ETHx Enhanced Security | MEV theft and mitigation strategies
Stader prioritizes secure, profitable & user-friendly DeFi. With the 4 ETH bond and force exit, we deter MEV theft, guaranteeing deserving rewards.
Introduction
ETH staking generates rewards on both the consensus and execution layers. On the execution layer, validators earn income from MEV and priority fees. MEV is the reward earned by including, excluding and re-ordering the transactions in a block.
Stader requires all node operators to implement MEVBoost to ensure ETHx stakers get the best rewards. Stader redirects the MEV rewards accumulated by node operators towards a designated fee recipient. For those operating on ETHx, a Stader smart contract address receives the MEV rewards and distributes them among node operators, ETH stakers & Stader DAO. However, there is a risk that a node operator could change the fee recipient address to an externally owned address (EOA) to divert MEV rewards. While this would not affect users’ staked funds, it could potentially lower the EL rewards earned by ETH stakers.
Detection and Mitigation of MEV Theft
Stader has partnered with Rated to provide oracle services, keeping a close eye on changes to the fee recipient address. The Rated Oracle diligently scrutinizes each block produced by Stader’s node operators. Any deviation in the recipient address from those authorized prompts Rated’s Oracle to flag the block as potential MEV theft.
If a validator is flagged by the Rated oracle for committing MEV theft, strict penalties are enforced, utilizing the ETH bond and forced exit mechanisms.
- ETH bond: Permissionless node operators need to deposit at least 4.4 ETH worth of bond per validator as collateral to ensure ETHx’s security. If a node operator acts maliciously & diverts MEV rewards by changing the fee recipient address, they risk losing this bond.
- Forced exits: Beyond the 4 ETH bond, Stader has an additional enforcement mechanism: Forced exit. Stader collects an approved exit message (pre-sign) which lets Stader exit validators based on objective criteria– missed attestations, MEV misappropriation, etc. This is an industry-first innovation. A pre-sign message is a robust enforcement mechanism for keeping validator behavior in check. Currently, Stader handles the storage and broadcast of pre-sign messages, but the goal is to decentralize this workflow in the future, as described here.
Stader’s Penalty System:
- If a validator attempts MEV theft for the first time, they are fined 1 ETH.
- If the same validator commits MEV theft again, an additional 1 ETH penalty is levied and the validator is forced exited from the beacon chain.
- Post the exited validator settlement is complete, the penalty amount is directed to the deposit pool.
This penalty deters MEV theft and ensures a net loss for any validator who attempts to steal MEV rewards.
Future steps: Introducing node-level penalties
To protect ETH stakers from large MEV block theft, Stader will introduce node-level penalties in the next contract upgrade. Under this enhancement, a node-level penalty of 4 ETH & 0.4 ETH or more worth of SD on the first attempt of MEV theft for all validators of the operator and force exit all the validators of the operator. This firm measure ensures that the protocol and ETH stakers are protected from large MEV block theft.
Effectiveness of the MEV Theft Mitigation
The Stader team conducted a thorough analysis of MEV rewards for validators over a seven-month period (from September 2022 to March 2023), revealing a median MEV per block value of approximately 0.041 ETH. Furthermore, 98.94% of blocks had an MEV value lower than 1 ETH.
Based on these findings, even if a substantial proportion (30%) of permissionless node operators were to misdirect MEV rewards, the recovery through the 4 ETH bond and forced exits would still preserve around 94% of MEV rewards for users.
Final Thoughts
Stader’s progressive approach to managing MEV theft underlines our commitment to providing a secure, profitable, and user-friendly platform for our community. By employing a 4 ETH bond and a force exit strategy, Stader effectively discourages MEV theft and ensures that our users receive the rewards they deserve. As the DeFi landscape continues to evolve, so will Stader’s efforts to safeguard and optimize our platform and our users’ investments.
Suggested reading:
- In-depth risk analysis of the 4 ETH bond: https://www.staderlabs.com/blogs/ethereum/4-eth-bond-a-detailed-risk-analysis/
- Discussion on the Stader <> Rated partnership: https://forum.staderlabs.com/t/stader-to-engage-oracle-services-provided-by-rated/678