Solana removes users after so-called sandwich attack
The Solana Foundation has removed a group of validator operators from its delegation program due to their involvement in sandwich attacks on Solana users.
Tim Garcia, head of Solana Validator Relations, announced this at the Solana Foundation Discord server. He emphasized that the decisions on this matter are “final” and that the organization is taking ongoing action against operators who enable sandwich attacks via mempools.
Protect normal Solana users
Mert Mumtaz, co-founder of Solana RPC provider Helius, praises the foundation’s move. According to him, this action protects normal users from validators abusing delegation based on MEV (Maximal Extractable Value) rules.
MEV problems arise when validators manipulate transactions to maximize their profits. This includes front-running and sandwich attacks, where validators exploit transactions to profit from price changes, causing higher costs for users.
In a sandwich attack, an attacker places two transactions around a victim’s transaction to manipulate the price and profit from the difference.
How does a sandwich attack work?
Imagine someone wants to buy 10 SOL for 100 USD per SOL and places a buy order on a decentralized exchange. A malicious validator sees this buy order and quickly places its own buy order for 10 SOL at 100 USD per SOL, just before the original buy order. This causes the price of SOL to rise a bit.
When the original purchase order is executed, the buyer now pays USD 105 per SOL due to increased demand. Immediately after this transaction, the validator sells his previously purchased 10 SOL for 105 USD per SOL, making a profit.
The validator has therefore spent 1000 USD on the purchase and receives 1050 USD on the sale, with a profit of 50 USD. The buyer, on the other hand, pays 1050 USD instead of the original 1000 USD.
This is a sandwich attack: the validator profits by manipulating the price, causing the buyer to pay more.
Malicious? Then you will be removed
The Solana Foundation previously laid out rules against such attacks in a Discord post from Garcia on May 7. It stated that anyone engaging in what the foundation deems “malicious” activity will be “removed from the program” and have their commitment permanently withdrawn.
The Solana Foundation Delegation Program supports validators by delegating SOL tokens to them, eliminating the need for them to own a large number of tokens themselves. Validators are selected based on their performance and must adhere to certain rules and good practices.
