Front-running, back-running, Priority Gas Auction, Maximal/Miner Extractable Value (MEV) are starting to become familiar terms to anyone in DeFi. The last year has shed light on the issues these strategies present as DeFi has exploded in value. If the past few months is any indicator, this problem is only getting worse. The Dark Forest and Escaping the Dark Forest lay out in frightening fashion how these attacks are implemented and the danger these practices pose to the industry. The problems presented by MEV have only grown during the recent bull run.

Front or back running occurs when a bad actor notices a market moving trade before it is submitted. The malicious actor then submits their own trade that is processed first, buying the asset at the spot price, allowing the market moving trade to drive the price up, then selling the assets for profit. A deeper explanation of the finer details of front-running and other MEV-type events can be found here. (And if you want to go deep down the rabbit hole, check this out.)

Blockchain has a counterintuitive problem. One of the pillars of blockchain integrity: data transparency, provides savvy developers the perfect opportunity to perform front running trades on DEXs. The tactic is particularly apparent in AMMs (Automated Market Makers), such as Uniswap. In AMMs there is no need to find a matching buy order for your sell order, Instead, you swap assets with a pool which then readjusts the price. This maintains an equilibrium between the total value of the pair of assets in a pool.

credit to Bancor for the graphic

If you’re a malicious bot, it’s a perfect opportunity to pull off an MEV attack, since they have access to both the “mempool” (a low level memory storage of unsettled transactions), as well as predetermination of how the trade will move a market.

DEX’s currently make up 30% — 40% of the total value locked (TVL) in the DeFi ecosystem. By providing liquidity, AMMs are simple and increasingly popular avenues to profit. In the last quarter, DEX TVL has grown by $10bn. Flashbots MEV explorer estimates that at the bare minimum, $181mm has been lost to MEV.

This is 2% of the total value accrued during that 3 month period. In 2020, $165mm was lost to these practices, and we’ve exceeded that in only 3 months this year. The scope of our industry’s data aggregation is incomplete. MEV explorer only monitors 8 platforms and a handful of MEV types. We think that $181mm is a woefully low estimate. Even more troubling, is the fact that the tech to perform the front-running is more sophisticated than the technology to detect and prevent it.

Currently, a loss of 2% is nothing compared to the huge returns that many savvy users are realizing on DeFi platforms, but the fact that these trades are growing at an exponential rate poses a serious threat to casual DeFi users, particularly in the case of a prolonged bear market. If we take a look into the future, current trends indicate that losses due to MEV will be $1bn in Q4 of 2021. There are rumblings that miners will begin turning to MEV software in order to make up for lost transaction fees. While the true effects of the upcoming layer 1 proposals are heavily debated, the current environment clearly presents risk in regards to MEV. DeFi’s appeal is that it allows users to focus their attention on the financial aspect of these products. It’s not unreasonable for them to expect that tools, services and infrastructure they are using have considered and mitigated the risk that is unique to blockchain based money markets.

There are a wide variety of solutions that have been proposed at both the layer 1 level and application level. Layer 1 solutions include the upcoming EIP 1559 proposal decision and further down the line, the Berlin Fork and switch to Eth 2.0, and Proof of Stake. In the present, platforms use a variety of different techniques to mitigate MEV/front-running attacks. 0x, Curve finance, Dexible, Enigma and many other solutions currently exist and are constantly being innovated. With each solution, come many flaws, and each of those flaws offers its own unique type of risk.

So where does this leave us? Solutions at every level of the ecosystem have been implemented and presented, yet their true effectiveness might not be realized for some time. Meanwhile, MEV is growing at an alarming rate and could potentially have a real impact on user returns. Until there is a silver bullet at the layer 1 level, platforms and protocols should be partially evaluated based on the measures they take to shield their users from MEV style attacks. Another solution is anti-MEV models could be opened up to a larger community of DeFi devs/users/researchers. Model builders and models could gather insight and improvements from a user group that is incentivized to improve these models in order to shield users from malicious behavior.