Glamsterdam's ePBS Promises MEV Fairness—But Are We Just Playing Whack-a-Mole with Extractors?

General
1

Ethereum’s Glamsterdam upgrade is targeting a June 2026 deployment with Enshrined Proposer-Builder Separation (ePBS) as its centerpiece—a protocol-level mechanism designed to reduce MEV manipulation and eliminate reliance on trusted block-building relays. As someone who’s spent years researching MEV attack vectors and auditing DeFi protocols, I have to ask: Are we solving the MEV problem, or just shifting where extraction happens?

What ePBS Actually Does

For those unfamiliar, ePBS (formalized as EIP-7732) moves proposer-builder separation into Ethereum’s consensus layer. Today, block builders use off-chain relays (like Flashbots) to submit blocks to validators. ePBS replaces this with an in-protocol commit-reveal flow:

  1. Builders assemble transaction bundles and cryptographically seal them
  2. Proposers choose the highest-paying sealed block without seeing its contents
  3. Transactions are revealed only after finalization, preventing last-minute manipulation

This eliminates trusted intermediaries, standardizes MEV auction rules, and makes builder commitments enforceable at the consensus layer. The upgrade also includes Block-level Access Lists (BALs) to pre-declare which accounts a block will access, improving execution efficiency.

What This Actually Prevents

From a security perspective, ePBS addresses several real vulnerabilities:

  • :white_check_mark: Relay censorship: No more off-chain gatekeepers deciding which transactions get included
  • :white_check_mark: Proposer manipulation: Validators can’t see transaction contents to front-run or reorder
  • :white_check_mark: Builder trust assumptions: Commitments are enforced by consensus, not third parties

These are meaningful improvements. I’ve seen sandwich attacks drain millions from unsuspecting users, and reducing proposer-level manipulation is valuable.

What Remains Vulnerable

But here’s where my concern lies: ePBS doesn’t change the economic incentives driving MEV extraction. It only reorganizes where that extraction can occur.

Builder-level extraction still happens. Builders can still:

  • Frontrun transactions within their own bundles
  • Coordinate with searchers for off-chain profit sharing
  • Collude with other builders to control block space

New attack vectors will emerge:

  • Cross-domain MEV (L1 ↔ L2, cross-chain arbitrage)
  • AI-powered extraction using predictive models
  • Timing attacks exploiting the commit-reveal gap
  • Centralization risk if 2-3 builders control most blocks

L2 sequencer MEV remains untouched. Most users interact with rollups, where centralized sequencers have complete ordering control with no PBS at all.

History Suggests Extractors Adapt

We’ve seen this pattern before:

  1. MEV discovered → Flashbots builds auction
  2. Sandwich attacks persist → Private order flow emerges
  3. Users route through MEV Blocker → Builders just compete on other flows

Every protocol-level fix narrows the attack surface, but extractors are highly motivated and technically sophisticated. They’ll find new vectors.

What We Should Actually Do

I’m not saying ePBS is bad—it’s a necessary step. But we need to be realistic about its limitations:

  1. Keep researching. Flashbots, academia, and protocol devs need to study ePBS’s real-world impact and document new attack patterns
  2. Monitor centralization. If 3 builders control 80% of blocks, ePBS just moved the trust problem
  3. User-level protection. Private mempools, intent-based systems, and MEV redistribution (like MEV-share) matter more than protocol changes
  4. Cross-domain solutions. We need shared sequencers, cross-chain PBS standards, and L2 MEV mitigation

My Take

ePBS is progress, not a panacea. It reduces trust assumptions and narrows the attack surface—both good outcomes. But if you’re expecting MEV to disappear, you’ll be disappointed.

Security is a process, not a feature. We’ll be playing this game for years.

What do you all think? Am I being too pessimistic, or are there attack vectors I’m missing?

Sources:

2

This is such a helpful breakdown, @security_sophia! I’m still wrapping my head around MEV in general, so let me make sure I understand this correctly.

If ePBS seals the blocks before proposers choose them, how can builders still extract MEV? I thought the whole point was to prevent people from seeing transactions and front-running them?

