Relay auctions are not trustless. They shift trust from a single sequencer to a decentralized set of relay bidders, but the winning relay still holds temporary, centralized power over transaction ordering and inclusion, creating a time-bound trust assumption for each bundle.
tokenomics-design-mechanics-and-incentives
Blog
Why Relay Auctions Are Not a Silver Bullet
A first-principles analysis of how auction-based relay models in cross-chain protocols create perverse incentives, leading to collusion, underbidding, and degraded security guarantees for users and protocols.
introduction
THE REALITY CHECK
Introduction
Relay auctions are a sophisticated mechanism for sourcing execution, but they introduce new attack vectors and systemic risks that protocols must actively manage.
The economic model is fragile. Protocols like Across and SUAVE rely on competitive bidding to minimize costs, but this creates a race to the bottom where the lowest-cost relay may be the most economically vulnerable to manipulation or bribery.
They expose new MEV vectors. A malicious relay can execute time-bandit attacks by reordering transactions within their won bundle, or engage in bid censorship to block specific transactions, problems that naive auction designs do not mitigate.
Evidence: The Ethereum PBS (proposer-builder separation) model shows that even with auctions, dominant builders like Flashbots can emerge, centralizing the relay layer and creating systemic risk if compromised.
key-trends
WHY RELAY AUCTIONS ARE NOT A SILVER BULLET
The Auction Arms Race: A Market Context
Auction-based relay selection optimizes for cost and speed, but introduces systemic risks and market distortions that can undermine network resilience.
01
The Problem: Centralization Pressure
Economic efficiency naturally consolidates relay operations into a few dominant players. This creates a single point of failure for the network and reduces censorship resistance.
- Succinct, Blocknative, and Bloxroute dominate the PBS landscape.
- A ~70% market share by the top 3 relays threatens protocol neutrality.
- Creates systemic risk similar to cloud provider concentration (AWS, GCP).
~70%
Top 3 Share
1
Failure Point
02
The Problem: MEV Redistribution, Not Elimination
Auctions shift MEV extraction from validators to specialized searchers and builders, but the economic value is not destroyed. It creates a complex, opaque supply chain.
- Flashbots SUAVE aims to democratize access but may entrench new cartels.
- PBS (Proposer-Builder Separation) relies on trust in the winning builder's execution.
- High-frequency bidding infrastructure favors well-capitalized, centralized players.
$1B+
Annual MEV
0%
Value Destroyed
03
The Problem: Latency Arms Race & Network Health
The race for sub-second block times and priority gas auctions incentivizes geographic centralization near major hubs, penalizing decentralized validators.
- Creates proposer/builder latency asymmetry, harming network fairness.
- BloXroute's "BLXR" network and proprietary WANs exemplify this infrastructure arms race.
- Increases physical layer centralization risk, undermining Ethereum's geographic resilience.
<500ms
Target Latency
-50%
Decentralization
04
The Solution: Enshrined Proposer-Builder Separation (ePBS)
Baking PBS directly into the protocol consensus layer removes the trusted auctioneer and reduces relay leverage. This is Ethereum's long-term architectural goal.
- Mitigates trust assumptions in external auction mechanisms.
- Aligns economic incentives at the protocol level, not the market level.
- See Ethereum Research posts on ePBS for the canonical roadmap.
L1
Trust Layer
2025+
Timeline
05
The Solution: SUAVE: A Universal Auction House
Flashbots' Shared Unbiased Auction Venue attempts to break relay monopolies by creating a decentralized, chain-agnostic platform for block building and cross-domain MEV.
- Decouples preference expression from execution.
- Aims to be a public good mempool and solver network.
- Its success hinges on widespread adoption and avoiding its own centralization vectors.
Chain-Agnostic
Scope
Public Good
Goal
06
The Solution: Reputation-Based Relay Selection
Complementing pure price auctions with stake-weighted or reputation-based scoring can disincentivize malicious behavior and promote decentralization.
- Dual-Quorum designs (e.g., EigenLayer) can provide cryptoeconomic security.
- Penalizes relays for censorship or downtime via slashing or score decay.
- Balances economic efficiency with Byzantine Fault Tolerance requirements.
Stake-Based
Selection
BFT
Security Model
thesis-statement
THE MISALIGNMENT
The Core Thesis: Auctions Create Misaligned Incentives
Relay auctions optimize for short-term extractable value, not long-term network security or user experience.
