Open in app

Sign in

Write

Sign in

Paladin Dynamics

Solving Bad MEV for Good (4/4)

Uri Klarman
6 min readJul 30, 2024

With the context of what the PAL token actually does — let’s explore what are the dynamics Paladin’s design creates.

Pack of Wolves

Paladin’s key dynamic is that of a pack of wolves:
Just run with the pack, don’t do anything smart, and get your share of the meat.
But go against the pack in any way and the other wolves will kill (slash) you and take your share.

Validators need to just run Paladin — that’s it.
They’ll be airdropped huge amounts of PAL, it’s good for Solana and therefore their SOL bags, and they’ll capture more and more good MEV (imagine what Solana DeFi can be in 5 yrs).
Everybody wins.

But go against the pack, or even just have the appearance of doing so — and you risk your PAL getting slashed. You will lose your staked PAL, its MEV revenue stream, but most importantly — it can cause your APY to drop and for you to lose your stakers.
Because PAL acts as a signal to users, RPCs and wallets whether a validator has significant collateral not to screw them over. Mess with them, and they will censor you, driving your APY down, and potentially causing your stakers to leave.

So don’t. Just run Paladin, get your share, run with the pack.

Spin the Flywheel

Paladin’s launch plan is straightforward:

  1. Airdrop A LOT of PAL to all Validators
  2. Get at least 10% of stake as launch partners to run Paladin on day one
  3. Airdrop all Solana builders.

Once Paladin launches, all Solana builders and stakers will immediately see that PAL constantly pays them SOL. Not all of it — maybe only 10% of its potential — but they will immediately see it is valuable.

This, in turn, incentivizes all the validators to run Paladin, even if they don’t (yet) believe in Paladin at all and just want to sell the PAL, as we explore below.

Sell, Sell, and then…

The really cool thing about Paladin is how it works even if most validators don’t initially buy into it.

It’s enough for a subset (eg 10%) of validators to run it to generate fees to all PAL holders, and make PAL valuable. Because all validators and stakers are airdropped HUGE amounts of valuable PAL, they’ll be better off to run Paladin honestly “just for now” to avoid getting slashed, and to gradually sell it.

This in turn increases the amount of MEV funneled to PAL holders (more validators, more MEV funneled) and make PAL more valuable.

Since Palidators and stakers are limited to unstaking 5% of their remaining staked PAL per month, a “non-believer” validator who plays along and run Paladin while unstaking for 6 months (will unstake 26.5%) or 12 months (unstake 46%) or 18 months (unstake 61%) or 24 months (unstake 71%).

At some point, it would consider whether its remaining collateral is too small to disincentivize it from “cheating” and frontrunning users or any other way, BUT this is where the Pack of Wolves dynamics ☝️ comes into play.

If the Palidator decides to cheat it would lose its remaining staked PAL, but more importantly it risks users, RPCs, wallets etc avoiding it and reducing its APY, and potentially have its stakers leave it.

Once the flywheel is spinning, validators are incentivizes to continue being honest, even if they unstake most of their PAL.

Note that as the Palidtor is unstaking its PAL, it’s making less and less $, so a potential outcome is that Palidators unstake some of it while others (eg long term SOL stakers) accumulate it.

Reminder — Paladin only needs to fix the short-term incentive to frontrun, so at any given time the downside from “cheating” significantly outweigh the upside. The long-term incentive of validators and stakers is already aligned not to frontrun.

Preventing Multihoming

In the previous posts we outlined some ideas to enhance and expand Paladin’s functionality (e.g. capture liquidations, whitehat module, etc), but Paladin’s design is to incentivize incorporating new functionality into Paladin, and to prevent spawning alternative protocols.

Enabling any alternative protocol, even if compatible with Paladin, opens the door to a range of attacks. These range from simple copypasta vampire attacks (destabling PAL in the process) to skewing the carefully designed incentives to prevent frontrunning, e.g. wrapped-staked-PAL tokens which allow non-SOL-stakers to stake PAL.

Regardless if such protocols/projects are malicious, selfish, or altruistic, they risk the design to disincentivize validators from frontrunning users, which many considered impossible to construct, required multiple iterations, and took 2 years to develop.

The first-ever Paladin article, published in 2022 just before the FTX collapse.

To prevent skewing these incentives, Paladin requires Palidators to just run Paladin.
No additional protocols.
No additional modules.
No closed-sourced validators enhancements.
Anything else is slashable dishonest behavior.

Validators can still explore ways to improve and enhance Paladin, staking, or their validators — they’re encouraged to! But they should just do so in the open, share their attempts, the results, and eventually the code (whether it’s an enhancement to Paladin or the Solana client). The Evergreen Dev Fund can even fund any such experiments, whether done by validators, searchers, researchers, or any other entity.

But following the “Pack of Wolves” dynamics, Palidators will slash Palidators who attempt to multihome and participate in alternative protocols, and in doing so incentivize exploring such ideas within Paladin and not as competing protocols.

The Perfect Ratio 👍

PAL stakers and Palidators can only stake PAL in proportion to how much SOL they have staked (Stakers) or are delegated (Palidators).

This cap prevents small SOL stakers / Palidators from capturing MEV disproportionately to their contribution, and lacking it, large stakers / Palidators would have been incentivized to allocate all their PAL to a small honest validator, and not to run Paladin with their true stake.

Paladin’s Double-Edged Sword

The majority of Palidators can slash the staked PAL of Palidators and their stakers if they suspect they “cheat” in any way. Since it’s usually impossible to prove frontrunning occurred (impossible to distinguish a frontrun Tx from a random Tx landing 1 μs faster) Palidators are likely to make sure they don’t even appear to cheat in any way.

But what would happen if a dishonest Palidator, or a group of colluding Palidators try to slash an honest Palidator to increase their share of the reward?

Slashing a Palidator requires the majority of staked PAL — i.e. the participation of many competing validators and stakers. If any one of these entities recognizes this is a dishonest attempt to slash an honest Palidators, its honest (and incentivized) response would be to propose slashing the dishonest attacker and any colluding partners.

In fact, colluding is very unlikely since each colluding entity is incentivized to defect and propose to slash the other colluders — it will have the same gains (or higher if the colluding group has more PAL) without the additional risk of dishonest behavior.

In summary, this is a cool theoretic attack-modeling thought experiment, but does not match the incentives of Palidators or stakers, large or small. They are all incentivized to make sure they appear honest and not to dishonestly blame others.

You could imagine each validator speaking softly and carrying a big stick, making sure everyone is well behaved.

--

--

Uri Klarman

Written by Uri Klarman

50 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams