A Simple Characterization of MEV

Abstract

In the last few years, the notion of Maximal Extractable Value (MEV) from a transaction in Ethereum has received much attention. Value from a transaction can be extracted in different ways. Yet, despite the wide interest generated by the topic and the variety of extraction strategies adopted, so far there seem to be only very few contributions trying to formalize the notion of MEV. This would be useful to investigate its main features, for a more complete description and a deeper understanding of the phenomenon. Based on the properties of its fundamental elements, that we define in the work, this paper presents a simple characterization of MEV.

1. Introduction

In recent years, the notion of Maximal Extractable Value (MEV) in Ethereum blocks production has been extensively discussed and investigated [1,2,3,4,5,6,7]. There is now a consensus that value from transactions could be extracted through a variety of strategies [8,9]. Some of the best-known such strategies are arbitrage, liquidation, and front/back-running sandwiching. The diffusion and relevance of the phenomenon have generated the need for data availability to estimate its overall impact in monetary terms, as well as the performance of alternative strategies [10,11]. For example, EigenPhi is a platform offering data provision service on the extent and type of MEV attacks.

A frequent connotation of MEV refers to extracting value from transactions/smart contracts in Ethereum, besides transactions fees. This takes place by changing the order of transactions and/or including additional transactions, which has attracted much attention in both the operational and research spheres. These are the so-called front/back-running and sandwiching strategies, whose specificity has induced the entrance, in block building and block validation activities, of important new actors in the Ethereum ecosystem, such as Flashbots [9,12]. There have also been contributions discussing how the Ethereum protocol for block formation could be modified to prevent MEV attacks [13]. Moreover, the efficacy of MEV extraction techniques on Ethereum has also been tested in alternative blockchains, like Algorand [14], where the arrival time of the transactions decides the order of their inclusion in a block.

In the paper we shall focus on these strategies and, henceforth, our discussion on MEV will only refer to them, excluding arbitrage and liquidation from the analysis.

Despite the several contributions on MEV, to our knowledge, very few attempts have been made to try to provide a general characterization of it in a formal way. Mazorra et al. (2022) [3] do present a definition of MEV, but within an approach and focus that differs from ours. A precise identification of the relevant elements associated with MEV extraction, and their properties, seems to be particularly compelling to clarify the main features of MEV and, possibly, to provide decision-making insights to relevant platforms.

The paper attempts to contribute to filling this gap. To do so, the work is structured as follows. In the next section we define what, for us, are the fundamental elements of a MEV attack on a transaction. As we shall see, these are the associated payoff and the set of ordered transactions used to obtain the MEV. In the work we call these two elements, respectively, the MEV mapping and the ATTACK mapping.

We then discuss some of the main features of such mappings, which allow us to propose a characterization of the MEV notion. Moreover, we extend the analysis to the MEV of a set of transactions and briefly discuss the possibility of a MEV self-attack. Some final considerations conclude the paper.

2. The Fundamental Elements to Characterize One-Transaction MEV

In this section we introduce what, for us, are the fundamental elements of the MEV associated with a single transaction. Initially, we do not specify the identity of the transaction submitter and the value extractor, assuming that they are different actors/users. Later, when considering the possibility of a so-called “self-attack”, identities will have to be specified.

Suppose $T$ is the set of transactions in the Ethereum network at some point in time, waiting to be stored in a block. In what follows we consider only MEV attacks on single transactions $t\in T$. For this reason, our approach is static, as we do not consider the dynamics of MEV attacks when the set $T$ changes because blocks of transactions are introduced into the blockchain and new transactions are implemented.

Then, each transaction $t\in T$ for each single user, induces the following set:

(a) 

(ATTACK DOMAIN of $t\in T$) The domain of a MEV attack to $t\in T$is defined as the set of transactions $T^{a\left(t\right)}=T\cup a\left(t\right),$ that can be selected by the user to extract value from $t\in T$. Hence $a\left(t\right)$, such that $T\cap a\left(t\right)=\mathit{\varnothing }$, is the set of transactions added to $T$ by the user for attacking $t$.

