Rules and strategies of a protocol - Data Always

This essay was originally published on September 29, 2023 on Substack.

Ethereum developers are often accused of changing the rules by which the game is played. For the class of people who view a blockchain’s spec as infallible, this is a valid criticism, but it is also true that rules do not define how a game is played—they define how a game can be played.

Rulesets outline solution spaces, implicit combinations of all possible actions; meanwhile player strategies are what determine the path any game follows. These strategies are permanently evolving, they represent a constant search for exploits and unintended behavior in the definition of the game. When development assumptions prove invalid is a change to the ruleset not warranted?

This is an essay on the state and the future of Ethereum, however it would do a disservice not to point out that Bitcoin has faced and will continue to face many of its own challenges. Bitcoin’s path is not as immutable as its disciples believe. In the footnotes we briefly discuss Bitcoin’s inflation bug, the 2106 bug, the emergence of Ordinals, and long-term uncertainty with Bitcoin’s security model.

The reality is that no blockchain has an infallible ruleset. In our opinion, the Ethereum community’s decision not to prioritize the illusion of purity is a valid optimization—and so is the Bitcoin community’s decision to fly as close to the heavens as possible, even if it might result in the melting of their communal wings.

Having chosen not to fear protocol changes, Ethereum’s ruleset is constantly in flux. The monetary policy of the cryptoasset is far removed from its inception in July 2015: we’ve seen issuance reductions, the addition of base fee burning, and a switch from proof-of-work to proof-of-stake. Yet, two of the most important topics in Ethereum today are strategic optimizations. Although they are implicitly allowed by Ethereum’s ruleset, the network is completely blind to the prevalence of proposer-builder separation (through the MEV-Boost supply chain) and to the heavy adoption of liquid staking protocols.

There are things that the protocol does not see, but cares about. But this formulation is wrong in the absolutist view of the protocol, where the protocol is only and exactly what it sees. What it does not see, but cares about, resides in the expectations of all agents involved in the execution of the protocol, from validators to users and everyone else in-between, what’s broadly referred to as “the community”.

Seeing like a protocol - Barnabé Monnot

As a community, it falls to all of us to make strategic choices about what the network should see and what responsibilities should fall to social consensus. Emerging from these choices, there will be times when the social layer realizes that the network’s reductive internal picture is inappropriate.

When those times come, the scales need be rebalanced and the ruleset must be changed to optimize for the long-term health of the ecosystem.

Lord Vitalik weighing MEV-burn (circa 2024)

The focus of this essay is the state of MEV; liquid staking deserves its own conversation.

Staking Yield

The financial incentives in proof-of-stake are not intuitive.

The bedrock of this writing is an essay from last year, where we wrote that offering yield to stakers creates a large inversion from proof-of-work and fiat systems. In a system with staking accessible to all, rather than inflation diluting one’s savings and spurring spending, higher issuance incentivizes holders to opt into staking, i.e., to make their holdings more illiquid, reducing net spending.

In order to encourage more on-chain activity, the key is to shift the weights on the metaphorical scale. To create more transaction demand, the ecosystem must make staking less appealing and debasement less of an obstacle.

Data Always — Manipulating the velocity of money in proof-of-stake

To further complicate this optimization problem, issuance is not the only game in town. The current ruleset implies that the protocol must also balance highly volatile execution layer and MEV rewards, yet in practice it does nothing to constrain them.

What we see today in DeFi is predictable and saddening. The validator set has overwhelmingly embraced Toxic MEV to supplement its yield, allowing nefarious actors to manipulate DeFi transactions at will—as long as they pass the majority of their earnings on to proposers.

The tropological heroes and the villains of the community, validators and searchers, have formed a symbiotic relationship that both degrades the DeFi experience for users and makes staking more profitable. Why? Toxic MEV is an attractive mirage of optimization.

Uri Klarman, The CEO of bloXroute labs—the operator of the only ethical relay (which is now being sunset due to low usage), aptly described the dynamic on a recent Blockworks 0xResearch podcast: MEV-Boost order flow auctions allow proposers to find the local maxima of yield for a block, however as a consequence they fall well short of the global maxima.

