Crypto Training
Ethereum Is a Dark Forest: MEV Threat Models for Protocol Engineers
Assume adversaries see your transaction before it lands and can reorder around it. This is the starting point for MEV-safe protocol design.
Crypto Training•2026-01-29•2 min read
A useful mental reset:
- Ethereum is not a computer you send commands to.
- Ethereum is a marketplace where your commands are visible and can be reordered.
If your protocol creates value through ordering, someone will compete for it.
That competition becomes MEV, and MEV becomes a security issue the moment your code assumes a particular ordering.
The attacker model (realistic, not dramatic)#
Attackers can:
- copy a user transaction and pay a higher tip
- insert transactions before/after (sandwich)
- backrun liquidations/arbitrage
- grief transactions by making them revert or execute at worse prices
They don’t need to steal funds directly to harm your users. Sometimes “make your UX unreliable” is enough.
MEV becomes a vulnerability when you rely on a race#
Here are three places MEV turns into a bug:
| Protocol feature | Hidden assumption | Exploit shape |
|---|---|---|
| swaps | users get the mid price | sandwich attacks |
| liquidations | first come, first served safely | keeper bidding wars, revert griefing |
| auctions | ordering is fair | copy + outbid + censor |
If your “security property” is “honest actors will get there first”, you don't have a security property.
Engineering defenses that actually matter#
The best MEV defenses are boring.
- enforce slippage bounds (
minOut,maxIn) - include deadlines
- use exact accounting (don’t assume transfers are pure)
- separate price read from state transition where possible
- design keeper incentives as games with adversaries
Sometimes you also use:
- private order flow
- batch auctions
- commit-reveal
Those can help, but they shift trust or add complexity.
A short embedded talk#
This is a good companion if you prefer video and want to build intuition about how adversaries think about ordering.
A design prompt (if you’re building)#
Take your most important user action and answer:
- What happens if someone sees this in the mempool and copies it?
- What happens if someone moves the price right before it executes?
- What happens if someone can cheaply force it to revert?
If you can’t answer those, your protocol isn’t MEV-aware yet.
Further reading#
- Paradigm: Ethereum is a dark forest: https://www.paradigm.xyz/2020/08/ethereum-is-a-dark-forest
- Flashbots research: https://collective.flashbots.net/