[go: up one dir, main page]
July 14, 2023

EVIntent - Darkmatter in MEV

Listen To This Article
Yellow Propeller icon
Written by
Yellow Propeller

Introduction 

If you want to protect yourself against MEV, you first need a full picture.

There is at least one large class of MEV strategies that was overlooked so far: MEV that exploits your intent to trade.

We term this new type of MEV: EV_Intent.

Ironically, today’s MEV solutions can make you an easier target for EV_Intent.

In this article, we explain how EV_Intent works and how you can protect yourself against it (spoiler: there’s no quick fix yet).

How I got rekt

My first encounter with EV_Intent was personal: I wanted to sell a shitcoin, and thought I did everything right – but actually, I got sandwiched by an EV_Intent bot, and lost 10% on my trade.

Looking into the transaction, this is what the bot did:

1. My approval -> Bot sells: First, I approved my token to be spent by the DEX router (as you need to do on most DEXs). From the approval, the bot inferred my intent to sell, decided to frontrun me with his own sell – and as a result – pushed the price down.

2. My sell -> Bot buys: Then I did my sell, and pushed the price down further. The same bot then backran my sell, buying back his tokens. Thanks to me pushing the price down – the bot bought the tokens back 5% cheaper.

Effectively, the bot ran a multi-block sandwich on me, selling long before I sold and closing his position behind me.

In this case, setting low slippage, or hiding my swap from the mempool did not help.

The bot did not target my transaction – it predicted my transaction.

EV_Intent exploits your trade

Current MEV protection solutions only hide your signed transaction from the bots – but, not your intent to trade.

If your intent to trade is public – bots can predict your trade, and sandwich you, over multiple blocks. And you might not even notice it – it just looks like you picked an unlucky moment to trade.

You leak your intent in many ways – from publishing your intent on an auction, asking for a quote, or any other action that strongly correlates with a trade, such as approving tokens against a router.

Bots can predict, and exploit, your trade from any action that leaks information about your trade – not just your signed transaction.

Current advice goes: Hide your transaction to be safe from MEV.

However, it's more accurate to say: Hide your trade to be safe from MEV.

Private RPCs only hide your transactions

Today, MEV protection solutions hide your tx – but not your intent to trade.

MEV protection solutions today create a trusted tx supply chain.

MEV protection solutions pass your tx through a chain of trusted actors. Optionally you can let, untrusted, searchers backrun your tx, for a MEV rebate.

Instead of publishing your tx openly, solutions like MEVBlocker pass your tx through trusted actors from wallet to relay.

Your trade is not protected

In contrast to the transaction supply chain – the trade supply chain is not protected, and there is no trusted subset of actors you can limit your trade to.

Auctions and aggregators are particularly easy targets.  

Auctions make your intent public

Auctions publish your intent to market makers, solvers, aggregators who each publish to each other and searchers.

Most exchanges, dapps and wallets now use an auction model (e.g. UniswapX, CowSwap, 1inch Fusion, most wallets, etc.). This auction usually has 3 stages:

  1. Request for Quote: Solvers give a quote, and the UI shows it to you.
  2. Sign Intent: You sign your trade intent and send it to the dapp.
  3. Execution auction: The dapp publishes your intent, and solvers compete to fill it.

As a result, quoters and solvers see your trade intent long before your swap transaction exists.

As part of building the optimal route, solvers also query market makers and searchers for quotes. So, even if your solver is not adversarial, 50-500ms after you request a quote – more than just a handful of adversarial bots will know about your trade.

Some auctions even have open APIs – that searchers can listen to directly.

Routers expose you as well

It’s not just auctions – most routers also query market makers / searchers for quotes.

Because so many actors see your intent – it’s hard to know which one used the information to front-run you. So rational searchers will run EV_Intent strategies.

Auctions and routers make it easy for searchers.

But EV_Intent can get you in at least two other ways.

Pre-trade signals expose you to EV_Intent

Bots can use any signal that strongly correlates with your swap to profit from your trade. (chart does not represent actual data).

Anything that correlates strongly enough with your trade, so anything that a bot can use to predict your trade, exposes you to EV_Intent.

