Introduction
Maximal Extractable Value (MEV) — the profit available to block producers through strategic transaction ordering — has grown from a niche Ethereum research topic into a multi-billion-dollar industry that touches every blockchain user. Since the concept was formalized in the 2019 paper “Flash Boys 2.0,” MEV has reshaped validator economics, driven the development of specialized infrastructure (MEV-Boost, SUAVE), and triggered fundamental protocol changes like Enshrined Proposer-Builder Separation (ePBS) in the 2026 Glamsterdam upgrade.
This guide covers the full MEV landscape: the extraction strategies, the infrastructure stack, the latest protocol-level developments (ePBS, SUAVE), the growing cross-chain MEV threat on Layer 2s, and the mitigation approaches available to developers and users.
MEV Fundamentals
What Is MEV
MEV represents the potential profit available to anyone who controls transaction ordering within a blockchain block. Validators (or miners in proof-of-work systems) can observe pending transactions in the public mempool, then strategically position, include, or exclude them to extract value. This value is captured entirely through ordering — no explicit fee is paid by the extractor.
The phenomenon was first documented systematically in “Flash Boys 2.0: Frontrunning, Transaction Ordering, and Market Instability in Decentralized Exchanges” (Daian et al., 2019). The authors demonstrated that sophisticated bots were systematically front-running trades on Ethereum, extracting value from ordinary users.
By 2026, cumulative MEV extracted on Ethereum exceeds $4 billion, according to Flashbots data. The block-building market has become a high-stakes auction where specialized builders compete to produce the most profitable blocks, and where 80-90% of all Ethereum blocks are now built by the two largest builders.
MEV Extraction Strategies
| Strategy | Description | Harm Level | Share of MEV |
|---|---|---|---|
| DEX arbitrage | Buy low on one DEX, sell high on another | Low (price alignment) | ~45% |
| Liquidations | Repay debt, claim collateral at discount | Low (necessary for solvency) | ~20% |
| Sandwich attack | Front-run + back-run a victim swap | High | ~25% |
| NFT MEV | Compete for mints, floor manipulation | Medium | ~5% |
| Long-tail strategies | Oracle manipulation, time-bandit attacks | High | ~5% |
DEX arbitrage is the largest MEV category by volume. When an asset trades at different prices across Uniswap, Curve, and Balancer, arbitrageurs profit by bringing prices back into alignment. This is generally considered benign or even beneficial — it keeps DEX prices efficient. Validators can capture this value by running their own arbitrage bots or by accepting bribes from searchers who submit arbitrage bundles.
Liquidations arise when a borrower’s collateral value falls below the required threshold. Liquidators repay the debt in exchange for the collateral at a discount (typically 5-10%). This is essential for the health of lending protocols — without liquidators, bad debt accumulates. Competition among liquidators drives fast, efficient liquidation.
Sandwich attacks are the most harmful form of MEV. A searcher detects a pending swap in the mempool, places a buy order before it (driving the price up), and a sell order after it (profiting from the inflated price). The victim receives significantly worse execution. This is pure value extraction from users with no economic benefit.
# Sandwich attack — simplified detection flow
class SandwichDetector:
def detect_sandwich_candidates(self, mempool_txns):
candidates = []
for tx in mempool_txns:
if self._is_large_swap(tx) and self._is_amm(tx.to_address):
price_impact = self._estimate_price_impact(tx)
# Attacker needs enough liquidity to move the price
if price_impact > self.MIN_PROFIT_THRESHOLD:
candidates.append({
"victim_tx": tx.hash,
"pool": tx.to_address,
"price_impact_pct": price_impact,
"estimated_profit": price_impact * tx.value
})
return sorted(candidates, key=lambda x: -x["estimated_profit"])
A 2026 study by Carbon DeFi found that on Ethereum alone, over 72,000 sandwich attacks target more than 35,000 victims monthly. A single entity known as “Jared” (jaredfromsubway.eth) accounts for ~70% of all sandwich attacks. Despite declining per-attack profitability (attacker margins have compressed to ~5%), the volume remains high because block builders capture most of the extracted value through gas fees.
The MEV Supply Chain
MEV has created a specialized multi-actor supply chain distinct from the base-layer consensus participants:
| Role | Responsibility | How They Profit | Count (approx.) |
|---|---|---|---|
| Searcher | Detect MEV opportunities, construct bundles | MEV profit minus gas costs | Hundreds |
| Builder | Aggregate bundles + public txns into blocks | Builder tip from validators | ~10 dominant |
| Relay | Connect builders to validators, blind blocks | Relay fee | ~5 major |
| Validator | Propose the highest-bid block to the network | Block reward + builder tip | ~1M stakers |
Searchers are algorithmic traders who run sophisticated bots scanning the mempool for profitable patterns. They compete to be the first to identify opportunities — a race measured in milliseconds. Searchers submit their transactions as “bundles” (ordered groups of transactions that execute atomically) to builders.