Relay auctions prioritize extractable value. The winning relay in a system like Across or Stargate is the one that bids the highest for the right to process a user's cross-chain transaction. This creates a direct incentive to maximize the arbitrage or MEV potential of that transaction, not to ensure its finality or security.
User and relay incentives diverge. A user wants a fast, cheap, and secure transfer. A relay's profit is the difference between its winning bid and the value it extracts. This misalignment leads to systemic risks like latency attacks, where relays delay transactions to capture more value, directly harming the user.
Auction revenue does not secure the system. The fees paid by users in an auction model flow to relay operators, not to the underlying protocol or its security providers. This creates a fee leakage problem where the value securing the network (e.g., staked assets) is disconnected from the revenue generated by its use.
Evidence: In intent-based systems like UniswapX and CowSwap, the auction for order flow creates a known problem of searcher centralization, where a few sophisticated actors dominate. This same dynamic emerges in relay networks, concentrating power and creating single points of failure.
deep-dive
THE INCENTIVE MISMATCH
Deep Dive: The Slippery Slope of Underbidding
Relay auctions create a race to the bottom that sacrifices network security for temporary user savings.
Relay auctions optimize for cost, not security. The winning relay in systems like Across or Succinct is the cheapest bidder, not the most reliable operator. This creates a perverse incentive to cut corners on infrastructure and data sourcing to win.
This leads to centralization pressure. The lowest-cost operator wins most auctions, creating a single point of failure. This contradicts the decentralized security model that Ethereum rollups and Cosmos zones were designed to achieve.
The result is brittle liveness. A financially stressed, low-margin relay has no capital buffer. Network downtime or censorship during volatile periods becomes a predictable outcome, not a black swan event.
Evidence: In Succinct's early auctions, a single relay won over 60% of bids by undercutting competitors, demonstrating the rapid centralization inherent to pure cost-minimization.
case-study
WHY RELAY AUCTIONS ARE NOT A SILVER BULLET
Case Studies in Auction Mechanics & Risks
Auction-based relay systems introduce new attack surfaces and economic inefficiencies that can undermine their core value propositions.
01
The MEV-Auction Attack Surface
Relay auctions, like those in Ethereum's PBS, create a new centralization vector. The winning bidder (block builder) gains temporary but absolute power over transaction ordering, enabling time-bandit attacks and censorship. This shifts, rather than solves, the trust problem.
- New Trust Assumption: Relayer honesty is now critical.
- Censorship Risk: A malicious or compliant builder can exclude transactions.
- Complexity Explosion: Attack vectors like builder collusion and MEV-boost relay exploits emerge.
1-of-N
Trust Assumption
>90%
PBS Block Share
02
The Latency-Cost Tradeoff Fallacy
Auctions promise optimal cost via competition, but in practice, they create a winner's curse and latency overhead. Projects like Across Protocol and LayerZero use hybrid models because pure on-chain auctions are too slow for cross-chain intent fulfillment.
- Real-World Latency: Bidding wars add ~500ms-2s of finality delay.
- Cost Inefficiency: Relay costs are often subsidized by token emissions, masking true economics.
- Intent Mismatch: User's priority (speed) conflicts with the system's priority (extracting value).
~2s
Added Latency
Subsidy-Driven
True Cost
03
UniswapX & The Searcher Dilemma
UniswapX externalizes routing complexity to a Dutch auction among fillers. This creates a race condition where searchers must solve complex MEV bundles under time pressure, leading to suboptimal execution or reverted transactions when bids are too aggressive.
- Execution Risk: High bid → High chance of frontrunning or failure.
- Adversarial Fillers: Fillers are profit-maximizing, not user-aligned.
- Opaque Outcomes: Users cannot audit the filler's execution path, trusting the auction's result.
High
Revert Risk
Opaque
Execution Path
04
Economic Capture by Staked Relays
When relay rights are gated by token stake (e.g., Axelar, Chainlink CCIP), the auction becomes a capital efficiency game. Large stakers can outbid competitors, leading to relay oligopolies. The cost of censorship drops to the value of the slashing penalty, which is often an insufficient deterrent.
- Barrier to Entry: Requires significant capital to compete.
- Slashing Insufficiency: Penalties are often less profitable than a single attack.
- Oligopoly Risk: A few entities control critical message flow.
Capital-Bound
Competition
Oligopoly
End State
05
The Verifier's Dilemma in Optimistic Models
Optimistic relay auctions, used by bridges like Nomad (pre-hack), introduce a liveness-security tradeoff. A single honest verifier must be watching and willing to spend gas to challenge a fraudulent root. The auction for relay rights does not guarantee verifier liveness, creating a systemic risk.
