What is Solana?

Solana is a decentralized, permissionless network renowned for its eight key innovations, high throughput, and sub-second finality.

What is a commission rug pull?

A commission rug pull is when a maliciously behaving validator node adjusts its commission rate higher, usually unbeknownst to its delegators, for a certain amount of time. Then, towards the end of a new epoch, it readjusts it to a lesser commission rate or its original commission rate- in essence, it accrues all or most of the rewards intended for the delegators, usually without delegators’ awareness. A commission rug pull is always intentional. If a validator accidentally undertakes the actions mentioned above, for example, via a script, it can’t be classified as a commission rug pull.

Types of commission rug pulls

There are variants of two major commission rug pulls: single-epoch commission rug pulls, and multi-epoch commission rug pulls. Single-epoch commission rug pulls occur when a malicious validator node adjusts its commission rate higher and accrues even more rewards only during a single epoch.

Multi-epoch commission rug pulls share all the significant features of single-epoch commission rug pulls but differ in a few key ways:

• The most notable difference is they last for multiple epochs in a row.
• They are more likely to get caught as they lack plausible deniability compared to the single-epoch commission rug pull.
• They are highly likely to be malicious and can’t excuse accidental experimentation.

However, neither of these types of commission rug pulls are “rug pulls” in the conventional sense of the term. Still, both involve a malicious node diverting delegators’ expected rewards to their validator address, consequently impacting delegators’ overall APY and depriving delegators of their rewards.

How do malicious validator nodes get away with commission rug pulls?

To put it simply, they frame it as an accident. Single-epoch commission rug pulls are a bigger problem, as they have plausible deniability and can often claim it was an accident. Accidents like this can and do happen; therefore, it becomes difficult to distinguish between the accidents and those perpetrating single-epoch commission rug pulls.

Multi-epoch commission rug pulls can’t use this pretext and are likely less prevalent. Therefore, single-epoch commission rug pulls are more of a problem in the short to long term.

How should we assess a single-epoch rug pull?

Using the correct criteria to assess a single-epoch commission rug pull is challenging due to many complicating factors and a lack of knowledge about operators. However, we can start by asking some key questions and trying to find the answer:

• Has the validator raised and lowered the price throughout a single epoch multiple times over a longer duration?
• How likely is it for “accidents” to occur repeatedly?
• How do we gauge if it’s an actual accident?
• How easy or complex is it to accidentally hike the commission rate and reduce it within an epoch?
• If it’s an easy mistake, what’s the most common way this accident happens, and why does it repeatedly happen amongst various validators?
• How many times has this validator increased and decreased their APY in a single epoch? More repetitions with the same validator would indicate it’s a commission rug pull, as with each iteration, it becomes harder to deny that the behavior is deliberate.
• Does the timing seem to fit the pattern of a single-epoch commission rug pull? Is the commission fee raised mid-epoch but lowered at the end of the epoch or the start of the new epoch?

What solutions are currently applied to address commission rug pulls?

The unrelenting hard work of many validators on Solana and the Solana team has to be acknowledged, and this issue is being actively assessed. In addition, it is discussed in the various Solana social channels.

The Validators App created by the validator Block Logic chronicles validators’ commission changes in real-time. Delegators can monitor this phenomenon and not stake to delegators engaging in this behavior. As a result, many validators are having the necessary discussions and laudably raising awareness about this phenomenon which is one of the main objectives of this article.

As can be seen above, multiple unnamed validator nodes and even some named nodes engage in this behavior. The Validators app is the de facto website to go to when looking out for which validators to avoid.

Moreover, another solution currently applied is public disapproval and shaming. This approach is multi-pronged: not only is the evidence chronicled on the validator app for all to see, but validators are branded with a badge of dishonor, showing potential delegators and current delegators that a validator node has engaged in unethical behavior and is stealing delegator funds.

What are the problems associated with commission rug pulls?

