Summary
Private order flow (POF) encompasses all transactions routed outside the public mempool — through private RPCs, OFA (Order Flow Auction) providers, and direct builder integrations. POF is the primary driver of block building market concentration. Wallets and DeFi interfaces sit at the junction of signing, routing, and broadcasting, giving them significant power over where transactions land and whether MEV is extracted, shared, or prevented.
The Transaction Journey
Functional Layers (Flashbots analysis, Apr 2026)
Non-custodial wallets and DeFi interfaces operate across three layers:
1. Signing
- EOA transactions: user signs directly with their private key (secp256k1 for Ethereum)
- ERC-4337 smart wallets: user signs a “user operation”; a bundler wraps it in an EOA transaction
- EIP-712 typed data: wallets can sign off-chain messages authorizing on-chain execution (used by Permit2, solvers)
- MPC/TEE key management: key splits across parties; non-custodial if unilateral signing without user approval is impossible
2. Routing
- AMM aggregation: the interface finds the best execution path across DEX venues
- RFQ systems: private market makers quote prices off-chain; user’s trade filled by solver
- PropAMMs: professional market maker operates an on-chain AMM using off-chain pricing algorithms
- OFA (Order Flow Auctions): the transaction is auctioned to searchers who can backrun it; user receives a rebate
- Intent-based routing: user expresses desired outcome; solvers compete to fulfill at best price
3. Broadcasting
- Public mempool: standard RPC submission; visible to all builders
- Private RPC (Flashbots Protect, MEV Blocker, etc.): not visible in public mempool; protected from frontrunning/sandwiching
- Direct-to-builder: transaction sent to specific builder’s private mempool
- OFA provider: transaction auctioned to searchers; winning searcher submits bundled with backrun
Regulatory Implications
The analysis notes (April 2026) that regulators are examining whether wallet/interface functions constitute broker-dealer activity under SEC factors:
- “Participating in the order-taking or order-routing process” — wallets clearly do this
- “Receives transaction-based compensation” — OFA providers do
- The analysis is descriptive, not legal advice; regulatory outcomes depend on facts and circumstances
OFA (Order Flow Auction) Mechanics
An OFA provider (e.g., MEV Blocker, CoW Protect) receives user transactions and:
- Broadcasts the transaction to a set of searchers
- Searchers bid to backrun the transaction (they can see the transaction content but cannot frontrun it)
- The highest bidder’s backrun is bundled with the original transaction
- The searcher pays a rebate to the user (and sometimes the OFA provider takes a fee)
- The bundle goes to preferred builder(s) who have agreed to honor the OFA terms
User benefit: protection from frontrunning/sandwiching + ETH rebate on backrun value
Searcher benefit: exclusive access to predictable backrun opportunities
Builder benefit: exclusive OFA flow → winning more blocks → higher proposer bids
The Flywheel (Repeated from Exclusive Orderflow)
OFA flow → builders win blocks → builders bid higher → validators adopt → more OFA flow to winning builder
This creates a winner-takes-most dynamic. The top builders in 2026 (Titan ~47.6%, BuilderNet ~26%) owe their positions largely to exclusive OFA/wallet partnerships.
PropAMM Shenanigans
PropAMMs (Proportional AMMs) rely on off-chain market makers updating prices on-chain. Two ways aggregators can deceive users about PropAMM liquidity:
1. Phantom Liquidity (Flashblocks-based)
- Aggregators query PropAMM state at the beginning of a Flashblock (sub-block period)
- The market maker updates prices within the Flashblock, changing the available liquidity
- By the time the user’s transaction executes, the displayed quote may be stale by 5–10 bps
- The user sees “good” liquidity that evaporates before their trade
2. Random Spread Fluctuations
- PropAMM spreads fluctuate randomly (market-maker-controlled)
- Aggregators that query at peak liquidity show better prices than users actually receive
- Users comparing aggregator quotes assume they’ll get the displayed spread; actual execution is worse
Mitigation: aggregators that re-quote at execution time rather than at display time; or TEE-based PropAMMs with verifiable pricing commitments.
MEV Protection Options
| Mechanism | Front-run protection | Backrun sharing | Builder concentration |
|---|---|---|---|
| Public mempool | None | None | Neutral |
| Flashbots Protect | Yes | Partial (flashbots share) | Increases Flashbots flow |
| MEV Blocker | Yes | Yes (rebate to user) | Increases partnered builders |
| CoW Swap | Yes (batch auction) | Partial | Neutral (multiple solvers) |
| Encrypted mempool (LUCID) | Yes (protocol-level) | Prevents all pre-execution MEV | Neutral |
User-Side Considerations
- Default wallet settings: most users never change their RPC; default settings determine where 95%+ of retail flow goes
- MetaMask priority fee: set at 2 gwei standard (~20× higher than needed in uncongested conditions); users overpay significantly
- Slippage defaults: high default slippage tolerances (1%) create sandwich opportunities; lower defaults (0.1%) prevent most attacks but may cause reverts
Related Pages
- Exclusive Order Flow and the Builder Flywheel — The builder flywheel; market concentration
- Intents, Solvers, and Cross-Chain Execution (ERC-7683) — Intent-based routing; solver competition
- PropAMMs: Proportional AMMs and On-Chain Market Making — PropAMM mechanics and aggregator deception
- Encrypted Mempools — Protocol-level OFA replacement
Key Sources
- Economics Align the Incentives (2026) — OFA flywheel; builder concentration
- Functional Layers of Non-Custodial Wallets (Flashbots, Apr 2026) — signing/routing/broadcasting taxonomy; regulatory context
- PropAMM Shenanigans (2026) — phantom liquidity; spread fluctuations