MEV-Boost: Merge ready Flashbots Architecture

A few thoughts based on the discussion so far:

1. MEV-Boost is a short term solution that bridges the gap to the permissionless block proposer / builder separation + mev smoothing solution which is preferred by everyone as it eliminates relays and therefore relay centralization. That being said, I expect multiple entities with existing reputations + large validators to offer relay services in the short term as it can be monetized + allows for reducing counter-party risk.
2. Pursuing a solution which enables solo staker participation is critical to MEV democratization as it protects the ability for individuals to participate in receiving MEV rewards without the need to join a pool. I don’t see it being possible to scale up monitoring and enforcement of solo validators in a way that makes it reasonable to send payloads to validators in cleartext - if there was an automated way to evaluate solo validator behavior I could see this path being more plausible.
3. Any MEV minimization / fair ordering system needs to be incentive compatible in order to succeed in the long run - I don’t see a path for these fair ordering experiments to gain adoption without either a) providing move revenue to validators, or b) introducing a consensus level change to the protocol. Solutions involving a) are already compatible with this proposal whereas solutions involving b) are outside the scope of the discussion in this post.

Let’s say I am the best builder and I win every single block by paying 95% of the MEV I extract. My incentive to run validators is exactly the same incentive as everyone else’s: the 95% of the MEV which I am paying out to proposers, because the remaining 5% is mine anyway. Basically I can go from 5 to 100, but anyone else can go from 0 to 95, and thus has the same exact incentive to stake as I do.

This property does not hold without auctions: a builder would then only be able to access MEV for all the blocks they directly propose, and so they’d be much more incentivized to stake than anyone else.

Yes you’re quite right about this- good spot. I missed that the relative incentive for all stakers is raised by the same amount and I retract this post. My previous objections still apply.

I’ve had a thought on the same subject. Dominant extractors owning validators may be preferable to them not. It sucks big time, but it still may be better.

As I understand it, the outcome PBS/MEVA is trying to mitigate is dominant extractors being incentivized to buy up validators as this is centralizing and so a security risk. But in this case at least the extractors have a stake in the network, so they are going to behave better than unstaked dominant extractors (ie: not do CaaS, Unstaked Hijacks, etc, for the same reason they’re less likely to double spend).

It seems to me that PBS/MEVA actually removes the security assurance that dominant extractors must also be stake holders, so making the network less secure. Isn’t it a security flaw not a security assurance that they can dominate block content without needing to have any skin in the game? It allows them to be maximally explotative even if it harms the network because they won’t be harming themselves.

I’ll rephrase this as a question (not rhetorical, I am interested). Why do you think that allowing dominant extractors to be unstaked improves the security of the network?

While a builder monopoly/oligopoly is obviously not ideal, it doesn’t break security assumptions other than censorship-resistance. The key point here is that controlling the executable part of a block does not give any control over consensus, as this is determined by attestations.
What this means practically is that even a monopolistic builder cannot do anything to break liveness or safety, nor they can do anything to force reorgs and double spend etc…

What would be really dangerous is for the validator set to centralize, because that opens the door to all of these attacks. It is therefore much much more important for us to preserve the decentralization of the validator set rather than that of the set of builders

Even for censorship-resistance, we wouldn’t have any guarantees if the validator set comes to be dominated by an oligopoly of extractors: even if a non-censoring minority existed, 51% of the stake can completely control the fork-choice and censor it. On the other hand, a decentralized validator set allows us to create mechanisms which give us strong censorship-resistance guarantees even with PBS (see here for the current state of research on this).

Yes understood, but this focus on the formal measures of liveness and safety has been exactly the problem because they are time-insensitive whereas most smart contracts are not. Academia has lagged necessity here, although thankfully that is changing.

My point is that Flashbots auctions mitigate structural centralization at the expense of centralizing content. This allows for attacks nearly as severe as reorgs and double spends but with the added issue that the attackers are unstaked.

Yes- this! A PBS proposal which appreciates the centralizing effects of auctions on content and uses consensus to mitigate it will beat the status quo.

I like @vbuterin’s idea of parallel PBS you linked to here. I’ll continue a discussion of that on the PBS thread as it seems more appropriate.