Skip to Content
GuidesMEV Protection

MEV Protection

MEV (Maximal Extractable Value) attacks — particularly sandwich attacks — can cause agents to execute at worse prices than simulated. txfence integrates with Flashbots Protect and MEV Blocker to route transactions through protected endpoints, preventing frontrunning and sandwiching.

Policy field

import type { Policy, MevProtectionMode } from '@txfence/core'
 
const policy: Policy = {
  // ...other fields...
  mevProtection: 'flashbots',  // 'flashbots' | 'mev-blocker' | 'none'
}

mevProtection is a per-transaction policy decision. Swaps can use Flashbots while transfers use 'none'.

Only applies to EVM chains. Solana and Cosmos adapters ignore this field.

Modes

flashbots

Routes broadcast through https://rpc.flashbots.net. Transactions are submitted to Flashbots builders directly, bypassing the public mempool entirely.

const policy: Policy = {
  mevProtection: 'flashbots',
}

mev-blocker

Routes broadcast through https://rpc.mevblocker.io. MEV Blocker distributes transactions to a network of searchers who compete to include them without sandwiching.

const policy: Policy = {
  mevProtection: 'mev-blocker',
}

none (default)

Standard RPC broadcast. No MEV protection.

Custom endpoints

import type { MevProtectionConfig } from '@txfence/core'
 
const mevConfig: MevProtectionConfig = {
  flashbots: {
    rpcUrl:        'https://rpc.flashbots.net/fast',  // field is `rpcUrl`, not `endpoint`
    authSignerKey: process.env.FLASHBOTS_AUTH_KEY,    // optional — enables reputation scoring
  },
  mevBlocker: {
    rpcUrl: 'https://rpc.mevblocker.io',
  },
}

FlashbotsConfig has two optional fields: rpcUrl (overrides the default endpoint) and authSignerKey (private key used to sign requests so Flashbots can attach reputation). MevBlockerConfig has only rpcUrl. Pass mevConfig to executeEvmAction via your executor.

How it works

getMevProtectedRpcUrl(mode, config?, fallbackRpcUrl?) — resolves the broadcast endpoint.

broadcastWithMevProtection(signedTx, mode, config?, fallbackRpcUrl?) — sends eth_sendRawTransaction to the protected endpoint.

broadcastAndConfirm and executeEvmAction thread mevProtection and mevConfig through automatically when set on the policy.

Known limitations

  • Flashbots auth signing (X-Flashbots-Signature) requires ECDSA secp256k1 — deferred to v2. Unsigned requests still receive MEV protection, just without reputation scoring.
  • EVM only — no Solana or Cosmos MEV protection.
  • Both endpoints require internet access — not suitable for air-gapped environments.
  • Flashbots Protect may have higher latency than standard RPC submission.
Last updated on
Intent ExecutionMulti-Agent Coordination