DeFi Surpasses CeFi—Predictability Is the Key
TechFlow Selected TechFlow Selected
DeFi Surpasses CeFi—Predictability Is the Key
For blockchain to truly compete with existing financial infrastructure, it must address far more than just throughput.
Navigating Web3 tides with focused insightsAuthors: Pranav Garimidi, Joachim Neu, Max Resnick
Translated by: Luffy, Foresight News
Blockchains can now confidently claim competitive parity with existing financial infrastructure. Current production systems process tens of thousands of transactions per second—and performance is poised for order-of-magnitude improvements.
Yet beyond raw throughput, financial applications demand predictability. Whether it’s a payment, an auction bid, or an options exercise, reliable assurance about *when* a transaction will be included on-chain is essential for financial systems to function correctly. Unpredictable delays render many applications unusable. For on-chain finance to remain competitive, blockchains must provide short-term inclusion guarantees: any valid transaction submitted to the network must be guaranteed inclusion in the next available block.
Consider an on-chain order book. Efficient order books require market makers to continuously supply liquidity by posting bid and ask orders at the top of the book. Their core challenge is balancing tight spreads against adverse selection—i.e., avoiding losses when their quotes fall out of sync with the market. To mitigate this, market makers must constantly update their orders to reflect real-time market conditions. For instance, if an unexpected Federal Reserve announcement causes sharp asset price movements, market makers must immediately revise their orders to the new price. If their update transactions cannot be included on-chain instantly, arbitrageurs will trade against stale prices—causing losses to market makers. In response, market makers widen spreads to hedge risk, degrading the competitiveness of the entire on-chain trading platform.
Predictable transaction inclusion enables market makers to reliably respond to off-chain events and sustain efficient on-chain markets.
The Gap Between Current Reality and Desired Goals
Today’s mainstream blockchains offer only eventual inclusion guarantees—with latency measured in seconds. Such guarantees suffice for payments but fail to support most financial applications requiring real-time responsiveness from market participants.
Returning to the order-book example: for market makers, “inclusion within a few seconds” is meaningless—if arbitrageurs’ transactions land in earlier blocks, they still win. Without strong inclusion guarantees, market makers must widen spreads and offer worse prices to users, eroding the appeal of on-chain trading relative to platforms offering stronger assurances.
For blockchains to fulfill their vision as modern capital-market infrastructure, developers must resolve these issues—enabling high-value applications like order books to thrive.
Why Is Predictability So Hard to Achieve?
Strengthening transaction inclusion guarantees on existing blockchains—especially to support such use cases—is extremely challenging. Some protocols rely on a single node (the block proposer) to determine transaction ordering during a specific time window. While this simplifies engineering for high-performance public chains, it creates an economically privileged point where value extraction becomes possible.
Typically, during its designated proposal window, the block proposer has full control over which transactions are included in the block.
On blockchains hosting significant financial activity, the block proposer occupies a privileged position. If it refuses to include a given transaction, users must wait for the next proposer willing to do so. In permissionless networks, proposers naturally possess incentives to extract value—commonly referred to as MEV (Maximal Extractable Value).
MEV extends far beyond sandwich attacks. Even delaying a transaction by tens of milliseconds can yield massive profits while undermining application efficiency. An order book that prioritizes only certain traders’ orders places everyone else at a structural disadvantage. At worst, malicious proposer behavior may drive all traders away from the platform.
Suppose an interest-rate hike is announced, causing ETH’s price to drop 5% instantly. All market makers rush to cancel existing orders and repost them at the new price. Simultaneously, arbitrageurs submit sell orders at outdated prices.
If this order book runs atop a single-proposer protocol, that proposer gains enormous power. It could outright censor all market makers’ cancellation transactions—enriching arbitrageurs. Or it could avoid explicit censorship but simply delay cancellations long enough for arbitrage trades to execute first. Worse yet, it could insert its own arbitrage transactions directly into the block, profiting from the price discrepancy.
Two Core Requirements: Censorship Resistance and Information Hiding
Faced with such advantages, active participation by market makers becomes uneconomical—the moment prices move, they risk being exploited. Fundamentally, this stems from two privileges held exclusively by the block proposer:
- The ability to censor others’ transactions;
- The ability to observe others’ transactions and submit its own in response.
