An existential threat to blockchains emerges
Hidden inside of the basic workings of blockchains is a threat you've probably never heard of, but one that is potentially existential
A few weeks ago I moved to San Francisco. If you’re around and want to say hi - in an appropriately socially distanced manner of course - feel free to send me a message.
Today’s newsletter is a rare newsletter that is not specific to healthcare, but instead is on what I believe is an existential threat to blockchains generally. It is a fairly technical threat, but I have done my best to describe it in an accessible and non-technical form below. Essentially, the problem boils down to a little known technical aspect of blockchains and a misalignment in incentives between the miners and users of a blockchain. The end result could be miners destabilizing the chain. I describe this at length below.
This is most acute for Ethereum today, but the principles are applicable to any blockchain where a sufficient amount of value is secured and where there might be disputes. So, if other blockchains - public or private or somewhere between - reach the scale their adherents hope they do then the same basic issues will arise and will need to be dealt with.
Anyway - that is enough of an introduction. On to today’s newsletter.
A weakness hiding in plain sight
As a brief recap when users create transactions on a blockchain they are sent along to miners. Miners receive these and compete to include them in the next block by attempting to solve mathematical puzzles first. If a miner wins this competition then they have the right to mine the next block. At this critical point there is an tremendous, and yet little known, power bestowed to a single miner: they have complete control over what transactions to include in a block and what order those transactions are in.
Miner can arbitrarily prioritize some transactions, deprioritize others, or chose not to include some transactions at all. Historically miners have included the transactions according to who is paying the highest fees, because that is in their self interest, but there is no guarantee that miners do this, it is a choice that miners make. The lack of guarantees of transaction ordering fairness is central to today’s discussion.
Competition for transactions
When there is money in dispute then transaction ordering fairness really matters. As an example a few days ago there was a transaction that anyone - with the right knowledge and technical systems - could have submitted that would have made them over a million dollars for no risk. (Basically: a person had taken out a huge collateralized loan, but the value of their collateral had fallen too much, so the collateral needed to be auctioned and anyone that triggered this process got a % of value of the collateral)
Only one person could take advantage of this opportunity, and specifically the first person to send a specific transaction gets the money. So if you were one of the people competing for the pay out of submitting that transaction then you really want your transaction to be mined before others. You would even be willing to pay a miner handsomely for that to happen, and others would too. This competition for transaction priority is mostly what happens today, and has contributed to very high transaction fees. Moreover, it is important to note that while a transaction that nets someone a million dollars is an extreme outlier, there are many opportunities to make money on-chain with the right tools and knowledge.
Miners enter the fray
But pause for a second and remember the tremendous power bestowed to miners. Miners, and miners alone, chose what transactions to include and in what order. More specifically, one miner per block has this privilege. While miners are happy to receive high transaction fees, ultimately these are paltry compared to the money that can be made by submitting transactions themselves.
To return to the million dollar outlier transaction, a miner in the future will be faced with the following choice: should I accept someone else’s transaction and get paid a $1,000 transaction fee, or should I set aside their transaction all together and make $1,000,000 dollars myself? The choice is an easy one.
Moreover, while there may be competition between miners for these opportunities regular users cannot themselves compete with miners. Miners, if they chose to wield it, have the ultimate power over who gets these opportunities, as they can arbitrarily order transactions to advantage themselves instead of others.
How miners could turn on users, and ultimately the blockchain itself
Whether a user or a miner gets a million dollar bounty is a relatively benign example. But there are all kinds of ways that, if they chose to, miners could use their exorbitant transaction ordering privilege to extract value from users. For those interested in doing more reading this is called Miner Extractable Value (“MEV”). With a bit of manipulation, an adversarial miner could gouge retail users that are buying and selling assets on a decentralized exchange - silently manipulating the price these users are paying and effectively taking their money without them knowing what has happened. Or miners could chose not to include a user’s transaction that adds needed collateral for their loan, which would let the miner liquidate it for a profit in the next block.