The problems of commission rug pulls are multifaceted, but a practical solution should seek to remediate the following issues:

• The commission rug pulls continue despite the social opprobrium.
• Single-epoch rug pulls have the pretext of an accident, so it’s sometimes harder to distinguish between malicious and accidental behavior.
• More effective solutions could be applied to deter would-be malicious validators.
• Existing solutions are mitigatory rather than preventative, and therefore a shameless financially motivated actor will continue their malicious actions unabated.
• Delegators unfairly and inevitably lose rewards that they should be entitled to irrespective of whether a validator accidentally increases their commission rate or whether it’s a commission rug pull.
• Despite best efforts by major validators and Solana, delegators are still often unaware after a commission rug pull has occurred and much of the community is still unfamiliar with this issue.

Unfortunately, current solutions don’t address all the problems enumerated above despite best efforts. Therefore, we will discuss some potential solutions that address the above issues.

What are the potential solutions?

For now, public opprobrium has shown itself to be somewhat effective in remedying this problem. But in my opinion, the best approach to combat validator malfeasance in the absence of slashing is to deny the capacity of the malicious actor to conduct the attack in the first place by structurally making this type of attack vector impossible.

The reality is that social stigma is only effective in combating this behavior within particular confines and ultimately won’t deter a shameless, well-resourced, financially motivated malicious attacker.

I will now outline some potential solutions deliberately eliding slashing, as slashing has not been implemented yet, and the reality is the issue is occurring now.

Maximum validator commission rate

A maximum validator commission rate would prevent malicious validators from drastic upward commission rate flings to 100% then downward to 10% again but would cause other issues.

Contrary to expectations, this potential solution would unfortunately not be tenable as it would not prevent commission rug pulls, and private validators still need to set their validator commission to 100%. Furthermore, implementing this solution would unfairly exclude private validators from participating in Solana’s consensus and thus make Solana not permissionless.

Multi-epoch validator commission rate limits

The best solution is not required to redress and financially remunerate delegators whose funds are effectively stolen but makes it impossible for their rewards to be stolen in the first place. Therefore, multi-epoch validator commission rate term limits should be considered.

Multi-epoch validator commission rate limits would achieve this criterion. They would prevent validators from altering the commission rate on a whim, and it would be beneficial as it solves every problem in the problem list. Because it’s impossible to perform a commission rug pull, no social opprobrium is required, they can’t claim it’s an accident, it doesn’t rely on mitigatory measures or a deterrence strategy, and users who have had their rewards diverted don’t have to be informed or made aware of the issue. Most importantly, delegators don’t have their rewards thieved by unscrupulous validators with no prospect of reimbursement.

Questions arise about how many epochs the validator commission rate limits should last. The epoch duration should be short enough for validator nodes to dynamically adjust to competitors’ commission rate changes but long enough to prevent constant changes and any commission rug pulls. Perhaps a validator limit of 4 epochs (approximately ten days) would be appropriate. However, after a logical and lively discussion, the community best decides the number of epochs or overall duration.

A counterargument that validators can propound is that multi-epoch validator commission rate limits prevent validators from having the control or the freedom to change their commission rates. But the reality is that many other networks such as Avalanche don’t allow commission changes midway through their delegation and seem to be doing great. Also, why should the freedom of validators to change commission triumph over the delegators who are effectively getting robbed with little recourse?

Another counterargument that validators could put forth is that the multi-epoch validator commission rate could introduce unintentional side effects to Solana’s slashing system. For example, what if a validator accidentally changed their commission rate to 50% then had to wait four epochs to change it back to its default at 10%? Could this be an issue?

My answer to such a claim is that validators should be more careful about causing accidents. Furthermore, a significant burden of responsibility should be on them as they are often more knowledgeable and more actively involved in the network than many delegators.

Once slashing is implemented, more symmetric economic penalties can be applied to validator nodes perpetrating commission rug pulls. But for now, slashing is not an available weapon on the table of disincentivization.

‍

Conclusion

In conclusion, commission rug pulls are an under-discussed, under-reported, but not an underestimated phenomenon emanating from the Solana ecosystem. However, due to collaboration between validators, the Solana team, and the Solana ecosystem, significant headway has already been made in addressing and solving commission rug pulls.

At Figment, we hope to illuminate potential paths forward and constructively add to the ongoing discussion.

‍

Acknowledgments

A special thanks to the validators on the Solana Discord, who brought this issue to my attention and extensively discussed the issue with me or in general. Also, thanks to the Solana Team and others in the community who are actively implementing solutions to fix this!