Section II: How Value Gets Extracted

Benevolent vs. Malignant MEV

Before examining specific extraction strategies, we need a framework for evaluating their market impact. Not all MEV harms markets equally, and distinguishing productive from predatory extraction matters for both protocol design and user protection.

Benevolent MEV serves necessary economic functions. CEX-DEX arbitrage keeps execution prices for the same asset roughly aligned across venues, so traders see broadly similar prices wherever they trade once you account for liquidity and fees, rather than some venues being systematically “worse” to trade on. Liquidations preserve the solvency of lending protocols by ensuring under-collateralized positions get closed before they become bad debt that would burden all protocol users. These activities extract value, but they also deliver clear benefits: tighter price spreads and healthier lending markets.

Malignant MEV extracts value without providing commensurate benefits. Sandwich attacks exemplify this: the victim pays more, the searcher profits, and the market gains nothing. This is pure wealth transfer enabled by privileged information and ordering control.

Just-in-time liquidity demonstrates this ambiguity. When searchers see a large trade pending, they quickly add liquidity to the relevant pool just for that block, capture the swap fees from executing the trade, and then remove their liquidity in the next block. On one hand, this provides liquidity exactly when needed and can reduce slippage for the trader. On the other hand, it crowds out passive liquidity providers who can't compete with such precision, potentially degrading liquidity depth over time.

Similarly, oracle updates create another ambiguous MEV channel. When a price feed like Chainlink posts a new price on-chain, searchers try to back-run that update by placing their arbitrage trade in the very next transaction. They use the fresh quote to trade against AMMs or perpetual futures that are still priced off the old level, snapping prices back into line. The system benefits from faster price correction, but in practice the profits accrue almost entirely to specialized operators with the fastest infrastructure.

The key distinction isn't whether value gets extracted (it always does), but whether that extraction serves a necessary function or merely exploits information and ordering advantages. This framework helps us evaluate the strategies that follow.

MEV Extraction Strategies

From this chaos emerged a hierarchy of exploitation strategies, each more sophisticated than the last. Arbitrage, as described above, sits at the benevolent end. But when competition heats up, searchers get more aggressive.

They start front-running, which means copying a trader's transaction but paying extra to go first. For example, when a trader spots an arbitrage opportunity where they can buy ETH for $3,000 on one DEX and immediately sell it for $3,050 on another, a bot sees the pending transaction and submits the exact same trade with a higher fee to jump ahead in line, capturing that $50 profit before the original trader can.

Understanding why these strategies work requires recalling how AMMs function (covered in Chapter VII). The deterministic pricing curves mean the price impact of any proposed swap can be calculated in advance. Combined with the public mempool where transactions sit before inclusion, searchers can see a pending trade, estimate exactly how far it will move the price, and position their own transactions around it. Predictable pricing, visible intent, and reorderable transactions create a perfect environment for extraction.

Consider a representative sandwich attack. A trader submits a transaction to swap ETH for USDC on Uniswap. A searcher's bot detects this pending transaction in the mempool and immediately constructs a three-transaction bundle. First, the bot front-runs by buying USDC using ETH, which pushes the pool price higher. Then the victim's trade executes at this inflated price, receiving significantly less USDC than expected based on the original pool state. Finally, the bot back-runs by immediately selling its USDC position back to the pool. As the price settles back down, the bot exits with a profit after accounting for fees and slippage.

The trader pays an invisible tax for revealing their intent publicly. The bot risks minimal capital (the trade bundle either executes atomically or reverts entirely) while extracting pure profit. This single transaction illustrates the MEV extraction dynamic in miniature: sophisticated actors use privileged information about pending transactions to extract value from regular users through strategic positioning and timing.

Beyond price manipulation, liquidations represent another MEV category. Lending protocols (such as Aave, discussed in Chapter VII) set collateral ratios that are safe at the time of borrowing, and positions only become liquidatable when market moves push collateral value down (or debt value up) enough that they fall below the liquidation threshold. When an oracle update reflects that new price, searchers race to be first to repay part of the debt, seize a slice of the collateral, and collect the liquidation bonus. In practice they often back-run oracle updates by placing their liquidation transactions immediately after the price feed update in the same block. Unlike sandwiching, this competition serves a necessary function by clearing under-collateralized positions and keeping the protocol solvent, but it still turns user stress events into MEV auctions and concentrates rewards in the fastest operators.

Priority-gas-auction bidding historically spiked gas costs as bots competed for transaction priority; today much of that competition is off-chain via specialized auction systems where searchers bid for transaction ordering rights, reducing broad mempool fee spikes but often shifting costs into worse execution for users or rebates captured by intermediaries. This harm is far from theoretical. Every sandwich attack represents value directly transferred from a user to a well-capitalized operator, even if the fee externalities now appear less in the public mempool and more in private routing markets.

How Users Can Protect Themselves

Given the MEV extraction landscape described above, what practical steps can users take? When submitting transactions to public mempools, assume exploitation is likely.

The first line of defense is setting tight slippage tolerances to control how much worse a price you will accept. Starting with 0.5 to 1 percent works for most trades, though tokens with low liquidity may still be vulnerable. Setting tolerances too tight, below 0.3 percent, risks failed transactions during normal market swings.

Private transaction routing offers stronger protection. Services like Flashbots Protect route transactions through private channels instead of broadcasting them to the public mempool. This shields your intent until inclusion, protecting against front-running and sandwich attacks. Failed transactions through these services typically do not cost fees, and some services rebate part of the MEV they help you avoid. The tradeoff is weaker propagation: your order depends on a smaller set of relays and builders rather than the full public network, so inclusion can be less predictable.

Batch auction systems provide protection through mechanism design rather than just hiding intent. CoW Swap groups orders into batches and uses competitive solvers to find the best execution paths (as introduced in Chapter VII's intent-based systems section), which prevents sandwich attacks that rely on sequential processing. UniswapX uses a declining-price auction where parties compete to fill orders at progressively better prices for the user. Both approaches make extraction structurally harder.

For large trades, splitting orders across multiple blocks reduces per-trade price impact and makes sandwich attacks less profitable. Time-weighted average price strategies, covered in Chapter VI, break trades into smaller pieces executed over time. Combining this approach with private routing or batch auctions provides layered protection.

Some platforms build protection directly into their design. Encrypted-mempool systems like Shutter Network keep transaction contents hidden until ordering is fixed, making frontrunning much harder. Over time, Uniswap v4 may add MEV-aware features like dynamic fees or anti-sandwich protections at the pool level.

The goal is not complete MEV elimination, which is impossible, but making extraction harder and less profitable. These protections help against sandwich attacks but cannot stop all MEV types. The battle constantly evolves as new attack methods emerge.

A Warning About "Easy Money"

Observing the profitability of MEV extraction, some newcomers wonder whether they should become searchers themselves. A reality check: being a searcher is not free money. Winning priority requires paying fees and accepting price impact, and poorly calibrated attempts often lose money. Because AMM pricing makes each additional unit more expensive to buy, naive bots frequently donate value to professional searchers, builders, and validators when they misjudge fees or slippage. Without precise simulation and risk controls, frontrunning or sandwich attempts often overpay for execution and end up losing rather than extracting value.