Authorization to Blacklist Validators for Mempool Participation and Other Malicious Behaviors

1. DRAFT: Authorization to Blacklist Validators for Mempool Participation and Other Malicious Behaviors

2. Abstract

This Jito Improvement Proposal (JIP) seeks to empower a working group of validators and community members to blacklist validators from the Jito Stake Pool who are found to be engaged in behaviors deemed harmful to the Solana ecosystem, such as private mempool participation and vote lagging.

This working group will be responsible for maintaining and updating the blacklist that will be implemented by Jito Labs through StakeNet if JIP-3 passes.

3. Motivation

An investigation conducted by Jito Labs recently found that roughly ~10% of Jito Stake Pool validators are currently engaged in private mempool participation, among other adverse behaviors to the ecosystem.

The motivation behind this proposal is to disincentivize behaviors that negatively impact the Solana network and JitoSOL stakeholders. Private mempools and similar behaviors are undisclosed, reduce rewards to JitoSOL stakers, and promote centralization.

Implementing a blacklist will enhance network integrity, reward positive-sum validator behavior, and strengthen trust in the JitoSOL ecosystem.

4. Key Terms

  • Solana: Solana is a credibly neutral blockchain.
  • Jito Foundation: The Jito Foundation is an opinionated legal entity whose mandate includes promoting productive adoption of Jito Network products as well as the broader Solana ecosystem.
  • Blacklist: A list of validators prohibited from receiving stake from JitoSOL network due to harmful behaviors.
  • Private Mempool: Non-public mempools in which transactions are broadcast to searchers ahead of finality, providing an opportunity for searchers to execute harmful MEV strategies such as sandwich attacks.
  • Working Group: A group of Jito delegates and community members responsible for managing the blacklist.
  • Appeal Process: A procedure allowing blacklisted validators to contest their inclusion on the blacklist.

5. Specification

Working Group Formation

  • This proposal will lead to the establishment of a working group of 4-10 respected Solana validators, prioritizing current governance delegates from the validator community and initially selected by the Jito Foundation.
  • The working group will be responsible for periodically reviewing data from Jito Labs and other relevant parties regarding Solana validators to assess whether validators are engaged in malicious behavior, and if so, to assign those validators to the blacklist.
  • The initial working group members will be disclosed within 2 weeks of this posting so voters have 2 weeks to assess their qualifications prior to deciding on JIP-4.

Blacklist Criteria

Validators may be blacklisted for behaviors including, but not limited to:

  • Private mempool participation
  • Vote lagging (this should become irrelevant once SIMD-033 takes effect; expected by Q4 2024)
  • Commission rugging: Raising commissions to a high level without disclosure in attempt to steal staking rewards
  • Any behavior deemed not in the best interest of the Jito Network and the broader Solana community. This final criteria is, unfortunately, lacking specificity, but given the rapidly-evolving nature of validator behavior, pre-approval for specific activities impairs the ability of JitoSOL to react in a timely manner. An example of such behavior would be validators unbundling Jito bundles to steal profits or internalizing sandwiches without disclosure and retaining those profits. These decisions will be reversable via governance if the community disagrees with specific stances.

Blacklist Management

  • The working group will periodically publicize the blacklist and the reasons for blacklisting, maintaining confidentiality on detection methodologies in order to maintain effectiveness.
  • Blacklisted validators will have the right to appeal to the working group for re-evaluation if they wish to contest the decision.
  • Blacklist will operate with a “three strike” system: first time offenders are blacklisted for six months, second time offenders for nine months, and third time offenders permanently blacklisted.

Collaboration with Other Protocols

  • The working group will explore collaboration with other major stakers such as the Solana Foundation Delegation Program, mSOL, and bSOL to develop a unified blacklist across protocols.
  • This may be step 1 in a broader validator reputation scoring system that creates an ecosystem coalition to establish non-performance based standards for validator ranking. This would be positive for JitoSOL but also a public good for all stakers in the Solana ecosystem.

