Fee market sovereignty is a security vulnerability. Protocols like Ethereum and Solana let users set their own gas fees, which transfers the burden of network security to the user. Most users lack the expertise to price congestion, defaulting to wallet-suggested fees that are often wrong, creating a predictable attack surface.
nft-market-cycles-art-utility-and-culture
Blog
Why 'Set Your Own Fee' Empowers Bad Actors
An analysis of how the 'set your own fee' model for NFT royalties, championed by marketplaces like Blur, creates a prisoner's dilemma that leads to 100% royalty traps for collectors and a race-to-zero that destroys sustainable creator economics.
introduction
THE FEE FALLACY
Introduction
User-set transaction fees, a common UX pattern, create systemic vulnerabilities by outsourcing security to economically irrational actors.
Predictable fees enable denial-of-service attacks. When fee estimation is transparent, as with public mempools or RPC endpoints from Infura or Alchemy, bots front-run and spam transactions. This predictability allows attackers to cheaply flood the network, as seen in NFT mint wars on Ethereum or Solana's repeated congestion crises.
The solution is protocol-enforced fee abstraction. Systems like EIP-1559's base fee or Sui's storage fund remove fee-setting from users. They use algorithmic fee markets that adjust based on real-time demand, preventing users from accidentally underpaying and eliminating the low-cost attack vector of predictable pricing.
thesis-statement
THE INCENTIVE MISMATCH
The Core Argument: A Prisoner's Dilemma
Permissionless fee-setting creates a dominant strategy for validators to censor transactions, undermining network neutrality.
Permissionless fee-setting is broken. It transforms transaction ordering from a public good into a private auction, where the highest bidder dictates the state. This is the fundamental flaw in current Proposer-Builder-Separation (PBS) models on networks like Ethereum.
Validators are rational profit-maximizers. Faced with a choice between a standard fee and a bribe to exclude a transaction, the economically dominant strategy is to accept the bribe. This creates a prisoner's dilemma where cooperative behavior (fair ordering) is unstable.
Real-world censorship is the outcome. Protocols like Tornado Cash have faced de facto blacklisting, not by protocol rules, but because validators and builders like Flashbots respond to OFAC compliance pressure. The 'set your own fee' model provides the mechanism.
The counter-intuitive fix is enforced neutrality. Solutions like MEV-Boost++ and MEV-Smoothing propose protocol-level rules that remove the validator's discretion to choose based on fee origin, mandating a commitment to the canonical chain order.
key-trends
WHY 'SET YOUR OWN FEE' EMPOWERS BAD ACTORS
The Exploitation Playbook: Three Key Trends
The naive delegation of fee-setting to users creates predictable attack vectors that sophisticated actors exploit at scale.
01
The Fee Auction Is a Front-Running Market
Public mempools broadcast fee bids, turning every transaction into a public auction. High-value trades are immediately identified and outbid by MEV bots.\n- Predictable Outcome: The highest bidder wins, but the 'winner' is the bot, not the protocol or user.\n- Latency Arms Race: Bots invest millions in ~100ms infrastructure to win these auctions, centralizing block production.
>90%
of High-Value Tx Sniped
$1.2B+
MEV Extracted (2023)
02
The 'Priority Fee' Illusion and Network Spam
Users are tricked into believing higher fees guarantee execution. In reality, bots spam the network with identical, higher-fee transactions to create artificial congestion and panic.\n- Fee Inflation Spiral: This spam forces all users to overpay, creating a feedback loop of rising base fees.\n- Weaponized Congestion: A single actor can DOS a chain for <$50k by spamming high-priority empty blocks, as seen on Solana and Avalanche.
1000x
Spam Tx Volume
-99%
Real User Tx Throughput
03
The Cross-Chain Fee Arbitrage Gateway
Variable fees on source and destination chains create a pricing asymmetry exploited by arbitrageurs. They front-run bridge finality to capture value that should go to LPs or the protocol.\n- Intent-Based Exploit: Systems like UniswapX and Across that use fillers are gamed; fillers become the new extractors.\n- Settlement Fragmentation: Protocols like LayerZero and Wormhole abstract fees, but relayers extract value through opaque pricing and order flow auctions.
