Frontrun Protection

A two-phase transaction process that hides critical information from frontrunners. In the commit phase, a user submits a hash of their intent (e.g., a trade). In the reveal phase, they submit the actual data. This prevents bots from seeing and copying the profitable action until it's too late. Used in early decentralized exchanges and NFT minting to ensure fair participation.

A consensus-level approach that enforces transaction order fairness. Instead of ordering by gas price, an FSS uses a deterministic rule (like time of arrival to the sequencer) to order transactions within a block. This neutralizes the economic priority of gas auctions. Projects like Chainlink Fair Sequencing Services and EigenLayer's shared sequencers aim to provide this as a network service.

Encrypts transaction content until it is included in a block. Users submit encrypted transactions to the mempool. A decentralized set of validators (or sequencers) then decrypts them simultaneously, only after the block is proposed. This ensures no single entity can see the plaintext transaction in advance, eliminating frontrunning opportunities. Used by Shutter Network and proposed for integration with L2 rollups.

A user-facing service that sends transactions directly to a trusted block builder or a private transaction pool. Services like Alchemy's Enhanced APIs or BloxRoute's Protected Tx route user transactions to exclusive channels, shielding them from the public mempool where they would be vulnerable. This is a practical, application-level protection for end-users.

Protocol-level changes to disincentivize priority gas auctions. Mechanisms include:

• Uniform Price Auctions: All transactions in a block pay the same gas price (the lowest winning bid).
• Vickrey-Clarke-Groves (VCG) Auctions: Users pay based on the cost they impose on others, leading to more truthful bidding.
• Time-Boost Auctions: Incorporate the time a transaction has been pending as a factor, not just fee price. These are active areas of Ethereum protocol research.

A cryptographic technique where a user first submits a hashed commitment of their transaction (containing data and a secret salt). After a delay, they reveal the original data. This prevents frontrunners from seeing the transaction's intent until it's too late to act. However, it adds complexity and latency, making it unsuitable for time-sensitive DeFi actions.

• Process: Commit → Wait → Reveal → Execute.
• Limitation: Introduces a mandatory delay, often several blocks, before execution.

These methods bypass the public mempool entirely. Submarine sends use a relayer to submit a transaction directly to a miner/validator. Private mempools (like Flashbots Protect or Taichi Network) are encrypted channels where transactions are shared only with selected block builders. While highly effective, they rely on trusted intermediaries and can centralize transaction flow, creating new points of failure or censorship.

A protocol-level approach where a decentralized network of sequencers orders transactions by receipt time instead of by fee. This neutralizes the advantage of bots that can pay higher gas fees. Implementations are complex and can require changes to blockchain consensus. A key limitation is accurately establishing a global, tamper-proof timestamp for transaction receipt across a distributed network.

All frontrun protection involves fundamental trade-offs:

• Decentralization vs. Efficiency: Private channels centralize trust.
• Latency vs. Security: Commit-reveal adds delays.
• Cost: Advanced schemes increase gas overhead or require service fees.
• Universal Protection: It's impossible to fully protect a transaction that must interact with a public, state-changing contract, as the outcome can still be inferred and frontrun based on the reveal.

The most robust protection is often designing applications to be MEV-resistant from the start. This includes:

• Using batch auctions or uniform-price clearing.
• Implementing threshold encryption for order submission.
• Designing mechanisms where the value extractable from frontrunning is minimized or redistributed to users (e.g., via MEV redistribution or MEV burn).

Miner Extractable Value (MEV) is the profit that validators or miners can extract by reordering, including, or censoring transactions within a block. It is the root economic incentive that frontrunning exploits. Common MEV strategies include:

• Arbitrage: Profiting from price differences across DEXs.
• Liquidations: Triggering and capturing liquidation bonuses.
• Sandwich Attacks: The specific frontrunning technique that protection mechanisms aim to prevent.

A commit-reveal scheme is a cryptographic two-step protocol that hides transaction intent until it is too late to frontrun. Users first submit a commitment (a hash of their transaction data) to the mempool. After a delay, they reveal the actual transaction. Since the initial commitment reveals no profitable information, frontrunners cannot act. This adds latency but provides strong protection for order-sensitive operations.

Fair Sequencing Services (FSS) are protocols or consensus modifications designed to guarantee transaction order fairness. Instead of ordering by gas price (which enables frontrunning), FSS uses methods like time-based ordering or randomized ordering to determine the final sequence of transactions in a block. This shifts the power from individual validators to a decentralized protocol that defines a canonical, fair order.

Threshold encryption is a technique used in private mempools or encrypted transaction flows. A user's transaction is encrypted with a public key, and only after a block is proposed is it decrypted by a decentralized committee of validators using their combined private key shares. This keeps the transaction content completely hidden from the public mempool, eliminating the visibility frontrunners rely on.

A submarine send is a specific smart contract-based technique to hide a pending transaction. A user locks funds in a contract with a secret. A frontrunner, seeing only the lock transaction, cannot determine the destination or intent. Later, the user submits a second transaction with the secret to execute the actual transfer, which is mined in the same block as the reveal, preventing interference.