Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
194 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Rolling in the Shadows: Analyzing the Extraction of MEV Across Layer-2 Rollups (2405.00138v2)

Published 30 Apr 2024 in cs.CR

Abstract: The emergence of decentralized finance has transformed asset trading on the blockchain, making traditional financial instruments more accessible while also introducing a series of exploitative economic practices known as Maximal Extractable Value (MEV). Concurrently, decentralized finance has embraced rollup-based Layer-2 solutions to facilitate asset trading at reduced transaction costs compared to Layer-1 solutions such as Ethereum. However, rollups lack a public mempool like Ethereum, making the extraction of MEV more challenging. In this paper, we investigate the prevalence and impact of MEV on Ethereum and prominent rollups such as Arbitrum, Optimism, and zkSync over a nearly three-year period. Our analysis encompasses various metrics including volume, profits, costs, competition, and response time to MEV opportunities. We discover that MEV is widespread on rollups, with trading volume comparable to Ethereum. We also find that, although MEV costs are lower on rollups, profits are also significantly lower compared to Ethereum. Additionally, we examine the prevalence of sandwich attacks on rollups. While our findings did not detect any sandwiching activity on popular rollups, we did identify the potential for cross-layer sandwich attacks facilitated by transactions that are sent across rollups and Ethereum. Consequently, we propose and evaluate the feasibility of three novel attacks that exploit cross-layer transactions, revealing that attackers could have already earned approximately 2 million USD through cross-layer sandwich attacks.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (68)
  1. Aave. 2024a. Aave - Open Source Liquidity Protocol. https://aave.com/ Online; accessed 20 April 2024.
  2. Aave. 2024b. Flash Loans - Developers. https://docs.aave.com/developers/guides/flash-loans Online; accessed 20 April 2024.
  3. Aave. 2024c. LendingPool - Developers. https://docs.aave.com/developers/v/2.0/the-core-protocol/lendingpool#getuseracountdata Online; accessed 20 April 2024.
  4. Aave. 2024d. Liquidations - Developers. https://docs.aave.com/developers/guides/liquidations Online; accessed 20 April 2024.
  5. Arbiscan. 2024. Accounts — Arbiscan. https://docs.arbiscan.io/api-endpoints/accounts Online; accessed 20 April 2024.
  6. Arbitrum. 2024. Arbitrum — The Future of Ethereum. https://arbitrum.io/ Online; accessed 20 April 2024.
  7. Lanturn: Measuring economic security of smart contracts through adaptive learning. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. 1212–1226.
  8. Arthur Bagourd and Luca Georges Francois. 2023. Quantifying MEV On Layer 2 Networks. CoRR abs/2309.00629 (2023). https://doi.org/10.48550/arXiv.2309.00629 arXiv:2309.00629
  9. Balancer. 2024a. Balancer DeFi Liquidity Protocol. https://balancer.fi/ Online; accessed 20 April 2024.
  10. Balancer. 2024b. Flash Loans — Balancer. https://docs.balancer.fi/reference/contracts/flash-loans.html Online; accessed 20 April 2024.
  11. Ronin Chain. 2024. Ronin Bridge. https://docs.roninchain.com/apps/ronin-bridge Online; accessed 20 April 2024.
  12. Chainlink. 2024. Chainlink Data Feeds — Chainlink Documentation. https://docs.chain.link/data-feeds#price-feeds Online; accessed 20 April 2024.
  13. CoinGecko. 2024. Crypto API Documentation — CoinGecko. https://www.coingecko.com/api/documentation Online; accessed 20 April 2024.
  14. CompaniesMarketCap.com. 2024a. Companies ranked by Market Cap - CompaniesMarketCap.com. https://companiesmarketcap.com/ Online; accessed 20 April 2024.
  15. CompaniesMarketCap.com. 2024b. Total Value Locked All Chains - DeFiLama. https://defillama.com/chains Online; accessed 20 April 2024.
  16. Compound. 2024a. Compound. https://compound.finance/ Online; accessed 20 April 2024.
  17. Compound. 2024b. Compound V2 Docs — Comptroller. https://docs.compound.finance/v2/comptroller/ Online; accessed 20 April 2024.
  18. Curve. 2024. Curve: Swap. https://curve.fi Online; accessed 20 April 2024.
  19. Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability. In 2020 IEEE Symposium on Security and Privacy (SP). 910–927. https://doi.org/10.1109/SP40000.2020.00040
  20. Towards scaling blockchain systems via sharding. In Proceedings of the 2019 international conference on management of data. 123–140.
  21. DappRadar. 2024. Top Ethereum DeFi TVL. https://dappradar.com/rankings/defi/chain/ethereum?category=defi_dex Online; accessed 20 April 2024.
  22. DeFiLama. 2024. DeFiLama - DeFi Dashboard. https://defillama.com/ Online; accessed 20 April 2024.
  23. DeFiLlama. 2024. Lending TVL Rankings. https://defillama.com/protocols/Lending/Ethereum Online; accessed 20 April 2024.
  24. Etherscan. 2024a. Accounts — Etherscan. https://docs.etherscan.io/api-endpoints/accounts Online; accessed 20 April 2024.
  25. Optimistic Etherscan. 2024b. Accounts — Optimism Etherscan — Optimism. https://docs.optimism.etherscan.io/api-endpoints/accounts Online; accessed 20 April 2024.
  26. Flashbots. 2024a. Flashbots. https://www.flashbots.net Online; accessed 20 April 2024.
  27. Flashbots. 2024b. Flashbots Blocks API. https://blocks.flashbots.net Online; accessed 20 April 2024.
  28. Sok: Layer-two blockchain protocols. In Financial Cryptography and Data Security: 24th International Conference, FC 2020, Kota Kinabalu, Malaysia, February 10–14, 2020 Revised Selected Papers 24. Springer, 201–226.
  29. Flashbabies: Mev on l2. (2021). https://timroughgarden.github.io/fob21/reports/r11.pdf
  30. Elan Halpern. 2021. Unmasking the Ethereum Uncle Bandit. https://medium.com/alchemy-api/unmasking-the-ethereum-uncle-bandit-a2b3eb694019 Online; accessed 20 April 2024.
  31. Ethereum’s Proposer-Builder Separation: Promises and Realities. In Proceedings of the 2023 ACM on Internet Measurement Conference, IMC 2023, Montreal, QC, Canada, October 24-26, 2023, Marie-José Montpetit, Aris Leivadeas, Steve Uhlig, and Mobin Javed (Eds.). ACM, 406–420. https://doi.org/10.1145/3618257.3624824
  32. Lioba Heimbach and Roger Wattenhofer. 2022. Eliminating Sandwich Attacks with the Help of Game Theory. In ASIA CCS ’22: ACM Asia Conference on Computer and Communications Security, Nagasaki, Japan, 30 May 2022 - 3 June 2022, Yuji Suga, Kouichi Sakurai, Xuhua Ding, and Kazue Sako (Eds.). ACM, 153–167.
  33. Blindperm: Efficient mev mitigation with an encrypted mempool and permutation. Cryptology ePrint Archive (2023).
  34. Omniledger: A secure, scale-out, decentralized ledger via sharding. In 2018 IEEE symposium on security and privacy (SP). IEEE, 583–598.
  35. L2BEAT. 2024. L2BEAT – The state of the layer two ecosystem. https://l2beat.com/scaling/summary Online; accessed 20 April 2024.
  36. L2Fees.info. 2024. L2 Fees. https://l2fees.info/ Online; accessed 20 April 2024.
  37. Michael Lewis. 2014. Flash Boys. W.W. Norton & Company.
  38. Demystifying DeFi MEV Activities in Flashbots Bundle. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. 165–179.
  39. A Large Scale Study of the Ethereum Arbitrage Ecosystem. In 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023, Joseph A. Calandrino and Carmela Troncoso (Eds.). USENIX Association, 3295–3312.
  40. Raiden Network. 2024. Raiden Network. https://raiden.network/ Online; accessed 20 April 2024.
  41. Unity is Strength: A Formalization of Cross-Domain Maximal Extractable Value. CoRR abs/2112.01472 (2021). arXiv:2112.01472 https://arxiv.org/abs/2112.01472