For example:

  • Regular or conditional trades: TWAPs, DCAs, unlocks, or portfolio rebalances.
  • Transactions connected to trades: Token approvals against the exchange, transferring assets from cold to hot wallets.
  • Other defi txs that precede a trade: Unstaking an LP position and then selling the minor token, unwinding a lending position, collecting yield and then selling it.

But, even if you manage to hide all pre-trade and trade signals, EV_Intent bots can still get you. Bots can manipulate you into making a trade.

You can be baited into EV_Intent

Besides predicting your trade, searchers can also influence your actions.

One example. Let’s call it a censor-sandwich

  1. You submit a transaction to buy a token
  2. The bot frontruns you, buys the token instead, and moves the market price up.
  3. Your trade reverts, because this market movement exceeds your slippage tolerance
  4. Frustrated, you resubmit your trade at a higher price.
  5. The bot backruns your trade, selling at a higher price, and profits.

This type of sandwich does not rely on you to make any mistake (like setting a high slippage tolerance). It simply relies on the fact that you really want to buy the token, and will also buy it after your first transaction reverted.

This also works if you were accidentally censored – for example, if a bot observes that your trade reverted because of slippage – it can be a good bet that you will try to swap again in a moment.

Other examples are bots that successively make, and the rug offers for your NFT, until you accept a lowball offer out of frustration. Or bots that backrun your SAFE transfers with fake addresses that have the same leading and trailing characters – hoping you will copy and paste this wrong address from etherscan on your next transfer.

A model of EV_Intent

One way to look at EV_Intent is as a probabilistic MEV — the bot needs to take a bit of risk.

The MEV we know today simply reorders your signed transaction – and is low risk.

EV_Intent predicts your trade to profit over multiple blocks – which is a higher risk, but can also be a much higher reward (there is no practical limit to the damage of a multi-block sandwich).

This is distinct from EV_Signal discussed by Frontier, which focuses on CEX-DEX arbitrage, a type of low-risk MEV that’s not aimed at your trade.

As long as the risk-adjusted reward is attractive enough – a searcher will target your trade.

Bots need to take risk in EV_Intent strategies, but can also earn higher reward (i.e. hurt you more).

This also gives us some clues as to how to protect against EV_Intent.

How to protect against EV_Intent

Searchers need to compensate for the risk they take. We also saw that having a trusted supply chain (as we have today for the transaction supply chain) is effective.

This gives us a few ideas to protect you against EV_Intent:

1. Lower the expected payoff: One fix is to lower the bots expected payoff. 

  1. Confuse the bot: Weaken the correlation in your signal by, for example, separating your actions over time, or asking for both buy and sell quotes.
  2. Be small fish: Decrease the bots profit by making smaller trades.

2. Bundle actions: The more actions you bundle together, the fewer pre-trade signals you send. In some cases, you can bundle approvals and swaps, transfer and swaps, or LP removals and swaps.

3. Build a trusted trade supply chain: Show every action that correlates with your trade only to trusted actors. E.g. only talk to a single solver, who doesn’t broadcast your intent to other actors.

4. Build a trustless trade supply chain: An even better trade supply chain would not require trust in any actor.

Unfortunately, neither a trusted nor a trustless trade supply chain exists. Atm, you can also only bundle actions to a limited extent.

So, for now, you can only make yourself a smaller target with random actions and smaller trades, hoping that the risk outweighs the payoff and a bot won’t target you.

Help us fix EV_Intent

EV_Intent is a significant threat to on-chain trading, let's fix it.

Specifically:

  • Tell us about EV_Intent: Reach out if you’ve experienced strange behaviors, such as getting a bad price despite an MEV protection solution, or odd coincidences in market price before and after your trade.
  • Research EV_Intent: EV_Intent is harder to track than EV_Ordering or LVR – let's find ways to track and quantify it and uncover all vulnerabilities.
  • Make the trade supply chain trustless: Finally, we need to develop solutions that give us a trusted trade supply chain, or much better, a trustless trade supply chain.

Special thanks to Quintus, Yuki, apriori and Jonah for reviews and comments.

Tweet

Keep Reading

Arbitrage loss and how to fix it

AMM LPs suffer heavily from arb loss. A detailed view at the 3 types of arb loss and how to fix them.
Read More

Eliminate the cost of on-chain trading

Price impact, gas and DEX fees make trades very costly – intents let you skip the costs and truly settle at market price.
Read More
2024 © Propeller Heads