New Stake Frontrunning


In the event of a supply-chain style attack, where one of our Node Operator partners is compromised, an attacker could manipulate the information sent to the Mantle LSP system in order to attempt to steal funds. For example, a "rogue" Node Operator could:

  • Pass deposit information with incorrect withdrawal credentials

  • Using the validator keys to sign a valid transaction which front-runs a legitimate deposit with different withdrawal credentials, resulting in the "real" deposit being credited to them as a top-up.


To ensure that the protocol is fully protected from these cases, the off-chain services always:

  • Cryptographically verify deposit data to ensure it matches the protocol's withdrawal address

  • Searches all validators and (pending deposit events) to ensure that a validator has not already been used.

  • Validates the state of the beacon deposit contract to stop any front-running.

With these checks in place, it is not possible for a compromised node operator to steal protocol principals and consensus layer rewards.

Node operators remain able to set the "fee recipient" of validators, which earns gas tips and MEV rewards from consensus layer execution. In theory, a compromised node operator could redirect this address in order to steal Execution Layer rewards. Our off-chain services also monitor this and will flag any Execution Layer rewards that are not routed to the protocol correctly.

Last updated