15-30%
Extracted Value on Bridges
$10B+
Cross-Chain Volume/Mo
WHY 'SET YOUR OWN FEE' EMPOWERS BAD ACTORS
Marketplace Royalty Enforcement: A Comparative Snapshot
Comparing enforcement mechanisms for creator royalties across major NFT marketplaces, highlighting the technical and economic consequences of optional fees.
| Enforcement Mechanism | Blur (Aggregator-First) | OpenSea (Creator-First) | Sudoswap (AMM Model) |
|---|---|---|---|
Royalty Fee Enforcement | Optional (Set by Seller) | On-Chain Enforcement via Operator Filter | 0% (No Royalties) |
Primary Enforcement Vector | Market Share & Liquidity Incentives | Smart Contract Blocklist | Protocol Design |
Secondary Enforcement | Token-Gated Rewards (BLUR) | Marketplace Blacklisting | |
Creator Onboarding Requirement | Opt-In to Blur Rewards | Opt-Out of Operator Filter | Not Applicable |
Royalty Bypass Method | Direct Listing on Blur Pool | Use of Non-Blacklisted Marketplace (e.g., Blur) | Native to Protocol |
Typical Royalty Collection Rate (Top Collections) | ~20-50% | ~80-95% | 0% |
Primary Economic Lever | Liquidity Mining & Airdrops | Exclusivity & Curation | Zero-Fee Trading |
Impact on Creator Revenue (vs. Expected) | -50% to -80% | -5% to -20% | -100% |
deep-dive
THE INCENTIVE MISMATCH
The Slippery Slope: From Optional to Hostile
User-defined fee models create a perverse incentive structure that shifts network costs onto honest users while empowering extractive actors.
Optional fees become de facto mandatory. When protocols like Ethereum or Solana make priority fees optional, rational users bid zero to minimize cost. This creates a race to the bottom where only spam or arbitrage bots pay, subsidizing their profits by crowding out regular transactions.
Honest users subsidize MEV bots. In a free-for-all fee market, sophisticated actors like Flashbots searchers optimize for latency and bundle profitability, not base fee payment. Their high-volume, low-fee spam forces regular users to overpay during congestion or have transactions fail.
The system rewards hostility. Protocols with user-specified fees like some Cosmos SDK chains incentivize validators to reorder or censor non-paying transactions. This transforms a neutral mempool into a pay-to-play arena, where the default user experience is transaction failure.
Evidence: On Solana, during the Jupiter airdrop, over 70% of failed transactions were due to insufficient priority fees, while MEV bots successfully spammed the network with sub-cent fees to snipe claims.
counter-argument
THE USER SOVEREIGNTY ARGUMENT
Steelman: The Case for Flexibility
Allowing users to set their own transaction fees is a logical extension of credibly neutral, permissionless network design.
Permissionless innovation requires permissionless pricing. A core blockchain tenet is that no central party should dictate user actions. Fixed fee models, like those on Ethereum L2s or Solana, are a form of centralized coordination that gatekeeps access based on a single entity's cost model.
User-set fees optimize for diverse utility. A developer batching 10,000 NFTs values speed differently than a hobbyist sending a test transaction. EIP-1559's fee market already demonstrates that user bids create efficient price discovery; taking the final step to remove the protocol's minimum is consistent.
The 'bad actor' framing misunderstands incentives. Spamming a chain with zero-fee transactions is an attack on block space, not a pricing failure. Networks like Solana handle this via local fee markets and slashing, not by prohibiting low fees. The solution is better spam resistance, not user restrictions.
Evidence: Intent-based architectures like UniswapX and CowSwap thrive by decoupling execution from user-specified constraints. Their success proves that sophisticated users, not protocols, are best positioned to define their own cost-benefit trade-offs for maximal extractable value (MEV) and latency.
case-study
WHY USER-SET FEES ARE A BUG
Case Studies in Failure and Resilience
Examining how fee delegation models, from gas to MEV, create systemic risks by subsidizing malicious behavior.
01
The Gas Auction Problem
EVM's 'pay-to-play' gas model creates a direct subsidy for spam and denial-of-service attacks. Attackers set low fees to flood the network, knowing validators will prioritize them for profit, crippling UX for legitimate users.
- Cost Externalization: Attacker pays pennies, network suffers ~1000x congestion cost.
- Validator Incentive Misalignment: Maximal Extractable Value (MEV) ensures blockspace is a pure financial commodity, not a utility.
1000x
Congestion Multiplier
$0
Attacker's True Cost
02
Solana's $SOL Spam Crisis
A canonical failure of fee delegation. Prior to priority fee implementation, bots could spam transactions with near-zero cost, repeatedly crashing the network during high-demand periods like NFT mints.
- Network Paralysis: >12 hours of degraded performance or outages.
- Economic Attack Surface: Fixed, low fees made sustained spam economically rational, a flaw exploited by arbitrage and sandwich bots.
>12h
Outage Duration
~$0.0001
Pre-Crash Tx Cost
03
Intent-Based Systems as the Antidote
Protocols like UniswapX and CowSwap solve this by abstracting execution. Users submit intent ("swap X for Y") and solvers compete in a sealed-bid auction, paying gas and capturing MEV themselves.