  42. OpenZeppelin. 2024. Proxy Upgrade Pattern - OpenZeppelin Docs. https://docs.openzeppelin.com/upgrades-plugins/1.x/proxies Online; accessed 20 April 2024.
  43. Optimism. 2024. Optimism — Home. https://www.optimism.io/ Online; accessed 20 April 2024.
  44. Playing the MEV Game on a First-Come-First-Served Blockchain. arXiv preprint arXiv:2401.07992 (2024).
  45. Perun. 2024. Perun — Blockchains in real-time. https://perun.network/ Online; accessed 20 April 2024.
  46. Extracting Godl [sic] from the Salt Mines: Ethereum Miners Extracting Value. arXiv:2203.15930 [cs] (March 2022). http://arxiv.org/abs/2203.15930 arXiv: 2203.15930.
  47. Polygon. 2024. Web3, Aggregated. https://polygon.technology/ Online; accessed 20 April 2024.
  48. Joseph Poon and Thaddeus Dryja. 2016. The bitcoin lightning network: Scalable off-chain instant payments.
  49. Across Protocol. 2024a. Home — Across Protocol. https://across.to/ Online; accessed 20 April 2024.
  50. Hop Protocol. 2024b. A Short Explainer — User Docs — Hop Docs. https://docs.hop.exchange/basics/a-short-explainer Online; accessed 20 April 2024.
  51. The Blockchain Imitation Game. In 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023, Joseph A. Calandrino and Carmela Troncoso (Eds.). USENIX Association, 3961–3978.
  52. Quantifying Blockchain Extractable Value: How dark is the forest?. In 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022. IEEE, 198–214.
  53. Solidity. 2024. Contract Metadata - Solidity 0.8.26 documentation. https://docs.soliditylang.org/en/latest/metadata.html Online; accessed 20 April 2024.
  54. SushiSwap. 2024. Buy and Sell Instantly on Sushi. https://www.sushi.com/ Online; accessed 20 April 2024.
  55. Frontrunner Jones and the Raiders of the Dark Forest: An Empirical Study of Frontrunning on the Ethereum Blockchain. In USENIX Security Symposium, Virtual 11-13 August 2021.
  56. A Ripple for Change: Analysis of Frontrunning in the XRP Ledger. In 2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). IEEE, 1–9.
  57. Uniswap. 2024. Uniswap Protocol. https://uniswap.org/ Online; accessed 20 April 2024.
  58. Towards a first step to understand flash loan and its applications in defi ecosystem. In Proceedings of the Ninth International Workshop on Security in Blockchain and Cloud Computing. 23–28.
  59. Cyclic arbitrage in decentralized exchanges. In Companion Proceedings of the Web Conference 2022. 12–19.
  60. A Flash(bot) in the Pan: Measuring Maximal Extractable Value in Private Pools. In Proceedings of the 22nd ACM Internet Measurement Conference (IMC ’22). Association for Computing Machinery, Nice, France. https://doi.org/10.1145/3517745.3561448
  61. Gavin Wood et al. 2014. Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper 151, 2014 (2014), 1–32.
  62. Wormhole. 2024. The best way to build cross-chain. https://wormhole.com/ Online; accessed 20 April 2024.
  63. Survey: Sharding in blockchains. IEEE Access 8 (2020), 14155–14181.
  64. Front-running Attack in Distributed Sharded Ledgers and Fair Cross-shard Consensus. arXiv preprint arXiv:2306.06299 (2023).
  65. zkSync. 2024a. zkEVM FaQ — zkSync Documentaion. https://docs.zksync.io/zkevm/ Online; accessed 20 April 2024.
  66. zkSync. 2024b. zkSync — Scaling the Ethos and technology of Ethereum. https://zksync.io/ Online; accessed 20 April 2024.
  67. zkSync. 2024c. zkSync Era Developer Tools — Compiler Toolchain — Overview. https://era.zksync.io/docs/tools/compiler-toolchain/overview.html Online; accessed 20 April 2024.
  68. zkSync Era Explorer. 2024. ZkSync Block Explorer API. https://block-explorer-api.mainnet.zksync.io/docs Online; accessed 20 April 2024.
Citations (4)
View on Semantic Scholar

