a16z: DeFi Struggles to Support Real Financial Markets

Original Authors: @PGarimidi, @jneu_net, @MaxResnick, a16z

Original Compilation: Peggy, BlockBeats

Editor’s Note: As blockchain performance continues to improve, the industry’s focus is shifting from “how many transactions can be processed” to “when will transactions be confirmed.” For a long time, performance has been simplified to throughput (TPS), but for financial systems, the more critical aspect is the predictability of transaction inclusion—that is, once a transaction is submitted, whether it can be timely and deterministically included in a block.

This article points out that most blockchains currently only provide a guarantee of “eventual inclusion on-chain,” but the timing is uncontrollable. This second-level uncertainty is acceptable in payment scenarios, but in financial transactions requiring millisecond-level responses, it directly leads to price degradation, arbitrage opportunities, and unfairness, undermining the competitiveness of on-chain markets.

Further analysis reveals that this issue stems from the underlying mechanism: under a single-leader block production structure, transaction ordering and inclusion rights are highly centralized, easily leading to risks such as censorship, delays, and information asymmetry.

Based on this, the authors propose two directions: first, providing short-term, predictable transaction inclusion guarantees; second, introducing information hiding mechanisms before confirmation to reduce front-running and adverse selection. In summary, for blockchains to truly become financial infrastructure, what matters more than throughput is the determinism and fairness of transaction execution.

Below is the original text:

Blockchains can now confidently claim that their capacity is sufficient to compete with existing financial infrastructure. Current production systems can handle tens of thousands of transactions per second, and are expected to achieve orders of magnitude improvements in the foreseeable future.

However, compared to mere throughput capacity, financial applications need predictability more. Whether it’s matching trades, participating in auctions, or exercising options, when a transaction is sent, the system must reliably guarantee when that transaction will be confirmed on-chain. This is crucial for the normal operation of financial systems. Once there is uncertain delay in transaction confirmation (whether from adversarial behavior or incidental factors), a large number of applications will lose usability.

Therefore, for on-chain financial applications to be competitive, the underlying blockchain must provide short-term inclusion guarantees: once a valid transaction is submitted to the network, it should be included in a block within the shortest possible time.

Take an on-chain order book as an example. An efficient order book relies on market makers continuously providing liquidity by constantly placing buy and sell orders to keep the market running. The core problem faced by market makers is to compress the bid-ask spread (the gap between buy and sell quotes) as much as possible while avoiding adverse selection risk due to quotes deviating from the market.

To achieve this, market makers must continuously update their orders to reflect changes in market conditions. For example, when a Federal Reserve announcement causes asset price fluctuations, market makers need to adjust their quotes immediately. If the transactions used to update these orders cannot be included on-chain instantly, they may be executed by arbitrageurs at outdated prices, resulting in losses. Consequently, market makers are forced to widen their spreads to reduce risk exposure, thereby weakening the competitiveness of on-chain trading venues.

It is the predictable inclusion of transactions into blocks that empowers market makers to quickly respond to off-chain events, thereby maintaining the efficiency of on-chain markets.

What We Have vs. What We Truly Need

Currently, most blockchains only provide a strong guarantee of eventual inclusion, a process that typically occurs on a timescale of seconds. While this is sufficient for payment applications, it remains too weak for a vast number of financial applications that require participants to respond to information in real-time.

Returning to the order book example: if a market maker only receives a guarantee that their transaction “will be included in a block within the next few seconds,” while an arbitrageur’s transaction might enter an earlier block, this guarantee is essentially meaningless. In the absence of strong inclusion guarantees, market makers can only hedge against increased adverse selection risk by widening spreads, leading to worse execution prices for users. This also makes on-chain trading significantly less attractive compared to venues offering stronger execution certainty.

If blockchains are to truly realize their vision as modern capital market infrastructure, developers must address these issues, enabling high-value financial applications like order books to genuinely thrive and be competitive on-chain.

Why is Achieving “Predictability” So Difficult?

Strengthening transaction inclusion guarantees on existing blockchains to support the aforementioned application scenarios is itself an extremely challenging task. Some protocols currently rely on a single node (the “leader”) to decide which transactions can be included in a block at any given moment. While this mechanism simplifies the engineering of building high-performance blockchains, it also introduces a potential economic bottleneck: these leaders can extract value. Typically, during the time window when a node is selected as the leader, it has complete control over which transactions are included in the block.

For any blockchain hosting financial activity, the leader occupies a privileged position. If this single leader decides not to include a particular transaction, the only recourse is to wait for the next leader willing to include it.

In a permissionless network, leaders are naturally incentivized to extract value, commonly referred to as MEV. MEV extends far beyond sandwich attacks on AMM trades. Even delaying the inclusion of a transaction by tens of milliseconds can yield substantial profits while undermining the efficiency of the underlying applications. An order book that prioritizes only some traders’ orders places other participants in an unfair competitive environment. In the most extreme cases, a leader might even exhibit strongly adversarial behavior, causing traders to abandon the platform entirely.

Consider this scenario: if an interest rate hike occurs, causing the price of ETH to instantly drop 5%. All market makers on the order book would quickly cancel their existing orders and re-list them at new prices; simultaneously, arbitrageurs would submit sell orders to fill these not-yet-updated orders at the old price. If this order book runs on a single-leader protocol, the leader wields immense power. The leader could directly choose to censor all market makers’ cancellations, allowing arbitrageurs to reap huge profits; or, even without complete censorship, could delay the inclusion of cancellations, allowing arbitrageurs’ transactions to be packaged first; furthermore, the leader could even insert its own arbitrage trades to fully exploit this price mismatch.

Two Key Goals: Censorship Resistance and Information Hiding

Under this power structure, market makers would lose the economic incentive to participate; every time the price changes, they risk being systematically “harvested.” The essence of the problem lies in the leader’s excessive privilege in two aspects:

1) The leader can censor others’ transactions;

2) The leader can see the content of others’ transactions and adjust its own trading behavior accordingly.

Either of these points can lead to catastrophic consequences.

Case Study

We can illustrate the problem more precisely with a simple example. Consider an auction scenario with only two bidders: Alice and Bob, where Bob is also the leader for that block. (Using only two bidders is for illustrative purposes; the reality applies to any number of participants.)

The auction takes place within the time window of a block generation, say from time t=0 to t=1. Alice submits her bid bA at time tA, and Bob submits his bid bB at time tB (tB > tA). Since Bob is the block leader, he can ensure he always bids last.

Meanwhile, both Alice and Bob continuously receive the real-time price of an asset (e.g., the mid-price from a centralized exchange). At any time t, this price is denoted as pt. We assume that at time t, the market’s expectation of the price at t=1 (the auction’s end) is always equal to pt. That is, at any moment, both parties’ expectation of the final price equals the currently observed price. The auction rule is simple: the higher bidder wins and pays their own bid.

The Necessity of Censorship Resistance

First, consider how Bob exploits his leader advantage. If Bob can censor Alice’s bid, the auction mechanism fails directly. Bob simply needs to submit an extremely low bid to win the auction without competition. This would result in near-zero auction revenue.

The Necessity of Information Hiding

A more complex situation is: Bob cannot censor Alice’s bid but can see Alice’s bid before submitting his own. In this case, Bob’s strategy is straightforward: when he bids, he only needs to check if ptB is greater than bA. If yes, he bids a price slightly above bA; if not, he refrains from bidding.

Through this strategy, Bob subjects Alice to adverse selection. Alice only wins the auction when the market price changes such that her bid is higher than the asset’s expected value. But in that case, she is actually incurring a loss, so the rational choice is not to participate in the auction. Once other bidders exit, Bob can again win the auction with an extremely low price, driving auction revenue towards zero.

Key Conclusion

The key takeaway from this example is: the duration of the auction is irrelevant. As long as Bob can censor Alice’s bid or see Alice’s bid before placing his own, the auction mechanism is doomed to fail.

The same principle applies to all high-frequency trading scenarios—whether spot trading, perpetual contracts, or derivatives trading. If a leader with the aforementioned powers exists, that leader has the ability to cause the entire market structure to collapse. Therefore, if on-chain products wish to be viable in these scenarios, they must avoid granting such power to leaders.

How Do These Issues Manifest in Reality?

The above analysis paints a rather pessimistic picture: conducting on-chain trading on any permissionless, single-leader protocol faces structural issues. However, the reality is that decentralized exchange (DEX) trading volumes on many such protocols remain active. What explains this?

In practice, two forces partially counteract the aforementioned problems: first, leaders do not fully exploit their economic power because they often have a deep stake in the long-term success of the underlying chain; second, the application layer employs various “workarounds” to reduce its sensitivity to these issues.

Although these two points sustain the current operation of decentralized finance (DeFi) to some extent, in the long run, they are insufficient to make on-chain markets truly competitive with off-chain markets.

To become a leader on a chain with substantial economic activity, one typically needs to hold a significant amount of stake. Therefore, either the node itself holds a large number of tokens, or its reputation is strong enough that other token holders are willing to delegate their stake to it. In both cases, large node operators are usually well-known, reputable entities whose actions face reputational risk. Additionally, the stake itself implies they have an economic incentive to promote the chain’s long-term development. Consequently, we have not yet widely seen leaders abusing their market power as described earlier—but this does not mean the problem is absent.

First, relying solely on node operators’ “goodwill,” social pressure, and consideration of long-term interests does not constitute a solid foundation for a future financial system. As the scale of on-chain financial activity grows, the potential profits extractable by leaders also increase. The greater the potential profit, the harder it becomes to rely on social-layer constraints to prevent them from pursuing short-term gains.

Second, the extent to which leaders exploit their market power exists on a spectrum, ranging from almost harmless to sufficient to render markets completely ineffective. Node operators can gradually push the boundaries of “acceptable behavior” to obtain higher returns. Once some nodes start exploring these margins, others will quickly follow. The actions of a single node may seem limited in impact, but when collective behavior shifts, the effect is significant.

A classic example is so-called “timing games”: leaders delay the publication of blocks as much as possible while still ensuring the block is valid, thereby obtaining higher rewards. This behavior leads to extended block times and, when overly aggressive, even skipped blocks. Although the profitability of these strategies has long been known, node operators in the past typically refrained from using them out of “concern for network health.” However, this is a fragile social equilibrium. Once a node starts using these strategies, gains higher returns, and faces no penalty, other nodes quickly emulate them. “Timing games” are just one example; leaders have multiple ways to increase their own returns without fully abusing their power, often at the expense of the application layer. Individually, these behaviors might be tolerable, but when they accumulate to a certain scale, the cost of operating on-chain will exceed its benefits.

Another important factor keeping DeFi operational is the application layer moving critical logic off-chain, only settling results on-chain. For example, any protocol requiring fast auction execution typically completes the auction process off-chain. Such applications often rely on a set of permissioned nodes to run the core mechanism, avoiding risks from adversarial leaders. For instance, Uniswap’s UniswapX executes Dutch auctions off-chain on the Ethereum mainnet for trade matching; similarly, CowSwap executes batch auctions off-chain. While such solutions are effective at the application layer, they make the value proposition of the base layer fragile. If application execution logic is moved off-chain, the underlying blockchain merely becomes a settlement layer. One of DeFi’s core selling points—composability—is also weakened. In a world where all execution happens off-chain, various applications will naturally exist in isolated environments. Moreover, relying on off-chain execution introduces new trust assumptions: not only must the underlying blockchain remain operational, but the off-chain infrastructure must also be stable and available.

How to Achieve “Predictability”

To address the aforementioned issues, protocols need to satisfy two key properties: consistent transaction inclusion and ordering rules, and transaction privacy before confirmation (for stricter 德菲nitions, refer to relevant papers).

Goal One: Censorship Resistance

We summarize the first property as “short-term censorship resistance.” It is defined as: once a transaction is received by any honest node, it must be guaranteed inclusion in the next generatable block.

More specifically, assume the protocol operates on a fixed clock, e.g., generating a block every 100ms. Then, if a transaction is received by an honest node at t=250ms, it must be included in the block generated at t=300ms. Attackers should not have the discretion to selectively include some transactions while excluding others. The core spirit of this definition is: users and applications must be able to submit transactions on-chain at any point in time in a highly reliable manner. Situations where a transaction fails to get on-chain simply because a node drops the packet (whether maliciously or incidentally) should not occur.

