Miner Extractable Value (MEV) is the profit that can be extracted by block producers (miners or validators) by reordering, including, or censoring transactions within a block they produce. While often associated with arbitrage and liquidations, MEV has profound implications for protocol security, user experience, and network fairness. MEV-aware protocol design is the practice of architecting systems from the ground up to mitigate its negative externalities—such as frontrunning, chain congestion, and centralization pressure—while potentially harnessing its benefits for protocol efficiency.
LABS
Guides
How to Architect an MEV-Aware Blockchain Protocol
A technical guide for developers designing new L1 or L2 protocols with MEV considerations from the ground up. Covers PBS, ordering rules, and mempool encryption.
Chainscore © 2026
introduction
ARCHITECTURE
Introduction to MEV-Aware Protocol Design
A guide to designing blockchain protocols that proactively manage the risks and opportunities of Miner Extractable Value (MEV).
The core challenge is the information asymmetry between users and block producers. A user submits a transaction with a specific intent, but the sequencer has the power to manipulate its execution context. To combat this, protocols can implement design primitives like commit-reveal schemes, where users submit encrypted transactions that are only revealed after being included in a block, preventing frontrunning. Another approach is fair ordering through techniques like threshold encryption or leader election, which aims to produce a canonical transaction order resistant to manipulation.
For DeFi applications, specific architectural patterns are critical. Automated Market Makers (AMMs) can integrate just-in-time (JIT) liquidity and time-weighted average price (TWAP) orders to reduce the surface area for sandwich attacks. Lending protocols can design Dutch auctions for liquidations instead of fixed-discount auctions, making them less predictable and profitable for searchers. These designs shift value from opportunistic extractors back to liquidity providers and protocol treasuries.
At the consensus layer, protocol architects must consider proposer-builder separation (PBS). PBS decouples the role of block building from block proposing, creating a competitive market for block space that can reduce centralization. Implementations like Ethereum's enshrined PBS aim to formalize this. Furthermore, inclusion lists allow users to guarantee their transactions are included, countering censorship. These layer-1 features provide a foundational substrate for MEV-aware applications.
Developers should instrument their protocols with MEV analytics from the start. Using tools like the Ethereum Execution API's mev_sendBundle or Flashbots' SUAVE, builders can test how their designs interact with the MEV supply chain. The goal is not to eliminate MEV—which is often impossible—but to shape it into a credibly neutral force. A well-architected protocol minimizes harmful MEV, transparently captures value for its stakeholders, and ensures a fair and efficient experience for all users.
prerequisites
FOUNDATIONAL KNOWLEDGE
Prerequisites and Core Assumptions
Before designing an MEV-aware protocol, you need a solid understanding of blockchain fundamentals and the specific economic forces at play. This section outlines the required knowledge and the core assumptions about network participants.
To architect a protocol that interacts with or mitigates Maximal Extractable Value (MEV), you must first grasp the underlying mechanics. This includes a deep understanding of consensus algorithms (e.g., Tendermint, Gasper), transaction lifecycle (mempool, block inclusion, ordering), and smart contract execution. Familiarity with the Ethereum Virtual Machine (EVM) or other execution environments is essential, as most MEV activity originates from automated bots interacting with decentralized applications. You should also be comfortable with cryptographic primitives like digital signatures and hash functions.
A core assumption is that network participants are economically rational. Validators and searchers will act to maximize their profit, which includes reordering, inserting, or censoring transactions within a block. Your protocol design must account for this adversarial model. Furthermore, you must understand the MEV supply chain: users submit transactions, searchers bundle them into profitable opportunities, builders construct optimized blocks, and validators propose the most lucrative block. Protocols that ignore this flow risk having their economic security assumptions broken.
Practical experience is crucial. You should have built and deployed smart contracts, interacted with a node's RPC endpoints (e.g., using eth_sendRawTransaction), and analyzed blockchain data. Tools like the Ethereum Execution API, Tenderly for simulation, and Flashbots' MEV-Share or MEV-Boost relays provide real-world context. Understanding current mitigation research, such as proposer-builder separation (PBS), encrypted mempools, and fair ordering protocols, will inform your architectural choices.
Finally, define your protocol's threat model and goals. Are you building a new L1 that natively orders transactions fairly? Are you creating an L2 rollup that needs to resist MEV extraction on its parent chain? Or are you designing an application, like a DEX, that must protect its users? Your core assumptions about network latency, validator honesty, and user sophistication will directly shape the technical architecture, determining whether you need a trusted hardware component, a cryptographic commit-reveal scheme, or a novel consensus modification.
key-concepts-text
PROTOCOL DESIGN
Key MEV Concepts for Protocol Architects
Understanding and mitigating MEV is a core responsibility for protocol architects. This guide covers the fundamental concepts required to design blockchain systems that are resilient to extraction.
