Welcome Avatar!
If you’ve bought meme coins recently, there’s a good chance a bot siphoned some money from you!
A single bot has made millions of dollars “sandwich attacking” naive memecoin traders in less than 1 month.
How is this possible? The answer is MEV.
Maximum Extractable Value is the total value which can be extracted permissionlessly from control of transaction ordering. Bots can bribe or collude with validators on the Ethereum network to make money from reordering transactions and trading ahead of other users.
Today we’ll cover a high level overview of MEV, but more importantly we give you the tools to protect your DeFi transactions from on-chain predators.
If you’re not interested in how MEV works and don’t want to program your own MEV bot, just skip to “Summary: How To Avoid Being Sandwiched”.
MEV Basics
Software programs have been deployed to snoop on your transactions, exploit inefficiencies in DEX, and front run your DeFi orders.
Ethereum and other smart contract platforms specify transaction correctness, but not transaction ordering. But. In a trading context, transaction ordering is very valuable.
Imagine being able to be first in the queue to perform arbitrages, fill liquidations, and trade ahead of other people.
In simple terms MEV is the value of being able to order or exclude transactions within a block.
When you make a DEX transaction, it sits in a public staging area called the mempool before it executes on the DEX smart contracts and settles on Ethereum
Bots monitor all pending transactions in the mempool
When it may be profitable to front-run your order, the bot either pays more gas than you did or bribes a miner to place its transaction ahead of yours in the next Ethereum block
The bot buys the token you wanted to buy ahead of you and then sells it back to you at a higher price, costing you money (you receive fewer tokens / a worse exchange rate)
MEV depends on the value of the transactions in the block, and it can be captured by the miner or auctioned separately.
Anyone can deploy a MEV bot and there are hundreds of bots competing on chain.
So how much money are these permissionless predators making?
Since the Merge, around ~200,000 ETH (~$360 million) of value has been extracted, an annualized run rate of ~$562 million. (Flashbots Data Dashboard)
This is revenue, not profit, as MEV bots (also known as “searchers”) need to pay very high transaction fees to compete with other bots.
Although total profit is difficult to calculate, the most successful wallet address “0xAE2F” has made over $2.5 million “sandwiching” memecoin transactions in the last month.
What is A Sandwich Attack?
A sandwich attack happens when an MEV bot places its own transactions both before and after a targeted transaction, with the bot's transactions acting as the "bread" and the exploited transaction as the "filling."
Sandwich attackers continuously monitor blockchains for public transactions they can take advantage of. An attack begins when an MEV bot identifies a pending transaction with a significant price impact that can cover trading costs (gas).
For example, a user submits a large buy order, which would raise the price of the PEPE memecoin from 0.000003331 to 0.000003369.
First, the bot buys PEPE ahead of the pending transaction at an average price between the two quoted prices. It then quickly supplies liquidity to the DEX at 0.000003370. The targeted order proceeds to buy all the PEPE from the bot at this price, providing the bot with a risk-free profit.
It's important to note that the owner of the pending transaction pays a higher price for PEPE than if the sandwich attacker hadn't reordered the transactions and inserted its own buy.
Assuming the order has a significant price impact, the market temporarily trades above fair value. The MEV bot completes the sandwich attack by selling a number of PEPE tokens from its inventory to the AMM pool, known as backrunning. When the price corrects (as other traders interact with the DEX), the bot repurchases PEPE at a lower price.
Backrunning is considered predatory as it extracts value from passive liquidity providers on the AMM.
Exploiting Slippage
Slippage is a parameter set by the user to balance two priorities. In a quickly moving or low liquidity market (like memecoins), prices may change by the time the order is processed. If the order cannot be filled, the transaction reverts, costing the user gas but not executing the trade. Repeatedly attempting to trade and being charged for each failed transaction can be frustrating and costly. Slippage addresses this issue by allowing the executed price to deviate from the quoted price shown to the user.
A clever sandwich bot will estimate the impact of a large order when frontrunning. The aim is to fill as much of the order as possible at the maximum price (slippage) specified by the targeted transaction. This leads to the user paying a higher price than if the MEV bot hadn't intervened.