Summary

  • The paper quantifies MEV extraction, showing that despite lower profits on rollups, activity frequency exceeds that on Ethereum.
  • The study employs a three-year data analysis across Arbitrum, Optimism, and zkSync to reveal how reduced transaction costs fuel MEV strategies.
  • It identifies potential cross-layer sandwich attacks, simulating $2M in earnings, and recommends countermeasures to enhance DeFi security.

Analysis of Maximal Extractable Value in Layer-2 Rollups

This paper presents a comprehensive analysis of Maximal Extractable Value (MEV) across Ethereum and its Layer-2 rollups: Arbitrum, Optimism, and zkSync. The paper extends over a three-year period and provides insights into the prevalence and economics of MEV following the emergence of decentralized finance (DeFi) and the subsequent adoption of rollup technologies. The paper places particular emphasis on the viability and effects of MEV strategies in environments devoid of public mempools, a critical underlying factor in traditional MEV exploitation on Ethereum.

MEV Volume and Economic Impact

The authors measure the volume of MEV activity and note that although profits in rollups are notably lower compared to Ethereum, the frequency of such operations is robust and increasing. This paradox might be partially attributable to significantly reduced transaction costs on rollups, making them attractive despite the reduced profitability per MEV instance. A key finding is that Arbitrum and Optimism are now seeing MEV activities at rates that surpass those of Ethereum.

Transaction throughput and cost reductions are key advantages of rollup-based Layer-2 solutions. While these platforms make sandwich attacks more challenging due to the absence of a public mempool, MEV in the form of arbitrage and liquidation remains feasible by examining finalized block states. Significantly, the cost analysis highlights reduced transaction fees across rollups for MEV activities, reinforcing rollups' role in democratizing DeFi accessibility.

Observed Strategies and New Attack Vectors

The paper discusses several techniques for detecting traditional MEV activities such as arbitrage and liquidation. Interestingly, no sandwich attacks were detected on the rollups within the paper period, indicating that current sequencing methods are resistant to such forms of exploitation.

A crucial contribution of this research is the identification of potential cross-layer sandwich attacks. These attacks exploit the practice of submitting Layer-2 transactions via Layer-1, presenting a novel concern. The authors describe three potential strategies for such attacks and simulate their viability using mainnet data. These simulations suggest that attackers could potentially earn approximately $2 million USD, underscoring a substantial risk vector.

Implications and Future Directions

This work has several implications for blockchain and DeFi ecosystems. The results suggest continued MEV potential on rollups despite their structural differences from Layer-1 operations. The reduction in costs and fees in rollups is contributing to their increased adoption, but this also introduces new security and economic challenges, as evidenced by the cross-layer sandwich attack strategies.

The research also highlights the advantages of private pools and encrypted mempools in mitigating parts of this issue and recommends further exploration in randomizing transaction order policies or reducing transaction delays as potential solutions. Importantly, it signals a need for consistent vigilance and adaptive strategies in the development of rollup protocols to preempt the evolving landscape of MEV and other exploits.

Conclusion

The findings enrich existing literature on MEV by not only extending insights to Layer-2 rollups but also by introducing cross-layer MEV as an area warranting immediate attention. Moving forward, there is a need for the continuous development of countermeasures against emerging MEV threats, as well as a deeper understanding of MEV's implications on blockchain financial health and fairness. This paper is pivotal for stakeholders in the DeFi space, providing a detailed evaluation of current vulnerabilities and potential future directions to secure the growing ecosystem around Layer-2 rollups.

File Document Download Save Streamline Icon: https://streamlinehq.com PDF File Document Download Save Streamline Icon: https://streamlinehq.com Markdown