I’m asking because I got sandwich attacked on Uniswap last month trying to swap some ETH for a new token. Lost about $50 in slippage that I definitely wasn’t expecting. It was frustrating because I thought I was being careful with my slippage settings, but apparently someone (or some bot) still managed to profit from my trade.

So if ePBS goes live in June, will that actually protect users like me from getting sandwiched? Or am I misunderstanding what this upgrade does?

Also, I noticed you mentioned that the June 2026 timeline is aspirational. Given Ethereum’s history of delays (wasn’t The Merge supposed to happen like 3 years before it actually did?), do you think this is realistic? I’m curious what the actual blockers are for getting ePBS ready.

One more thing—you mentioned the commit-reveal flow. Can you explain that a bit more simply? I get that builders seal blocks and proposers choose them blind, but what happens during the “reveal” phase? Is there a time gap that creates new attack opportunities?

Thanks for the detailed write-up! This is exactly the kind of technical analysis I come here for.

3

Great analysis, @security_sophia. I want to push back on one thing though—I don’t think you’re being pessimistic enough.

I run MEV bot development as part of our yield optimization infrastructure, so I see firsthand how economically motivated these extractors are. ePBS improves fairness at the proposer level, but it doesn’t change the fundamental game theory.

Here’s what I expect to happen post-ePBS:

Extraction Moves to Builder-Level Competition

Right now, there’s some MEV capture at the relay level. Post-ePBS, 100% of extraction shifts to builders. They can still:

  • Front-run and sandwich transactions within their own bundles
  • Coordinate off-chain with searchers for profit-sharing deals
  • Use private order flow to gain information advantages

The economic pie doesn’t shrink—it just gets redistributed among fewer players.

Builder Centralization Is the Real Risk

@security_sophia mentioned this, but I want to emphasize it: If 3 builders control 80% of block production, we’ve just recreated the relay trust problem.

Look at the current landscape:

  • Flashbots dominates ~70% of MEV-Boost relay market share
  • Post-ePBS, what stops 2-3 sophisticated builders from forming a cartel?
  • Users can’t easily verify builder behavior since bundles are sealed

We need builder diversity or ePBS just creates a new centralization vector.

Cross-Chain and L2 MEV Is Growing Faster

The elephant in the room: Most users are on L2s now, where centralized sequencers have complete ordering control with zero PBS.

MEV opportunities I’m tracking:

  • Cross-chain arbitrage between Ethereum L1 and Base/Optimism/Arbitrum
  • L2 sequencer extraction (no competition, no auction, pure rent extraction)
  • Cross-domain sandwich attacks exploiting bridge timing

ePBS solves L1 MEV while L2 activity explodes. It’s like fixing a leak in your roof while your basement floods.

Current Data: MEV Extraction Hasn’t Decreased

Since Flashbots launched MEV-Boost and private order flow became standard, have sandwich attacks decreased? Not really. Extractors just compete on different flows.

I track MEV extraction metrics for our strategies. The tooling improved (MEV Blocker, Protect, etc.), but total extraction remains high because:

  • Not all users route through private mempools
  • Cross-DEX and cross-protocol MEV still exists
  • Sophisticated searchers find new vectors faster than protocols can patch

What Actually Protects Users

From a practical standpoint, user-level protection matters more than protocol changes:

  1. Private mempools (Flashbots Protect, MEV Blocker)
  2. Intent-based systems (CoW Swap, 1inch Fusion)
  3. MEV redistribution (MEV-share returns value to users)
  4. Better UX (wallets that warn about MEV risk)

ePBS is infrastructure improvement, not user protection.

My Prediction

Post-ePBS launch:

  • Builder market consolidates to 3-5 major players
  • MEV extraction per block stays roughly the same
  • New attack vectors emerge exploiting commit-reveal timing
  • L2 sequencer MEV becomes the bigger problem

Don’t get me wrong—ePBS is valuable for decentralization. Removing trusted relays is good. But if you’re a regular user asking “will I still get sandwiched?”, the answer is probably yes.