Wallet 0xAE2F
This wallet made its first transaction a few months ago, on 1 March 2023.
It has spent $28,906,936.58 total on transaction fees (gas) to make a total profit of ~$2.5 million (Dune Analytics).
0xae2f has rocketed to the top of the gas spender leaderboards, consuming a phenomenal 6.4% of all Ethereum gas over a month.
The address controls the 0x6b75d8af000000e20b7a7ddf000ba900b4009a80 smart contract, which has made over 422,000 trades (average profit ~$6 per trade).
This bot mainly targets users swapping popular memecoins PEPE and WOJAK.
It didn’t start making money until the latest memecoin bonanza was in full swing, from April 17th onwards
This bot is successful because it’s the fastest/best at the winner-take-all game of on-chain arbitrage. And its revenues are (temporarily) high because of unsophisticated, price-insensitive participants swapping huge volumes of memecoins on chain.
Protecting Your Transactions From MEV
Market Makers and RFQ
A Request for Quotation (RFQ) is a way for liquidity takers to trade directly with a market maker, obtaining the best pricing for a specific trade without the need for on-chain order books or liquidity pools. The RFQ process in DeFi has several advantages over traditional order book or automated market maker (AMM) systems:
Best pricing: By requesting quotes from multiple liquidity providers off-chain, users can compare prices and obtain the most competitive rate for their trade.
Off-chain negotiation: Private and gas-efficient, parties agree a deal through the Internet using the app and the transaction only goes on-chain when confirmed.
No front-running or sandwich attacks: The on-chain transaction includes the liquidity taker’s wallet address so it is impossible for any bot to front-run or sandwich the transaction
Zero slippage: RFQ-based trades are executed at a pre-agreed price with no slippage, which can provide significant cost savings compared to AMMs
Composable liquidity: RFQ systems can access liquidity from multiple sources, including both decentralized and centralized exchanges, aggregators, and market makers. This helps provide the best price and maximizes the available liquidity for a given trade.
Hashflow is a hybrid DEX based on RFQ.
The top DEX aggregators now also include RFQ technology:
Matcha.xyz leverages the 0x API
1inch “Fusion” upgrade
By default, the Matcha.xyz DEX aggregator connects to 51 liquidity sources including 0x, but 0x may not always offer the best price. If a trade is routed to a normal AMM e.g. Uniswap it can still be sandwiched (unless you use Flashbots, more on this later).
The exchange with the best price will be displayed next to Liquidity Provider. It should be “0x Protocol” for MEV protection. If it is Uniswap v3 you are still at risk of slippage, try another provider.
RFQ is best for: trading established coins; market makers are unlikely to provide liquidity for pairs which are very new or difficult to hedge.
If you need to trade memecoins, read on.
CowSwap – Coincidence of Wants (CoW)
CowSwap is built on Gnosis protocol and matches trades through a Batch Auction process.
CoW means Coincidence of Wants – when there are other traders in the auction who want to do the opposite trade, you can swap without a liquidity pool DEX.
Advantages:
Orders matched in the batch do not need to be routed to AMM exchanges, avoiding swap fees
Gas free trading: the user pays gas once to approve the CowSwap contract to spend the tokens, then all future transactions with that token require a simple signed message. There is no possibility of failed transactions like on AMMs and no need to estimate gas.
Best execution: as CowSwap routes orders which were not matched in the batch to DEX aggregators, the user can expect to get prices at least as good as any other venue on chain, with the possibility of price improvement via the batch auction.
BackRunMe
BackRunMe allows users to submit private transactions while allowing searchers to backrun the transaction via MEV *if* it produces an arbitrage profit. BackRunMe, gives a portion of this additional profit back to the user.
Best for: larger trades where you have a price impact, e.g. dumping your whole memecoin bag and the coin you’re trading isn’t quoted on RFQ.
Links
Building MEV Bots
As MEV is a major centralizing pressure in Ethereum, it would benefit stakeholders to have robust competition between many independent MEV searchers.
