21 yes/no questions that audit any protocol claiming extraction-resistant sequencing against the structural vulnerabilities proven fatal in the grommet investigation.
If your protocol answers "no" to any of these questions, it either:
- Accepts the corresponding known failure mode,
- Has a novel escape from the impossibility (publish it), or
- Is vulnerable.
This is a protocol-agnostic audit checklist — the 21-question design constraints extracted from the grommet investigation, a 4-cycle, 14-doc, 7-simulation study of extraction-resistant (MEV-resistant) sequencing under adversarial stress.
The checklist covers five dimensions:
- Closure (Q1–Q5): Are all safety-critical inputs exogenous?
- Mechanism (Q6–Q10): Are rate caps and defenses structurally sound?
- Incentives (Q11–Q14): Do the economic assumptions hold under crisis?
- Circuit breakers (Q15–Q18): Does the halt mechanism close the door it opens?
- Utility gate (Q19–Q21): Is the unavoidable tradeoff between safety and throughput acknowledged?
- Protocol designers evaluating shared-sequencer, batch-auction, order-flow auction, or intent-solver architectures
- Auditors assessing claims of MEV resistance, fairness, or extraction protection
- Researchers studying the boundary conditions of neutral sequencing under adversarial feedback
- L2 sequencer teams designing fair-ordering commitments with safety-critical guarantees
- Answer all 21 questions for your protocol.
- Every "no" is a structural vulnerability — not a parameter to tune.
- Consult the examples column for how the question applies to Shutter (threshold-encrypted sequencing), CoW Protocol (batch auction solver competition), and UniswapX (dutch-auction order flow) — three production systems facing the same design constraints.
- When the answer is "no," decide whether you accept the failure mode, have a novel escape, or need to redesign.
The checklist derives from the full grommet investigation:
"Closure under adversarial stress: a boundary condition for extraction-resistant sequencing"
The paper states three results:
- The Closure Law: a safety guarantee survives adversarial stress only if it depends solely on exogenous variables (time, deploy-time constants, cryptographic facts, stress-stable stake)
- The Cross-Batch Rate-Bound Theorem: per-event bounds are insufficient against a manufacturable sequence of events; only an exogenous rate bound is enforceable
- A Closure ⊥ Utility Impossibility: content-blind safety cannot distinguish legitimate from manufactured imbalance — the safe extraction rate sits 1,874×–28,115× below legitimate throughput
Full paper: docs/PAPER.md
Reproducible simulations: scripts/
Pull requests welcome. This checklist improves with use:
- New questions that expose additional failure modes not covered by the 21 — open a PR with the proposed question, the "must be" answer, and a concrete protocol example
- Edge cases where a question does not cleanly apply (e.g., hybrid designs) — document the ambiguity
- Example updates for protocols that evolve or new protocols that enter the space
- Corrections if any of the example applications are inaccurate
Please open an issue first to discuss significant changes before submitting a PR.
CC BY-NC 4.0 — you are free to share and adapt for non-commercial use with attribution.
See LICENSE for details.