdX (cumulatively 66% of the DeFi lending market) showed a total of 16,031 liquidations that yielded an accumulated profit of 20.18M USD.
Of those liquidations, 12.71% tried to back-run the price oracle update transaction with 87.29 attempting to front-run competing liquidation transactions.
The researchers identified 789 smart contracts which were shown to have performed 51,415 trades yielding a total profit of 7.11M USD.
Of those transactions, 60.08% were network state arbitrages which indicates that there were transactions being back-run by traders analyzing previous trades within a block.
Implications and Follow-ups
The capacity for private mining to prevent front-running attacks gives miners an unfair advantage. This concentration of influence might undermine the decentralization of the network.
Miners’ willingness to extract and compete over MEV is one of the biggest risks to the consensus mechanism securing blockchains.
The researchers allude to the study being limited by their focus on sandwich attacks, liquidations, and arbitrage. They assert that not all of the BEV was captured. Future studies attempting to capture BEV should acknowledge the limitations of their heuristics with the understanding that there can be no exhaustive measurement of BEV.
Applicability
The researchers assert that blockchain security can be analyzed across different layers, including the CPU, network, consensus, application, and smart contract layers. This study focused on the application layer and the parts of the application layer that interacted with the smart contract layer. They articulate that there is a difference between destructive and cooperative front-running to create nuance in the definition of extracted value.
The most commonly captured attacks were double-spends, selfish mining, and bribery attacks. Future research and development could potentially focus on ways to develop reputational incentives for miners to avoid selfish mining or bribery. The researchers also note that in the presence of a presumed trusted hardware solution, there is a potential to prevent front-running attacks from occurring on-chain.