We assume that, in principle, each transaction in the network that is not yet stored in the blockchain may generate value that a user could try to obtain by attacking it. Moreover, we assume that $a\left(t\right)$ contains all the additional transactions the user considers relevant to attack $t$, so that any $t^{\prime }\notin T\cup a\left(t\right)$ is irrelevant for the attack. If $a\left(t\right)=\mathit{\varnothing }$, it means that to extract value from $t$, the attacker needs to add no transaction to $T$.

Based on (a), it is possible to introduce the following notion:

(b) 

(ATTACK SET of $t\in T$) The subset $A\left(t\right)\subseteq$ $T^{a\left(t\right)}$ is defined as the set of transactions that are effectively selected by a user to extract value from $t$.

Hence, in general, the attacking set of transactions may contain elements from $T$ and $a\left(t\right)$. It is natural to assume that $a\left(t\right)\subseteq A\left(t\right)$ since, otherwise, it would be pointless to implement additional costly transactions that are not used for the attack. It is worth observing that, in principle, any subset of $T^{a\left(t\right)}$ containing $a\left(t\right)$ could be an attack set, which is indeed what we are going to assume below.

For the next definition we introduce an additional notion. Take any set $X$ of transactions; then $O\left(X\right)$ indicates the set of orderings and permutations of $X$. This allows us to define the following mapping.

(c) 

(ATTACK MAPPING of $t\in T)$ The mapping  $O:A\left(t\right)\to O\left(A\left(t\right)\right)$ defines the set of orderings and permutations of the transactions in $A\left(t\right)$ that can be implemented to extract value from $t$. Assuming that $\left|A\left(t\right)\right|$ is the number of transactions contained in the set $A\left(t\right)$, then $o\left(A\left(t\right)\right)\in O\left(A\left(t\right)\right)$ is an ordering of the elements of  $A\left(t\right)$ and $\left|A\left(t\right)\right|!$ is the number of possible orderings.

Hence, the set of orderings $O\left(A\left(t\right)\right)$ is the image, codomain, of the attack mapping.

The last definition suggests that, to implement an MEV attack on $t$, the transactions in $A\left(t\right)$ must be ordered in a specific way when inserted into a block. In principle, such ordering can follow any criterion, although in blockchain practice ordering is based on transaction fees or timing.

Definitions (a)–(c) introduced the fundamental notions that identify which transactions, and their possible orderings, are implemented to extract value from $t$. In what follows, we now introduce additional definitions to identify the payoff obtained through such attacks.

(d) 

(EXTRACTABLE VALUE mapping) The mapping $V\left(o\right(A\left(t\right))$:$O\left(A\left(t\right)\right)\to R$ identifies the value that $o\left(A\left(t\right)\right)$ can extract from transaction $t$. This is defined as the monetary payoff that a user can obtain when attacking $t$ with $o\left(A\left(t\right)\right)$.

The above definition of an extractable value is intended to be net of the costs paid to implement the attack. This immediately leads us to the following:

(e) 

(LOCAL MEV mapping) The mapping $M\left(A\left(t\right)\right):A\left(t\right)\to R$ is the local MEV associated with transaction $t$ when using $A\left(t\right)$ to attack $t,$ defined as follows:

$$M\left(A\left(t\right)\right)={max}_{o\left(A\left(t\right)\right)\in O\left(A\left(t\right)\right)}V\left(o\right(A\left(t\right)\left)\right)$$

(f) 

(MEV mapping) The mapping  $M\left(t\right):T\to R$ is the MEV associated with each transaction $t$, defined as follows:

$$M\left(t\right)={max}_{A\left(t\right)\subseteq T^{a\left(t\right)}}M\left(A\left(t\right)\right)$$

Notice that if $\left|T\right|$ stands for the number of transactions in $T$, the possible number of attacking sets $A\left(t\right)\subseteq T^{a\left(t\right)}$, such that $a\left(t\right)\subseteq A\left(t\right)$ and $t\in T$, is $2^{\left|T\right|}-1$, which is exponentially large in $\left|T\right|$.

