Inside Ethereum’s Hidden $49M Builder Temptation

New research finds that Ethereum’s proposer-builder separation model may allow block builders to copy private searcher bundles, while low detection rates make reputation an unreliable defence.

Inside Ethereum’s Hidden $49M Builder Temptation
Inside Ethereum’s Hidden $49M Builder Temptation

Ethereum’s proposer-builder separation ecosystem was created to develop a more competitive and specialized block-production market. Searchers identify maximal extractable value opportunities, builders assemble blocks, relays facilitate communication, and validators select the most valuable available payload. This structure has helped distribute MEV opportunities beyond individual validators and has become an important part of Ethereum’s post-Merge infrastructure.

However, specialization has also created a major information asymmetry. A builder can receive a searcher’s bid and complete transaction payload before deciding whether to include the bundle. After observing the strategy, the builder may be able to reconstruct the opportunity, replace the searcher’s transactions, and retain a larger share of the value.

A new Ethereum Research paper, “Builders’ Defection and Incentive Compatibility,” examines whether builders can be trusted to respect private order flow when no protocol rule technically prevents its reuse. Using a repeated-game model and historical data from the libmev dataset, the researchers investigate whether the threat of losing future searcher business is enough to keep builders honest.

The findings suggest that reputation may not provide a strong enough commitment mechanism when misconduct is difficult to detect. Across the historical dataset, non-TEE builders had an estimated $26 million in counterfactual defection exposure. Once BuilderNet’s technically neutralized exposure is included, the total reaches approximately $49 million.

Importantly, the study does not claim that any builder engaged in malicious behaviour. Instead, it identifies an architectural condition under which defection could be economically rational. The concern is not that every builder is dishonest, but that the system may ask builders to remain honest even when their financial incentives point in the opposite direction.

How PBS Creates a Builder Commitment Problem

Maximal extractable value refers to the value that can be captured by including, excluding, or changing the order of transactions in a block. As explained in EtherWorld’s earlier MEV in DeFi research report, searchers continuously monitor blockchain activity for arbitrage, liquidations, backrunning, and other profitable opportunities.

Once a searcher identifies an opportunity, it constructs a bundle containing the transactions required to capture it. The bundle is submitted to one or more builders with a payment indicating how much the searcher is willing to offer for inclusion.

The builder therefore receives two valuable pieces of information:

  1. The searcher’s bid for inclusion.
  2. The transaction payload revealing how the opportunity can be captured.

EW Thumbnails.png

Under honest operation, the builder compares submitted bundles, assembles the most valuable block, and sends a bid through the PBS pipeline. But the builder may also be capable of copying a profitable strategy after seeing it. Instead of including the searcher’s bundle, it could reconstruct the trade, replace the original transactions, and retain the extracted value.

This behaviour is described as builder defection.

The research frames the problem as one of imperfect commitment. The party running the auction also observes every bid, controls the final block, and decides whether the winning transaction is included. No universal cryptographic constraint prevents it from using the information it receives.

A rational builder would not need to copy every bundle. It could selectively defect only when the amount available from reproducing an opportunity exceeds the bid offered by the searcher. It could continue accepting ordinary bundles while replacing only the most profitable or easily replicable strategies.

This possibility may also affect searcher bidding behaviour. If searchers believe a builder can reproduce their strategy, they may submit a larger bid to make honest inclusion more profitable than replication.

The payment can therefore contain a deterrence premium. Searchers are paying not only to defeat competing searchers but also to discourage the auction operator from replacing them.

PBS consequently introduces a supply-chain risk within Ethereum’s transaction pipeline. The builder is not merely an infrastructure provider. It becomes a privileged observer with early access to valuable private information and unilateral control over how that information is used.

The problem is particularly difficult because the builder’s action may not be immediately visible. A copied arbitrage or liquidation can resemble an opportunity discovered independently by another searcher. The original searcher may know that its bundle was not included without being able to prove why.

When Does Honesty Become Incentive-Compatible?

The main non-technical defence against builder defection is reputation. Searchers can stop sending bundles to a builder suspected of copying private order flow. Losing future business could impose a larger cost than the value obtained from a single act of defection.

EW Thumbnails (1).png

To determine whether this punishment is sufficient, the researchers model the relationship between builders and searchers as a repeated game.

An honest builder receives a continuing stream of revenue from searcher bids. A builder that defects receives an immediate additional profit but faces the possibility that searchers will discover the action and withdraw their future business.

Whether honesty remains economically preferable depends on three factors:

  • The size of the immediate defection opportunity.
  • The probability that searchers detect the defection.
  • The value the builder places on maintaining future revenue.

If the one-time opportunity is relatively small and detection is almost certain, the builder has a strong reason to protect its reputation. If the opportunity represents several months of normal revenue and detection is unlikely, the immediate gain may exceed the expected cost of losing future business.

The paper measures this temptation through a “months-equivalent” figure. This compares a builder’s estimated defection opportunity with its average monthly honest revenue.

For example, a months-equivalent value of four means that the estimated one-time opportunity is equal to approximately four months of the builder’s normal revenue. A builder would need to place significant value on its future business to reject an opportunity of that size.

Detection is the weakest part of the reputational mechanism. Replication-based frontrunning does not necessarily leave a unique onchain signature. If a searcher’s bundle is not included, the searcher may not know whether it lost to another bidder, reverted during execution, reached the builder too late, or was deliberately copied.

A builder-generated transaction can also resemble an independently discovered opportunity. Multiple searchers frequently compete for the same arbitrage or liquidation, making reliable attribution difficult.

The paper therefore evaluates different detection scenarios rather than assuming that searchers always identify defection. It considers detection probabilities of 100%, 10%, and 1%.

At a 100% detection probability, future business can discipline most established builders. When the detection probability falls to between 1% and 10%, the incentive to remain honest weakens considerably.

The researchers consider this lower range more plausible because searchers often lack conclusive evidence of replication. At a 1% detection rate, every major non-TEE builder in the dataset would need to place exceptionally high value on long-term revenue for honesty to remain economically preferable.

Reputation is therefore not equivalent to enforceable commitment. It can influence behaviour, but its effectiveness depends on searchers observing and proving an action that may be deliberately indistinguishable from ordinary auction outcomes.

What the Builder-Level Data Reveals

The empirical analysis uses libmev data covering September 2024 to August 2025. For each builder, the researchers calculate average monthly honest revenue, estimated counterfactual defection surplus, and months-equivalent exposure.

Builder Honest Revenue per Active Month Defection Surplus Months-Equivalent
beaverbuild $3.74M $10.10M 2.70
Titan $2.25M $9.01M 4.00
bobTheBuilder $0.47M $4.14M 8.88
rsync-builder $0.36M $0.61M 1.69
BuilderNet $0.42M $23.00M 54.71
BuildAI $0.15M $2.06M 14.00
Ty For The Block $0.49M $0.07M 0.15

Beaverbuild’s estimated opportunity was equivalent to approximately 2.7 months of honest revenue. Titan’s represented four months, while bobTheBuilder’s was equal to almost nine months of its average revenue.

EW Thumbnails (3).png

The minimum level of patience required for honesty changes sharply with detection probability. When detection is certain, builders have a strong reason to preserve their future business. At a 10% probability, the reputational threat becomes weaker. At 1%, the expected punishment is so limited that the immediate defection opportunity can dominate the long-term cost.

Under the paper’s assumptions, every major non-TEE builder would need to be unusually patient when detection is rare. Even a modest preference for immediate revenue could make defection more valuable than the expected loss of future order flow.

The scale is also significant. The dataset contains approximately $49 million in total counterfactual defection surplus. Around $26 million was associated with non-TEE builders theoretically capable of acting on the information, while approximately $23 million was associated with BuilderNet, where the trusted execution environment was designed to neutralize the opportunity.

These are historical estimates rather than claims about the current builder market. Builder infrastructure changed during and after the observation period, particularly as beaverbuild migrated its order flow into BuilderNet.

The figures should also not be interpreted as proof that builders captured this value. They answer a narrower question: if a builder had chosen to reproduce profitable bundles, how much theoretical surplus might have been available under the study’s assumptions?

Nevertheless, the results indicate that the temptation is not economically trivial. Builder honesty is being asked to withstand opportunities worth several months of normal revenue, even though affected searchers may struggle to prove that defection occurred.

The findings highlight the difference between observed misconduct and incentive exposure. A system can operate without a publicly documented attack while still containing incentives that make such an attack rational.

MEV Strategies, BuilderNet & Counterfactual Exposure

The probability and profitability of replication vary across MEV strategies. The study carries forward four strategy-specific estimates from the researchers’ earlier auction model.

EW Thumbnails (2).png

Sandwich strategies have the highest estimated replicability, followed by liquidations. However, the dominant source of exposure differs between builders because each receives a different composition of order flow.

For beaverbuild, naked arbitrage produced the largest contribution to its counterfactual exposure. Titan’s exposure was led by liquidations and backruns, while bobTheBuilder’s was overwhelmingly concentrated in sandwich activity. BuilderNet’s counterfactual exposure was primarily associated with naked arbitrage and liquidations.

The comparison uses each builder’s total honest revenue because detection involving one strategy could cause searchers to withdraw all future business, rather than only bundles belonging to that category.

BuilderNet provides the most interesting comparison. It recorded approximately $23 million in counterfactual exposure and a months-equivalent value of 54.71, far above every other builder in the table. However, BuilderNet runs its block-building software within trusted execution environments.

A TEE is intended to prevent the operator from accessing individual bundles in a form that can be extracted and reused. BuilderNet’s enormous measured exposure therefore represents value that might have been available without the architectural restriction, rather than value the operator could necessarily capture.

BuilderNet also had the lowest value-weighted bribe share among the major builders, at 12.3%. The researchers interpret this as evidence consistent with the deterrence-premium theory. Searchers may bid closer to the competitive auction price when they do not need to pay extra to prevent the builder from copying them.

The timing of BuilderNet’s deployment is important. The dataset begins in September 2024, while BuilderNet launched in late November 2024. Beaverbuild gradually migrated its flow into the TEE-backed system, with the transition largely completed by mid-2025.

Beaverbuild is consequently classified as non-TEE for the earlier portion of the historical panel, even though its later order flow operated inside BuilderNet. After accounting for this migration, the research estimates that the realizable exposure corresponding more closely to the subsequent market structure would be around $16 million rather than $26 million.

This comparison strengthens the paper’s central argument. The most reliable commitment did not emerge from BuilderNet having a better reputation. It emerged from an architecture designed to prevent the operator from observing and reusing private information.

How Ethereum Can Restore Credible Commitment

The researchers argue that a durable solution should eliminate the builder’s defection opportunity instead of merely increasing the expected punishment.

If a builder cannot access a searcher’s payload in a reusable form, there is no additional value available from copying the bundle. Honesty then becomes the rational outcome regardless of how much the builder values future revenue or how likely searchers are to detect misconduct.

EW Thumbnails (4).png

The paper identifies three broad routes toward credible commitment.

The first is the use of trusted execution environments. Builder software runs inside hardware-protected infrastructure, while remote attestation allows external participants to verify the code and environment. Individual payloads remain unavailable to the operator in a directly reusable form.

BuilderNet is the primary example in the dataset. TEEs provide a practical approach but introduce hardware-related assumptions, including manufacturer security, attestation reliability, and protection against side-channel vulnerabilities.

The second route is commitment-based settlement. Transactions and bundles are converted into cryptographic commitments before they are exposed to parties capable of reproducing them. Competition occurs over these commitment views rather than unrestricted payloads.

The research identifies TOOL as an example combining attested TEE processing with distributed block building. This approach seeks to preserve confidentiality while reducing dependence on a single centralized builder.

The third route is cryptographic order protection. Transaction contents remain encrypted until inclusion or ordering has been fixed. Threshold-encrypted mempools, commit-reveal systems, batched decryption, verifiable delay functions, and witness encryption can all reduce the builder’s ability to exploit early information.

This direction overlaps with Ethereum’s expanding encrypted-mempool discussion. EtherWorld’s report on the Encrypt the Mempool Coalition explains how ecosystem participants are supporting EIP-8184, or LUCID, to reduce frontrunning, sandwich attacks, and censorship risks.

A deeper overview is available in Ethereum Encrypted Mempool: Progress, Challenges & the Road to Hegota. LUCID aims to keep transaction payloads sealed until ordering decisions are finalized, addressing the same early-information advantage that enables builder defection.

Cryptographic solutions are not free of trade-offs. Threshold encryption may depend on committee availability, while additional communication and decryption phases can introduce latency. Commit-reveal mechanisms must handle users who fail to reveal, and some designs may create new denial-of-service or liveness concerns.

The three approaches rely on different assumptions, but all target the same objective: builders should never receive private searcher information in a form they can profitably reuse before transaction ordering is fixed.

Why ePBS and FOCIL Are Not Complete Solutions

Ethereum is already redesigning important parts of its block-production pipeline through ePBS and FOCIL. However, the paper emphasizes that neither proposal directly resolves the searcher-builder commitment problem.

EW Thumbnails (5).png

EIP-7732, or enshrined proposer-builder separation, moves the proposer-builder exchange from external relay infrastructure into Ethereum’s protocol. It helps ensure that proposers receive payment and that builders cannot alter or withhold a payload after making the required commitment.

This addresses a trust problem between the proposer and builder. It does not automatically protect searchers from builders.

The builder still assembles the execution payload and may still observe submitted bundles before committing to the final block. Consequently, ePBS can improve the transparency and reliability of block delivery while leaving the private-order-flow problem unchanged.

EtherWorld’s Glamsterdam upgrade overview tracks the broader implementation of ePBS and related changes. These developments remain important, but they should not be interpreted as complete solutions to every risk created by builder specialization.

FOCIL addresses a different part of the pipeline. EIP-7805 introduces fork-choice enforced inclusion lists that help ensure eligible transactions cannot be silently excluded by a builder.

FOCIL strengthens censorship resistance, but inclusion and confidentiality are separate guarantees. A builder might include a transaction while copying, backrunning, or otherwise competing against the strategy it revealed. An inclusion list can require the transaction to appear without preventing the builder from learning from it.

The role of independent validators and FOCIL is explored further in How Solo Stakers & FOCIL Strengthen Censorship Resistance. These protections strengthen Ethereum’s neutrality, but encrypted transactions or confidential commitments are still required to address information reuse.

This is why ePBS, FOCIL, and encrypted mempools should be understood as complementary layers:

  • ePBS secures the proposer-builder exchange.
  • FOCIL strengthens transaction-inclusion guarantees.
  • Encrypted mempools protect transaction contents before ordering.
  • TEEs or commitment systems constrain builders’ access to private bundles.

EtherWorld’s earlier analysis, Hegotá Should Complete the Holy Trinity of Censorship Resistance, similarly argues that no single mechanism can address every censorship and MEV risk across Ethereum’s transaction pipeline.

The builder-defection research adds another reason to pursue this layered approach. Ethereum cannot depend solely on builders voluntarily refusing to exploit information that the architecture gives them. Reputation may influence established operators, but it becomes unreliable when detection is rare and the available surplus is large.

The study does not establish that major builders have behaved maliciously. Instead, it demonstrates that honest conduct may not always be the economically dominant strategy. That is an architectural warning rather than an accusation.

A credible builder market should not require searchers to trust that an operator will ignore a profitable opportunity. It should make that opportunity inaccessible. Ethereum’s long-term objective must therefore be to transform private-order-flow protection from a reputational promise into a verifiable technical property.

If you find any issues in this article or notice missing information, please feel free to reach out at team@etherworld.co for clarifications or updates.

To promote your Web3 articles, events, and projects, you may reach out anytime via EtherWorld PR for submissions and collaboration.

Related Articles

  1. Upgrade Watch #1: Glamsterdam Devnet 6 Live
  2. Upgrade Watch #2: Hegota and FOCIL Take Shape
  3. Ethereum Glamsterdam Upgrade
  4. Ethereum All Core Developers Execution Updates
  5. Ethereum All Core Developers Consensus Updates

To follow blockchain news, track Ethereum protocol progress, and read our latest stories, subscribe to our weekly today.


Disclaimer: The information contained in this website is for general informational purposes only. The content provided on this website, including articles, blog posts, opinions, & analysis related to blockchain technology & cryptocurrencies, is not intended as financial or investment advice. The website & its content should not be relied upon for making financial decisions. Read full disclaimer & privacy policy.

To stay updated on blockchain news, Ethereum protocol progress, and our latest stories, subscribe to our weekly digest and YouTube channel for ELI5 content.

To promote your Web3 articles, events, project updates, and Press Releases, reach out anytime via EtherWorld PR for submissions and collaboration. For other queries, email contact@etherworld.co.

If you’d like to support our work, share the content and consider donating at avarch.eth.

Join our community on Discord and follow us on Twitter, Facebook, LinkedIn & Instagram.

Join the EtherWorld & Avarch Internship Program

Subscribe to join the discussion.

Please create an account to become a member and join the discussion.

Already have an account? Sign in

Sign up for EtherWorld.co newsletters.

Stay up to date with curated collection of our top stories.

Please check your inbox and confirm. Something went wrong. Please try again.
0/5 free articles read this week
Sign up free