- Free Option Problem: Challenging costs gas, profiting is uncertain.
- Liveness Assumption: Assumes a vigilant, economically irrational actor exists.
- Delayed Fraud Proofs: Users are exposed until the challenge window closes.
7 Days
Risk Window
Volunteer-Based
Security
06
Solution: Hybridized & Constrained Auctions
The fix is not to abandon auctions, but to constrain them. CowSwap uses batch auctions with uniform clearing prices to eliminate MEV. Across uses a slow auction (optimistic rollup) for cost, with a fast lane backup. The future is intent-based architectures that separate routing from execution.
- Constraint Design: Limit bid types and auction duration.
- Fallback Mechanisms: Ensure liveness via economic guarantees or alternative relays.
- Architectural Shift: Move towards solver networks and shared sequencers.
Hybrid
Model
Intent-Based
Future
WHY RELAY AUCTIONS ARE NOT A SILVER BULLET
Auction Models vs. Stake-for-Work: A Comparative Risk Matrix
A first-principles comparison of dominant cross-chain message passing security models, evaluating economic guarantees, attack vectors, and systemic risks.
| Risk Dimension | Sealed-Bid Relay Auctions (e.g., Across) | Stake-for-Work w/ Slashing (e.g., LayerZero) | Optimistic Verification (e.g., Chainlink CCIP) |
|---|---|---|---|
Economic Security per TX | Bid-based, variable ($10-$500) | Fixed stake slashed (>$1M total) | Bond slashed if fraud proven (>$250K) |
Liveness Attack Cost | Cost of winning N consecutive auctions | Cost of corrupting >1/3 of stake | Cost of corrupting 1 honest node |
Censorship Resistance | |||
Cross-Domain MEV Extraction | |||
Capital Efficiency for Relayers | High (capital not locked) | Low (stake locked indefinitely) | Medium (bond locked for challenge period) |
Protocol Take Rate | ~0.05-0.3% of bridged value | ~0.01% (staking yield) | ~0.1% (fee + premium) |
Time to Finality (Worst Case) | < 5 min | ~1-4 hours (oracle latency) | ~30 min to 24 hours (challenge period) |
Systemic Risk from Reorgs | High (auction winners invalidated) | Medium (oracle reorg resistance needed) | Low (fraud proof settles on L1) |
counter-argument
THE INCENTIVE MISMATCH
Counter-Argument: But What About Sybil Resistance?
Relay auctions shift Sybil risk from users to the protocol's economic design.
Relay auctions are not Sybil-proof. They replace identity verification with economic staking, which creates a new attack vector. A malicious actor can stake capital to win auctions and censor or delay transactions, forcing the protocol to slash their stake as a penalty.
The cost of attack is the slashing penalty. This creates a simple economic game. If the profit from an attack (e.g., MEV extraction, trade front-running) exceeds the slashing cost, the attack is rational. Protocols like Across and Succinct must calibrate penalties to outprice potential attack revenue.
This is a subsidy problem. Honest relays profit from fees, while malicious relays profit from attack revenue minus slashing. The system's security depends on ensuring the latter is always negative, which requires perfect and timely penalty enforcement—a non-trivial coordination challenge.
Evidence: In early 2023, a proposed MEV attack on a major intent system was priced at ~$200k profit. The required staking to win relays was ~$50k. Without a slashing penalty exceeding $200k, the attack was viable, demonstrating the critical calibration failure.
risk-analysis
WHY RELAY AUCTIONS ARE NOT A SILVER BULLET
The Bear Case: Systemic Risks of Auction-First Designs
Auction-first designs like those in UniswapX, Across, and layerzero introduce new attack vectors and hidden costs that can undermine the composability and security of the entire system.
