Solana Foundation Defends Users Against Sandwich Attacks, Removes Malicious Validators from Delegation Program

The Solana Foundation recently announced its decision to remove several validator operators from its Solana Foundation Delegation Program (SFDP) due to their involvement in sandwich attacks against users. 

Solana validator relations lead Tim Garcia announced the decision on the Solana Foundation's Discord server on Sunday, June 9th, 2024. He stated, "Decisions in this matter are final. Enforcement actions are ongoing as we detect operators participating in mempools which allow sandwich attacks."

Sandwich attacks, a form of front-running exploit where malicious actors manipulate transaction prices for profit, violate the fair-use principles that the Solana Foundation strives to uphold. The foundation's action aims to protect users and maintain the integrity of the Solana network.

It's important to understand that the SFDP was introduced in the early stages of Solana's launch to incentivize validator participation, fostering decentralization. This practice is not unique to Solana; many blockchain networks implement similar programs during their nascent phases. As the network matures and validators become self-sufficient, these programs are typically phased out. It's also worth noting that the Solana Foundation currently holds around 16% of the total stake in the Solana network. This means that the removal of validators from the SFDP, while a directional signal, will have a moderate impact on validator behavior overall. The network's security ultimately relies on the actions of all stakeholders, including individual and institutional validators.

While many approved of the decision, some members of the Ethereum community used this opportunity to criticize Solana's decentralized nature. These critics erroneously claimed that the removal of validators from the SFDP equated to their expulsion from the network itself. This misconception stems from a misunderstanding of Solana's permissionless design.

Solana's blockchain operates on a permissionless model, meaning anyone can run a validator node regardless of their participation in the SFDP. The foundation's action simply means these validators will no longer receive subsidized SOL tokens stake through the delegation program. They are still free to operate on the network independently.

It's crucial to note that sandwich attacks are not inherently possible on Solana due to the absence of a mempool within the client. However, some validators have modified their software to enable such exploits. The foundation's response highlights a proactive approach to discourage bad actors and protect users.

In the future, we may see the development of dashboards that identify validators engaging in malicious activities like sandwich attacks and provide clear metrics on their performance and uptime. This transparency will empower users to make informed decisions about where to stake their SOL tokens. Even with these measures in place, Solana's permissionless nature ensures that these validators, while not incentivized by the foundation, are still free to operate. Users can choose to avoid staking with validators who have a history of malicious behavior, effectively creating a market incentive for validators to prioritize user trust.