Performance Milestones

  • Initial Setup: Formation of the working group and establishment of the initial blacklist within one month of proposal acceptance.
  • Quarterly Reviews: Regular reviews and updates of the blacklist and criteria.
  • Community Involvement: Ongoing engagement with the community and other major stakers for feedback and collaboration. Additionally, the DAO can modify the Blacklist Committee specifications at any point via a governance vote, and the Foundation will seek to evaluate and potentially restructure the Blacklist Committee construction and parameters after a period of six months.

6. Benefits/Risks

Benefits:

  • Enhanced Network Integrity: Reducing harmful behaviors will improve the overall health, performance and decentralization of the Solana network.
  • Fair Rewards Distribution: Ensuring all validators play by the same rules will promote a fair distribution of rewards.
  • Community Trust: Increased transparency and proactive management will enhance trust in the JitoSOL ecosystem and the broader Solana network.

Risks:

  • Centralization Risk: Because the detection methods have to remain private by nature, blacklist committee participation entails a high-trust position.
  • Conflict of Interest: Members of the working group may face backlash from blacklisted validators/their colleagues in the community.

7. Outcomes

Successful implementation of this proposal will result in the establishment of a reliable blacklist system, promoting fair practices within the JitoSOL network. This system will be adaptable, with regular reviews and updates based on community feedback and evolving network conditions.

8. Cost Summary

The implementation of this proposal will initially require no financial resources but may involve compensation for the working group members if the workload becomes substantial.

Future related proposals may request additional funds for community audits and expanded working group roles.

3 Likes

I think the effort is noble and helpful for the community.
I would feel more comfortable if a set of watchers would sit in on the committee meetings/chat rooms, forming an oversight subcommittee to the blacklist committee of sophisticated validator experts. Here is a suggested structure:

  1. Oversight Subcommittee:

• Include 3 rotating, non-validator delegate members selected randomly to be present at meetings or chat rooms for blacklisting.

  1. Rotating Membership:

• Rotate non-validator members annually (maybe quarterly? not sure how often the blacklist gets updated) to maintain objectivity.

  1. Whistleblower Protections:

• Ability for any of the 3 delegates to post an anon tg message with any concerns they have in the message rooms or meetings.

  1. Compensation and Serious Engagement:

• Compensate non-validator delegate members to ensure their presence and active participation.

Enhances the transparency, fairness, and overall credibility of the blacklist committee.

3 Likes

I am in favor of this proposal’s direction. Generally, I advocate for action over analysis, with the readiness to implement changes if substantial community feedback necessitates it.

The path dependency Jito Labs has taken with the deprecation of their own mempool is important for the network’s general counter positioning to Ethereum with regards to sandwich attacks, “toxic mev”, etc. Especially considering there is no native mempool to Solana - so why add one now? However, if there is a counterpoint to this I would gladly hear it out from a direct proponent of these practices.

I don’t think it’s controversial to say the introduction of new private mempools, vote-lag timing games, or “commission rugging” is counterintuitive to user’s best interests.

I think the 3 strike rule is well-intended, but wouldn’t advocates of these practices just continue to depreciate blacklisted validators, and spin up new ones (assuming they aren’t heavily reliant on external stake delegation & the practice is profitable enough to continue) ? - perhaps that’s the point of this committee in the first place lol

On that last point, it would also be nice to have rough estimates on the $ amount of “toxic mev” taking place so appropriate resources are allocated. Would also agree with Mike on the point of rotating committee members to avoid bureaucratic entrenchment - but ample knowledge transfer would also need to take place to get new members up to speed.

Overall, for this proposal, but the ultimate outcome should be establishing a robust enough system through the right partners where it’s simply not economical to have these practices take place, and then the committee can be wound down. Easier said than done, but that’s what a successful outcome looks like in my opinion.

Looking forward to what others have to say on the topic!

1 Like

I love this proposal and how it fits into the original Jito mission to create “more fair MEV” systems (on Solana). I also like the whistleblower protection mentioned in the comments, as one of the conflicts of interest missing from the Risks section pertains to collusion among the Working Group to increase their stake by wrongfully accusing others.

