Existing denial-of-service (DoS) attacks are ill-suited for Ethereum’s multi-round, simulation-based bundle services—such as Flashbots Bundles—due to their inability to accommodate the atomic inclusion and multi-round execution semantics inherent in these systems. This work presents the first asymmetric DoS attack tailored to such bundle services, leveraging a model of smart contract state dependencies to craft stealthy transaction sequences that exploit the atomic bundling logic. With minimal cost, the proposed method achieves high success rates while remaining risk-free and highly evasive. Empirical evaluation demonstrates that this attack substantially reduces block builders’ profits and delays block production, exposing a critical security blind spot in the MEV ecosystem. The paper further outlines practical mitigation strategies to address this vulnerability.

In Ethereum, transaction-bundling services are a critical component of block builders, such as Flashbots Bundles, and are widely used by MEV searchers. Disrupting bundling services can degrade searcher experience and reduce builder revenue. Despite the extensive studies, the existing denial-of-service attack designs are ineffective against bundling services due to their unique multi-round execution model. This paper studies the open problem of asymmetric denial-of-service against bundling services. We develop evasive, risk-free, and low-cost DoS attacks on Flashbots' bundling service, the only open-source bundling service known to us. Our attacks exploit inter-transaction dependencies through contract state to achieve evasiveness, and abuse bundling-specific features, such as atomic block inclusion, to significantly reduce both capital and operational costs of the attack. Experimental results show that our attacks achieve high success rates, substantially reduce builders' revenue, and slow block production. We further propose mitigation strategies for the identified risks.