- Removes Subsidy: Attacker cannot directly buy cheap, disruptive blockspace.
- Internalizes Costs: Solvers bundle and optimize, making spam economically non-viable. This is the model for Across and layerzero's OFT standard.
0
User Gas Management
Sealed-Bid
Auction Model
04
EIP-1559: A Partial Fix
Ethereum's base fee burn mechanism attacks the symptom, not the disease. It makes spam more expensive but doesn't eliminate the subsidy model. The priority tip remains a user-set auction for validator attention.
- Base Fee Burn: Destroys the base portion, reducing the net validator reward from pure spam.
- Persistent Vector: Priority fee auction still allows fee-based frontrunning and time-bandit attacks, a core concern for MEV researchers.
~70%
Base Fee Burn Rate
Tip Auction
Remaining Vulnerability
05
The Validator's Dilemma
With ~$40B+ in staked ETH, rational validators must maximize MEV extraction. A user-set fee model guarantees they will always fill blocks with the highest-paying transactions, regardless of source.
- Profit > Security: A 51% attack could be funded by forwarding its own spam transactions with massive fees.
- Centralizing Force: Sophisticated MEV strategies (e.g., Flashbots) create information asymmetry, pushing out smaller validators.
$40B+
Staked ETH at Risk
51%
Attack Feasibility
06
The Future: Mandatory Protocol Fees
The resilient solution is to remove fee discretion entirely. Networks must mandate protocol-set minimum fees for specific operations (e.g., NFT mint, token creation), dynamically adjusted via on-chain congestion oracles.
- Eliminates Subsidy: Makes cost of attack predictable and prohibitive.
- Aligns Incentives: Validator revenue comes from securing the network, not auctioning its integrity. This is the direction of Firedancer and other next-gen VMs.
Protocol-Set
Fee Model
Dynamic
Congestion Pricing
future-outlook
THE INCENTIVE MISMATCH
The Path Forward: Bounded Design & On-Chain Primitive
Unbounded fee delegation creates systemic risk by decoupling transaction cost from user accountability.
Unbounded fee delegation is a security vulnerability. It allows a user to sign a transaction with a gas limit and fee price set by a third party, creating an incentive mismatch where the signer bears no cost for resource consumption.
This empowers MEV bots and spam attackers. A malicious actor can submit millions of low-value transactions, delegating fees to a subsidizer, to bloat the mempool or front-run users without personal cost, directly attacking networks like Arbitrum and Base.
The solution is a bounded primitive. Protocols like EIP-3074 invokers or Solana's versioned transactions must enforce hard caps on sponsored gas, creating a verifiable on-chain commitment that limits liability and makes abuse economically irrational.
Evidence: The 2023 Arbitrum gas spike, where spam transactions congested the network, demonstrated how unbounded models fail. A bounded design, analogous to a UniswapX solver's quote, provides cryptographic proof of cost limits before execution.
takeaways
WHY FEE MARKETS FAIL
TL;DR for Builders and Investors
Unchecked fee delegation creates systemic risk, not just user-friendly UX.
01
The MEV Cartel Problem
Allowing users to set zero fees enables sophisticated actors to spam the network with cost-free transactions, creating a private mempool for MEV extraction.\n- Front-running becomes trivial when you can flood the network with zero-cost bids.\n- Validators are incentivized to prioritize these private order flows over public, fee-paying transactions.
>90%
Private Order Flow
$0
Attack Cost
02
The Subsidy Attack Vector
Protocols like UniswapX or Across that subsidize fees for 'intent' transactions become targets for economic abstraction attacks.\n- Bad actors can drain subsidy pools by spamming worthless transactions.\n- This forces honest users to compete with bots for limited relay capacity, breaking the UX promise.
$M+
Pool Risk
Spam
Primary Use
03
The Liveness Guarantee Collapse
A network with no mandatory base fee has no economic mechanism to guarantee liveness during congestion. This is a first-principles failure.\n- Transaction ordering becomes a free-for-all, not a market.\n- LayerZero's Oracle and Relayer models show that even delegated security requires cost barriers to prevent spam.
0 Gwei
Base Fee
Unbounded
Spam Risk
04
Solution: Cryptoeconomic Rate Limiting
The fix is not removing fees, but making them mandatory and programmable. Think EIP-1559 base fee, not a free-for-all.\n- Minimum viable bid: Enforce a network-wide floor price for transaction inclusion.\n- Staked relayer models: Protocols like Succinct or Herodotus use stake to gate and prioritize requests, aligning incentives.
Base Fee
Enforced
Staked
Relayers
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall