Position Paper: Denial-of-Service Against Multi-Round Transaction Simulation
For Ethereum block builders and MEV searchers, this paper identifies and demonstrates a new vulnerability in bundling services that can degrade service quality and revenue.
This paper develops evasive, risk-free, and low-cost denial-of-service attacks against Flashbots' multi-round transaction bundling service, achieving high success rates and substantially reducing builder revenue and slowing block production.
In Ethereum, transaction-bundling services are a critical component of block builders, such as Flashbots Bundles, and are widely used by MEV searchers. Disrupting bundling services can degrade searcher experience and reduce builder revenue. Despite the extensive studies, the existing denial-of-service attack designs are ineffective against bundling services due to their unique multi-round execution model. This paper studies the open problem of asymmetric denial-of-service against bundling services. We develop evasive, risk-free, and low-cost DoS attacks on Flashbots' bundling service, the only open-source bundling service known to us. Our attacks exploit inter-transaction dependencies through contract state to achieve evasiveness, and abuse bundling-specific features, such as atomic block inclusion, to significantly reduce both capital and operational costs of the attack. Experimental results show that our attacks achieve high success rates, substantially reduce builders' revenue, and slow block production. We further propose mitigation strategies for the identified risks.