Builder Collusion

Colluding builders form cartels to systematically capture Maximal Extractable Value (MEV). By coordinating the ordering of transactions, they can:

• Guarantee the execution of profitable arbitrage and liquidations for themselves.
• Exclude or outbid independent searchers, centralizing MEV profits.
• Implement time-bandit attacks, reordering past blocks if more profitable opportunities are discovered.

A dominant builder or cartel can censor transactions by refusing to include them in proposed blocks. This targets:

• Transactions from specific addresses (e.g., sanctioned entities).
• Competing DeFi arbitrage opportunities.
• Transactions that would reduce the colluding builders' profits. This undermines permissionlessness and credible neutrality, core tenets of public blockchains.

Collusion distorts the proposer-builder separation (PBS) auction. Tactics include:

• Bid rigging: Builders agree to submit non-competitive bids to lower the cost of winning blocks.
• Payback schemes: A builder wins the auction and shares a portion of the profits with the proposer outside the protocol, bypassing transparent bidding.
• Shadow bidding: Using private channels to coordinate bids, making the public auction a facade.

Sustained collusion leads to centralization of block production power. A small group of builders consistently wins auctions, creating:

• Barriers to entry for new, independent builders.
• Single points of failure, increasing systemic risk.
• Governance capture, where the cartel can influence protocol upgrades to entrench its position. This erodes the security model reliant on decentralized validation.

The end result is increased costs and reduced fairness for end-users:

• Higher transaction fees as collusion reduces auction competition.
• Worse execution prices on DEXs due to captured arbitrage.
• Reduced network reliability for censored applications.
• Weakened trust in the blockchain's liveness and fair ordering guarantees.

Protocols and researchers are developing countermeasures to builder collusion, including:

• Enshrined Proposer-Builder Separation (ePBS): Baking PBS into the protocol consensus to reduce out-of-band deals.
• Commit-Reveal Schemes: Hiding transaction content until after the block is committed to prevent last-minute manipulation.
• SUAVE: A decentralized block-building marketplace aiming to decentralize the builder role itself.
• Reputation Systems: Penalizing builders for observable malicious behavior.

Builders deliberately exclude valid transactions from blocks to suppress specific activities or users. This is often coordinated with a proposer to ensure the censored block is accepted.

• Example: Refusing to include transactions from sanctioned addresses or competing protocols.
• Impact: Violates network neutrality and can be used for regulatory overreach or anti-competitive behavior.

A group of builders and searchers form a cartel to monopolize Maximal Extractable Value (MEV) opportunities, sharing profits and excluding outsiders.

• Mechanism: Cartel members share private order flow and transaction bundles, ensuring only they can capture lucrative arbitrage or liquidations.
• Result: Centralizes MEV profits, reduces competition, and can lead to higher costs for end-users.

Builders collude to manipulate the proposer-builder separation (PBS) auction by submitting non-competitive or complementary bids.

• Tactic: A dominant builder agrees with others to submit low bids, ensuring it wins the auction at a below-market rate.
• Goal: Reduces the revenue paid to the block proposer (validator) and increases the colluding builders' profit margins.

A builder, often in league with a proposer, intentionally withholds a newly built block to secretly mine a competing chain based on future transactions, then forces a reorg to capture more value.

• Process: The colluding party sees a new, profitable transaction and attempts to build a new block that includes it, reorganizing the chain if successful.
• Threat: Destabilizes chain finality and settlement guarantees for users.

Builders enter into exclusive agreements with large off-chain entities (like centralized exchanges or wallets) to receive their transaction flow privately, bypassing the public mempool.

• How it works: The entity sends transactions directly to the builder, who can extract MEV without competition and may share profits.
• Consequence: Creates an information asymmetry, disadvantaging public searchers and decentralizing the transaction supply chain.

Direct collusion where a validator (proposer) and a specific builder have a side agreement, violating the intended trustless separation of PBS.

• Methods: The proposer may always accept blocks from a favored builder regardless of bid price, or share private information about upcoming block assignments.
• Risk: Effectively re-centralizes block production, negating the anti-censorship and competitive benefits of PBS.

Builder collusion occurs when multiple block builders coordinate to manipulate the construction of a block for mutual benefit. This is a systemic risk in proposer-builder separation (PBS) architectures. Instead of competing fairly in a builder auction, colluding builders can:

• Censor transactions from specific users or protocols.
• Front-run or sandwich trades at scale by guaranteeing execution order.
• Extract MEV more efficiently by sharing order flow and splitting profits, reducing the competitive pressure that benefits users.

A primary risk where colluding builders systematically exclude valid transactions. This can target:

• OFAC-sanctioned addresses to comply with regulatory demands, potentially decentralizing censorship.
• Competing protocols or specific arbitrage opportunities to preserve profit for the colluding cartel.
• This undermines the credible neutrality of the blockchain, as transaction inclusion becomes dependent on builder alliances rather than fee markets.

Collusion enables sophisticated, large-scale market manipulation. Builders can:

• Orchestrate sandwich attacks by guaranteeing a victim's transaction is placed between their own buy and sell orders.
• Execute time-bandit attacks by reordering blocks after seeing future transaction flow.
• Create private order flow agreements, where searchers bypass public mempools and send bundles exclusively to the colluding builder group, reducing competition and increasing extracted value.

In an enshrined proposer-builder separation (ePBS) model, builder collusion poses an existential centralization risk. If a small cartel of builders dominates, they can:

• Dictate block contents consistently, acting as a centralized sequencing layer.
• Extract economic rents from the entire network, reducing validator and user rewards.
• Stifle innovation by blocking transactions for new, competing builders or services. This defeats the decentralization goals of PBS.

Protocol-level designs aim to mitigate collusion risks:

• Commit-Reveal Schemes: Builders commit to a block header before revealing the full body, making it harder to coordinate last-second manipulation.
• Threshold Cryptography: Using distributed validator technology (DVT) or multi-party computation to decentralize the builder role itself.
• Suave (Single Unifying Auction for Value Expression): An emerging paradigm that aims to separate the roles of expression (defining execution intent) and execution (building the block), reducing the builder's discretionary power.

Understanding builder collusion requires knowledge of adjacent mechanisms:

• Proposer-Builder Separation (PBS): The architectural framework that creates the builder role.
• Maximal Extractable Value (MEV): The profit motive driving collusion.
• Relays: Trusted intermediaries in PBS that can also become points of coordination or censorship.
• Fair Sequencing Services: Alternative designs that prioritize transaction order fairness, such as first-come-first-served, to combat MEV and collusion.

A prominent example where a block builder intentionally excludes transactions from sanctioned addresses (e.g., Tornado Cash) to comply with regulatory demands. This demonstrates censorship and the ability of a single entity to filter the public mempool, undermining permissionless access.

• Mechanism: The builder creates a block that is empty of any prohibited transactions, even if those transactions paid high fees.
• Impact: Creates a two-tier system where some users' transactions are systematically ignored, regardless of economic incentives.

A sophisticated form of MEV extraction where a colluding builder reorganizes the chain. If a new block reveals highly profitable arbitrage opportunities in prior blocks, the builder may attempt to re-mine that block to capture the value for themselves.

• Prerequisite: Requires significant hashing power or influence over proposers.
• Threat: Attacks the finality of the chain, as recent transactions can be reversed for profit, breaking a core blockchain guarantee.

In a PBS model, the proposer (validator) and builder are separate roles. Collusion occurs when a proposer exclusively accepts blocks from a single, affiliated builder, or when builders bribe proposers with side payments outside the protocol.

• Centralization Risk: Creates a closed ecosystem, shutting out competitive builders.
• Example: A validator pool always selects blocks from its in-house builder, regardless of whether they offer the highest bid to the network, extracting value privately.

The classic MEV scenario often enabled by builder collusion. A builder sees a large pending swap on a DEX in the mempool, inserts their own transaction to buy the asset first, and then includes the user's transaction at a worse price, profiting from the price impact.

• Builder's Role: They can order transactions within a block to guarantee their predatory trade executes first.
• Scale: This is often automated by searchers who pay high fees to builders to ensure their frontrunning bundle is included.

A more aggressive form of DEX exploitation. A colluding builder sandwiches a user's large trade between two of their own transactions: one buy before and one sell after.

• Process: 1) Buy asset before user's trade (raising price). 2) Include user's trade (executing at inflated price). 3) Sell asset immediately after (profiting from the user-induced price move).
• Builder Complicity: Requires the builder to accept the attacker's bundle and place the three transactions in the exact, damaging order.