01
The MEV Reincarnation Problem
Auction-based relayers don't eliminate MEV; they concentrate it. The winning bidder is incentivized to extract maximum value, often through sophisticated sandwich attacks or reordering, before finalizing the user's transaction.\n- Centralizes risk into a few dominant relayers\n- Creates new oracle manipulation vectors for cross-chain intents\n- Shifts, rather than solves, the MEV problem
>60%
Relayer Market Share
$100M+
Annual Extracted Value
02
Liveness Risk & Cartel Formation
Relayer auctions create a permissioned set of critical infrastructure providers. If a small cartel of relayers (e.g., top 3 bidders) colludes or fails, the entire cross-chain messaging layer halts.\n- Single point of failure for intent-based bridges like Across\n- Collusion is economically rational for dominant players\n- No inherent liveness guarantee if auctions fail to attract bidders
~3-5
Dominant Relayers
0s
Graceful Degradation
03
The Subsidy Trap & Economic Sustainability
Current low user fees are often subsidized by token emissions or sequencer revenue. When subsidies dry up, relayers must raise prices or exit, breaking the economic model of applications built on top.\n- Creates false price signals for developers\n- Leads to protocol insolvency when incentives end (see: many L2 bridges)\n- Long-term sustainability of models like CowSwap's CoW AMM is unproven
-90%
Subsidy Reliance
2-3 Years
Runway at Current Burn
04
Composability Fragmentation
Each auction-based system (UniswapX, layerzero, Across) creates its own isolated liquidity and execution environment. Smart contracts cannot atomically compose across different intent solvers without introducing new trust assumptions.\n- Breaks atomic cross-protocol transactions\n- Increases integration complexity for developers\n- Locks liquidity into solver-specific pools
5-10x
Integration Overhead
Hours-Days
Settlement Finality Lag
future-outlook
THE REALITY CHECK
Future Outlook: The Path Beyond Auctions
Relay auctions solve one economic problem but introduce new technical and systemic risks that demand a broader architectural evolution.
Auctions optimize for cost, not security. The winning relay in a system like Across or Succinct is the cheapest bidder, creating a race-to-the-bottom that pressures operational security margins and centralizes risk.
Latency is the hidden adversary. Auction rounds add critical milliseconds, making them unsuitable for high-frequency DeFi or gaming transactions where UniswapX intents require sub-second finality.
The endpoint security fallacy persists. An auction secures the data transport layer, but the attestation logic and destination contract remain single points of failure, as seen in early LayerZero configurations.
Evidence: The Ethereum PBS (proposer-builder separation) model shows that pure auctions require complex mitigations like MEV-boost to prevent centralization, a lesson cross-chain protocols must learn.
takeaways
RELAY AUCTION REALITIES
Key Takeaways for Architects & Investors
Relay auctions like those in Across and SUAVE promise optimal execution, but they introduce new systemic risks and trade-offs that architects must design around.
01
The Centralizing Force of Capital Efficiency
Winning auctions requires massive, liquid capital positions, creating a moat for a few professional relayers. This centralizes a critical infrastructure layer.
- Economic Moats: Top relayers like Biconomy or bloXroute require $10M+ in bonded capital for competitive latency.
- Oligopoly Risk: Market share concentrates, creating points of failure and potential censorship vectors.
- Barrier to Entry: New entrants cannot compete on speed or cost without significant upfront capital.
>60%
Market Share (Top 3)
$10M+
Capital Barrier
02
Latency Arms Race vs. Network Health
The auction model optimizes for sub-second finality, forcing relayers to prioritize low-latency, centralized infrastructure over decentralization.
- Geographic Centralization: Relayers cluster in ~5 major data centers (e.g., AWS us-east-1) to minimize propagation delay.
- MEV Spillover: Fast relays become front-running tools; the line between service and extractor blurs.
- Protocol Dependency: Chains become reliant on this performance, baking centralization into the stack.
<500ms
Target Latency
~5
Key Data Centers
03
The Liquidity Fragmentation Trap
Auction-based bridges like Across fragment liquidity across competing relay networks, reducing capital efficiency for the ecosystem versus shared security models.
- Inefficient Capital: Capital is siloed in competing relay pools instead of a unified pool like a rollup's bridge.
- Worst-Case Security: User security is only as strong as the least capitalized relayer they might randomly get.
- Contrast with Shared Sequencing: Models like Espresso or Astria propose unified, auctioned sequencing for entire rollup ecosystems, a more efficient abstraction.
30-40%
Capital Efficiency Loss
1
Weakest Link Security
04
Intent Paradigm is the Real Innovation
The core value is the declarative intent model, not the auction. Projects like UniswapX and CowSwap prove you can separate solving from execution.
- User Sovereignty: Users specify the 'what' (e.g., 'I want 1 ETH on Arbitrum'), not the 'how'.
- Solver Competition: Opens the field to complex, multi-route solvers beyond simple relays.
- Future-Proofing: Decouples UX from infrastructure, allowing the solving layer (auctions, RFQs, MPC) to evolve independently.
100x
More Solver Strategies
Abstracted
User Experience
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall