Dissecting the MEV Attack: How a Validator Exploited the MEV-Boost-Relay Bug to Drain Multiple MEV Bots

Introduction

In the ever-evolving world of blockchain technology, understanding the inner workings of complex systems is essential for staying ahead of potential threats. In this comprehensive article, we will delve into the principles of Proposal Builder Separation (PBS) and how it enhances blockchain network security. We will also explore the role of MEV-Boost-Relay in minimizing the impact of Maximum Extractable Value (MEV) and examine a recent, audacious attack by a rogue validator who managed to drain multiple MEV bots, pocketing a staggering $25m million in profit.

Exploring Proposer-Builder Separation: A Dive into Greater Blockchain Decentralization and Security

Proposer-Builder Separation (PBS) is a concept aimed at addressing the challenges of blockchain censorship and MEV attacks. In PBS, block construction and block proposal are divided into distinct roles in the network. Block builders create "exec block bodies," which are ordered lists of transactions, and submit bids for these blocks. The block proposer's task is to select the exec block body with the highest bid, effectively separating the centralized building process from the decentralized transaction validation.

PBS introduces pre-confirmation privacy that prevents the extraction of Maximal Extractable Value (MEV) by parties who could otherwise control transaction ordering in a block. With PBS, block proposers can be randomly selected validators, while block builders can be any node capable of paying the proposer's fee and creating an exec block body. This separation helps improve scalability by allowing for stateless validators and protects security and decentralization by reducing the control of block proposers over transaction inclusion.

Teamwork in Blockchain: The Roles of Builders, Proposers, and Attesters in PBS

In the Proposer-Builder Separation (PBS) model, the blockchain ecosystem involves three critical roles: the Builder, the Proposer, and the Attester. Each participant contributes to a smooth, secure, and efficient transaction process, much like the distinct positions in a sports team working together for a common goal.

Step 1: The Builder's Role - Creating Exec Block Bodies

In PBS, the Builder is responsible for creating "exec block bodies," which are ordered lists of transactions. You can think of builders as the team's strategists, designing the game plan (the ordered transactions) for the match (the block).

Step 2: The Proposer's Role - Selecting the Winning Exec Block Body

The Proposer's job is to choose the best game plan (exec block body) for the match (block) based on the highest bid. They act like a coach, selecting the strategy that promises the best outcome.

Step 3: The Attester's Role - Validating the Proposed Block

Attesters in the PBS model act as referees, ensuring that the selected game plan (exec block body) adheres to the rules and is valid. They verify the legitimacy of the proposed block and confirm its addition to the blockchain.

In summary, the Builder creates the transaction order, the Proposer selects the best transaction order based on the highest bid, and the Attester validates the proposed block. This teamwork approach in the PBS model ensures a secure and efficient blockchain process.

Mitigating MEV Attacks with PBS

Just as each player in a sports team contributes to the team's success by focusing on their individual roles, the Proposer-Builder Separation (PBS) model mitigates MEV attacks by dividing responsibilities. In this model, the Builder, Proposer, and Attester work together to limit opportunities for malicious activities.

The Builder, akin to a midfielder in soccer, organizes the transactions and creates the "exec block bodies." By doing so, the Builder ensures a fair and efficient play, preventing other players from manipulating transaction orders or exploiting vulnerabilities.

The Proposer, similar to a striker, selects the highest-fee exec block body submitted by the Builders. They focus on scoring the highest revenue and promoting fair competition without knowing the transaction details beforehand. This process reduces the chances of MEV attacks, as the Proposer cannot manipulate transactions for personal gain.

Lastly, the Attester, like a goalkeeper, verifies the proposed blocks and maintains the network's security. Their role is essential to prevent invalid transactions from entering the blockchain, further securing the network against potential MEV attacks.

In the PBS model, each participant's distinct role contributes to minimizing the risk of MEV attacks, enhancing the overall security and fairness of the Ethereum network. By separating block construction, proposal, and attestation, the model reduces opportunities for malicious actors to manipulate transaction orders, ultimately fostering a more transparent and decentralized environment for all users.

MEV-Boost

MEV-Boost is an open-source middleware that is used by validators in the proof-of-stake Ethereum network to access a competitive block-building market. It is essentially an initial implementation of Proposer-Builder Separation (PBS) for Ethereum.

The primary purpose of MEV-Boost is to enable validators to access blocks from a marketplace of builders. These builders produce blocks containing transaction order flow and a fee for the block proposing validator. The separation of proposers from block builders promotes greater competition, decentralization, and censorship resistance for Ethereum.

To use MEV-Boost, PoS node operators must run three pieces of software: a validator client, a consensus client, and an execution client. MEV-Boost is a sidecar for the beacon node, which is a separate piece of open-source software that queries and outsources block-building to a network of builders.

Block builders prepare full blocks, optimizing for MEV extraction and fair distribution of rewards. They then submit their blocks to relays. The relays aggregate blocks from multiple builders in order to select the block with the highest fees. A validator can configure one instance of MEV-Boost to connect to multiple relays.

