Informational - Undocumented assumption of private Gelato mempool

[kitty-the-kat]

The design of the protocol assumes Gelato jobs execute transactions in a way that is MEV resistant. Gelato's public documentation does not clearly state this is guaranteed. If this assumption is broken, the protocol could lose value.

Technical Details

MEV protection mitigates the risk of a frontrun, backrun, or sandwich that can extract value from a transaction. This most often happens during swap operations. The design of Gro Protocol assumes that when a Gelato keeper executes a transaction, there will be MEV protection. The Gelato documentation does not clarify that this is a guarantee that keepers offer and whether there is still risk of an uncle bandit attack. The MEV mitigation is expected to exist based on discussions with the Gro devs, but the lack of official documentation around the mempool guarantees provided by Gelato jobs, the possibility of changes over time, and the risk of a rogue Gelato keeper are all possible concerns with this approach.

Impact

Informational.

Recommendation

Gelato should clarify their approach to MEV protection for Gelato jobs. Before Gelato update their documentation, Gro should monitor the keeper-controlled actions in Gro for any potential foul play.

[kitty-the-kat]

Acknowledged: will inform Gelato :D
We'll make a note in our docs that the jobs are set up to guarantee running through MEV