JIP-15: Authorization of New Blacklist for Malicious MEV Activity

Category: Structure

Abstract

This Jito Improvement Proposal seeks to authorize a one-time committee to provide a recommendation on processing a new Jito StakeNet blacklist targeting validators engaged in malicious MEV activity. This proposal is an iteration of JIP-4 — which was passed by the DAO and implemented effectively — and reaffirms the DAO’s governing principles of acting in the best interest of the Solana network and JitoSOL token holders.

Motivation

• Historical Context:
  JIP-4 successfully empowered a working group to execute a one-time blacklist of validators engaging in private mempool participation. The success and effectiveness of that initiative have provided us with valuable lessons and established precedent.
• Current Context:
  An ongoing investigation conducted by a group of ecosystem researchers indicates that malicious MEV activity continues to impact network fairness and integrity, with approx. 14% of Jito Stake Pool Validators currently engaging in private mempool participation. The results of this investigation have been shared among ecosystem partners, including the Solana Foundation Delegation Program, leading to their recent blacklisting action.

Like JIP-4, this proposal gathers a temporary Working Group and empowers them to review the investigation’s evidence, and allows them to make a determination as to whether the DAO or the Security Council, which share StakeNet upgrade authority, should move forward to enforce the blacklist.

• Governing Principles:
  The DAO is guided by principles that require it to act in ways to support the growth and development of the best interests of the Solana and Jito networks and the JitoSOL token holders. By approving this proposal, we reaffirm our commitment to these principles.
• Future Outlook:
  Recognizing that a comprehensive, ecosystem-wide decentralized detection and curation structure for malicious MEV activity is not yet in place, this proposal will serve as an additional stop-gap measure. It gives the ecosystem an opportunity to address the need immediately, while signaling that a future vote may be initiated to fund a more permanent and decentralized solution if required.

Key Terms

• Malicious MEV Activity: Practices that exploit the network through harmful MEV strategies, negatively impacting network integrity and fairness.
• Working Group: A body composed of selected validators and expert overseers tasked with reviewing evidence and making recommendations regarding blacklist enforcement.
• One-Time Vote: A vote held solely to authorize the enforcement of a blacklist based on the current evidence, without establishing a permanent or recurring process.
• Solana: Solana is a credibly neutral blockchain.
• Jito Foundation: The Jito Foundation is a Cayman Islands foundation company whose mandate includes supporting the growth and development of the Jito Network and the Solana validator economy. The Jito Foundation is an opinionated legal entity whose mandate includes promoting productive adoption of Jito Network products as well as the broader Solana ecosystem.
• StakeNet: StakeNet is an on-chain program that programmatically cycles validators into and out of the Jito Stake Pool based on predetermined, community-governed criteria.
• Blacklist: A list of validators prohibited from receiving stake from JitoSOL network due to harmful behaviors.
• Private Mempool: Non-public mempools in which transactions are broadcast to searchers ahead of finality, providing an opportunity for searchers to execute harmful MEV strategies such as sandwich attacks.

Specification

1. Working Group Formation:

• This proposal will lead to the establishment of a working group of 4 respected Solana validators and two non-validator overseers, prioritizing current governance delegates from the validator community, selected by the Jito Foundation.
• The working group will be responsible for reviewing evidence from the Jito Labs investigation and deciding on whether or not to enforce a blacklist.
• The working group members would include:
  1. Michael Hubbard - Stakewiz (Validator)
  2. OxNallok - Lode Ventures (Validator)
  3. Max Kaplan - Sol Strategies CTO
  4. Ben - Temporal (Validator + Solana core contributor)
  5. Blockworks Research (Non-validator representative)
  6. Mark - Kamino (Non-validator representative)

2. Evidence Review & Recommendation:

• The working group will confidentially review all provided evidence from trusted sources. If the evidence is deemed valid, they will recommend enforcement of a blacklist by either the Jito DAO or the Security Council, targeting those validators engaged in malicious MEV practices.

3. Blacklist Criteria:

• The committee will be examining a public list of validators that have been found to be engaged in malicious MEV activity. The committee will speak with a representative of the researchers who conducted the study to analyze the methodology, and then give a recommendation for the Blacklist process to move to Realms, which will be used to upgrade StakeNet parameters.

4. One-Time Vote:

• This proposal calls for a one-time Tokenholder Vote to authorize the working group’s recommendation.
• It is explicitly understood that this vote does not establish a recurring process; rather, it serves as an immediate measure to address the current threat.

A list of validators who would be affected if the committee finds the investigation to be valid includes: List

The committee may choose to subtract addresses from this list if it deems the chosen methodology to be too strict, but will have no powers to expand this list.

