DeFi surpasses CeFi; predictability is key

Written by: Pranav Garimidi, Joachim Neu, Max Resnick

Translated by: Luffy, Foresight News

Blockchain can now confidently claim that it has the capability to compete with existing financial infrastructure. Current production systems process tens of thousands of transactions per second, with future performance expected to improve by orders of magnitude.

But beyond raw throughput, financial applications also require predictability. When a transaction is initiated—be it a trade, an auction bid, or an option exercise—reliable assurance that it will be on-chain at a specific time is essential for the normal operation of financial systems. If transactions face unpredictable delays, many applications become unusable. To make on-chain financial applications competitive, blockchains must provide short-term on-chain guarantees: once a valid transaction is submitted to the network, it should be guaranteed to be included in a block as soon as possible.

For example, on-chain order books rely on this principle. Efficient order books require market makers to continuously provide liquidity by placing buy and sell orders. The core challenge for market makers is to minimize bid-ask spreads while avoiding adverse selection caused by outdated quotes. To do this, they must constantly update orders to reflect the latest market conditions. For instance, when the Federal Reserve announces a major policy change causing asset prices to fluctuate sharply, market makers need to respond immediately by updating their orders to the new prices. If the transactions used to update orders cannot be instantaneously on-chain, arbitrageurs can execute trades at outdated prices, causing losses for market makers. In such cases, market makers might widen spreads to reduce risk, which diminishes the competitiveness of on-chain trading platforms.

A predictable on-chain transaction mechanism provides reliable guarantees for market makers, enabling them to respond swiftly to off-chain events and maintain efficient on-chain markets.

The Gap Between Current State and Goals

Currently, mainstream blockchains only offer finality guarantees, often with confirmation times measured in seconds. Such guarantees are sufficient for payments and similar applications but fall short for most financial applications that require real-time responsiveness from market participants.

Returning to the order book example: for market makers, a “guarantee” of on-chain inclusion within a few seconds is meaningless if arbitrageurs can have their transactions included earlier by other blocks. Without strong on-chain guarantees, market makers are forced to widen spreads or offer worse quotes to hedge risks, making on-chain trading less attractive compared to platforms with stronger guarantees.

If blockchain is to truly realize its vision as the backbone of modern capital markets, developers must address these issues to enable high-value applications like order books to thrive.

Why Is Achieving Predictability Difficult?

Enhancing transaction inclusion guarantees on existing blockchains to support such scenarios is highly challenging. Some protocols rely on a single node (block producer) to decide the order of transaction inclusion within a specific window. While this simplifies high-performance blockchain design, it also creates a potential economic monopoly point—block producers can extract value through this control.

Typically, during the window when a node is elected as the block producer, it has full control over which transactions are included in the block.

For blockchains supporting significant financial activity, block producers hold privileged positions. If a block producer refuses to include a transaction, users must wait for the next willing producer. In permissionless networks, block producers are naturally incentivized to extract value—what is known as MEV (Maximal Extractable Value).

MEV is far more than simple front-running attacks. Even delaying transaction inclusion by tens of milliseconds can generate enormous profits and reduce the efficiency of underlying applications. An order book that prioritizes only certain traders’ orders creates an unfair environment for others. Worst-case, malicious block producers could cause traders to abandon the platform altogether.

For example, if an interest rate hike causes ETH prices to drop 5% instantly, market makers will rush to cancel existing orders and re-place them at the new prices. Meanwhile, arbitrageurs will submit orders to sell ETH at outdated prices.

In a protocol where a single block producer controls transaction inclusion, that node wields enormous power. It could choose to censor market makers’ cancellations, allowing arbitrageurs to profit massively; or delay cancellations to front-run arbitrage trades; or even insert its own arbitrage transactions to profit from price deviations.

Two Core Demands: Censorship Resistance and Information Hiding

In such a scenario, active participation by market makers becomes uneconomical—they could be exploited whenever prices fluctuate. The fundamental problem stems from two privileges of block producers:

• The ability to censor others’ transactions;
• The ability to see others’ transactions before including their own.

