Paper: Denial-of-Service Against Multi-Round Transaction Simulation

Citation

Tang, Y., Wang, Y., Ding, W., Chen, J., Kim, T. “Position Paper: Denial-of-Service Against Multi-Round Transaction Simulation.” arXiv:2604.21169v1 [cs.CR] (23 Apr 2026). Syracuse University / University of Wyoming / Georgia Tech & Microsoft. NDSS 2026.

Core Problem

Transaction-bundling services (e.g. Flashbots Bundles) are critical to block builders and heavily used by MEV searchers. Existing DoS attacks are ineffective against bundling services because of their multi-round execution model (builders run unconfirmed txs across multiple rounds under different orderings, to search for revenue-maximizing bundles and filter reverts). This paper develops the first evasive, risk-free, low-cost DoS attacks that do work against multi-round builders.

Attack Design

• Prior resource-exhaustion attacks (ConditionalExhaust, GhostTX, DoERS, denial-of-sequencers) passively check whether execution is speculative and fire the payload — but cannot tell which build round they’re in, so they fire prematurely in pre-rounds where the slowdown is confined to adversarial threads.
• Key idea — exploit inter-transaction dependencies via shared contract state: on an n-round builder, the adversarial contract hides the resource-exhaustive payload behind (n−1) branch conditions, each gated on a distinct state variable. The attacker issues >n transactions: the first (n−1) set up the context, the rest trigger the payload only in the final round, where adversarial + normal txs execute together in serial order, so delaying one tx delays all that follow.
• Abuses bundling-specific features (atomic block inclusion) to cut capital + operational cost. This inter-dependent-transaction design space was unexplored by prior DoS work (which used independent, isolated transactions).

Findings

• High success rates; substantially reduces builder revenue and slows block production.
• Identifies a fundamental challenge in securing any finite-round builder against such DoS; proposes mitigations but notes no clean fix.
• Builder DoS centralizes the builder market (victims’ customers excluded; relays/proposers skip victim blocks) and benefits competing builders/searchers — giving them an incentive to mount it.

Connection to Wiki

• Security/robustness counterpoint to the multi-round building designs catalogued in the wiki: Sub-Slot Execution (TOOL / NuConstruct), the “Mini-Blocks” multi-round MEV-Boost lineage, and programmable/multi-round builders.
• Relevant to MEV Supply Chain: Searchers, Builders, Relays, and Validators (bundle pipeline) and the spam/resource-exhaustion themes in Paper: Blockspace Under Pressure — Spam MEV on High-Throughput Blockchains.

See Also

• MEV Supply Chain: Searchers, Builders, Relays, and Validators — bundling services in the MEV supply chain
• Paper: Blockspace Under Pressure — Spam MEV on High-Throughput Blockchains — adjacent resource-exhaustion / wasteful-execution dynamics
• Sub-Slot Execution (TOOL / NuConstruct) — sub-slot / multi-round designs and their attack surface