Maximal Extractable Value (MEV) is the profit that can be extracted from a blockchain by reordering, including, or censoring transactions within a block. For protocol architects, MEV is not an abstract concern; it directly impacts user costs, network stability, and protocol security. Designing an MEV-aware protocol means proactively considering how your system's rules create opportunities for extraction and implementing mechanisms to manage them. This involves analyzing transaction ordering dependencies, auction mechanisms for block space, and the economic incentives for validators and searchers.
The primary sources of MEV in DeFi are arbitrage and liquidations. An arbitrage opportunity exists when an asset is priced differently across two pools (e.g., Uniswap and SushiSwap). A searcher profits by buying low on one and selling high on the other in the same block. Liquidations occur when a user's collateralized debt position (like in Aave or MakerDAO) falls below a health threshold, allowing a liquidator to purchase the collateral at a discount. Your protocol's design—its price update latency, oracle design, and liquidation logic—directly defines the size and frequency of these MEV opportunities.
To architect for MEV, start with transaction ordering. Naive first-in-first-out (FIFO) mempools are highly vulnerable. Consider implementing a commit-reveal scheme for sensitive transactions (like NFT mints or governance votes) to hide intent until inclusion. Alternatively, design for fair ordering where the protocol defines a canonical order to reduce frontrunning. For DeFi protocols, batching operations (like Compound's liquidateBorrow function) and using time-weighted average price (TWAP) oracles from Chainlink or Uniswap V3 can reduce the profitability of instantaneous arbitrage and frontrunning on oracle updates.
The block builder's role is central. In a proposer-builder separation (PBS) model, specialized builders compete to create the most profitable block by including optimized MEV bundles. The validator (proposer) simply selects the highest-paying block header. As an architect, you can influence this market. Designing clear, predictable fee markets and block space auctions (like EIP-1559 on Ethereum) helps commoditize MEV, making its extraction more efficient and its value more transparently captured by the network (via burning) or validors, rather than opaque searchers.
Finally, consider MEV redistribution and soft consensus. Protocols like Flashbots' SUAVE aim to create a neutral, decentralized marketplace for block building. You can also design mechanisms that internalize MEV for protocol users. For example, CowSwap's batch auctions with uniform clearing prices or Osmosis' threshold encryption for mempools direct MEV value back to traders. The goal is not to eliminate MEV—which is often impossible—but to shape its flow, mitigate its negative externalities like network congestion, and align extractive incentives with the long-term health of your protocol.
architectural-pillars
CORE PRINCIPLES
Three Pillars of MEV-Aware Architecture
Building a protocol that mitigates or leverages MEV requires foundational design choices in transaction ordering, block building, and user protection.
PROTOCOL-LEVEL SOLUTIONS
Comparison of MEV Mitigation Mechanisms
A technical comparison of architectural approaches to mitigate miner extractable value within a blockchain's core protocol design.
| Mechanism / Metric | Proposer-Builder Separation (PBS) | Threshold Encryption | Fair Sequencing Services (FSS) |
|---|---|---|---|
Core Principle | Separates block building from block proposing via a marketplace | Encrypts transactions until they are included in a block | Uses a decentralized sequencer with commit-reveal schemes |
MEV Resistance | Reduces centralization but does not eliminate MEV | High resistance to frontrunning and sandwich attacks | High resistance to time-bandit attacks and reordering |
Latency Impact | Adds 1-2 block confirmation delay for auction | Adds 1 block confirmation delay for decryption | Adds deterministic, fixed sequencing delay (e.g., 500ms) |
Implementation Complexity | High (requires consensus and builder market changes) | Medium (requires cryptographic integration at mempool) | Very High (requires trusted hardware or decentralized sequencer network) |
Adoption Status | Live on Ethereum (via MEV-Boost), native PBS planned | Research stage (e.g., Shutter Network) | Live on some L2s (e.g., Arbitrum Nova via Timeboost) |
Decentralization | Can centralize builder market; relay trust required | High, if decryption key is distributed via DKG | Varies; depends on sequencer set size and slashing |
User Experience | Transparent; users may pay for inclusion via tips | Requires encryption tooling; seamless for end-users | Predictable latency; no direct user action required |
Throughput Impact | Negligible | Adds computational overhead for decryption | Adds overhead for sequencing consensus |
design-tradeoffs
DESIGN TRADE-OFFS
How to Architect an MEV-Aware Blockchain Protocol
A guide to the core architectural decisions and trade-offs involved in building a blockchain protocol that mitigates or manages Maximal Extractable Value (MEV).
