MEV Penalties

We can categorize validator rewards as Beacon Chain rewards (block proposals, attestations, sync committees) and Execution Layer rewards (priority fees and MEV). While Beacon Chain rewards go to the specified withdrawal credentials of the validator and the protocol controls how those are split between node operator and rETH, Execution Layer rewards go to an address specified by the node operator.

Rocket Pool aims for fair sharing of Execution Layers rewards by requiring a specific fee recipient to be set as well as requiring use of MEV-boost with trusted builders in the future. To ensure that these rules are followed, the protocol utilizes a penalty system that is controlled by the oDAO. If the oDAO detects an infraction, they vote to apply a penalty to a minipool (51% quorum). The first two penalties per minipool have no effect, every penalty after that is currently 1.6 ETH (0.8 ETH for LEB8). Penalized ETH is taken out of the node operator's share and redirected to rETH. A guardian setting limits the maximum penalty (currently set to 0).

This design introduces a high level of trust for node operators: A malicious oDAO could penalize all minipools for the entire NO share, only restricted by the block gas limit. All the ETH in the protocol would be redirected to rETH, where an attacker would be able to extract it as explained in ETH Balance Submission. An option to limit the trust level of MEV penalties is discussed in Guardrails - MEV Penalties.