Benefits/Risks

• Benefits:
  • Enhances network integrity by proactively addressing malicious MEV activity.
  • Reinforces Jito DAO’s commitment to the governing principles by acting in the best interests of the network and JitoSOL token holders.
  • Offers immediate protection while allowing time for the development of a decentralized, long-term solution.
  • Fair Rewards Distribution: Ensuring all validators play by the same rules will promote a fair distribution of rewards.
• Risks:
  • Centralization Risk: Because the detection methods of one of the two blacklists have to remain private by nature, this one-time blacklist committee participation entails a high-trust position.
  • Conflict of Interest: Members of the working group may face backlash from blacklisted validators/their colleagues in the community.

Outcomes

• Immediate Action:
  • If passed, this proposal authorizes the formation of a working group to enforce a one-time action of two blacklists against validators engaged in malicious MEV activity.
• Reaffirmation of Principles:
  • The proposal reiterates that all actions must be taken in the best interest of the Solana network and the JitoSOL token holders.
• Future Considerations:
  • This vote provides a temporary measure while signaling the need for a future proposal that will fund and implement a decentralized structure for ongoing detection and blacklist curation of malicious MEV activity.

Cost Summary

• There are no direct financial costs associated with implementing this proposal.
• Any incidental costs related to forming the working group or reviewing evidence will be managed within the existing Foundation budget.

By voting in favor of JIP-15, Tokenholders will enable an immediate, one-time measure to counteract malicious MEV activity while reaffirming our core governance principles and paving the way for a future, more decentralized solution.

Very much in favor. I think it is in the best long-term interests of Jito and Solana to blacklist any validators running a sandwich-enabling mempool. At the same time I would urge the working group to be diligent in their analysis, to limit the blacklist to those validators where the committee is >99% certain.

Completely in favor!

Did some research on the provided list and find out that 2.4M SOL from Jito pool are staked to these validators, most of them in top 200. This represents 15% of the pool which could be redirected to honest validators who are already struggling.

I love to see that the two biggest stake pools (Jito and Marinade) are fighting for sandwichers and malicious MEV activity, is healthy for the whole ecosystem.

Considering the upcoming JIP-16 this is a breath of fresh air for small-mid size validators.

|rank | vote                                         |       score |    jito stake 
| --- | -------------------------------------------- | ----------- |    --------- 
|   8 | CJ1GZixWD1WzozqZMm3v9dY2xboRYZfQuuEHzawAthen | 999,626,277 |    78,927.45 
|  14 | GRWCUtxwiSLtLGERyNyZymr77NJdko2HdDHxpVcJz6E9 | 999,606,307 |    78,925.82 
|  22 | jUP5hCf2fGJEz8F2j2gACezxFYCNE9zo1eTMsRQjRK9  | 999,591,281 |    78,922.83 
|  23 | DrCcHpAWj8a4JU99QKtwfCynzdhgQeuieAY9WadZD5Ry | 999,590,767 |    78,905.70 
|  27 | 5XGMWvqZSBk1fktPtxbwaMF5dhkbrtchpwd4xiXG9q8u | 999,587,617 |    78,927.45 
|  31 | BfBPPqzYcqEQK9hF7AnQEJojzMtzQzB926qcPc4Y1v3L | 999,584,674 |    78,927.45 
|  40 | 39xF5qkfK5HBaG4Hkq6bjumUB2k4B5ozEAmfZoobhUVw | 999,564,409 |    78,814.69 
|  47 | 6xwWwNVXJLGhgPfBpew7UDcSjQr73McXSRK2EhdhcL1u | 999,551,729 |    78,839.72 
|  50 | 3NXnw51gHc2rDWTCWU4eVpP1yHyKKbJa1p6JDgMkmiDa | 999,544,977 |    78,839.73 
|  51 | A1taSaBJrLMrqfWsPESYDujnZv5yD7bF35LjXoyNXhzN | 999,544,958 |    78,839.72 
|  53 | HFLsfstZkJeWDgVEA5fmXeea876Ad9f1VxrbXk386bBY | 999,536,417 |    78,839.72 
|  54 | HAK7iPgQTFwqEzPfVrRDbG5epFdk1dsA9qQexytsDoes | 999,535,802 |    78,839.72 
|  55 | ADmLWUm2eQ3KFijFbqa4bVfiLVmW5iqjStE5b8Wbti1y | 999,528,817 |    78,807.56 
|  56 | FPjq7vB2V3TiseJJSPsp47UWSfT4AwvKjiU7GEro7bX9 | 999,528,182 |    78,839.72 
|  70 | 5VocRSwT6cqSTB8qcJ8CsSmHCmGNnohXySHWWQRfmv3a | 999,511,033 |    78,810.32 
|  71 | CrLn7zEBytbmRBUGhkDyyUbGCa6H7bMCnw94Dip8QbcJ | 999,509,380 |    78,839.72 
|  78 | 3Rk99suwAvvJgyLpDYEJeC2YPPLw1enc5T1r6J8ZoRSr | 999,499,706 |    78,839.72 
|  86 | D7ZCDE1PHe8duMjNpxwHrYbrRzcnsS7p4nD2daLzWwtr | 999,470,517 |    78,839.73 
|  88 | BWkvytz3MAiLkUbMuYK5yV1VYThbBYYQYG3gdef8NLw5 | 999,468,534 |    78,839.72 
| 129 | 725My2yzg5ZUpQtpEtivLT7JmRes2gGxF3KeGCbYACDe | 999,362,161 |    78,807.56 
| 133 | BXNW9ysAB9ksEDidcNWraaFkMeA88q6xzFRSyNnGvQYC | 999,332,889 |    78,807.57 
| 136 | 8EfUy8zz6DF2iTMQCUe4QAnoq4jVUzfU1yvZMCr2yJ7m | 999,327,766 |    78,807.56 
| 173 | AjdEzodq5LpRA63AtQaiHyTLDfjTkr6csrtYWiSDPjaK | 999,197,991 |         4.72 
| 176 | 8FPz3JG4E3HVXxGbPZVibarva4AGXSZWx3qKLUS5uFtN | 999,191,437 |    77,751.23 
| 195 | D8aGMETy3q6ymADJs7YS81QY2qTQmptVox3iCfGDgSTA | 999,021,054 |    77,574.44 
| 197 | DTDvrj1mKFv453DMAGRuFwg77DuLjsfVHnbLe5BJPL9D | 999,012,261 |    78,031.58 
| 200 | Atw2Wond9H3DHfgg5NGqi4dxMwF3Nrgdhm39x2oK8MCW | 999,007,240 |    76,335.57 
| 212 | H7JJ6aE73ufbUuDCZSQMxguQsj28XHe4VQyMk2hsVGoo | 998,905,587 |    70,853.39 
| 213 | 6ZUCygEHeA1MRgdxZ4V6e6gcAsJz1e2uDA3e3jv1bY7M | 998,881,347 |    77,586.61 
| 214 | De4k4hrdkxFHmAx4nVRA3g5ukdg4YqmDLdwuYUcrjjud | 998,880,484 |    68,578.64 
| 225 | GQ8DSRSNCFGEdCEwc6em1ma18qSPc5cXCSDnSPSznWBP | 998,801,419 |    71,591.05 
| 232 | 6GoijNiK3JZVAY96ykCfPhcJnrQfrQMLvrQaX5HyMVhu | 998,746,332 |    49,446.02 
| 235 | 2Gife8andd4BkEbT5CncpriPxmQYqbspDh8cXkN6RUSH | 998,715,665 |    70,845.19 
|     |                                              |             | 2,453,387.62