If you have trading and software development skills you might think about creating your own MEV bots. This is a crowded and competitive market but savvy readers may be able to carve out a niche. In addition to earning profits you’ll help keep Ethereum decentralized.
A few pointers to get started.
First, Flashbots has recently launched MEV-Share, so you have the opportunity to get in on the ground floor of a new MEV paradigm. For background, read through the docs from the Flashbots project and the MEV Virtual Summit. Then join the Flashbots Discord to ask any questions.
For where to start with code examples, major crypto VC Paradigm Ventures open sourced their Artemis software last week. Open sourcing the tooling lowers the barriers to entry for new searchers.
Artemis is a framework for writing MEV bots in the Rust programming language. It is simple, modular and fast.
Rust has gained popularity in trading companies as a concurrency-safe (multitasking) and high performance alternative to the legacy C and C++ languages. You don’t need to know Rust to code profitable MEV bots, but every edge helps in winning the speed game.
You can check out the project on Github. They’ve even provided example code for arbitraging NFTs.
Summary: How To Avoid Being Sandwiched
For normal coin swaps, instead of going to Uniswap / Sushiwap or another DEX directly, just use an aggregator which supports RFQ.
If you want to be sure you’re getting the best deal, you can manually compare quotes from 1inch, Cowswap, Hashflow, and Matcha.
Aggregators will give you the best price, and can pay your gas or give you a rebate (Hashflow pays traders in its native token HFT).
1inch has the most liquidity sources (102) and has quotes for PEPE (Matcha and Hashflow don’t support this meme coin yet, and Cowswap shows a route with ~50% slippage!)
Private Transaction Services
For new memecoins which just have 1 liquidity source - usually a Uniswap pool - RFQ isn’t available. You can protect regular Uniswap trades by routing the transaction to a private transaction service rather than to the public mempool.
This doesn’t protect you against sloppy execution. If you’re doing a large swap with major price impact, consider whether it would be better to split the trade up or LP a range (for Uniswap v3 and forks).
If you want to use a private transaction service, there are a few providers to choose from.
Warning - In rare cases, a private transaction could be included in an ‘uncle block’ and emitted to the mempool, which would still allow front-running / sandwiching.
You need to trust your private transaction service not to abuse its private view of orderflow to insider-trade. This is difficult and your risk/attack surface increases the more private relays you add. So it might not be a good idea to spam your transaction to all of them - instead try to work with a few relays you trust. Blocknative, bloXroute, and Flashbots have made a commitment not to trade on their own blocks.
Flashbots RPC
If you want to go ahead and use Flashbots, just use the “Connect Wallet to Protect” button at this link. Approve and switch RPC when prompted.
BloXroute - Paid Service
If you’re happy to pay to be protected from MEV, BloXroute is an option.
MEV Blocker
MEV Blocker is a free RPC endpoint which refunds users some of the MEV they encounter. So far, only ~500 out of 350k transactions qualified for a refund, with the averaged refund being 0.1 ETH. And the total amount refunded appears to range from ~15-50%, so users would have been better off using an aggregator or RFQ service or even executing their trade more carefully vs. just using Uniswap with the MEV Blocker RPC. So we’re not confident recommending this option over Flashbots or bloXroute at this time.
tl;dr - use 1inch or flashbots to avoid being sandwiched
If you found this free post useful, subscribe today to access our in depth research and market views.
Disclaimer: None of this is to be deemed legal or financial advice of any kind. These are opinions from an anonymous group of cartoon animals with Wall Street and Software backgrounds.
We now have a full course on crypto that will get you up to speed (Click Here)
Security: Our official views on how to store Crypto correctly (Click Here)
No More Sandwiches
This was a free post?! Dang guys , you really out do yourselves
Flashbots states: "if your transaction creates MEV in backrunning, you get up to 90% of it back through MEV-Share."
If I change my RPC to Flashbots, is there they risk that by using them as an RPC *they* will have an advantage in sandwich attacking all of my transactions? That is, will they then sandwich attack every transaction I send to them and then give me 90% back through the MEV-Share?