Once the most profitable block is received from MEV-Boost, the consensus layer client of a validator proposes it to the Ethereum network for attestation and block inclusion.

MEV-Boost promotes decentralization by allowing validators to access a marketplace of block builders, which fosters greater competition and reduces centralization. It is an important tool for managing MEV, which is a centralizing force on Ethereum that can lead to instability in consensus security and erosion of transparency, neutrality, decentralization, and permission lessness.

Cracking the Code: How Validator Earned $25M by Tackling MEV Bots

The Block

Sandwich Attack: How Validators Used MEV to Earn Millions

To better understand the concept of the sandwich attack, it is important to first grasp the basics of MEV (Maximal Extractable Value) and how MEV bots operate. In short, MEV refers to the profit that can be extracted from reordering or censoring transactions on a blockchain. MEV bots are software programs that continuously monitor transactions on a blockchain network and identify opportunities to extract MEV. One such method of MEV extraction is the sandwich attack, which involves manipulating the order in which transactions are executed to generate profit. To illustrate how the sandwich attack works, let's consider an example scenario:

• A user wants to buy $1,000 worth of USDC on Uniswap. They expect to buy it at a price of $1 per USDC.
• An MEV bot recognizes the user's transaction and prepares a sandwich attack:
  1. The MEV bot first buys USDC on Uniswap, raising its price to $10 per USDC (for example). The bot's average buy price is between $1 and $10.
  2. The MEV bot plans to let the user's transaction execute, so the user will pay a higher price (around $10 per USDC) and receive less USDC than expected.
  3. The MEV bot intends to sell the USDC back to Uniswap at an average price higher than its initial buy price, making a profit.

• A rogue validator notices the MEV bot's sandwich attack and decides to exploit it:
  1. The validator replaces the user's transaction with their own transaction.
  2. Instead of buying more USDC at the inflated $10 price, the validator sells USDC back to Uniswap at the $10 price, making a profit.

• The MEV bot's final sandwich transaction fails because the price of USDC is back to $1, and the bot is left holding USDC bought at higher prices (up to $10).

Exploiting MEV-Boost Relay

Proposer-Builder Separation (PBS) is a key concept in Ethereum's Proof-of-Stake (PoS) consensus mechanism that aims to enhance decentralization, competition, and censorship resistance. By separating the roles of proposers and block builders, PBS ensures that each participant focuses on their specialized task, thereby increasing the efficiency of the system. However, to maintain the integrity of the system, proposers are not allowed to view the contents of the block before signing it. Instead, they have to trust the mev-boost-relay to provide them with the most profitable block header. This critical aspect of PBS ensures the security and stability of the network.

The security is further reinforced by requiring a double sign for a single slot, which is slashable, and winning a race against the relay to submit the block to the network, which is highly unlikely. However, in a recent incident, a malicious validator was able to exploit a vulnerability in the mev-boost-relay and perform a profitable attack, deconstructing bundles and claiming liquidity from MEV bots. In the following sections, we will discuss how this attacker was able to execute the attack.

• when a producer signs a block correctly, the mev-boost-relay will return all the transactions that are included in the block. The assumption is that the signed block will then be broadcasted to the network, which means that if a validator wants to send a new block, they have to race against the relay
• After signing the block, the validator sent an invalid block by setting both the parent root and state root to zero. This rendered the block unacceptable by the network, and there was no race to send a new block because the signed block would never be accepted.

• Because the relay was unable to broadcast the block due to its invalidity, the attacker was able to easily take the revealed transactions and deconstruct the bundles. The attacker then ran simulations with 0 gas on the Ethereum state to determine which transactions would yield the most profit. Once the most profitable trade was determined, the attacker constructed a new block containing  the profitable transactions and sent it to the network.

The Patch 

The patch for the mev-boost-relay vulnerability is straightforward and easy to implement. The patch ensures that the relay will not return any transactions if the block is not successfully sent to the network. Additionally, the relay will delay the response by a second to provide an extra layer of security.
The community is actively working to fully roll out the patch to all relays and is preparing a detailed postmortem report which will be published soon

Conclusion

In conclusion, the recent incident of the malicious validator exploiting the vulnerability in mev-boost-relay has highlighted the need for continued diligence in the development and deployment of decentralized protocols. The use of Proposer-Builder Separation (PBS) in Ethereum's Proof-of-Stake (PoS) consensus mechanism promotes decentralization, competition, and censorship resistance by separating the roles of proposers and block builders. However, even with PBS in place, vulnerabilities can still be exploited, and the community must work together to identify and patch these vulnerabilities to prevent further incidents. The swift response to this incident, with a simple patch deployed and a detailed postmortem to be published, demonstrates the resilience and commitment of the community to the ongoing development and improvement of decentralized systems.

Also read about Liquidity Challenges in Illiquid Marketplaces