Chapter 8: MEV (Maximal Extractable Value)

Overview

Blockchain technology forms the backbone of decentralized finance, yet beneath its surface lies a mechanism quietly extracting value from ordinary users without their awareness. This mechanism is MEV — Maximal Extractable Value. MEV refers to the additional profit that block producers — miners in Proof of Work (PoW) systems, and validators in Proof of Stake (PoS) systems — can capture by manipulating the ordering, inclusion, or exclusion of transactions within a block. The concept was first formally introduced in 2019 by the Flashbots research team under the name "Miner Extractable Value," and was later renamed "Maximal Extractable Value" to reflect the broader applicability of the concept following Ethereum's transition to PoS.

MEV extends well beyond a narrow technical phenomenon — it has far-reaching implications across the entire DeFi ecosystem. Some forms of MEV are beneficial: arbitrage, for instance, helps keep prices aligned across markets and contributes to overall market efficiency. Other forms are predatory: Sandwich Attacks and frontrunning inflict real economic losses on everyday users. MEV is not simply a matter between individual attackers and their victims — it is a structural issue that touches the fundamental fairness and integrity of the blockchain network as a whole.

This chapter examines three interconnected concepts: MEV itself, the Sandwich Attack as one of its most notorious manifestations, and Flashbots / MEV-Boost as the infrastructure solutions developed to mitigate MEV's harmful effects. The goal is to develop a deep understanding of how these concepts relate to one another and what they mean for DeFi participants and blockchain infrastructure at large.

---

MEV (Maximal Extractable Value)

Definition

MEV (Maximal Extractable Value) refers to the maximum value that a block producer can extract — above and beyond standard block rewards and gas fees — by controlling the inclusion, exclusion, or reordering of transactions within a block. This concept arises directly from a defining characteristic of public blockchains: the mempool (the waiting area for transactions not yet included in a block) is openly visible to anyone. Block producers, and the bot operators who work alongside them, can monitor the mempool in real time, engineer favorable transaction orderings, and systematically profit as a result.

Originally coined as "Miner Extractable Value," the term was broadened to "Maximal Extractable Value" after Ethereum's shift to PoS, since validators — rather than miners — became responsible for block production.

Key Points

• Mempool visibility is the root cause: On Ethereum and most other public blockchains, the mempool is publicly accessible. This means that not only block producers, but also MEV bot operators, can inspect every pending transaction and design arbitrage strategies or attacks based on what they observe.

• Distinguishing beneficial MEV from predatory MEV: Not all MEV is harmful. Arbitrage — identifying and exploiting price discrepancies across multiple DEXs (Decentralized Exchanges) — plays a constructive role by promoting market efficiency and price consistency. By contrast, Sandwich Attacks and frontrunning represent predatory MEV that exploits ordinary users at their direct expense.

• Increased slippage and degraded execution quality: MEV activity directly worsens the slippage experienced by DeFi users. Those attempting large trades in low-liquidity pools are especially vulnerable, as the price impact of their trades creates larger opportunities for MEV extraction.

• The "Dark Forest" analogy: The Ethereum mempool is frequently described as a "dark forest." Any vulnerable transaction that enters this environment is immediately detected and exploited. Every participant operates in a hostile landscape where their transactions can be targeted at any moment, without warning.

• The scale of MEV: According to Flashbots data, cumulative MEV extracted on the Ethereum mainnet alone is estimated to be in the hundreds of millions of dollars. This is not a theoretical abstraction — it is a phenomenon with tangible and ongoing economic consequences.

Related Concepts

MEV connects directly to the other two concepts covered in this chapter. The Sandwich Attack is one of the most prominent strategies through which MEV is realized maliciously, while Flashbots / MEV-Boost represent the infrastructure solutions engineered to contain MEV's negative externalities. MEV is also closely intertwined with the mechanics of AMMs (Automated Market Makers) and DEXs, as well as Priority Gas Auctions (PGA) — the competitive gas fee bidding wars that often accompany MEV activity. Understanding MEV also illuminates why DeFi protocols make certain design decisions, such as enforcing minimum output amounts or imposing tight slippage tolerance limits.

---

Sandwich Attack

Definition

A Sandwich Attack is one of the most well-known and predatory expressions of MEV. In this attack, an attacker "sandwiches" a victim's pending transaction — placing one transaction immediately before it and another immediately after — in order to profit from the resulting price movement. In practice, the attacker monitors the mempool, identifies a victim's large token swap, and submits a front-running transaction with a higher gas fee to buy the same token just before the victim's trade executes. The victim's large trade then moves the price upward. The attacker immediately follows with a back-running transaction, selling the token at the elevated price and pocketing the difference.

This attack exploits a fundamental property of AMM-based DEXs: prices adjust automatically in response to trade size. The victim ends up executing their swap at a significantly worse price than expected, and the loss they suffer flows directly into the attacker's pocket.

Key Points

• The three-stage structure: A Sandwich Attack unfolds in three steps: ① Front-run — the attacker buys the target token ahead of the victim; ② Victim's trade executes — the victim's swap is filled at an inflated price due to increased slippage; ③ Back-run — the attacker sells the token at the higher price and realizes the profit. Critically, all three steps can be completed within a single block.

• Who gets targeted: The primary targets are users attempting relatively large trades in low-liquidity DEX pools. The larger the trade relative to pool size, the greater the price impact — and the greater the profit available to the attacker.

• The slippage tolerance dilemma: A wider slippage tolerance setting makes a user more vulnerable to Sandwich Attacks, as it gives the attacker more room to manipulate prices within acceptable bounds. However, setting slippage tolerance too narrow increases the likelihood that the transaction will revert entirely, leaving the user unable to complete their trade. This places ordinary users in a difficult position.

