A wonderful report on MEV in the Curve ecosystem dropped:
We recommend reading the report over and over again until you understand every word, because you can’t really understand Ethereum until you look at it from the MEV level.
Those of you who already understand MEV can skip the next section:
MEV for Beginners
It helps to imagine DeFi as a shimmering blue sea of possibilities. You might want to use DeFi to make a trade between two tokens… which we can picture as swimming from one island to another. MEV bots are simply the hordes of hungry piranhas, ready to instantly skeletonize anything that comes in contact with the water.
Ghastly you might say. Or maybe you just marvel at the efficiency of the circle of life. It’s fairly tough to design a functioning system without MEV, so it’s better to learn to live with it.
On the technical side, the way that Ethereum works is that the thousands of users who are staking ETH and running validators get picked randomly about once every other month to “build a block” — that is, they get to take all the outstanding transactions and pick which ones get to go into a block.
Herein lies the crux of it — this power to order transactions can be used to make profit, and somebody has to order transactions. It’s similar to how banks used their power to clear the largest checks first, ensuring every other smaller check would then bounce and earn them fees. Sure, they could have let the small checks go through first, but who would voluntarily leave free money on the table?
There’s often free money floating around the Ethereum ecosystem, and the battle to decide who gets to take it will always be intense. The situation today is arguably fair. In fact, MEV profits are a major incentive for users to run validator nodes. Without the promise of MEV, you might not have such a large amount of funds securing Ethereum’s proof of stake system. Any given block, a validator can win the lottery if there’s a big MEV opportunity in their block and they execute on it.
To conclude, it’s worth pointing out that not all MEV is necessarily bad. For instance, if a user has defaulted on their loan, no ethicist would have an issue with an MEV bot that liquidated said user. The more contentious issues come from things like sandwich attacks… where a bot might manipulate the price of an asset before a user executes a trade, then takes out the profit for themselves, sandwiching the user who might feel its a bunch of baloney.
Maybe now you can laugh at this joke…
MEV on Curve
One important thing to note is that good smart contract design can mitigate some MEV attacks. Relative to other protocols, Curve has fewer issues related to MEV. Read up on how Just-In-Time Liquidity hammers LPs on Uniswap, for instance. Curve has several nice design features, like how v2 pools use a bit of a time lag on price changes, so bots cannot easily manipulate prices within a single block.
However, MEV still exists within the Curve ecosystem, as the EigenPhi report makes clear. The report looked over a window (June 1 - Oct 31 of 2022), and looked at MEV activity on Curve. They found two major types of MEV activity:
Arbitrage: $10MM in value
Sandwich: ~$1MM in value
For comparison, Curve made about $15MM in trading fees during this time — so the value going to MEV bots nearly matched this. Is this scandalous?
Curve doesn’t think so. It gets back to the idea that not all MEV is bad MEV.
In fact, Curve v2 pools basically rely on arbitrage traders. When prices move suddenly, Curve v2 pools are at an imbalance, leaving free money for whoever balances the pools. Curve gets trading fees, the arb trader gets to keep the profit, and everything works out great. Hence the above Curve reply considering arbitrage good.
However, the dark side is the sandwich attacks. This is a smaller amount, but growing nonetheless. It primarily occurs for users trading among assets, but occasionally hits users as they attempt to LP.
Curve’s design may make sandwich attacks tougher to pull off, but the number is increasing, so it’s worth being aware of the problem. Fortunately, you can fight it!
Protect Yourself from MEV
Is there anything you can do to ape safely? Yes!
If you’ve ever used Curve and wondered why you should care about the “slippage tolerance,” know that this is the best weapon you have against MEV.
The slippage tolerance defines how much the trade can deviate from the expected amount before it reverts. In other words, if an MEV bot tried to sandwich the above trade, the most they could steal would be .1% (aka 2 CRV), your transaction would otherwise revert. That’s not really worth the gas costs for an MEV bot to run the trade, so they let it sail.
For the coders who like to access Curve programmatically, this is represented by the min_dy parameter — you have to do the dirty work of multiplying by 99.9% of the expected outcome to match frontend, but it’s worth the step.
If you are making a big trade and reducing this slippage tolerance below the default 0.1%, you are basically inviting MEV bots to take your money. As the report makes clear, sandwich bots mostly like to hit transactions in the four to six figure range, so be careful if you are in this zone.
That’s it. That’s all you have to do — just don’t touch the default values, and you’ll probably be OK.
You might ask why anybody would ever want to touch the values? Tough to say. Maybe you’re cheaping out on gas and don’t expect the transaction to go through immediately, so you want to allow for some price fluctuations? Maybe you’re trading a volatile asset, and you find your transactions keep failing, so you’re frustrated by paying revert costs?
In most cases though, if you just leave the default slippage as is, you’ll be safer.