CLI tool for CSM validator management

Lido’s Community Staking Module (CSM) is a groundbreaking step toward decentralized staking. However, the manual process of creating validator keys, deploying them, handling exits, and ensuring everything runs smoothly can be quite cumbersome—especially when you’re managing a large number of validators.

We are excited to introduce the Lido CSM Validator Manager, an open-source tool we’ve developed to streamline the deployment, monitoring, and management of Lido CSM validators at scale. At Firstset, we’ve successfully used it to run over 100 validators during the CSM testnet process, and we believe it can benefit other node operators facing similar challenges.

Key Features

Deploy Validators

  • Automated Key Generation and Deployment: Create and deploy new validator keys to both your validator client and the Lido CSM seamlessly.
  • Node Operator Registration: Automatically register a new CSM Node Operator if needed.
  • Duplicate Key Checks: Prevent issues by checking for duplicate validator keys across your validator client, remote signer, and the CSM.
  • Remote Signer Support: Optionally upload keystores to a remote signer setup, such as Web3Signer.

Manage Validator Keys

  • State Consistency Checks: Identify inconsistencies between keys registered in the validator client, remote signer, and the CSM.
  • Inconsistency Resolution: Roll back inconsistent states to maintain a reliable validator setup.

Exit Validators

  • Manual Exits: Exit validators individually using their public keys.
  • Automated Exits: Monitor the Lido Validator Exit Bus Oracle and automatically action exit requests for your node operator IDs.
  • Notifications: Receive Telegram notifications for detected exit requests to stay informed in real-time.

Additional Support

  • Remote Signer Setups: Full support for remote signer configurations, enhancing security for your validator keys.

Design

The Lido CSM Validator Manager relies on one external process and several APIs to function effectively:

  • Staking Deposit CLI: Used for generating the keystores and deposit data required for validator creation.

  • Lido Keys API: Checks if any of the generated keys have been previously uploaded to prevent duplication.

    Note: This is a critical step as uploading duplicate keys to the Lido CSM is possible, which could lead to submitting a bond for a validator that will never be activated.

  • Validator Client Keymanager API: Allows remote loading of keystores into the validator client.

    Note: Since the Keymanager API is typically offered over plain HTTP, the Validator Manager securely wraps the connection over an SSH tunnel to enhance security.

  • Ethereum JSON-RPC API: Interacts with the Lido CSM contracts for reading data and submitting transactions.

The interaction flow is as follows:

  1. Key Generation: The Staking Deposit CLI generates the validator keys and deposit data.
  2. Duplicate Key Check: The Lido Keys API is consulted to ensure that the generated keys have not been previously uploaded.
  3. Keystore Upload: The keystores are securely uploaded to the validator client using the Keymanager API over an SSH tunnel.
  4. CSM Registration: The Ethereum JSON-RPC API is used to interact with the Lido CSM contracts, registering the validator keys and, if necessary, the node operator.

This design ensures a streamlined and secure process for deploying and managing validators within the Lido CSM ecosystem.

Caveats

Due to the distributed nature of validator operations and non-transactional behavior, inconsistencies may arise from failures or interruptions. The Lido CSM Validator Manager helps mitigate these issues by providing state checks and the ability to resolve inconsistencies.

As a node operator, it’s essential to ensure that:

  • For each validator keystore loaded in your validator client or remote signer, there is a corresponding public key registered in the Lido CSM contracts.
  • For each public key registered in the Lido CSM contracts, there is a corresponding keystore loaded in your validator client or remote signer.

If inconsistencies occur (e.g., the tool is interrupted during key deployment), use the state-check functionality to identify and resolve them.

Get Started

To get started with the Lido CSM Validator Manager, visit the GitHub repository. The repository contains detailed instructions on setup, configuration, and usage.

Feedback

Let us know your feedback or thoughts below, or feel free to open an issue through the Github repository!

11 Likes

Very cool! Have updated the operator resources on the portal to include this ( see https://operatorportal.lido.fi/existing-operator-portal/ethereum-onboarding/no-resources-tooling) You should definitely also apply for a grant with the Community Lifeguards!

I changed the post tag to “Node Operators” if you don’t mind, as I think it’s a bit more relevant.

3 Likes

Thanks!

Is there a formal process for this?

Yes! You can see the full process and scope here.

Feel free to send me a message via telegram as well @entigd.

1 Like