(g) 

(USER MEV) For each user, the associated MEV, which we indicate by $M,$is defined as follows.

$$M={max}_{t\in T}M\left(t\right)$$

Some comments are in order. Definitions (d)–(g) capture the following idea: a transaction $t$ can, in principle, be attacked in several ways, that is, with different $A\left(t\right)\subseteq T^{a\left(t\right)}$ and different orderings of $A\left(t\right)$. Alternative attacks may extract different values from $t$. Hence, for a given attack set $A\left(t\right)$, $M\left(A(t\right))$ is the maximum among those extractable values. $M\left(A\left(t\right)\right)$ can also be negative to allow for the possibility of a non-profitable attack. Therefore, we defined $M\left(A\right(t\left)\right)$ as a local MEV because it depends on the attack set. The MEV associated with transaction $t$ is $M\left(t\right)$, defined as the maximum across all attack sets. Finally, the MEV for a user is defined as the maximum MEV over all transactions $t\in T.$

Therefore, it is immediately possible to extend the notion to a global MEV by considering the largest MEV across all users.

The following simple example illustrates the above notions. Assume $T=\left\{t_1,t_2\right\}$ contains two transactions. Moreover, suppose a user intends to perform a sandwich attack on transaction $t_1$, with transactions $a\left(t_1\right)=\left\{t_3,t_4\right\}$, so that $T^{a\left(t_1\right)}=\left\{t_1,t_2,t_3,t_4\right\}$.

If ${A(t}_1)=\left\{t_1,t_3,t_4\right\}$, then the associated set of permutations is given as follows:

$${O\left(A\right(t}_1)=\{\left\{t_1,t_3,t_4\right\};\left\{t_1,t_4,t_3\right\};\left\{t_4,t_1,t_3\right\}; \left\{t_4,t_3,t_1\right\}; \left\{t_3,t_1,t_4\right\}; \left\{t_3,t_4,t_1\right\}\}$$

Additionally, assume

$$V\left(\left\{t_1,t_3,t_4\right\}\right)=V\left(\left\{t_1,t_4,t_3\right\}\right)=0$$

while

$$V\left(\left\{t_4,t_3,t_1\right\}\right)=V\left(\left\{t_3,t_4,t_1\right\}\right)=3; V\left(\left\{t_4,t_1,t_3\right\}\right)=5 and V(\left\{t_3,t_1,t_4\right\}=10$$

which implies that $M\left({A(t}_1\right))=10$, since the most successful attack on $t_1$is the sandwich attack $\left\{t_3,t_1,t_4\right\}$. Assuming, as we shall see in the next Section, that $t_1$ is included in any attacking set, then $t_1$ could also be attacked by $B\left(t_1\right)=T^{a\left(t_1\right)},$ with $O\left(B\left(t_1\right)\right)$ containing $24$ permutations. Then $M\left(t_1\right)$ is the maximum between $M\left({A(t}_1\right))$ and $M\left({B(t}_1\right))$. Finally, an analogous reasoning can be conducted for $t_2$ and the user MEV is given by the largest value between $M\left(t_1\right)$ and $M\left(t_2\right).$

Having introduced the fundamental elements to investigate the MEV, below we are going to discuss some of their features to provide an initial description of MEV.

3. A Characterization of MEV: Some Features of $\mathbf{M}\left(\mathbf{t}\right)$ and $\mathbf{A}\left(\mathbf{t}\right)$

For the first characterization of MEV, we present a few features of $M\left(A\right(t\left)\right)$ and $A\left(t\right)$. As above, we shall also consider the possibility of attacking $t$ with alternative attack sets $B\left(t\right)$, with $B\left(t\right)\subseteq$ $T^{a\left(t\right)}$.