Klarman suggests that DeFi inefficiencies stemming from order flow auctions and transaction manipulation cause sufficient losses to users that Ethereum’s value proposition is damaged to an extent greater than the extra yield received by proposers.

We initially viewed this as an excessively utopian perspective, but the reality is that en masse MEV rewards remain small. In the 100 days leading up to September 15th, execution layer rewards annualized to 0.81% per year. Sandwich attacks generally account for 30-50% of this yield, implying that the average validator earns excess yield on the order of 0.4% per year from opting into non-ethical relays. If these toxic transactions degrade the usability of DeFi and affect the price of ether by more than 0.4% per year, then the existence of non-ethical relays is a net-negative to proposers!

In practice, this is a world of short-term optimizations.

Through the lens of game theory, proposers find themselves in a pure-strategy Nash Equilibrium, but fail to understand that they’re playing a repeated game. Their choice of short-term strategy warps the reward structure in the long-term, and the resultant change to the ruleset will drastically affect the future earning potential of the validator set.

MEV-Burn was traditionally thought of as a long-term network optimization, but the negative externalities of the strategies used by proposers has forced a rebalancing of the metaphorical scales. It is now a part of popular discourse and the timeline only continues to accelerate.

MEV-Burn

The ultra sound money fanboys have latched onto the memetic potential of MEV-Burn, however focusing on token supply changes downplays the value and goals of the upgrade.

One nexus of the idea is that interblock fee variance turns staking into a lottery. Lotteries are a poor form of passive income, which makes staking incentives increasingly difficult to balance. Volatile rewards lead to over-payment for security and increase centralization risks as most validators prefer stable payouts to gambling, further strengthening the largest custodial services and liquid staking protocols.

Conceptual Issues

In our view, the leading proposal is both net-positive and riddled with imperfections.

The biggest flaw is that burning MEV focuses on redistributing transaction inefficiencies to the entire network, instead of supporting the user who the inefficiency is affecting. A perfect solution would not see tokens burned, and would instead feed ether back to those suffering the loss, allowing them to continue using the network.

Source: https://twitter.com/Data_Always/status/1703055954491695306

Burning the tokens is the simplest option, and perhaps the most credibly neutral, however if simplicity is the goal Ethereum is not the right blockchain. Other options deserve more exploration and input from those in the MEV community.

Counterpoint: many of these inefficiencies are likely solvable through better UX instead of protocol changes. This greatly shifts the burden to wallets, dApps, and community education, but one could argue that it may be worth the trade-off to avoid adding more complexity to the protocol.

CeFi-DeFi Arbitrage

After sandwich attacks, the most manipulated network participants are DeFi liquidity providers (LPs). Out-of-protocol proposer-builder separation has led to the rise of integrated builder-searchers specializing in CeFi-DeFi arbitrages.

Ethereum operates on a 12 second clock, between each tick the order books on decentralized exchanges are frozen, while trading continues millisecond by millisecond on centralized exchanges. During times of high volatility, these sophisticated builder-searchers arbitrage between decentralized and centralized exchanges, then outbid rivals in order-flow auctions to maximally extract value from LPs. The LPs make their money from market-making to unsophisticated retail traders, but as Toxic MEV drives retail users away LPs become unprofitable.

These CeFi-DeFi arbitrages are the highest intentional source of MEV variance and one of the main conceptual targets of burn proposals, yet the current proposal will have little effect on it.

The estimates floating around the ecosystem assume that block bids are uniformly or predictably distributed, but because of the volatility risk in this class of arbitrage, integrated searcher-builders tend to submit their bids extremely late in the auction. As the current leading proposal only burns bids in the first 10 seconds of a slot, these surges will frequently be missed.

Deeper coverage on block 17,195,495 is available from SMG.

Timing Games

It’s common to hear that Ethereum has invariant 12 second block times, however this is a vast simplification (and a quirk in data written to the blockchain). Peer-to-peer networks don’t propagate instantly, and as such the network is designed with buffers to address the intrinsic latency of the system. The problem with attestation safety buffers is that you need to design them for the slowest network participants, and since the MEV supply chain operates at extreme speeds, proposers are incentivized to play timing games, i.e., to delay signing their block past the canonical block time and accept bids that arrive as late as possible.