Builders assemble blocks from searcher bundles and public mempool transactions. They run optimization algorithms to determine transaction ordering that maximizes total extractable value. Building a competitive block requires expensive infrastructure: low-latency connections to relays, powerful hardware for simulation, and deep liquidity relationships. This has led to significant builder concentration — as of 2026, the top two builders produce over 80% of Ethereum blocks, a centralization concern that ePBS aims to address.
Relays provide a critical privacy function: they accept blinded block headers from builders (hiding the block contents) and forward them to validators. This prevents validators from stealing MEV by copying the builder’s transaction ordering. Relays are trusted parties — a malicious relay could censor builders or leak block contents. Currently, Flashbots operates the dominant relay, with bloXroute and Eden as alternatives.
Validators stake 32 ETH to participate in Ethereum consensus. Through MEV-Boost, they outsource block construction to the builder market and select the highest-bidding block. This has democratized MEV access — even a solo validator with minimal infrastructure can capture MEV revenue by choosing the best builder bid.
MEV-Boost and Enshrined PBS
MEV-Boost Architecture
MEV-Boost, launched by Flashbots in 2022, is the software that connects validators to the builder market. It implements Proposer-Builder Separation (PBS) as an off-chain mechanism:
MEV-BOOST BLOCK PRODUCTION FLOW
Searchers Builders Relays Validators
┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐
│ Detect │ │ Assemble│ │ Blind │ │ Select │
│ opps │──────►│ blocks │──────►│ headers │──────►│ highest │
│ Submit │ │ Optimize│ │ Forward │ │ bid │
│ bundles │ │ ordering│ │ to props│ │ Propose │
└─────────┘ └─────────┘ └─────────┘ └─────────┘
│ │
└────────── Payment (tip) ───────────┘
An empirical study published in 2025 analyzed over 1.6 million Ethereum blocks and found that PBS blocks consistently outperform non-PBS blocks:
- Median daily reward increase: 46% higher for PBS blocks
- Average block reward surge: 236.1% for PBS blocks
- PBS adoption rate: grew from 18.3% to 80%+ within two months of launch
ePBS: The Glamsterdam Upgrade (2026)
The primary limitation of MEV-Boost is its reliance on trusted relays. These relays operate outside Ethereum’s consensus rules, creating centralization risk and a potential censorship vector. The Glamsterdam upgrade, activated in early 2026, introduces Enshrined PBS (ePBS) via EIP-7732.
Under ePBS, the builder auction moves directly into the Ethereum protocol:
- No more relays: Builders submit sealed bids directly to the Beacon Chain
- Payload Timeliness Committee: A new committee verifies that winning builders reveal their block contents within a specified window
- Slashing conditions: Builders that fail to reveal their block are penalized, replacing the relay’s trust role with cryptographic guarantees
- Fallback mechanism: Validators can still build blocks locally if no builder bids are received, ensuring liveness
// Simplified ePBS flow — builder commits sealed bid on-chain
contract EPBS {
struct BuilderBid {
bytes32 blockHash; // Commitment to block contents
uint256 value; // Payment to validator
bytes signature; // Builder identity
uint256 slot;
}
mapping(uint256 => BuilderBid) public sealedBids;
// Builder submits a sealed bid before the slot starts
function submitSealedBid(BuilderBid calldata bid) external {
require(bid.value > 0, "Bid must be positive");
require(sealedBids[bid.slot].value == 0, "Bid already exists");
sealedBids[bid.slot] = bid;
emit BidSubmitted(bid.slot, bid.value);
}
// Validator reveals the winning bid and gets paid
function revealWinningBid(uint256 slot)
external returns (address builder, uint256 payment)
{
BuilderBid storage bid = sealedBids[slot];
require(bid.value > 0, "No bid for this slot");
// Pay validator, builder reveals block
payable(msg.sender).transfer(bid.value);
return (extractBuilder(bid.signature), bid.value);
}
}
ePBS eliminates the relay trust assumption but introduces new challenges: the “free option problem” (builders can withdraw bids under unfavorable market conditions) and continued builder centralization risk if capital-intensive builders still dominate the auction.
SUAVE: The Next Generation of MEV Infrastructure
Flashbots is building SUAVE (Single Unified Auction for Value Expression), a decentralized platform for MEV applications that extends beyond Ethereum. SUAVE consists of a specialized chain (the SUAVE Chain) with an EVM-compatible execution environment called the MEVM.