Either capability alone can lead to catastrophic outcomes.
An Illustrative Example
We illustrate this precisely using an auction. Suppose two bidders, Alice and Bob—and Bob happens to be the block proposer for the auction’s block. (We consider only two bidders for simplicity; the logic generalizes to arbitrary numbers.)
Bids are accepted throughout the block production period—for instance, between time 0 and time 1. Alice submits her bid bA at time tA; Bob submits his bid bB later, at time tB. As the proposer, Bob always gets to act last.
Both bidders observe a continuously updated price feed (e.g., the mid-price from a centralized exchange), denoted pt at time t. Assume that at any time t, both parties expect the asset’s value at auction close (t = 1) to equal the current price pt. The auction rules are simple: highest bidder wins and pays their own bid.
Why Censorship Resistance Matters
If Bob can leverage his proposer status to censor Alice’s bid, the auction mechanism collapses entirely. Bob need only submit any low bid to guarantee victory—and the auction’s revenue approaches zero.
Why Information Hiding Matters
A subtler failure occurs when Bob cannot directly censor Alice’s bid—but sees it before submitting his own. Then Bob adopts a simple strategy:
- If the current price ptB > bA, submit a bid just above bA;
- Otherwise, withdraw entirely.
This strategy subjects Alice to adverse selection: she wins only when her bid exceeds the asset’s expected value—and winning implies a loss. She thus exits the auction. Once competition vanishes, Bob wins with an arbitrarily low bid—and again, revenue approaches zero.
The key conclusion: auction duration is irrelevant. As long as Bob can either censor Alice’s bid or observe it before submitting his own, the auction inevitably fails.
This logic applies equally to high-frequency trading environments—including spot, perpetual, and derivatives exchanges. If proposers hold the same powers as Bob in our example, markets break down entirely. Any viable on-chain product supporting such scenarios must categorically deny proposers these privileges.
Why Haven’t These Problems Materialized Yet?
Our analysis paints a bleak picture of transaction inclusion on permissionless single-proposer protocols. Yet many such protocols host decentralized exchanges (DEXs) with substantial trading volumes. Why?
Two real-world forces currently dampen these problems:
- Block proposers typically hold large positions in native tokens—deeply aligning their interests with the chain’s success—and thus refrain from fully abusing economic power;
- Application-layer workarounds have emerged to reduce vulnerability to these issues.
While these factors keep DeFi functioning today, they’re insufficient for on-chain markets to truly compete with off-chain alternatives over the long term.
On economically active public chains, becoming a proposer requires substantial staking. Thus, proposers either hold large token balances themselves or command sufficient reputation to attract delegation from other holders. Either way, major node operators are reputable, well-known entities. Moreover, their staked assets incentivize them to uphold chain health. Hence, we’ve yet to observe outright proposer abuse—but that doesn’t mean the problem is absent.
First, relying on proposer goodwill, social pressure, and long-term incentives is not a sound foundation for future finance. As on-chain financial scale grows, proposers’ potential profits grow proportionally. Greater temptation weakens the social constraints preventing short-term self-interest.
Second, proposer abuse exists on a spectrum—from mild to market-destroying. Operators may gradually expand their powers unilaterally to capture higher returns. Once one crosses the line, others quickly follow. Individually minor actions may seem tolerable—but collectively, they produce obvious, damaging effects.
The canonical example is timing games: proposers delay publishing blocks as much as protocol rules allow, maximizing their MEV. This elongates block times—or even causes missed blocks. Though such strategies’ profitability is widely known, proposers initially restrain themselves out of stewardship responsibility. Yet this social equilibrium is fragile: once one proposer begins extracting value without penalty, others rapidly imitate.
Timing games represent just one way proposers boost returns without fully abusing power. Many other methods sacrifice application integrity for higher yields. Each action may appear acceptable in isolation—but collectively, they eventually cross a threshold where on-chain operation costs exceed benefits.
Another reason DeFi still functions is that applications shift core logic off-chain, uploading only final results. Protocols needing fast auctions often run the entire process off-chain—frequently via permissioned node groups—to sidestep malicious proposer risks. UniswapX’s Dutch auctions on Ethereum mainnet and Cowswap’s batch auctions both execute off-chain.