With the current parametrization of the network, these timing games have led to median block signing times of ~ 774 ms after the end of the slot. This allows plenty of time for blocks to get their required attestations, and also results in higher yield extraction for proposers.

As discussed with CeFi-DeFi arbitrages, blocks do not have constant intrablock transaction velocity, but assuming that they do current timing games would increase median proposer rewards by 6.5%. This should be seen as a minima, adjusting for intrablock transaction velocity would only increase the value of the delay.

This essay will not attempt to model the post-burn dynamic against attestation timing, but we do want to note that the risk-reward will shift drastically in an MEV-burn environment. Instead of proposers risking a full 12 seconds of rewards to gain an extra 0.774 seconds of value, they will only have 2 seconds of rewards at risk. This additional time now represents a minimum reward increase of 39%—suggesting that proposers will be incentivized to risk more missed slots potentially resulting in network instability.

End-State MEV-Burn

Our view of end-state MEV is as follows:

Sandwich attacks and Toxic MEV become largely mitigated by front-end improvements and adoption of protocols like mevblocker.io. The MEV payouts from this sector are reduced by 80%.
MEV payouts from CeFi-DeFi arbitrage are largely unaffected. MEV-burn captures 25% of their value.
Proposers play more aggressive timing games and median block signing time increases to 1.25 seconds. This causes minor degradation of network stability, however slot utilization remains above 98%.
Priority fees from public transactions, which are the least important to burn, and account for approximately 25% of all on-chain tipping are burned with an efficacy of approximately 75% (10 seconds ÷ ~13.25 seconds = 75.5%).

As a result, about 40% of all estimated MEV will be burned.

We believe that all burn estimates should be cut in half.

For a Utopia

Large proposer pools (Lido, Coinbase, etc.) should carefully consider what the future of MEV will be. If they can credibly commit to reducing the level of toxic flow in their blocks, then less aggressive burn strategies might be considered. As it stands all pools need to optimize MEV extraction to remain competitive, but this could provide an opportunity for soft self-limiting and regulatory compliance that would be beneficial for all holders that these actors represent.

MEV-Burn proposals should be designed to prioritize burning private order flow not public priority fees. Burn should be seen as a last resort, with a preference to redistribute fees to the originating transaction address.

Footnote A:

Bitcoin’s inflation bug. When Bitcoin was still a young and centralized protocol, a bug in the code caused by integer overflow (a user entering a number higher than protocol design allowed) resulted in the printing of over 100 billion bitcoin.

Because of the centralization of hash rate at the tie, Satoshi engineering an emergency soft-fork and corralled miners to ignore the longest chain (strictly taboo in today’s Bitcoin) re-writing the history of the blockchain and altering multiple hours of the history of the chain permanently. Insiders in essence attacked the chain of valid blocks to revert a valid strategic move.

Footnote B:

The 2106 bug. Bitcoin’s codebase is not well engineered and now deals with legacy code that is oppressive to fix. The most important example of this is the 2106 bug, where a timestamp in Bitcoin’s core code with overflow in approximately 84 years and bring the network grinding to a halt. The only solution is a backwards incompatible hard fork, something that many Bitcoiners today proclaim they will never do.

The blockchain will literally stop processing blocks and there is no other option.

Footnote C:

Ordinals are a great example of implied legal, yet completely unexpected strategy emerging on a blockchain. The pitchforks have largely been tossed aside, but in March 2023 there were a plethora of calls and suggestions on how to strip them out of the protocol.

Footnote D:

In terms of monetary policy, Bitcoin faces serious questions of network stability as its mining reward structure transitions from a hyper predictable subsidy to extremely volatile fee rewards. As the interblock fee variance grows larger than the subsidy, miners lose their incentives to always build on the longest chain, and the risk of re-orgs skyrockets. Whether users live with network degradation or modify the reward structure is a choice that will be made in the coming decades—we personally are in favor of exponential fee smoothing.