MEV Explained in Detail
MEV is value extracted by controlling transaction inclusion, exclusion, or order. Common examples include arbitrage, liquidations, back-running, sandwiching, and delayed execution.
MEV is not always a vulnerability. It becomes a security concern when a protocol assumes fair ordering or neutral block construction.
Transaction example
-
Find: A searcher identifies a profitable ordering.
-
Bundle: The searcher submits a transaction or bundle.
-
Build: A builder constructs a block with that ordering.
-
Propose: A validator proposes the block.
-
Extract: Value is captured from the ordered execution.
MEV in Auditing
MEV affects any protocol where transaction order changes price, payout, eligibility, or execution rights, including DEXs, liquidations, auctions, oracles, bridges, NFT mints, and governance.
Auditors should treat transaction order as adversarial.
Red flags in code
-
"First caller wins" payout logic.
-
Profitable liquidations with no protection against toxic ordering.
-
User swaps without slippage bounds or deadlines.
-
Auctions that reveal bids too early.
-
Oracle updates that can be back-run or delayed.
-
Protocol logic assuming transactions execute immediately or fairly.
How to test or review it
-
Simulate attacker transactions before, after, and on both sides of the victim transaction.
-
Check delayed execution, missing update, and censored update scenarios.
-
Review every function where ordering changes price, eligibility, payout, or liquidation status.
-
Prefer designs that remove ordering dependence.
-
Use commit-reveal for secrets when latency allows.
-
Add slippage, deadlines, batch execution, or circuit breakers where relevant.