Architecting an MEV-aware protocol begins with defining its primary objective: to suppress, redistribute, or transparently expose MEV. Each path involves fundamental trade-offs. Suppression (e.g., via encrypted mempools or commit-reveal schemes) enhances fairness but can reduce network throughput and latency. Redistribution (e.g., through Proposer-Builder Separation or MEV-Burn) aims to democratize profits but adds protocol complexity. Transparency (e.g., with open auctions) maximizes efficiency for sophisticated users but can exacerbate negative externalities for regular users. The choice dictates your protocol's core economic and security model.
The consensus mechanism is the next critical layer. Proof-of-Stake (PoS) systems, where block proposers are known in advance, are inherently more vulnerable to time-bandit attacks and proposer collusion compared to Proof-of-Work (PoW). To mitigate this, protocols can implement Proposer-Builder Separation (PBS), as seen in Ethereum's roadmap. PBS decouples block building (a complex, MEV-extraction task) from block proposal (a simpler, consensus-critical task). This trade-off introduces new roles (builders, relays) and requires careful trust minimization, often via cryptographic commitments like crLists (censorship resistance lists).
Transaction ordering is the battlefield for MEV. A protocol must choose its ordering rule. First-come-first-served in a public mempool is simple but enables frontrunning. Time-boost auctions can prioritize fee-paying transactions. More advanced approaches use a sequencer (common in rollups) for deterministic ordering, but this centralizes power. For decentralized sequencing, protocols like Astria or Espresso are exploring shared sequencer networks. The trade-off is between ordering fairness, liveness guarantees, and resistance to centralization. The design must also specify whether ordering occurs on-chain (verifiable but expensive) or off-chain (scalable but requires fraud/validity proofs).
Execution environment design directly impacts MEV extractability. A protocol using the Ethereum Virtual Machine (EVM) inherits a rich, predictable state space that MEV searchers can easily analyze. Alternative VMs or application-specific chains can obscure state or use private mempools to limit arbitrage opportunities. For example, Cothority-based or threshold encryption schemes for transactions hide content until execution. The trade-off is between developer familiarity/ecosystem compatibility and the ability to implement novel MEV-resistant execution logic. This decision also affects the feasibility of cross-chain MEV, as homogeneous environments are easier to exploit.
Finally, protocol architects must design for long-term sustainability. MEV strategies evolve rapidly. A static design will be gamed. Consider mechanisms for on-chain governance to update MEV-related parameters or credibly neutral foundations to oversee PBS relay registries. Analyze the economic incentives for each actor: validators, builders, searchers, and users. Will fees from MEV secure the chain, or will they be burned to avoid validator centralization? Documented examples include Ethereum's EIP-1559 base fee burn and the proposed MEV-Burn. The ultimate trade-off is between designing a perfectly balanced system at launch and creating a flexible framework that can adapt to an adversarial future.
implementation-considerations
ARCHITECTURE
Implementation Considerations and Pseudocode
Designing a blockchain protocol to mitigate or manage MEV requires deliberate architectural choices at the consensus and execution layers.
The core architectural decision is where to enforce MEV-aware rules. A protocol-level approach integrates mitigation directly into the consensus mechanism, such as enforcing transaction ordering rules or implementing a commit-reveal scheme for transactions. This offers strong guarantees but reduces flexibility. An execution-level approach, like using a specialized virtual machine or precompiled contracts, allows for more complex logic, such as sealed-bid auctions within a smart contract. The trade-off is that it relies on correct implementation by node operators and may be more complex to upgrade. The choice depends on whether the goal is to eliminate certain MEV forms entirely or to create a fair, transparent market for it.
A foundational technique is to modify the mempool and block proposal process. Instead of a public mempool where searchers can observe pending transactions, protocols can implement a private transaction channel or a threshold encryption scheme. Here, users submit encrypted transactions to validators. Only after a block is proposed are the transactions decrypted and executed, preventing frontrunning. Pseudocode for a simple commit-reveal flow in a validator client might look like:
python# Commit Phase hashed_tx = keccak256(encrypted_transaction + nonce) blockchain.submit_commitment(hashed_tx) # Reveal Phase (after block proposal) # Validator reveals the encrypted_transaction and nonce # Network verifies hash matches commitment before execution
This removes latency-based MEV but introduces complexity in transaction lifecycle management.
For protocols that choose to manage rather than eliminate MEV, implementing a proposer-builder separation (PBS) is critical. In PBS, specialized block builders compete to create the most valuable block contents (including MEV), while validators simply choose the highest-paying block header. This separates the profit motive from the consensus role. Architecturally, this requires two new protocol messages: a BuilderBid containing a block header and a payment, and a SignedBlindedBlock that a validator signs without seeing the transactions. The Ethereum roadmap's inclusion of PBS via ePBS is a prime real-world example of this architecture being deployed at the consensus layer.
