Secure Enclaves Threaten the MEV Industrial Complex

The MEV supply chain is dominated by a few centralized actors. ~90% of Ethereum blocks are built by just three entities. This creates systemic risk, censorship vectors, and extracts billions in value from users.

• Centralized Control: Flashbots' SUAVE is a protocol, but its builders are permissioned.
• Value Leakage: Users pay for sandwich attacks and frontrunning via slippage.
• Censorship Risk: Builders can exclude transactions to comply with OFAC.

TEEs create a cryptographic proof that code executed correctly within a secure, isolated CPU environment. This enables trust-minimized, decentralized block building.

• Proven Fairness: The sequencer's logic (e.g., first-come-first-served) is verifiably enforced.
• Data Confidentiality: User transactions are encrypted until execution, preventing frontrunning.
• Decentralized Access: Any operator with compliant hardware can participate, breaking cartels.

These networks use TEEs (and FHE) to pioneer confidential smart contracts. They demonstrate the core primitive: private state execution. This is the foundation for private MEV auctions and order flow.

• Fhenix: Uses Intel SGX for encrypted computation on Ethereum via Layer 2.
• Secret Network: Long-running network using TEEs for private contract state.
• Key Primitive: Enables sealed-bid auctions where intent is hidden until settlement.

Projects like Astria and Espresso are building decentralized sequencer sets that use TEEs to create a credibly neutral, high-performance block building layer. This directly competes with centralized rollup sequencers and builder markets.

• Astria: Shared sequencer using Celestia for data availability and TEEs for execution.
• Espresso: Configurable sequencer for rollups with integrated TEE-based proving.
• Result: Rollups can outsource fair ordering without trusting a single entity.

TEE-based systems enable native intent matching. Users submit encrypted preferences (e.g., 'swap X for Y at price ≥ Z'), and the TEE-enforced matcher finds the best path. This bypasses the entire searcher/bundler/block builder supply chain.

• Disintermediation: No need for Flashbots bundles or EigenLayer mediators.
• Efficiency Gains: Direct matching reduces latency and cost layers.
• User Sovereignty: Intent is fulfilled optimally without revealing strategy.

TEEs trade software trust for hardware trust in Intel, AMD, or ARM. This introduces new attack vectors (e.g., side-channel attacks) and potential centralization if hardware access is gated.

• Trust Assumption: You must trust the CPU manufacturer and its remote attestation.
• Supply Risk: Reliance on a few chipmakers creates a new centralization point.
• Mitigation: Multi-TEE designs (SGX + SEV) and decentralized attestation networks are emerging.

Intel SGX and AMD SEV create centralization risks. Validators with enclave access become privileged actors, potentially forming a new cartel. This shifts trust from open-source code to opaque hardware vendors and their remote attestation services.

• Intel controls the attestation service for SGX.
• Geographic risk: Enclave-compatible data centers are concentrated.
• Creates a single point of failure for networks like Secret Network and Oasis.

Enclave-based sequencing and encryption destroy the business models of searchers and block builders. Private mempools and encrypted transactions render frontrunning and backrunning impossible, collapsing a $500M+ annual extractable value industry.

• Flashbots SUAVE faces an existential threat.
• Jito Labs and other MEV-Boost relays lose relevance.
• Forces a shift to intent-based systems like UniswapX and CowSwap.

Secure Enclaves are a regulatory honeypot. Governments can compel hardware manufacturers (Intel, AMD) to revoke attestation keys or introduce backdoors via microcode updates. This creates a perfect legal kill switch for any private smart contract or cross-chain bridge relying on TEEs.

• FATF compliance could be enforced at the hardware layer.
• Tornado Cash-style sanctions are trivial to implement.
• Undermines the core censorship-resistance promise of EigenLayer AVSs using TEEs.

Enclaves processing off-chain data (e.g., for bridges or oracles) are vulnerable to timing attacks and memory corruption exploits. A single breached enclave can leak private keys or produce fraudulent signed attestations, poisoning major systems.

• Wormhole and LayerZero oracle networks are at risk.
• Historical precedent: Foreshadow and Plundervolt SGX exploits.
• Makes cross-chain intent fulfillment a high-value target.

Today's MEV supply chain is dominated by a few centralized actors who bundle and order transactions, extracting ~$1B+ annually in value from users. This creates:

• Centralized Censorship Risk: Builders can exclude transactions.
• Inefficient Price Discovery: Users pay more than necessary for execution.
• Value Leakage: MEV profits are captured by intermediaries, not returned to users or protocols.

Secure enclaves (like Intel SGX, AMD SEV) enable a new stack where user transactions are encrypted until block construction. This allows for:

• Fair Ordering: Transactions are ordered based on objective time, not bid size.
• MEV Resistance: Front-running and sandwich attacks become impossible.
• Prover Networks: Projects like EigenLayer, Espresso Systems, and SUAVE use this to decentralize block building.

Secure enclaves shift value capture from searchers back to users and stakers. This enables:

• MEV-Boost++: Validators can run their own enclave-based builders, capturing more value.
• Protocol-Integrated MEV: DEXs like CowSwap and UniswapX can internalize MEV for better prices.
• Stable Yield: MEV becomes a more predictable, redistributable revenue stream for restaking protocols.

Enclaves are the key infrastructure for intent-based architectures, where users specify what they want, not how to do it. This impacts:

• Solver Markets: Projects like Anoma and UniswapX rely on private computation to find optimal execution.
• Cross-Chain UX: Across Protocol and LayerZero's DVNs can use enclaves for secure, fast message verification.
• The End of Gas: Users no longer need to understand gas mechanics or sign complex transactions.

The value accrual shifts from application-layer MEV extraction to the infrastructure enabling its prevention and fair distribution. Focus on:

• Enclave Networks: Platforms providing decentralized attestation and compute (e.g., OAK Network, Phala).
• Restaking Middleware: EigenLayer AVSs that use enclaves for sequencing or proving.
• Privacy-Preserving DEXs: The next generation of AMMs that bake MEV protection into the core protocol.

Secure enclaves introduce new, non-cryptographic trust assumptions. The major risks are:

• Hardware Vendor Risk: Reliance on Intel, AMD, or ARM. A backdoor or bug breaks the system.
• Geopolitical Risk: Enclaves can be region-locked or sanctioned.
• Centralized Attestation: Initial attestation services may be bottlenecks. The long-term solution is decentralized attestation networks.