Hi There,
I understand the importance of allowing users to have private transactions on BSC (to prevent front running etc), however, I think allowing validators to be able to allow anybody to reorder TX’s in any way which they want is awful.
Currently there are 3 MEV services out of there for BSC that I know of that work with many BSC validators, all these MEV services allow you to create bundles which allows users to grab transactions from the mempool and reorder them while injecting their own tx’s before or after the victim(s) tx to exploit them for profit via backrunning or front running sometimes completely draining the on chain user. Because of this from what I can see at least $1.18M has been stolen from users with sandwhich attacks alone within the last 30 days (source: https://eigenphi.io/), There have also been countless of other attacks I have seen personally due to people having this ability to exploit users.
Why are we allowing validators to provide access to anybody to mess with the order of other users transactions ? This creates the opporunity for many attacks (sandwhich being one of the most known) just to benefit the attackers and the validators and to put all the normal users who have no idea what MEV is at risk on chain of multiple attacks. At this point in time anybody can target a persons wallet address, listen to any of their transactions across the peer to peer network and play with there tx positon within the block and abuse anything and everything they want.
We have the exact same issue on ethereum, however, ethereum allows anybody to become a validator which is what creates this issue in the first place and is what makes this entirely different, all bsc validators are chosen and all bsc validators must ensure contact with the bsc team at all times. Why are we letting validators allow anybody to come along and exploit any transactions across the network and putting everybody at risk rather than just ensuring a fair p2p transaction system? There is no reason to reorder anyones transactions in mempool unless their is malicious intent.