Although this definition requires that “any honest node” can guarantee transaction inclusion, in practice, achieving this might be too costly. More crucially, the protocol should possess sufficient robustness to make the path for transactions to reach the chain highly predictable. Clearly, permissionless single-leader protocols cannot satisfy this, because if the current leader exhibits Byzantine behavior, transactions have no way to get on-chain. However, even having a small number of nodes (e.g., four nodes) jointly guarantee transaction inclusion for each slot can significantly expand the options for users and applications to get on-chain. To allow applications to truly flourish, it is worthwhile to make certain trade-offs in performance. The optimal balance between robustness and performance still requires further exploration, but the guarantees provided by existing protocols are clearly insufficient.

Once a protocol can guarantee transaction inclusion, the ordering problem is somewhat solved. The protocol can adopt any deterministic ordering rule to ensure consistency, such as ordering by priority fee, or allowing applications to define custom ordering for transactions related to their state. Although the optimal ordering method remains an active research question, the prerequisite is always: transactions must first be successfully included.

Goal Two: Hiding

After achieving short-term censorship resistance, the next key property is “hiding,” i.e., a privacy protection mechanism before transaction confirmation.

It is defined as: before a transaction is finally confirmed and included in a block, no other participant besides the node that received the transaction can access its information.

In a protocol with hiding, nodes can see the plaintext of transactions submitted to them, but the rest of the network remains unaware of the transaction content until consensus is complete and the transaction order is finalized. For example, time-lock encryption can be used to make block content undecipherable before a certain point in time; or threshold encryption can be employed, where the committee collectively decrypts after confirming the block is irreversible.

This means that although a node receiving a transaction might misuse its information, other nodes in the network do not know the transaction content during the consensus process. Once the transaction information is revealed, its order is already determined and immutable, thus preventing front-running. For this mechanism to be effective, the protocol needs to support multiple nodes receiving and including transactions in the same slot.

We do not adopt a stronger privacy model (e.g., a fully encrypted mempool visible only to the user) because the protocol needs the ability to filter spam transactions. If transaction content is completely hidden from the entire network, it becomes impossible to distinguish valid transactions from spam. The only alternative is to leak some metadata (e.g., the address paying the fee), but such information can also be exploited by attackers. Therefore, a more realistic design is: allow individual nodes to see the full transaction content, but other nodes in the network cannot access any information before confirmation. This also implies that for this property to hold, users need at least one honest node as a transaction entry point per slot.

A protocol possessing both “short-term censorship resistance” and “hiding” would provide an ideal foundation for building financial applications. Returning to the earlier auction example, these two properties precisely eliminate Bob’s two abilities to disrupt the market: he can neither censor Alice’s bid nor obtain her information before bidding, fundamentally solving the problem.

Given short-term censorship resistance, any submitted transaction—whether matching, bidding, or liquidation—can be included instantly. 市場 makers can adjust orders in real-time, bidders can bid quickly, and liquidations can be executed efficiently. Users can be confident that any of their operations will be executed immediately. This would enable the next generation of low-latency, real-world financial applications to run entirely on-chain.

For blockchains to truly compete with, or even surpass, existing financial infrastructure, merely increasing throughput is far from enough.

本文源自網路： a16z: DeFi Struggles to Support Real Financial Markets

Related: Turning Point Approaching: “Net Long vs. Net Short” Structure Shows Historically Rare State

Compiled by Odaily (@OdailyChina); Translated by Azuma (@azuma_eth) Editor’s Note: The market continues to fluctuate at low levels. Will the future direction be up or down? Kyle Soska, Chief Investment Officer of Ramiel Capital, analyzed the long-short structure of the perpetual futures market in his latest article and attempted to provide an answer by examining changes in market risk appetite. The highlight of Kyle’s analytical method is that by incorporating data disclosures from Ethena, he excluded the basis positions and hedging positions that introduce some noise regarding market direction, focusing only on net longs and net shorts which more directly determine market trends. His ultimate conclusion is that the current market’s net long vs. net short structure is in a historically rare state. While this could become the new normal,…