DeFi surpasses CeFi: Predictability is key

Authors: Pranav Garimidi, Joachim Neu, Max Resnick
Compiled by: Luffy, Foresight News

Blockchain can now confidently claim that it has the capability to compete with existing financial infrastructure. Current production systems process tens of thousands of transactions per second, with future performance expected to improve by orders of magnitude.

But beyond raw throughput, financial applications also require predictability. When a transaction is initiated—be it a trade, an auction bid, or an option exercise—reliable guarantees on when it will be recorded on-chain are essential for the normal operation of financial systems. If transactions face unpredictable delays, many applications become unusable. To make on-chain financial applications competitive, blockchains must provide short-term guarantees: once a valid transaction is submitted to the network, it should be assured to be included in the next block as soon as possible.

For example, on-chain order books rely on this principle. Efficient order books require market makers to continuously provide liquidity by posting buy and sell orders. The core challenge for market makers is to minimize bid-ask spreads while avoiding adverse selection caused by outdated quotes. To do this, they must constantly update orders to reflect the latest market conditions. For instance, when a Federal Reserve announcement causes asset prices to fluctuate sharply, market makers need to respond immediately by updating their orders to the new prices. If the transactions used to update orders cannot be instantaneously recorded on-chain, arbitrageurs can execute trades at outdated prices, causing losses for market makers. In such cases, market makers might widen spreads to hedge against risk, which reduces the competitiveness of on-chain trading platforms.

A predictable on-chain transaction guarantee system would provide market makers with reliable assurance, enabling them to respond swiftly to off-chain events and maintain efficient on-chain markets.

The Gap Between Current Status and Goals

Current mainstream blockchains only offer finality guarantees with often-second-level confirmation times. Such guarantees are sufficient for payments but inadequate for most financial applications that require real-time responsiveness to market data.

Returning to the order book example: for market makers, a guarantee of “on-chain within a few seconds” is meaningless if arbitrageurs’ transactions can be included earlier in the block. Without strong guarantees, market makers are forced to widen spreads or offer worse quotes to hedge risks, making on-chain trading less attractive compared to platforms with stronger guarantees.

If blockchain is to truly realize its vision as the backbone of modern capital markets, developers must address these issues to enable high-value applications like order books to thrive.

What Makes Achieving Predictability Difficult?

Enhancing transaction inclusion guarantees on existing blockchains to support such scenarios is highly challenging. Some protocols rely on a single node (block producer) to decide the transaction order within a specific window. While this simplifies high-performance blockchain design, it also creates potential economic monopolies—block producers can extract value through this control.

Typically, during the window when a node is elected as block producer, it has full control over which transactions are included in the block.

For blockchains supporting significant financial activity, block producers hold privileged positions. If a block producer refuses to include a transaction, users must wait for the next willing producer. In permissionless networks, block producers naturally have incentives to extract value—what we call MEV (Maximal Extractable Value).

MEV is far more than simple sandwich attacks. Even delaying a block by tens of milliseconds can generate huge profits and reduce the efficiency of underlying applications. An order book that prioritizes only certain traders’ orders creates an unfair environment for others. Worst-case, malicious block producers could cause traders to abandon the platform altogether.

For example, if an interest rate hike announcement causes ETH prices to drop 5% instantly, market makers will rush to cancel existing orders and repost at the new prices. Meanwhile, arbitrageurs will submit orders to sell ETH at outdated prices.

In a protocol where a single block producer controls transaction inclusion, that node wields enormous power. It could choose to review all cancellations by market makers, allowing arbitrageurs to profit; or delay cancellations to let arbitrage trades execute first; or even insert its own arbitrage orders to profit from price deviations.

Two Core Demands: Censorship Resistance and Information Hiding

In such a scenario, active participation by market makers becomes uneconomical—they could be exploited whenever prices fluctuate. The fundamental issues stem from two privileges of block producers:

• The ability to censor others’ transactions;
• The ability to see others’ transactions before including their own.

Any of these issues could lead to disastrous outcomes.

An Example
We’ll illustrate this with an auction scenario. Suppose two bidders, Alice and Bob, and Bob happens to be the block producer for the auction’s block. (This example can be generalized to any number of bidders.)

The auction accepts bids within a block production cycle, say from time 0 to time 1. Alice submits bid bA at time tA, and Bob submits bid bB at a later time tB. Since Bob is the block producer, he can always ensure he acts last.

Both can access a continuously updated price source (e.g., a centralized exchange’s mid-price), with pₜ representing the price at time t. We assume that at any time t, both expect the final auction price at t=1 to be equal to the current price pₜ. The auction rule is simple: highest bid wins and pays their bid.

Censorship Resistance is Essential
If Bob can censor Alice’s bid by virtue of being the block producer, the auction fails completely. Bob can just bid a very low price, guaranteeing victory, resulting in nearly zero revenue for the auction.

Information Hiding is Also Critical
A more subtle problem: Bob cannot directly censor Alice’s bid but can see her bid before submitting his own. In this case, Bob can adopt a simple strategy:

• If current price pₜ_B > bA, bid slightly higher than bA;
• Otherwise, abstain from bidding.

This strategy forces Alice into adverse selection: she can only win if her bid exceeds the expected final price, which would mean a loss. Ultimately, she might withdraw from the auction. Once all competitors leave, Bob can bid very low and win, again yielding near-zero profit.

The key conclusion: the length of the auction doesn’t matter. As long as Bob can see or censor Alice’s bid, the auction is doomed.

This logic applies equally to high-frequency trading scenarios, including spot, perpetual, and derivatives exchanges: if block producers have the powers described, markets will break down. For such on-chain products to be viable, they must not grant block producers these privileges.

Why Haven’t These Problems Exploded in Reality?

The above analysis paints a bleak picture of permissionless, single-block-producer protocols—yet many decentralized exchanges (DEXs) built on such protocols still see substantial trading volume. Why?

Two factors mitigate these issues in practice:

• Block producers often hold large amounts of native tokens, tightly coupled with the success of the blockchain, discouraging outright abuse of economic power;
• Application layers have developed workarounds to reduce their vulnerability to these problems.

While these factors have allowed DeFi to operate relatively normally so far, they are insufficient for long-term competitiveness against off-chain solutions.

On active, high-value chains, becoming a block producer requires substantial staking. Nodes are either large token holders or trusted entities with reputation delegated by others. In either case, major node operators tend to be reputable, well-known entities. Staking also incentivizes maintaining the health of the chain. For now, we haven’t seen outright abuse, but that doesn’t mean the risks are gone.

First, relying on node operators’ goodwill, social pressure, and long-term incentives is not a reliable foundation for future finance. As on-chain financial activity grows, the potential profits for malicious nodes increase proportionally. The greater the temptation, the more fragile the social pressure to prevent short-term misconduct becomes.

Second, the degree of abuse by nodes exists on a spectrum—from mild misbehavior to outright market destruction. Node operators might gradually expand their power for higher profits, and once someone crosses a line, others will quickly follow. While individual node actions may seem limited, collective shifts can have obvious, damaging consequences.

A classic example is the timing game: block producers delaying block publication to maximize their gains within protocol limits. This can extend block times or cause missed blocks. Although such strategies are known to be profitable, initial restraint is driven by the responsibility to maintain the chain. But this social equilibrium is fragile—once a node starts arbitrage without cost, others will follow.

Timing games are just one example of how nodes might increase profits at the expense of applications without fully abusing their power. Many other behaviors could similarly raise their returns, eventually crossing a threshold where on-chain costs outweigh benefits.

Another reason DeFi still functions is that many applications move core logic off-chain, only recording results on-chain. For example, protocols requiring fast auctions often perform the actual process off-chain, using permissioned node groups to avoid malicious nodes. UniswapX’s Dutch auctions on Ethereum and Cowswap’s batch auctions are executed off-chain.