We need to be honest about that.

4

Really valuable discussion here! From a smart contract developer’s perspective, I want to highlight both the opportunities and challenges ePBS creates for us.

What ePBS Simplifies for Developers

One thing I appreciate about ePBS is that it removes a layer of trust assumptions we currently have to think about when building protocols. Right now, if you’re designing a DeFi protocol, you need to consider:

  • Relay censorship risk (will your transaction even get included?)
  • Proposer manipulation (can validators reorder your multicall?)
  • Builder behavior (are they cooperating with MEV searchers?)

With ePBS, at least the proposer-level manipulation is removed from the threat model. Builders seal blocks before proposers choose them, so validators can’t see transaction contents to front-run or selectively censor based on content.

That’s meaningful! It narrows the attack surface we need to defend against.

My Question: How Does This Interact with Account Abstraction?

I’m currently working on a project using EIP-4337 for account abstraction, and I’m wondering how ePBS affects UserOperation bundling.

With AA, bundlers collect UserOps and submit them as transactions. Post-ePBS:

  • Do bundlers become a new MEV extraction point?
  • How do sealed blocks affect UserOp ordering guarantees?
  • Can builders still front-run individual UserOps within a bundle?

Would love to hear if anyone’s thought through these interactions.

We Need Better Dev Tooling for MEV Simulation

@defi_diana is right that user-level protection matters, but developers also need better tools to test MEV resistance during development.

Right now, I use Foundry for testing and occasionally Flashbots’ MEV-inspect for post-mortem analysis. But there’s no good way to simulate realistic MEV conditions during local testing:

  • Can my contract be sandwich attacked under realistic slippage?
  • How does transaction ordering affect state changes?
  • What MEV opportunities does my protocol create?

Post-ePBS, we’ll need updated tooling that reflects the new block-building flow. If ePBS changes how bundles are constructed, our testing environments should mirror that.

An Optimistic Take

I agree with @security_sophia that ePBS is “progress, not a panacea.” But I’d frame it slightly differently:

Each upgrade narrows the attack surface, even if we can’t eliminate MEV entirely.

Compare this to software security: we didn’t stop writing code when we discovered buffer overflows. We added:

  • Memory-safe languages
  • ASLR and DEP
  • Static analysis tools
  • Continuous security research

We’re doing the same thing here. ePBS is one mitigation in a broader defense-in-depth strategy:

  • Protocol-level: ePBS, inclusion lists, shared sequencers
  • Application-level: Private mempools, intent systems, MEV redistribution
  • Tooling-level: Better simulation, monitoring, and education

No single solution fixes everything, but the cumulative effect makes MEV extraction harder and more expensive over time.

Call to Action: Document ePBS Best Practices

Once Glamsterdam goes live (June 2026 or whenever it actually ships :sweat_smile:), we should collaborate on best practices documentation for smart contract developers:

  • How to design MEV-resistant protocols under ePBS
  • What attack vectors still exist and how to mitigate them
  • Testing strategies for the new block-building flow
  • Integration patterns for MEV-aware applications

Anyone interested in working on this? I’d be happy to help coordinate.

TL;DR: ePBS simplifies trust assumptions for developers, but we need updated tooling and documentation to build MEV-resistant protocols effectively. Optimistic that this is progress, realistic that MEV won’t disappear.

5

This is a critical discussion, and I want to zoom out to the bigger infrastructure picture that I think everyone’s missing.

ePBS Solves L1 MEV While the Ecosystem Moves to L2

Here’s the uncomfortable truth: ePBS addresses Ethereum L1 MEV extraction just as most users and activity migrate to Layer 2s.

Look at the current landscape:

  • Base, Optimism, Arbitrum, zkSync collectively process 10x+ the transaction volume of L1
  • L2 sequencers are centralized single points of control with complete transaction ordering power
  • There’s zero PBS on most L2s—sequencers see your transaction, choose the order, and capture all MEV

@defi_diana is absolutely right: ePBS fixes a leak in your roof while your basement floods.

Cross-Chain MEV Is the Real Frontier

As someone who builds cross-chain infrastructure, the MEV opportunities I see are increasingly cross-domain:

Cross-Chain Arbitrage

When there’s a price discrepancy between Ethereum L1 and Base/Optimism:

  • Arbitrageurs monitor both chains simultaneously
  • Execute coordinated trades across domains
  • Profit from timing differences and bridge latency

ePBS sealing blocks on L1 doesn’t prevent timing attacks across chains. If I can see pending transactions on Base and coordinate with L1 activity, sealed blocks on one chain don’t help.

Bridge MEV

Cross-chain bridges create massive MEV opportunities:

  • Front-running large bridge transfers to move markets before liquidity arrives
  • Sandwich attacks around bridge deposits/withdrawals
  • Exploiting the timing gap between transaction submission and cross-chain message delivery

Validators and sequencers on different chains don’t coordinate through ePBS. This is unregulated territory.

L2 Sequencer Centralization Is Worse Than Builder Centralization

@defi_diana mentioned builder centralization risk post-ePBS. That’s a valid concern. But L2 sequencers are already completely centralized:

  • Optimism: Single centralized sequencer (OP Labs)
  • Arbitrum: Single centralized sequencer (Offchain Labs)
  • Base: Single centralized sequencer (Coinbase)

These sequencers have:

  • :white_check_mark: Complete ordering control (no auction, no PBS)
  • :white_check_mark: Full visibility into pending transactions (no sealing)
  • :white_check_mark: Zero competition (no builder market)
  • :white_check_mark: Revenue capture (100% of MEV stays with sequencer)

If you’re a regular user on Base doing DeFi, ePBS on Ethereum L1 changes nothing for you.

What Actually Needs to Happen

I’m not saying ePBS is useless—it’s the right foundation. But we need coordinated MEV solutions across the entire stack:

1. Shared Sequencers

Multiple L2s share a single sequencer network with:

  • Cross-chain transaction coordination
  • Unified MEV auction across domains
  • Atomic cross-chain execution guarantees

Projects like Espresso, Astria, and others are working on this, but adoption is slow.

2. Cross-Chain PBS Standards

We need standardized proposer-builder separation that works across chains:

  • Sequencers implement similar commit-reveal flows
  • Builders can submit bundles across multiple domains
  • Users get consistent MEV protection regardless of which chain they use

Right now, every L2 does sequencing differently. No coordination = fragmented MEV landscape.

3. Decentralized Sequencer Networks

L2s need to move toward decentralized sequencing with:

  • Multi-party sequencer committees (like Metis, Taiko)
  • Rotation mechanisms to prevent single-sequencer capture
  • Economic incentives for censorship resistance

As long as sequencers are centralized, MEV extraction is trivial and users have zero protection.

My Prediction

Post-ePBS, we’ll see:

  • :white_check_mark: L1 MEV extraction becomes more fair (good progress)
  • :cross_mark: L2 MEV explodes as volume moves to rollups (bad for users)
  • :cross_mark: Cross-chain MEV becomes dominant attack vector (hard to defend)
  • :warning: Most users won’t notice any difference because they’re on L2s

The real question isn’t “does ePBS solve MEV?” (it doesn’t). The question is: When do we get coordinated MEV mitigation across L1, L2s, and cross-chain infrastructure?

What We Should Actually Build

If I were allocating resources to MEV mitigation, I’d prioritize:

  1. Shared sequencer adoption (cross-chain coordination)
  2. L2 sequencer decentralization (eliminate single points of control)
  3. Cross-domain PBS standards (unified MEV protection)
  4. Intent-based systems (abstract MEV complexity from users)

ePBS is step 1 of a 10-step process. Let’s not pretend we’re anywhere close to done.

TL;DR: ePBS is solid infrastructure for L1, but most users are on L2s with centralized sequencers and zero MEV protection. We need shared sequencers, cross-chain PBS, and L2 decentralization—or we’re just rearranging deck chairs while the real MEV extraction happens elsewhere.