[Paper] MAD-DAG: Protecting Blockchain Consensus from MEV

Source: arXiv - 2511.21552v1

Overview

The paper introduces MAD‑DAG, a new blockchain consensus protocol that thwarts selfish‑mining attacks even when the network is hostile—e.g., when miners can race to propagate blocks faster, when block rewards fluctuate because of MEV (Miner Extractable Value), or when “petty‑compliant” miners accept bribes. By redesigning how the ledger treats competing chains, MAD‑DAG restores security without the impractically high latency required by the previous state‑of‑the‑art protocol, Colordag.

Key Contributions

• MAD‑DAG protocol: A practical DAG‑based consensus mechanism that neutralizes selfish mining under adverse conditions (rushing, MEV variability, bribed miners).
• Novel ledger rule: When multiple chains have the same length, the protocol discards their transaction contents, forcing miners to focus on block creation rather than strategic withholding.
• Tractable selfish‑mining model: Formulated a Markov Decision Process (MDP) that captures a rational attacker’s optimal strategy and yields an upper bound on selfish‑mining revenue.
• Security threshold analysis: Provided the first concrete lower bound on the minimum hash power needed for a selfish miner to profit in a realistic DAG blockchain.
• Empirical comparison: Demonstrated that MAD‑DAG’s security threshold stays between 11 %–31 % under harsh conditions, whereas Bitcoin and Colordag collapse to 0 % (i.e., any attacker can profit).

Methodology

1. Protocol Design – The authors built MAD‑DAG on top of a directed‑acyclic‑graph (DAG) ledger. The key twist is the content‑discard rule: if two or more branches have identical height, the network treats them as indistinguishable and ignores the transactions they carry until one branch becomes strictly longer.
2. Adversarial Model – They considered three “adverse” factors:
   • Rushing: the attacker can propagate its blocks faster than honest nodes.
   • MEV variability: block rewards differ because miners can extract value from transaction ordering.
   • Petty‑compliant miners: honest miners who will accept a small bribe to follow the attacker’s fork.
3. MDP Formulation – The selfish miner’s decision process (publish, withhold, or fork) is expressed as a Markov Decision Process. By deliberately favoring the attacker in the reward calculation (a conservative assumption), the resulting revenue estimate is an upper bound, guaranteeing that any real‑world profit would be lower.
4. Analytical & Simulation Evaluation – The MDP is solved analytically for tractable cases and validated with Monte‑Carlo simulations across a range of network parameters (latency, reward variance, bribery levels).

Results & Findings

• Security Threshold: In the worst‑case scenario (high MEV variance + many petty‑compliant miners), MAD‑DAG requires at least 11 %–31 % of total hash power for a selfish miner to break even, compared to 0 % for Bitcoin and Colordag (meaning any tiny attacker can profit).
• Comparable Baseline Security: When adverse conditions are absent, MAD‑DAG’s threshold aligns closely with Bitcoin’s (~30 % under standard assumptions), showing no loss of security in normal operation.
• Robustness to Rushing: The content‑discard rule eliminates the advantage of faster propagation because the attacker cannot gain extra revenue by simply being first; only a longer chain matters.
• MEV Neutralization: Since transaction contents are ignored on equal‑length forks, the attacker cannot exploit reward variability by selectively revealing high‑MEV blocks.

Practical Implications

• Stronger Public‑Chain Guarantees: Deploying MAD‑DAG could make permissionless blockchains far more resilient to sophisticated profit‑driven attacks that are already observed in DeFi ecosystems (e.g., sandwich attacks, front‑running).
• Lower Barrier for Secure DAG Adoption: Developers building DAG‑based ledgers (e.g., IOTA, Conflux) can adopt MAD‑DAG’s ledger rule without sacrificing performance, gaining protection against selfish mining without the high latency penalties of Colordag.
• Simplified Incentive Design: By decoupling block rewards from transaction ordering in tie‑situations, protocol designers can avoid complex MEV‑mitigation layers (e.g., transaction ordering auctions) for the specific case of fork competition.
• Tooling for Auditors: The MDP model provides a concrete analytical framework that auditors and security engineers can use to evaluate the profitability of selfish strategies on any DAG‑based chain, facilitating risk assessments before launch.

Limitations & Future Work

• Assumption of Honest Majority on Content Discard: The security proof hinges on honest nodes discarding transaction contents on ties; if implementations diverge, the guarantee weakens.
• Network Latency Bounds: While MAD‑DAG works with realistic latency, extreme network partitions could still create exploitable windows not covered in the analysis.
• Economic Modeling of Bribes: The “petty‑compliant” miner model assumes a simple bribe threshold; richer game‑theoretic models (e.g., dynamic bribery markets) remain unexplored.
• Extending to Multi‑Asset DAGs: Future research could investigate how the ledger rule interacts with cross‑chain or multi‑asset DAGs where transaction semantics differ.

Authors

• Roi Bar-Zur
• Aviv Tamar
• Ittay Eyal

Paper Information

• arXiv ID: 2511.21552v1
• Categories: cs.CR, cs.DC
• Published: November 26, 2025
• PDF: Download PDF