Decentralization is a key ingredient for the success and integrity of a distributed financial system. On Solana, stake determines the consensus and governance voting power of validators in addition to the frequency at which they are allowed to propose blocks. In a steady state, high performance modded validators performing MEV earn a disproportionate share of both inflation and block rewards, causing their stake weight to outpace those of other validators over time.

Although stake can be redistributed via re-delegation in the case of high stake centralization, there are two risk factors that – when combined – can cause an unrecoverable level of stake centralization that we believe is a major risk for the network. We shall present data demonstrating that these two critical risk factors are active and – if left unchecked – will centralize stake on Solana dramatically on the order of several years. We will also discuss our recommendations for mitigating this centralization force.

The two critical risk factors are large delegators looking to maximize profits through disproportionately profitable, malicious MEV strategies. When combined, this creates a scenario where a large pool of stake controlled by few grows faster than any other pool on the network. In the case of this runaway centralizing force, rational large delegators receiving outsized returns are only motivated to delegate stake away from non-malicious validators to avoid a tragedy of the commons. Protocols and users that prioritize a decentralized blockchain will not use a centralized distributed system. But what if the validator themselves is a large self-staker? In such a case, a single entity remains in control of a large proportion of the stake even in the case of re-delegation. And if the re-delegation is partial, their share of the stake still disproportionately grows.

We believe this centralization of stake is currently happening on Solana at an alarming rate.

In 2024, a public mempool was the source of much controversy because of sandwiching that degraded the experience of many users. Due to the proposer monopoly on Solana and the lack of venues like RFQs, there is no competition on execution price at any single point in time, so users were given the worst possible execution price. This value was redirected primarily to the sandwichers, with the liquidity providers of AMMs also enjoying larger fees from the increase in volume. This public mempool was quickly turned off to improve the user experience, but private mempools emerged, and this nontrivial source of revenue was centralized to the select few willing to execute these strategies.

There is a particular operator on Solana that is executing sandwiches with a $2mm daily profit. Over the course of the next two years, if left uncontested and accounting for the compounding from staking these profits, this operator could amass billions of dollars worth of stake and become the largest centralized pool of stake on the network.

There are several ways to ameliorate this problem. We propose some short and long term solutions. The first short term solution is to maintain a whitelist of validators that have historically not participated in sandwiching. This list can be used by apps to avoid sending/forwarding transactions to sandwiching validators. This directly reduces the profits of validators that are degrading the network and the user experience. The second short term solution is to restore the public mempool. Fundamentally, a core immediate issue is a lack of competition for this MEV strategy. By restoring the public mempool and advising users to tighten their slippage parameters, the growth of a single malicious pool of stake becomes less disproportionate. The resulting negative externalities of centralized stake to a single, malicious entity can be mitigated if new competitors in the public mempool compete to share profits with stakers that are ultimately enabling these profits.

Lastly, the best solution is the long term solution of eliminating the proposer monopoly. In the presence of multiple concurrent proposers, validators are incentivized to include transactions as quickly as possible, reducing the utility of a mempool and the time available to execute MEV strategies. Additionally, the probability that at least one of the multiple proposers at any given time is a non-sandwiching validator is higher, providing users with more availability.

The team at Temporal will follow up on a more in-depth review of this existential problem over the coming weeks. We are working with partners in the background on a whitelist solution at present, and may recommend a public mempool after more data is presented.