The blacklist hyperlinked in this proposal was previously editable, and an anonymous individual erroneously added at least one address.

Editing privileges have been made private, and the list of validators should now align with what was provided by the independent research group, as well as what SFDP put in place last month.

We will be voting in favor of this proposal. In the future, though, we hope that the Jito team and delegates can get together and come up with an alternative solution to blacklisting. Ideally we would want to see changes on the protocol level but the multiple concurrent leaders make things messy and probably requires a lot of overhead.

Just a pipsqueak but voting anyway, thanks for doing what you can!

Every vote counts Otto! Thanks for your participation.

Since my validator, Nam-dok-mai, was listed in the recent report, and I would like to respectfully request the possibility of an appeal.

I fully acknowledge the mistake I made. For a short period, I was connected to a mempool provider who claimed to engage only in arbitrage and explicitly stated they were not involved in sandwiching. However, after speaking with colleagues and learning more, I now understand that this was not accurate.

I also noticed that many of the validators listed in the report have appeared in previous lists compiled by independent researchers using various detection methods. My validator had never appeared in any of those prior lists, nor had it ever been connected to malicious mempools.

Given this context, I kindly ask for a more detailed review of the case and a chance to appeal for validators who have a long-standing track record of supporting the Solana ecosystem and are committed to its long-term success.

Sincerely,
A loyal and honest Solana validator, Nam-dok-mai.

An update on JIP-15 implementation

Following the successful passage of JIP-15, the working group has enacted the blacklist via security council execution. The key parameters that the group came to consensus on are as follows:

A Slightly Reduced Set of Validators Are Blacklisted
The working group exorcised its mandate to execute a slightly reduced blacklist of validators. The final blacklist can be found HERE.

No Appeals Process Mandate
JIP-15 empowered a group of experts to review a complex methodology for detecting malicious MEV. It did not have the powers, or mandate to process complex appeals. As a result the slightly reduced list was used to lower the strictness threshold of the list.

Sanction Duration
Any validator on the executed blacklist will be removed from the JitoSOL stake pool for 50 epochs.

Why This Approach?

• Precision: By filtering out low-severity cases, we focus on the most harmful actors.
• Fairness: A 50-epoch suspension gives validators a clear corrective path without permanent exclusion.
• Network Health: These measures strike a balance between protecting stakers and maintaining a robust, decentralized validator set whilst minimising malicious MEV.

A Zero Tolerance Approach to Malicious MEV: The Jito Network takes a zero tolerance approach to malicious MEV. It advises validators to not engage in tools or services that have a chance of exposing your validator to sandwiching activity.

Hi, there are new rejected due to MEV activity, will you add them to blacklisted as well?