SUAVE Roadmap
| Release | Status | Key Features |
|---|---|---|
| Centauri | Devnet (2024) | Privacy-aware orderflow auction, MEVM, trust in Flashbots for privacy |
| Andromeda | Testnet | SGX-based TEE execution nodes, removes trust in Flashbots, decentralized relays |
| Helios | Future | Permissionless execution, complete decentralization |
The core innovation of SUAVE is that it separates order flow (user transaction preferences) from execution (where the transaction settles). Users submit their intent to SUAVE, and searchers compete in a privacy-preserving auction for the right to execute the back-run — with the value returned to the user.
# Conceptual SUAVE orderflow auction
class SuaveOrderflowAuction:
"""
Users submit encrypted intents; searchers bid for the right to back-run.
"""
def submit_intent(self, user: str, intent: bytes, deadline: int):
# Intent is encrypted — searchers cannot see contents
intent_id = keccak(intent)
self.pending_intents[intent_id] = {
"user": user,
"encrypted_intent": intent,
"deadline": deadline,
"sealed": True
}
return intent_id
def submit_backrun_bid(self, intent_id: bytes,
searcher: str, bid_amount: int):
intent = self.pending_intents[intent_id]
require(block.timestamp < intent.deadline, "Auction ended")
require(bid_amount > intent.current_bid, "Bid too low")
intent.current_bid = bid_amount
intent.winning_searcher = searcher
def settle(self, intent_id: bytes):
# Winning searcher executes, user receives the bid value
intent = self.pending_intents[intent_id]
user_share = intent.current_bid * 0.8 # 80% to user
protocol_share = intent.current_bid * 0.2
transfer(intent.user, user_share)
transfer(protocol_treasury, protocol_share)
SUAVE represents a fundamental shift: instead of MEV being captured by searchers and validators, it is returned to the users who create it. The user’s transaction becomes a revenue source rather than a cost.
Cross-Chain MEV
MEV on Layer 2s
As activity has migrated from Ethereum L1 to L2 rollups, MEV has followed. Each L2 has a different mempool design and sequencer model, creating a heterogeneous MEV landscape. A 2026 academic paper (CAAW ‘26) analyzed sandwich attacks across five L2s:
SANDWICH ATTACK STATISTICS BY L2 (Jan-Sep 2025)
┌───────────┬──────────┬──────────────┬──────────┬────────────────────┐
│ Chain │ # Bots │ Strong Sig. │ Median │ Median Gross PnL │
│ │ │ Share │ Slippage │ (per sandwich) │
├───────────┼──────────┼──────────────┼──────────┼────────────────────┤
│ Base │ 169 │ 14.3% │ -0.05% │ $0.0018 │
│ Arbitrum │ 96 │ 24.6% │ 0.00% │ $0.0005 │
│ Unichain │ 40 │ 7.3% │ +0.04% │ $0.0027 │
│ Optimism │ 36 │ 5.1% │ +0.01% │ $0.0010 │
│ ZKsync │ 7 │ 7.4% │ 0.00% │ $0.0009 │
└───────────┴──────────┴──────────────┴──────────┴────────────────────┘
Key findings from the research:
- Base has the most bot activity (169 bots, 50,952 identified sandwich triples)
- Most purported sandwiches are false positives — only 5-25% show “strong signature” (front-run and back-run swap sizes within 10% of each other)
- Median net profit is negative on most L2s — after accounting for gas costs and slippage, most sandwich attempts lose money
- Private mempools on L2s (using Flashbots Protect or equivalent) reduce but do not eliminate sandwich risk
Solana MEV
Solana has developed a distinct MEV ecosystem centered around Jito, a validator client that implements a tip auction similar to MEV-Boost. Unlike Ethereum, Solana has no public mempool — all transactions are sent directly to validators. Jito creates a private mempool where searchers can submit bundles with tips.
By 2026, Solana sandwich attacks have largely been mitigated through a combination of:
- Jito’s block engine ordering transactions fairly by tip rather than by position
- Lower token trading volatility reducing the profitability of front-running
- Better DEX architecture with built-in slippage protection
The Solana MEV market has shifted from predatory extraction to a tip-driven efficiency market, where validators earn ~$720M annually in Jito tips for providing low-latency block space.