Since, as with $A\left(t\right)$, we assume $a\left(t\right)\subseteq B\left(t\right),$ it follows that $(A\left(t\right)-B(t\left)\right)\cup (B\left(t\right)-A\left(t\right))\subseteq T$; that is, two alternative attack sets that differ only for transactions in $T$. Likewise, $V(o(B\left(t\right))$ is the value extracted from $t$ when attacking with the set $o\left(B\left(t\right)\right)$, an ordering of $B\left(t\right)$.

(1) 

$t\in A\left(t\right)$ for all $A\left(t\right)\subseteq T^{a\left(t\right)}$. That is, a transaction is included in all subsets of its attacking transactions. This seems to be a compelling feature for the MEV attacks that we consider.

(2) 

If $t=A\left(t\right),$ then $M\left(A\left(t\right)\right)=0.$That is, if an attacking set of transactions is composed of only the attacked transaction, then there is no positive value to extract from $t$ when attacking with $A\left(t\right).$

Since $a\left(t\right)\subseteq A\left(t\right)$, then $t=A\left(t\right)$ implies that $a\left(t\right)=\mathit{\varnothing }$, and it follows that any attacking set $A\left(t\right)$ such that $A(t)\subseteq T^{a\left(t\right)}$ satisfies $A\left(t\right)\subseteq T$.

The following third feature may hold, though not necessarily for all the attacking sets.

(3) 

A set $A\left(t\right)$may satisfy the following: if $t^{\prime }\in A\left(t\right),$ then, for the user, $M\left(A\right(t\left)\right) \geqq M\left(t^{\prime }\right)$.

That is, when the user considers attacking $t$ with $A\left(t\right),$ the associated local MEV $M\left(A\right(t\left)\right)$ is no smaller than the MEV associated with any transaction in the attacking set. When the above feature holds, it means that it is inconvenient for the attacker to attack an attacking transaction.

As a matter of fact, an immediate, though interesting, benchmark implication of feature 3 is as follows:

Proposition 1. 

Suppose features 1–3 hold for all $A\left(t\right)\subseteq T^{a\left(t\right)}$ and all $t\in T;$ then $M\left(t\right)=M$ for all $t\in T.$

Proof. 

Consider $t^{\prime }\in A\left(t\right)$. Then, from feature (3), we have$M\left(t\right)\geqq M\left(A\right(t\left)\right)\geqq M\left(t^{\prime }\right)$. Moreover, feature (1) implies $t\in A\left(t\right),$ and choosing $A\left(t^{\prime }\right)=A\left(t\right)\cap T$, it follows that $t\in A\left(t^{\prime }\right)$. Therefore, from feature (3) we also have $M\left(t^{\prime }\right)\geqq M\left(A\right(t^{\prime }\left)\right)\geqq M\left(t\right)$, and the result is proved. □

It is interesting to conclude this section by asking the following question.

If $A\left(t\right)$ is a set MEV attacking $t$, then can any $B\left(t\right)$, such that $A\left(t\right)\subset B\left(t\right)\subseteq T^{a\left(t\right)}$ induce at least the same local MEV level as $A\left(t\right)$? Namely, is $M\left(A\left(t\right)\right)\le M\left(B\left(t\right)\right)$? Intuition suggests that the answer is yes, however with some qualifications. Before discussing this issue, notice that since $a\left(t\right)\subseteq A\left(t\right)$, it is also $a\left(t\right)\subseteq B\left(t\right)$ so that $A\left(t\right)\cap T\subseteq B\left(t\right)\cap T$. That is, the transactions in $B\left(t\right)-A\left(t\right)$ are not added to $T$, which implies that they generate no additional transactions fees to the attacker, unlike the attacking transactions in $a\left(t\right)$.