Suggestion regarding Working Group Formation: explicitly state that one of the 4-10 members will not run the Jito client to ensure client diversity among the voting members.

The “guilty until proven innocent” approach implied by the proposal increases the risk of inadvertent reputation and financial damage should the WG make a mistake. Perhaps there’s a way to add a probationary period in order to allow some benefit of the doubt? I’ve never seen the data and it must be quite damning to immediately jump to a 6mo. ban. However future incidents may not be as high contrast and having the flexibility to put some “first strike” offenders into probation might be valuable, despite adding administrative overhead.

A short probation for validators with less clear-cut violations, probably pre-ban, with a flag that can be removed prior to marking the permanent record (if possible, obv. does not work once in StakeNet). 4-5 epochs perhaps. It could even be silent to see if the pattern of violation continues after some portion of possible pool collaborators are immediately banned.

1 Like

I like the starting point of this draft. Perhaps the prohibition period Otto mentioned can be applied to the “Any behavior deemed not in the best interest of the Jito Network and the broader Solana community,” situations. Additionally it’s important to push educational content regarding the scoring parameters for validators on StakeNet to ensure understanding and transparency. So a further breakdown and dissemination of information of the transgressions that can land you on the Blacklist is important. I do not want to veer too far off topic but I would like to add new value to the conversation. Based on JIP-3 and this topic there are more indicators pointing towards some sort of reputation system to assess validators. Here’s what we’ve come up with at Chainflow in regards to it:

Implement a Validator Reputation Score System

To complement the blacklist and provide a more nuanced approach to validator behavior management, implement a Validator Reputation Score System. This system will provide a transparent and objective measure of each validator’s performance and behavior, promoting good practices and reducing reliance on blacklists alone.

Details of the Suggestion:

1. Reputation Score Metrics:

  • Performance Metrics: Uptime, missed slots, and response times.
  • Behavioral Metrics: Participation in private mempools, vote lagging, and commission rugging.
  • Community Engagement: Contributions to the community, participation in governance, and support for new validators.

2. Scoring System:

  • Weighted Scores: Assign different weights to each metric based on their importance.
  • Transparency: Make the scoring algorithm and individual scores publicly available to ensure transparency and trust.

3. Integration with Blacklist:

  • Threshold for Blacklisting: Set a reputation score threshold below which a validator would be considered for blacklisting.
  • Grace Period: Provide a grace period for validators who fall below the threshold to improve their scores before blacklisting is considered.

4. Appeal and Review Mechanism:

  • Regular Reviews: Conduct regular reviews of reputation scores and blacklist decisions.
  • Appeal Process: Allow validators to appeal their scores or blacklist status, providing evidence to contest the decision.

5. Incentives for Good Behavior:

  • Rewards and Recognition: Recognize and reward top-performing validators with additional stake delegations, public recognition, and other incentives.
  • Educational Programs: Offer educational programs and resources to help validators improve their scores and adhere to best practices.

6. Collaboration and Feedback:

  • Community Involvement: Involve the community in developing and refining the reputation score system, ensuring it reflects the collective values and goals of the JitoSOL network.
  • Feedback Mechanism: Establish a feedback mechanism for continuous improvement of the scoring system based on community input.

Benefits:

  • Holistic Assessment: Provides a more comprehensive assessment of validator behavior beyond blacklisting.
  • Positive Reinforcement: Encourages positive behavior through rewards and recognition.
  • Transparency and Fairness: Ensures a transparent and fair approach to validator management.
  • Community Trust: Builds trust within the community by promoting transparency and accountability.

Risks:

  • Implementation Complexity: Developing and maintaining the scoring system could be complex and resource-intensive.
  • Subjectivity: Ensuring objectivity in the scoring system may be challenging.
  • Adaptation Period: Validators may need time to understand and adapt to the new scoring system.

By integrating a Validator Reputation Score System, we can enhance the management of validator behavior in the JitoSOL network, promoting fairness, transparency, and community trust while reducing reliance on blacklisting alone.

Disclaimer: this could be a bit too future-focused, but I think having an idea of what this reputation system COULD look like will make the integration of the Blacklist easier.