Any of these issues can lead to catastrophic outcomes.

An Example

Let’s illustrate this with an auction scenario. Suppose two bidders, Alice and Bob, and Bob happens to be the block producer for the block containing the auction. (This example can be generalized to any number of bidders.)

The auction accepts bids within a block production window, say from time 0 to time 1. Alice submits a bid bA at time tA, and Bob submits bB at a later time tB. Since Bob is the block producer, he can always ensure he acts last.

Both can access a continuously updated price feed (e.g., a centralized exchange’s mid-price), with pₜ representing the price at time t. We assume that at any time t, both expect the asset’s price at auction end (t=1) to be equal to the current price pₜ. The auction rule is simple: highest bid wins and pays their bid.

Censorship Resistance Is Essential

If Bob can censor Alice’s bid by virtue of being the block producer, the auction mechanism collapses. Bob can bid any low price to guarantee victory, resulting in near-zero revenue for the auction.

The Need for Information Hiding

A more subtle scenario: Bob cannot directly censor Alice’s bid but can see her bid before submitting his own. In this case, Bob can adopt a simple strategy:

• If the current price pₜ_B > bA, bid slightly higher than bA;
• Otherwise, abstain from bidding.

This strategy forces Alice into adverse selection: she can only win if her bid exceeds the expected end-price, which would mean a loss. Rationally, she will exit the auction. Once all competitors have dropped out, Bob can bid a very low price and win, again yielding near-zero profit.

The core conclusion: the duration of the auction doesn’t matter. As long as Bob can see or censor Alice’s bid, the auction is doomed to fail.

This logic applies equally to high-frequency trading scenarios, including spot, perpetual, and derivatives exchanges: if block producers have the powers described, markets will be fundamentally broken. For such on-chain products to be viable, they must not grant block producers these privileges.

Why Haven’t These Issues Exploded in Practice?

The above analysis paints a bleak picture of permissionless protocols with single block producers, yet many decentralized exchanges (DEXs) built on such protocols still see substantial trading volume. Why?

In reality, two forces mitigate these problems:

• Block producers often hold large amounts of native tokens, tightly coupled with the success of the blockchain, discouraging outright abuse of economic power;
• Application layers have developed workarounds to reduce their vulnerability to these issues.

While these factors have allowed DeFi to operate relatively normally so far, they are insufficient for long-term competitiveness against off-chain markets.

Active public blockchains require significant staking to become block producers. Nodes are either large token holders or trusted entities with reputation delegated by others. These large operators are typically reputable organizations. Staking also incentivizes maintaining the health of the chain. Therefore, outright abuse of power by nodes has not yet become widespread, but this does not mean the problem is nonexistent.

First, relying on node operators’ goodwill, social pressure, and long-term incentives is not a reliable foundation for future finance. As on-chain financial activity grows, the potential profits for malicious nodes increase proportionally. The greater the temptation, the weaker the social pressure to restrain short-term misconduct.

Second, the degree of abuse is a continuous spectrum—from mild misbehavior to outright market destruction. Nodes might gradually expand their powers for higher profits, and once someone crosses a line, others may quickly follow. While individual node actions may seem limited, collective shifts can have obvious, damaging effects.

A classic example is the timing game: block producers delaying block publication within protocol limits to maximize their gains. This can lengthen block times or cause missed blocks. Although such strategies are well known, initial restraint is often maintained out of responsibility to the chain. However, this social equilibrium is fragile—once a node starts arbitrage without cost, others will follow suit.

Timing games are just one example of how nodes might increase profits at the expense of applications without outright malicious intent. Many other behaviors exist that, over time, can push the system beyond a critical threshold, making on-chain operation more costly than beneficial.