Worst of all, miners could hypothetically decide to rewrite the history of the blockchain to steal funds allocated by some smart contract. If enough money is at stake a miner may rewind the blockchain to the right block and attempt to mine a new chain that is longer than the original, which would make it the new “right” blockchain. Attempting to do so is a dangerous, high stakes game that would make the blockchain unstable, imperil the ability for miners to come to consensus, and likely create multiple forks.
Note also that run miners who engage in adversarial activity to extract value from users would be more profitable than others. Thus in the long run “honest” miners who do not engage would be outcompeted by their adversarial counterparties, which further exacerbates the problem and would contribute to centralization of miners.
Borrowing from the Flashbots Medium post, we have reached a critical stage in the last 6 months. These concerns aren’t only hypothetical anymore:
Steadily increasing contract interactions (ie. there are more complex transactions on Ethereum than before which increases the absolute amount of MEV up for grabs.)
Token market cap exceeding ETH market cap (ie. MEV revenue in ERC-20 tokens is starting to compete with regular transaction fees paid in ETH.)
Transaction fees exceeding block rewards (ie. transaction fees have reached unprecedented levels partly due to traders pushing the gas prices up when competing for trading opportunities. It is a clue that MEV-related revenue may surpass block reward for miners.)
Adoption of generalized frontrunners (ie. an indicator of increased sophistication in MEV extraction.)
Adoption of permissioned mempools (ie. another indicator of such sophistication)
So what do we do?
What would solve this crisis are transparent and neutral mechanisms for ordering transactions. Two options for this that I have seen are (1) using cryptography and (2) using auction mechanisms. I will not go in depth on the cryptography here, but there are a few academic papers out if you are interested. With regards to auction mechanisms the basic mechanism is this: instead of a single miner deciding how transactions in a block are ordered, that right would be auctioned off to the highest bidder. While this would not prevent all ways of extracting value from users, it would shift the party that could take advantage of this away from miners and to whoever won an auction. Thus the worst case scenario of more centralized miner and rewriting the chain could be avoided. Further an auction would be a way of ordering transactions that is transparent, open, and neutral.
An auction mechanism seems to be the most promising solution, as community favorites Optimism and Flashbots are both advocates. But, like anything in the blockchain world, changing systems will be difficult. Technically implementing will take some time and there remains the social challenge of creating consensus among all stakeholders. It would require miners to update their software and willingly give away their control over transaction ordering.
Further, there are unsolved problems with auctions and their implementation. This is reflects by the open technical and ethical problems which Flashbots has listed on their Github repo. So while auction mechanisms are possibly a solution there still remains a challenging path ahead. Note also that the movement to proof-of-stake does not solve these issues.
Lastly, it may be possible to change miner incentives to mitigate some of the more dangerous possibilities. EIP-1559, which changes fees on Ethereum, would spread rewards to miners across several block. In turn this decreases the incentive for an particular miner to attempt to “rewrite history.”
Blockchains were created to provide a single and unchanging record of events that multiple parties could rely on. This project holds great promise, but is now imperiled by its own success: so much value is secured by Ethereum today that it is rational for its miners to undermine the very reason why it was created in the first place. In the worst case this means miners effectively rewriting history, in the more innocuous case miners could arbitrarily order transactions to extract value from users. Regardless, in either case this would not be the open, neutral, and transparent technology that we were promised, or that the world needs.
The sketches of potential solutions are there, but there is much work to be done in filling in the details. Now that you know the problem consider this an open call to get involved in the solution. If you do so, or are interested, feel free to get in touch to chat.
If you found this newsletter valuable then you can click the button below to sign up for free.
If you’re an existing reader I would deeply appreciate it if you share this with people who would find it a valuable resource. You can also “like” this newsletter by clicking the heart just below this, which helps me get visibility on SubStack.
My content is free, but if you would like to support me, you can do so on Patreon.