While this approach keeps applications running, it places the underlying public chain—and its value proposition—in an awkward position: execution moves off-chain, reducing the base layer to a mere settlement engine. Composability—one of DeFi’s greatest strengths—breaks down in a world where all execution happens off-chain, isolating applications in silos. Relying on off-chain execution also introduces new trust assumptions: beyond the base chain’s availability, off-chain infrastructure must also remain operational.
How Do We Achieve Predictability?
To solve these problems, protocols must satisfy two properties: stable transaction inclusion and ordering rules, plus privacy protection prior to transaction confirmation.
First Requirement: Censorship Resistance
We formalize the first property as short-term censorship resistance: if a transaction reaches an honest node, it is guaranteed inclusion in the next available block.
Short-term censorship resistance: Any valid transaction arriving at any honest node within its deadline is guaranteed inclusion in the next block.
More precisely, suppose the protocol operates on a fixed clock—e.g., producing one block every 100 ms. If a transaction arrives at an honest node at 250 ms, it must be included in the 300-ms block. Attackers cannot selectively include or omit transactions. The core idea is that users and applications must enjoy highly reliable inclusion paths—unaffected by individual nodes dropping packets or failing.
Although this definition demands inclusion for transactions reaching *any* honest node, achieving it may incur excessive overhead. Crucially, the protocol must be robust enough that inclusion paths exhibit strong predictability—and be simple and intuitive to reason about.
Permissionless single-proposer protocols clearly fail this requirement: if the current proposer misbehaves, no alternative inclusion path exists. Conversely, even a small set of four nodes capable of proposing blocks each epoch would vastly improve users’ and applications’ inclusion options. Sacrificing some performance to achieve robustness is worthwhile. Optimizing the tradeoff between robustness and performance remains an open research area—but current protocols clearly offer insufficient guarantees.
Once inclusion is guaranteed, ordering becomes tractable. Protocols may adopt any deterministic ordering rule—the simplest being priority-fee sorting, or allowing applications to flexibly order transactions interacting with their state. Optimal transaction ordering remains an active research topic—but ordering rules only matter once inclusion itself is assured.
Second Requirement: Information Hiding
Beyond short-term censorship resistance, protocols must provide another critical property: what we call hiding—a privacy guarantee.
Hiding: No party other than the node that receives a transaction learns anything about it until the protocol finally confirms and orders the transaction.
A protocol satisfying hiding allows the receiving node to view transaction contents in plaintext—but requires all other network participants to remain oblivious until consensus finalizes and ordering is determined. For example, the protocol might use delayed encryption, rendering block contents invisible until a deadline passes; or threshold encryption, decrypting only after a committee confirms the block is irreversible.
This means nodes may misuse transaction information submitted to them—but the rest of the network learns the content only after ordering and confirmation are complete. By then, front-running is impossible. This definition assumes multiple nodes can propose blocks each epoch.
We avoid stronger privacy definitions—e.g., encrypted mempools where only the user knows transaction details—because protocols need to filter spam. Fully hiding transaction content from the network makes distinguishing spam from valid transactions impossible. The only workaround is leaking partially unencrypted metadata—e.g., charging fees regardless of validity via a fee-paying address. But such metadata may leak enough information for attackers to exploit. Hence, we adopt a pragmatic middle ground: transaction contents are visible only to the receiving node—not to the broader network. This implies users must have access to at least one honest node as an inclusion entry point each epoch.
Protocols combining short-term censorship resistance and hiding form ideal foundations for financial applications. Returning to our on-chain auction example, these two properties directly eliminate both ways Bob could undermine the market: he can neither censor Alice’s bid nor use her bid to inform his own—fully resolving the two core problems identified earlier.
Under short-term censorship resistance, any transaction—whether placing an order, submitting an auction bid, or triggering liquidation—is guaranteed immediate on-chain inclusion. Market makers can revise orders, bidders can submit quickly, and liquidations execute efficiently. Users gain confidence that their actions will be executed promptly—enabling a new generation of low-latency, real-world financial applications built entirely on-chain.
For blockchains to truly compete with—and surpass—existing financial infrastructure, solving throughput alone falls far short.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
a16z
