Miner Extractable Value

id: LS31H
title: Miner Extractable Value
baseSeverity: H
category: mev
language: solidity
blockchain: [ethereum]
impact: Profitable manipulation of user transactions and protocol logic
status: draft
complexity: medium
attack_vector: external
mitigation_difficulty: medium
versions: [">=0.4.0", "<=0.8.25"]
cwe: CWE-358
swc: SWC-114

📝 Description

Miner Extractable Value (MEV) refers to the ability of a validator, block builder, or any party with mempool visibility to reorder, insert, or censor transactions within a block to extract profit.
Smart contracts that depend on user-submitted inputs, lack replay protections, or reveal state before execution are particularly vulnerable to:
Front-running: attackers copy and preempt the user's transaction
Back-running: attackers capitalize on state changes after a user’s action
Sandwich attacks: attackers place one transaction before and one after the victim to extract slippage or arbitrage
MEV exploits cause loss of user funds, degraded UX, and unfair execution environments for protocols such as DEXes, NFT mints, liquidation engines, and oracle updaters.

🚨 Vulnerable Code

pragma solidity ^0.8.0;

contract SimpleDEX {
    uint256 public price = 1000;

    function buy() external payable {
        require(msg.value == price, "Incorrect payment");
        // ❌ Attacker can front-run this call to manipulate price externally
        _deliverToken(msg.sender);
    }

    function updatePrice(uint256 newPrice) external {
        price = newPrice; // 🧨 no access control or delay
    }

    function _deliverToken(address user) internal {
        // Token mint or transfer logic
    }
}

🧪 Exploit Scenario

Alice sends a transaction to buy() a token at 1000 wei.
Attacker monitors the mempool and sees Alice’s pending tx.
The attacker preempts it by sending updatePrice(2000) with higher gas.
Alice's transaction is mined second and now fails or overpays.
The attacker resets the price afterward to avoid detection.

Assumptions:

Mempool is public (true on Ethereum mainnet)
No anti-front-running protections are applied
Transaction ordering is not enforced

✅ Fixed Code

pragma solidity ^0.8.0;

contract AntiMEVDEX {
    uint256 public immutable price = 1000;

    mapping(address => uint256) public nonces;

    function buy(uint256 expectedPrice, uint256 nonce) external payable {
        require(expectedPrice == price, "Price changed");
        require(nonces[msg.sender] == nonce, "Invalid nonce");

        nonces[msg.sender] += 1;
        _deliverToken(msg.sender);
    }

    function _deliverToken(address user) internal {
        // Token mint or transfer logic
    }
}

🧭 Contextual Severity

- context: "AMM or DEX without slippage or deadline protection"
  severity: H
  reasoning: "Widespread MEV extraction leads to unfair execution and user loss"
- context: "Protocol using commit-reveal or encrypted tx batching"
  severity: L
  reasoning: "MEV significantly reduced or mitigated"
- context: "Private mempool integration (Flashbots, etc.)"
  severity: M
  reasoning: "Effect depends on relay reliability and user participation"

🛡️ Prevention

Primary Defenses

Use commit-reveal or signature-based meta-transactions to hide intent.
Require users to commit to state (price, nonce, etc.) in calldata.
Implement delays or access control on critical state-changing operations.

Additional Safeguards

Integrate MEV-aware relayers or private mempool solutions like Flashbots.
Monitor transactions for reordering patterns and excessive slippage.
Minimize mutable global state prior to execution.

Detection Methods

Audit all publicly callable functions with economic impact.
Simulate front-running/back-running scenarios in testnet forks.
Tools: Tenderly trace, Foundry fork-mode tests, Slither (tx.origin, public-mutable-state)

🕰️ Historical Exploits

Name: JaredFromSubway.eth Sandwich Bot
Date: 2023
Loss: Millions in cumulative trader losses due to over 238,000 sandwich attacks
Post-mortem: Link to post-mortem
Name: Curve Finance MEV Block Reward
Date: 2023-07-31
Loss: Over $1 million in MEV rewards extracted during DeFi exploit
Post-mortem: Link to post-mortem

📚 Further Reading

✅ Vulnerability Report

id: LS31H
title: Miner Extractable Value 
severity: H
score:
impact: 4  
exploitability: 3 
reachability: 4  
complexity: 2  
detectability: 4  
finalScore: 3.55

📄 Justifications & Analysis

Impact: Users suffer financial loss, failed transactions, or protocol unfairness.
Exploitability: MEV bots actively monitor the mempool for vulnerable patterns.
Reachability: Any open function with economic impact and no transaction binding is affected.
Complexity: Requires basic MEV bot logic or priority gas auctioning.
Detectability: Easily simulated in forks or flagged with Slither rules.