• Fully automated bot execution: Modern Sandwich Attacks are not carried out manually. Sophisticated MEV bots continuously scan the mempool, identify profitable attack opportunities within milliseconds, and execute the three-step sequence automatically using complex algorithms to outbid competitors on gas fees.

• Defensive measures: From the user's perspective, practical defenses include: ① minimizing slippage tolerance settings; ② routing transactions through a private RPC or MEV protection service such as Flashbots Protect; and ③ preferring high-liquidity pools where price impact is smaller. At the protocol level, mechanisms such as commit-reveal schemes and batch auction models are being actively explored as structural alternatives.

Related Concepts

The Sandwich Attack is the most intuitive concrete realization of MEV and cannot be understood in isolation from it. It presupposes the price-discovery mechanics of AMMs — particularly constant-product protocols like Uniswap (based on the x*y=k formula) — and exploits both the public nature of the mempool and the competitive gas fee environment. Flashbots and MEV-Boost exist in direct response to attacks like this one, providing infrastructure to systematize and mitigate their impact. Understanding the Sandwich Attack also makes it immediately clear why MEV-resistant DEX designs have emerged, such as CoW Protocol (Coincidence of Wants) and 1inch's Fusion mode.

---

Flashbots / MEV-Boost

Definition

Flashbots is a research and development organization founded specifically to study MEV and minimize its harmful effects on users and network health. Its overarching mission is to bring transparency and fairness to the MEV landscape. One of its most significant contributions is MEV-Boost — a piece of middleware that implements Proposer-Builder Separation (PBS) for Ethereum following its transition to PoS.

The core idea behind PBS is to decouple the role of building a block from the role of proposing a block. Under the traditional model, validators handled both responsibilities. Under MEV-Boost, specialized block builders compete to construct the most profitable blocks, and block proposers (validators) use a relay layer to select the highest-bidding block and submit it to the network.

Key Points

• How PBS works in practice: The MEV-Boost architecture operates along the flow: Builder → Relay → Proposer. Builders assemble blocks designed to maximize MEV revenue. Relays receive blocks from builders and forward them to proposers. Proposers select whichever block offers the highest reward and propose it to the network.

• Democratizing MEV and improving transparency: Before Flashbots, MEV extraction was opaque and contributed directly to network congestion as bots competed aggressively through gas wars. Flashbots' bundle submission system allowed MEV searchers to submit transaction bundles without triggering destructive bidding wars on gas fees — reducing congestion and fee spikes for ordinary users as a result.

• The centralization problem: While MEV-Boost is a functionally effective solution, it introduces a serious centralization risk. A small number of professional builders and relays have come to dominate the block-building market, creating a concentration of power that sits in tension with blockchain's core decentralization ethos. In practice, following MEV-Boost's adoption on the Ethereum mainnet, a handful of top builders have been responsible for producing the overwhelming majority of blocks.

• Flashbots Protect: Designed for everyday users, Flashbots Protect allows transactions to be submitted through a private channel rather than the public mempool, shielding them from frontrunning and Sandwich Attacks. It is among the most accessible and practical tools available for users seeking MEV protection.

• The road ahead — enshrined PBS (ePBS): MEV-Boost is an "exogenous" solution — it operates outside the Ethereum protocol itself. The Ethereum research community is actively working toward ePBS (enshrined Proposer-Builder Separation), which would integrate PBS directly at the protocol layer. This would address the centralization concerns structurally, rather than relying on external middleware.

Related Concepts

Flashbots and MEV-Boost represent a direct systemic response to MEV broadly, and to predatory strategies like the Sandwich Attack specifically. Rather than attempting to eliminate MEV entirely, this infrastructure accepts MEV's existence and aims to make its extraction process transparent, orderly, and less damaging to users and the network. PBS is also deeply connected to Ethereum's broader roadmap — including Danksharding and account abstraction — and engages with the fundamental philosophical tension between decentralization and efficiency in blockchain design. The relay centralization concern introduced by MEV-Boost is directly tied to ongoing debates around censorship resistance on Ethereum, making this not merely a technical topic but one with significant governance and political-economic dimensions.

---

Summary

This chapter examined MEV — one of the most consequential and structurally complex phenomena in modern DeFi — through three interconnected concepts.

MEV (Maximal Extractable Value) emerges from the combination of two fundamental properties of public blockchains: the open visibility of the mempool, and the authority of block producers to determine transaction ordering. MEV takes both beneficial forms — such as arbitrage, which promotes market efficiency — and predatory forms that directly harm ordinary users. Regardless of its form, MEV has a tangible impact on the quality of trade execution across DeFi.

Sandwich Attacks represent one of the most vivid and harmful expressions of predatory MEV. By surrounding a victim's transaction with a front-run and a back-run, attackers extract profit from the price movement their own trades induce. These attacks are fully automated, operate in real time, and can be partially mitigated through careful slippage management and the use of MEV protection services.

Flashbots / MEV-Boost take a pragmatic approach: rather than eliminating MEV, they formalize and systematize the extraction process to reduce its collateral damage. By implementing Proposer-Builder Separation, they created a specialized block-building ecosystem that has reduced gas wars and improved transparency. At the same time, they have introduced the new challenge of block production centralization — a problem that ongoing research into ePBS (enshrined PBS) seeks to address at the protocol level.

Ultimately, MEV is an inherent feature of how public blockchains function, and complete elimination remains an unrealistic goal. The more achievable objective is transparent management and equitable distribution of MEV's effects. Every DeFi participant benefits from understanding that MEV exists and from incorporating that awareness into their trading strategies and choice of tools — minimizing unnecessary losses in an environment that will always, to some degree, operate like a dark forest.