To see the point, consider the following example. Suppose a user is implementing a sandwich attack on transaction $t$ by considering $A\left(t\right)=\left\{{t,t}_1,t_2\right\},$ with its ordering $o\left(A\left(t\right)\right)=\left\{t_1,t,t_2\right\}$, and that $V(o\left(A\left(t\right)\right)=M(A\left(t\right))$.

That is, the attack with $o\left(A\left(t\right)\right)=\left\{t_1,t,t_2\right\}$ induces the local MEV and consists of placing transaction $t_1$ before $t$ and transaction $t_2$ after $t.$

Suppose now $B\left(t\right)=\left\{{t,t}_1,t_2,t_3\right\}$, and that the ordering $o\left(B\left(t\right)\right)=\left\{t_1,{t,t}_2,t_3\right\}$ is implemented. Then it is plausible that $V(o\left(B\left(t\right)\right)=V\left(o\left(A\left(t\right)\right)=M\left(A(t\right)\right),$ as with the above ordering $o\left(B\left(t\right)\right)$ transaction $t_3$ that appears after the attack and does not affect the ordering conditions before or during the attack by $o\left(A\left(t\right)\right)$. That is, it would act like any other transaction stored in the same block.

Instead, the ordering $o^{\prime }\left(B\left(t\right)\right)=\left\{t_1,{t,t}_3,t_2\right\}$ would interfere with the ordering $o\left(A\left(t\right)\right)=\left\{t_1,{t,t}_2\right\}$ and, possibly, be such that $V\left(o^{\prime }\right(B\left(t\right))\ne M\left(A\left(t\right)\right).$Therefore, the above considerations suggest that in general, $M\left(B\left(t\right)\right)\ge M\left(A\left(t\right)\right)$.

The following fourth feature indicates how $M\left(B\left(t\right)\right)\ge M\left(A\left(t\right)\right)$ may arise.

(4) 

A set $A\left(t\right)$may satisfy the following. Define $A_C\left(t\right)=A\left(t\right)\cup C,$with $C\subseteq T$ and $A\left(t\right)\cap C=\mathit{\varnothing }$ Then, for some such $C,$ it is that $M\left(A\right(t\left)\right)\le M\left(A_C\right(t\left)\right)$.

The above feature says that adding up to the attack set $A\left(t\right)$ and a set of transactions $C\subseteq T$ disjoint from $A\left(t\right)$ does not decrease the local MEV of $A\left(t\right).$

Hence, the next result holds as follows:

Proposition 2. 

Suppose feature 4 holds for all $A_C\left(t\right)$. $Then,$ for any $B\left(t\right)$ such that $A\left(t\right)\subset B\left(t\right){\subseteq T}^{a\left(t\right)},$ it holds that $M\left(A\left(t\right)\right)\le M\left(B\left(t\right)\right).$

Proof. 

Immediate. Define $C=B\left(t\right)-A\left(t\right)\subseteq T$ and the result follows. □

As above, notice that even though $A\left(t\right)\subset B\left(t\right)$, since $B\left(t\right)-A\left(t\right)\subseteq T$, launching the attack with $B\left(t\right)$ does not require any additional transaction fee to be paid by the attacker, because the added transactions are already in $T$.

Hence, a successful MEV attack on transaction $t$ may be possibly implemented by means of several sets. Indeed, for any given $A\left(t\right)$, it is possible to define other successful attack sets by appropriately adding up and ordering transactions to $A\left(t\right).$

Finally, it may be interesting to state the following simple result.

Proposition 3. 

