en
Back to the list

Lightspeed Newsletter: Solana users are still getting frontrun

source-logo  blockworks.co 02 July 2024 18:29, UTC

Today, enjoy the Lightspeed newsletter on Blockworks.co. Tomorrow, get the news delivered directly to your inbox. Subscribe to the Lightspeed newsletter.


Howdy!

Since it’s national poking fun at the British week: It’s a Chewsday, innit!

And speaking of chewing, a bit more on those pesky sandwiches:


Solana’s sandwich attackers are hanging around

In early June, the Solana Foundation blocked a group of validators found to be participating in private mempools that facilitate “sandwich attacks” from receiving a delegation from the foundation’s stake.

The Solana Foundation is a non-profit entity developing the Solana network. It has a sizable stake of solana tokens that it delegates with the goal of diversifying the field of Solana validators. Validators who help facilitate sandwich attacking — or front-running user transactions to manipulate prices and pocket the difference — shouldn’t be recipients of what are essentially grants from the Solana Foundation, the thinking went.

The foundation’s announcement came with a groundswell of anti-sandwich activity: Jito’s DAO proposed to blacklist malicious validators, and Stakewiz began labeling known sandwich attackers, to name a couple examples.

More recently, the popular Solana NFT marketplace Magic Eden introduced “mempool protection” that keeps user buys from being replaced.

But nearly a month later, Solana’s sandwich attack woes don’t seem to have abated. A dashboard crafted by the data outfit GhostGraph shows these sorts of attacks happening every couple seconds, and the Discord channel where Solana’s validators talk shop is still cloudy on the path forward.

A couple things appear evident from GhostGraph’s dashboard: First, the several sandwich attacks being tracked per minute are memecoin swaps, meaning unsophisticated retail traders are being exploited by more savvy sandwichers. Second, these transactions are being processed through reputable block leaders, which are the validators who create given blocks.

That’s not to say these leaders are bad actors: They may just not realize their block includes sandwich transactions, as a developer pointed out on Discord.

It’s also clear that the Solana Foundation’s un-delegation of stake wasn’t a silver bullet. Practically speaking, it’s difficult to slice out sandwich attackers — and to even find the private mempools where many of them reside.

I’ve heard of some in Solana running transactions with high slippage settings to purposely get sandwiched and identify attackers, but as Jito Labs CEO Lucas Bruder said in Discord, finding and blocking sandwichers is still a “cat and mouse game.”

When I asked the foundation’s ecosystem engineering lead Jon Wong about the difficulty of rooting out all sandwichers, he said “even if this is only an 80% type effort, I think it may be enough to at least dissuade everyone except the most dedicated attackers.”

These dedicated attackers can be quite dedicated though: A MarginFi researcher documented a sandwich bot named “arsc” pocketing $30 million over a couple months via sandwich attacks.

Jack Kubinec

Zero In

$79.55 million

That’s the market capitalization of PYUSD on Solana, making PayPal’s stablecoin the third-largest on the network, according to DeFiLlama. PYUSD is the eleventh-largest stablecoin generally, per CoinGecko.

In late May, PayPal deployed its stablecoin on Solana to much fanfare but little immediate adoption — the coin had 56 holders two days after launching, we reported at the time.

That number has grown to 652 now, which is bigger but still smaller than the number of subscribers to this newsletter (eat your heart out, PayPal).

PYUSD launched on Kamino and Jupiter this week, which will perhaps further grow adoption numbers, though the token was pitched as being focused more on payments than on DeFi.

Jack Kubinec

The Pulse

Jupiter Exchange, the Solana-based DEX aggregator, is contemplating an overhaul of its Jupuary event — a yearly token airdrop and community rewards initiative. The first Jupuary, which took place in the leadup to a Jan. 31 airdrop, featured substantial token emissions and community rewards, though some concerns have arisen over high emissions and inflated FDV.

Founder Meow recently proposed a 30% reduction in JUP token supply, team allocations, and Jupuary emissions to address these issues; the goal being to streamline the tokenomics of Jupiter’s core asset, JUP, and foster strong community alignment.

Community sentiment has been mixed, but many see the changes as essential for long-term growth. User @SuperSolana stated, “We need to be less selfish; the first Jupuary saved a lot of people and gave back to thousands who lost in the bear market.” While others shared strong opinions on how to reward community engagement, such as, “Platform usage as in swap volume should definitely be the most ‘rewarded’ activity.”

Not all feedback has been positive. User @Oo7Shubh expressed skepticism, noting, “If we get the chance to vote, then I will definitely choose NO. Because in terms of circulating supply this will create a huge impact and that’s what stopping people to buy or hold JUP.”

A more favorable sentiment was captured by community member @JohnVagabonder, who added, “It reminds me of Christmas, if you’ve been good all year and not on the naughty list Santa Meow will give you a present in January.” Others expressed deep trust and belief in the Jupiter team’s vision, with users like @dynatronix signaling, “I have such belief, such faith, such trust. Jupuary was the best event in crypto history as I see it. Catdets like myself will never forget it! And the pie will grow!”

Jeffrey Albus

One Good DM

A message from Mert Mumtaz, CEO of Helius:

blockworks.co