Another key consideration is cross-domain MEV, where value is extracted across rollups or other execution layers. A protocol architecture must decide if and how to coordinate sequencing. A shared sequencing layer, like a dedicated sequencing network or a based rollup, can provide a unified, fair ordering of transactions across multiple domains. This prevents arbitrageurs from exploiting latency differences between independent sequencers. The architectural challenge is ensuring this shared sequencer is itself decentralized and resistant to censorship, often requiring its own consensus mechanism and economic security model.
Finally, the economic design must align incentives. This includes the distribution of MEV revenue. Should it all go to the block proposer? Should it be burned to benefit all token holders? Or should a portion be directed to a public goods fund? Protocols like Flashbots' SUAVE envision a neutral, competitive marketplace. Furthermore, slashing conditions may be needed to punish validators who deviate from the ordering rules or censorship-resistance guarantees. These economic parameters are as crucial as the technical architecture in determining the protocol's long-term resilience and fairness.
ARCHITECTURAL PATTERNS
Case Studies: Existing Protocol Implementations
Post-Merge PBS and Proposer-Builder Separation
Ethereum's transition to Proof-of-Stake introduced Proposer-Builder Separation (PBS) as a core architectural response to MEV. Validators (proposers) outsource block construction to specialized builders via a trusted relay network. This separates the power to choose transactions from the power to order them, aiming to democratize MEV extraction.
Key implementations include:
- Flashbots SUAVE: A decentralized block builder marketplace and mempool.
- MEV-Boost: Middleware that allows Ethereum validators to access external block builders, capturing over 90% of post-merge blocks.
- Arbitrum's Timeboost: An L2 auction mechanism where sequencers bid for the right to order transactions in a specific time slot.
This model centralizes trust in relays but is a pragmatic step toward mitigating validator-level MEV.
resource-links
DEVELOPER RESOURCES
Essential Resources and Further Reading
Primary research, protocol designs, and tooling references for architects designing blockchains with explicit MEV awareness at the consensus, mempool, and execution layers.
DEVELOPER FAQ
Frequently Asked Questions on MEV Protocol Design
Common technical questions and troubleshooting for developers building or modifying blockchain protocols to account for Maximal Extractable Value (MEV).
Transaction ordering is the process of sequencing transactions into a block. MEV is the value that can be extracted from that ordering power by manipulating the sequence. All MEV requires control over ordering, but not all ordering decisions are MEV extraction. For example, a validator ordering transactions by gas price is standard. A validator front-running a large DEX swap by inserting their own transaction is MEV extraction. The core architectural challenge is designing a protocol where the ordering process is either trust-minimized (e.g., via fair ordering or commit-reveal schemes) or the extracted value is credibly neutral and redistributed (e.g., via proposer-builder separation).
conclusion
ARCHITECTURAL SYNTHESIS
Conclusion and Future Directions
This guide has outlined the core principles for building an MEV-aware blockchain protocol. The next step is to synthesize these components into a cohesive system and consider the evolving landscape.
Architecting an MEV-aware protocol is not about eliminating MEV, but about managing its distribution and externalities. A robust design integrates the principles discussed: credible neutrality in block building, in-protocol PBS for fair proposer compensation, encrypted mempools for transaction privacy, and application-aware ordering rules to protect users. The goal is to shift value extraction from off-chain, opaque markets to on-chain, verifiable mechanisms. For example, a protocol might implement a commit-reveal scheme for transactions, a first-price auction for block space via an in-protocol proposer-builder separation (PBS) contract, and slashing conditions for builders who deviate from promised bundles.
Future research and development are pushing the envelope in several key areas. Interoperable MEV examines how value extraction moves across rollups and Layer 2s, necessitating cross-domain sequencing solutions. Verifiable Delay Functions (VDFs) and threshold encryption are being refined to make encrypted mempools more practical and resistant to timing attacks. Furthermore, the concept of MEV burn or MEV redistribution is gaining traction, where a portion of extracted value is programmatically sent to a protocol treasury or burned, akin to EIP-1559's base fee burn, to socialize some of the benefits.
For builders and researchers, the immediate path forward involves simulation and testing. Tools like Ethereum Execution API (EEA) specs for eth_sendBundle and eth_callBundle, and environments like Foundry and Hardhat with forked mainnets, are essential for prototyping. The critical test is whether your design maintains liveness under adversarial conditions—can the network produce blocks if all builders are censoring certain transactions? Implementing a fallback mechanism, such as a naive builder built into the client software, is often necessary.
The long-term vision is a blockchain where MEV is a transparent, accounted-for resource in the protocol's economic model. This requires continued collaboration across cryptography, game theory, and systems engineering. Developers should engage with ongoing efforts in the Ethereum Protocol Fellowship, Flashbots research, and academic conferences like Financial Cryptography. The architectural choices made today will fundamentally shape the fairness and efficiency of decentralized systems for years to come.