While this approach enables applications to operate, it also puts the underlying blockchain and its value proposition in an awkward position: the execution logic is off-chain, reducing the blockchain to a settlement layer. One of DeFi’s main advantages is composability, but with all execution happening off-chain, applications become isolated islands. Relying on off-chain execution introduces new trust assumptions: besides the blockchain’s availability, the off-chain infrastructure must also function correctly.

How to Achieve Predictability?

To address these issues, protocols need to incorporate two key features: stable transaction inclusion guarantees and privacy protections before transaction confirmation.

First Condition: Censorship Resistance
We define this as short-term censorship resistance: if a transaction reaches an honest node, it is guaranteed to be included in the next available block.

Short-term Censorship Resistance: Any valid transaction that arrives on time at any honest node must be included in the next block.

More precisely, suppose the protocol operates on a fixed clock—for example, a new block every 100 milliseconds. If a transaction arrives at an honest node at 250 ms, it should be included in the 300 ms block. Attackers should not be able to selectively exclude or delay transactions. The core idea is that users and applications should have a highly reliable pathway to get transactions on-chain, unaffected by malicious node behavior or failures.

While achieving this guarantee for all transactions arriving at any honest node may be costly, the protocol must be robust enough to make transaction entry highly predictable and straightforward.

Permissionless single-block-producer protocols clearly do not satisfy this: if the current block producer acts maliciously, transactions have no other on-chain route. Conversely, even a small committee of four nodes that guarantees inclusion at each interval significantly improves the reliability of transaction entry. Sacrificing some performance for robustness is worthwhile for building resilient applications. Finding the optimal balance between robustness and performance remains an open research area, but current guarantees are insufficient.

Once the protocol guarantees transaction inclusion, ordering becomes straightforward. It can adopt any deterministic ordering rule—most simply, by fee priority, or allowing applications to specify flexible sorting based on their state. While optimal transaction ordering is still an active research topic, the key point is that only when transactions are reliably on-chain does ordering matter.

Second Condition: Information Hiding
Beyond short-term censorship resistance, protocols must also provide what we call privacy protection through information hiding.

Information Hiding: Except for the transaction submission node, no participant can access any information about the transaction before it is finalized and ordered by the protocol.

Protocols satisfying this allow the receiving node to see the transaction content in plaintext, but require the rest of the network to remain unaware until consensus and ordering are complete. For example, the protocol could use delayed encryption, making the transaction data invisible until a deadline; or threshold encryption, where a committee decrypts only after confirming the block is finalized.

This means nodes might misuse the transaction data they submit themselves, but the rest of the network only learns the content after finalization. When the transaction details are revealed, the ordering and confirmation are already settled, preventing others from front-running. This guarantee relies on having multiple nodes capable of packaging transactions in each period.

We do not adopt stronger privacy models (like encrypted mempools)—which would mean only the user knows the transaction details—because the protocol needs to filter spam transactions. If transaction content is fully hidden, the network cannot distinguish valid transactions from spam. The only partial solution is to leak some unencrypted metadata, such as fee-paying addresses, but this can still leak enough information for attackers. Therefore, we choose a compromise: only one node can see the full transaction content, while others cannot. This also means users must have at least one honest node to submit transactions each period.

A protocol that combines short-term censorship resistance with information hiding is ideal for building financial applications. Returning to the auction example, these two features directly prevent Bob from disrupting the market: he cannot censor Alice’s bid, nor can he use her bid to guide his own actions, perfectly solving the earlier problems.

Under these guarantees, any transaction—be it an order or an bid—can be immediately recorded on-chain. Market makers can modify orders, bidders can quickly submit bids, and clearing can be efficiently executed. Users can trust that their operations will be executed instantly, enabling the development of next-generation low-latency, real-world-facing financial applications fully on-chain.

To truly compete with and surpass existing financial infrastructure, blockchains must address far more than throughput alone.