Suppose the attacking sets$A_i\left(t\right){\subseteq T}^{a\left(t\right)}$, with $i=1, 2\dots ,$ are the only ones such that ${M(A}_i\left(t\right))=M(t)$. Moreover, assume there exists an index $i=k$such that $A_k\left(t\right)\subseteq A_i\left(t\right)$ for all $A_i\left(t\right)$. Then $A_k\left(t\right)$ is the smallest set of transactions for a successful MEV attack on $t.$

The last result identifies a sufficient set of transactions to extract MEV from transaction $t$. No transaction could be withdrawn from set $A_k\left(t\right)$ without compromising the success of the attack. It is intuitive to think that, in real life, $A_k\left(t\right)$ would represent the most effective set to obtain MEV, and thus the one likely to be chosen by the attacker.

4. The MEV of a Set of Transactions

In this section, we extend the notion of MEV to consider the possibility that a set of transactions $X\subseteq T$, appropriately ordered, rather than just a single transaction $t$, could be subject to an MEV attack. Though perhaps uncommon in real life, if at all, we believe that, in principle, it is interesting to consider such a generalization of MEV.

In analogy with the above notation, we use $M\left(X\right)$ to indicate the MEV associated with $X$, while $o\left(A\left(X\right)\right)$ indicates an ordering of the attacking set of transactions $A\left(X\right)$⊆$T^{a\left(X\right)}$, where $T^{a\left(X\right)}=T\cup a\left(X\right)$ and $a\left(X\right)$, such that $a\left(X\right)\cap T=\mathit{\varnothing }$, stands for the additional set of transactions attacking $X$. Moreover, $M\left(A\left(X\right)\right)$ is the local MEV obtained when attacking $X$ with $A\left(X\right)$.

With sets of transactions, the following new feature can emerge.

(5) 

$\left(Monotonicity of MEV with respect to the attacked set\right)$Two sets of transactions $X,Y\subseteq T$, where $X$ and $Y$ are appropriately ordered and such that $X\subseteq Y,$ may satisfy  $M\left(X\right)\le M\left(Y\right)$. This is because $Y=X\cup (Y-X)$ and the attack on $Y$ can always be focused on $X$ only.

To illustrate the point, consider the following example. Suppose $X=\left\{t_1,t_2\right\}$, $a\left(X\right)=\left\{t_3,t_4\right\},$and that $o\left(A\left(X\right)\right)=\left\{t_3,t_1,t_2,t_4\right\}$is implementing a sandwich MEV attack on $X$, such that $M\left(A\left(X\right)\right)=M\left(X\right).$ Moreover, consider $Y=\left\{t_1,t_2,t_5\right\}\subseteq T,$ and suppose $a\left(X\right)=\left\{t_3,t_4\right\}=a\left(Y\right).$ Then, extending the previous reasoning for a single transaction $t$, it may be that the ordering $o\left(A\left(Y\right)\right)=\left\{t_3,t_1,t_2,t_4,t_5\right\}$ provides at least the same MEV as $o\left(A\left(X\right)\right)=\left\{t_3,t_1,t_2,t_4\right\}$, since in $o\left(A\left(Y\right)\right)$ transaction $t_5$ appears after $t_4$.

It is important to note that for the monotonicity feature to hold, we assumed, as illustrated by the example, that in the ordering $o\left(A\left(Y\right)\right)$ the additional transactions $a\left(X\right)=\left\{t_3,t_4\right\}=a\left(Y\right)$ could interfere with the initial ordering of $Y=\left\{t_1,t_2,t_5\right\}$, because in $o\left(A\left(Y\right)\right)$ transaction $t_4$ is placed between $t_2$ and $t_5$. This seems to be a natural possibility to allow for, since in a block the order of the transactions stored could always be chosen by the validator.

An immediate implication of property (4) is that $M\left(t\right)\le M\left(Y\right)$ may hold for $t\in Y.$

5. Self-Attack

In the previous sections we did not specify the identity of a transaction submitter and of the MEV attacker of that transaction. It was, however, assumed that if the submitter is user $i$, then the attacker is a different user $j$.

However, at least in principle, one could ask the following question: if $i$ is the submitter of transaction $t$, can $i$ also be the attacker of transaction $t$? That is, can there be an MEV self-attack? Although apparently paradoxical, in our framework the question seems to make perfect sense and deserving a discussion, albeit short.

In reality, self-attack does not seem to be widespread. Therefore, it would be interesting to understand why this is so. Among other possible reasons, we think there could be at least the following two. The first may be that $i$ is unaware about MEV and, therefore, of the possibility of self-attack. The second is that $i$ is aware of MEV, and also of the possibility of self-attack, which, however, is too costly to implement as compared to its returns.

An interesting example for this may be represented by swapping assets transactions in Automated Market Makers, such as Uniswap. Consider a liquidity pool with two assets, $X$ and $Y$, that can be swapped with each other. Additionally, suppose the current quantity of the assets, respectively, $x$ and $y$, are $x=100=y$. Finally, assume user $i$ is interested in obtaining as many units of $X$ as possible against $10$ units of $Y$. In what follows we adopt the Uniswap Constant Product Function,

$$xy=k$$

to determine the exchange price between $X$ and $Y$.

To do so we can envisage the following two procedures.

(a)

The user swaps $\Delta \mathrm{y}=10$ against the quantity

$$\Delta x={\displaystyle \frac{x\Delta y}{y-\Delta y}}={\displaystyle \frac{100\left(10\right)}{100-10}}=11$$

Hence, in this case, $1$ unit of $Y$ swaps with $1.1$ units of $X$.

(b)

Alternatively, the user can first swap $\Delta \mathrm{x}=11$ units of $X$ to obtain in exchange $\Delta \mathrm{y}=10$ units of $Y$, so that now the liquidity pool is with $x=111$ and $\mathrm{y}=90$. Then, the user can swap $\Delta \mathrm{y}=20$ units of $\mathrm{Y}$ against about $\Delta \mathrm{x}=32$ units of $X.$ Hence, eventually, the pool size will be $\mathrm{x}=79$ and $\mathrm{y}=110$.

Therefore, subtracting from $\Delta \mathrm{x}=32$ the $11$ units of $\mathrm{X}$ are initially deposited, the final number of $X$ units obtained by the user is $21$. Likewise, summing up $\Delta \mathrm{y}=10$ units of $Y$, obtained after the initial deposit of $\Delta \mathrm{x}=11$ units of $X$ to the $10$ units of $Y$ available from the beginning, we reach the conclusion that with $10$ units of $\mathrm{Y},$ the user obtains $21$ units of $X$. Therefore now $1$ unit of $Y$ provides $2.1$ units of $X$, that is twice as much as before.

Procedure (b) can be interpreted as a back-running self-attack on the first transaction, which, from the example seems sufficiently simple and rewarding for the user. If this attack is not widely diffused, it could be because of the high transaction fees to be paid by the user or because the user may not have $11$ units of $X$ to swap. Moreover, the second attacking transaction must occur at the right time for the swapping price not to change too much. If this is not the case, the user may even lose rather than gain from the attack. Therefore, sufficiently risk-averse users may decide not to implement (b).

As a consequence, self-attacks may not be profitable for $i$.

6. Conclusions

In the paper we proposed a simple way to formalize the notion of MEV, concerning front/back-running and sandwich attacks, and, based on the defined fundamental elements, discussed some of its distinguishing features. We saw how the ATTACK mapping and the MEV mapping represent the building blocks of our framework, and their properties are key to providing a characterization of the MEV notion. Although in principle, non-negative value could be extracted from any transaction in the Ethereum network, we suggested that the MEV associated with the attacking transactions may be smaller than the MEV of the initially attacked transaction. This seems to be a needed requirement for the MEV mapping for attacks to enjoy some stability, namely to prevent users from beginning an attack and then dropping it to attack an attacking transaction. However, a thorough investigation of this topic would require a dynamic context, which we do not consider. We also argued that the same MEV could be obtained with alternative attack sets, although it is reasonable to think that users would select the smallest set of transactions to achieve their goal.