Another reason DeFi still functions is that many applications move core logic off-chain, only recording results on-chain. For example, protocols requiring rapid auction execution often perform most operations off-chain, using permissioned node groups to avoid malicious actors. UniswapX’s Dutch auctions on Ethereum and Cowswap’s batch auctions are executed off-chain.

While these approaches enable applications to operate, they also place the underlying blockchain and its value proposition in an awkward position: moving logic off-chain reduces the blockchain to a settlement layer. One of DeFi’s main advantages is composability, but if all execution happens off-chain, applications become isolated islands. Relying on off-chain execution introduces new trust assumptions: besides the blockchain’s availability, the off-chain infrastructure must also function correctly.

How to Achieve Predictability?

To address these issues, protocols need to incorporate two key features: stable transaction inclusion and ordering rules, and privacy protections before transaction confirmation.

Primary Condition: Censorship Resistance

We define the first feature as short-term censorship resistance: if a transaction reaches an honest node, it is guaranteed to be included in the next available block.

Short-term Censorship Resistance: Any valid transaction arriving at any honest node on time must be included in the next block.

More precisely, suppose the protocol operates on a fixed clock, producing a block every 100 milliseconds. If a transaction arrives at an honest node at 250 ms, it should be included in the 300 ms block. Attackers should not be able to selectively exclude or ignore transactions. The core idea is that users and applications should have a highly reliable pathway to get transactions on-chain, unaffected by malicious node behavior or failures.

While this definition requires that transactions arriving at any honest node are included, implementing it at scale can be costly. The key is that the protocol must be robust enough to make the transaction entry point highly predictable and simple.

Permissionless single-node protocols that produce one block at a time clearly do not satisfy this property: if the current block producer acts maliciously, transactions have no other on-chain pathway. Conversely, even a small set of four nodes that can guarantee inclusion within each interval significantly improves user and application confidence. Sacrificing some performance for robustness is worthwhile. Finding the optimal balance between robustness and performance remains an open research area, but current guarantees are insufficient.

Once the protocol guarantees transaction inclusion, ordering becomes straightforward. It can adopt any deterministic ordering rule—most simply, by fee priority, or allowing applications to order transactions based on their own logic. The best ordering method is still an active research topic, but regardless, only when transactions are reliably on-chain does ordering matter.

Second Condition: Privacy and Information Hiding

Beyond short-term censorship resistance, protocols must also provide what we call “hiding” privacy: before transaction confirmation, no participant other than the submitting node should learn any details of the transaction.

Protocols satisfying hiding allow nodes to see transaction contents in plaintext, but require the rest of the network to remain unaware until consensus is finalized and the transaction is ordered. For example, the protocol could use delayed encryption, making transaction contents visible only after a certain time, or threshold encryption, where a committee decrypts only after confirming the block’s irreversibility.

This means nodes might misuse their access to transaction data, but the rest of the network only learns the details after finalization. When the transaction details are publicly revealed, the ordering and confirmation are already complete, preventing front-running or other manipulations. This approach assumes multiple nodes are available to include transactions in each interval.

We do not adopt stronger privacy models (like encrypted mempools)—which would mean only the user knows the transaction details—because protocols need to filter out spam and invalid transactions. Fully encrypted transactions would make it impossible to distinguish valid from invalid ones without revealing some metadata, which could leak information. The compromise is that only one node (or a small subset) can see transaction contents, and the rest of the network remains unaware until finalization. This also requires users to have at least one honest node available at each interval to submit transactions.

A protocol that combines short-term censorship resistance with hiding privacy is ideal for building financial applications. Returning to the auction example, these two features prevent Bob from disrupting the market by either censoring Alice’s bid or exploiting her bid information, effectively solving the earlier issues.

With these guarantees, any transaction—be it an order placement or bid—can be immediately on-chain. Market makers can modify orders, bidders can respond quickly, and settlement can be efficient. Users can trust that their actions will be executed instantly, enabling the development of low-latency, real-world-facing financial applications entirely on-chain.

To truly compete with and surpass existing financial infrastructure, blockchains must address far more than throughput.