MEV Mitigation Strategies
Protocol-Level Mitigation
| Approach | Description | Status | Tradeoffs |
|---|---|---|---|
| ePBS | On-chain builder auction (EIP-7732) | Live (Glamsterdam 2026) | Free option problem, builder concentration |
| Encrypted mempool | Transactions hidden until inclusion | Research phase | Liveness concerns, complexity |
| Fair sequencing | Order-by-arrival guarantees | Research phase | Trust in sequencer, latency |
| MEV burning | Destroy extracted value | Proposed | Reduces validator revenue |
Application-Level Mitigation
DeFi protocols can reduce MEV exposure without waiting for protocol-level changes:
TWAP oracles — instead of using spot prices from a single block, use time-weighted average prices. This makes sandwich attacks economically unviable because the attacker cannot manipulate a single block’s price to profit:
// MEV-resistant TWAP oracle — uses cumulative price over time window
contract TWAPOracle {
uint256 public price0CumulativeLast;
uint256 public price1CumulativeLast;
uint32 public blockTimestampLast;
uint256 public price0Average;
uint256 public price1Average;
function update() external {
(uint256 price0Cumulative, uint256 price1Cumulative,
uint32 blockTimestamp) = UniswapV3Oracle.observe(pool, 30);
uint256 timeElapsed = blockTimestamp - blockTimestampLast;
require(timeElapsed >= 15, "Minimum 15-second window");
price0Average = (price0Cumulative - price0CumulativeLast) / timeElapsed;
price1Average = (price1Cumulative - price1CumulativeLast) / timeElapsed;
price0CumulativeLast = price0Cumulative;
price1CumulativeLast = price1Cumulative;
blockTimestampLast = blockTimestamp;
}
}
Flashbots Protect — users can submit transactions directly to Flashbots’ private relay, bypassing the public mempool entirely. This prevents front-running and sandwich attacks at the cost of slightly higher latency and reliance on Flashbots’ infrastructure. Over 2.1 million users have been protected from MEV extraction, with $43M+ in DEX volume processed.
CoW Protocol — uses a batch auction model where orders are matched CoW (Coincidence of Wants) before reaching the blockchain. If two users want to swap tokens in opposite directions, they can be matched internally at a fair price without any public mempool exposure. Unmatched orders are settled via AMMs with solver competition that minimizes MEV extraction.
Request for Quote (RFQ) — used by 1inch, Matcha, and ParaSwap. Instead of broadcasting a swap to the public mempool, the user requests quotes from market makers and selects the best one. The trade is executed privately, preventing sandwich attacks entirely. The tradeoff is that RFQ systems are less composable than open AMMs.
Impact on Blockchain Economics
MEV has transformed validator profitability. Before MEV-Boost, a validator’s revenue came entirely from the consensus layer (block reward + priority fees). With MEV, the execution layer reward — derived from builder tips — now constitutes 60-80% of total validator income.
This has implications for network security: higher validator returns attract more stakers, increasing Ethereum’s security budget. However, it also creates centralization pressure, because large staking pools (Lido, Coinbase, Binance) can operate their own builder infrastructure and capture more MEV value than solo stakers.
For end users, MEV manifests as worse execution prices, higher gas costs during competitive periods, and in the worst case, failed transactions when sandwich attacks extract the full value of a trade. The user impact is estimated at $60M+ annually in lost value from sandwich attacks alone.
Conclusion
MEV is a fundamental property of blockchain systems with discretionary transaction ordering — it cannot be eliminated, only redirected. The 2026 landscape is defined by three major developments:
-
ePBS moves MEV management into the protocol, removing trusted relays but introducing new economic dynamics around builder competition.
-
SUAVE proposes a paradigm where MEV value flows back to users through orderflow auctions, transforming the incentive structure from extraction to redistribution.
-
Cross-chain MEV is growing as activity migrates to L2s, but early data suggests that sandwich attacks on L2s are less profitable than on L1 — and many candidate attacks are actually false positives.
For developers, the best defense remains application-level mitigations: TWAP oracles, private transaction submission via Flashbots Protect, and batch auction settlement through protocols like CoW. For validators, MEV-Boost and the emerging ePBS infrastructure provide access to builder revenue without requiring specialized infrastructure. For users, awareness and the use of MEV-protecting tools are the first line of defense.
Resources
- Flashbots Documentation — MEV-Boost, SUAVE, and Protect
- EIP-7732: Enshrined PBS — The Glamsterdam upgrade specification
- SUAVE Centauri Whitepaper — Flashbots’ decentralized MEV platform
- Cross-Chain Sandwich Analysis (CAAW 2026) — Empirical study of L2 MEV
- Flash Boys 2.0 Paper — The original MEV formalization
- Ethereum MEV Research — Ethereum Foundation research on PBS
- ESMA MEV Report (July 2025) — Regulatory perspective on MEV
Comments