Community Staking Module

Hey! While I always enjoy our discussions and especially diving deep together to analyze technical and economic system nuances, and all the neat things a DiVa is doing in this regard, unfortunately I think this response is exaggerated and not internally consistent.

You mention systemic risks and irreversible consequences but I see neither the presuppositions for such an argument nor the rationale through which this conclusion is reached. The CSM proposal should be considered holistically, as @dgusakov has pointed out, and cherry-picking its facets and extrapolating disaster scenarios doesn’t seem appropriate (i.e. one should at least consider limitations of TVL, the specified reasons for incentive structures, the fact that I think we all agree pure solo staking is not something economically viable at the scale needed to adequately secure the network and thus needs to have barriers to entry reduced).

In its current form, the CSM would improve the Lido NO diversity, but would have a negative net impact on the decentralized staking ecosystem, as it would incentivize stETH growth at the expense of decentralized alternatives.

This is not true and here’s a simple example: it could be the scenario that 1 year from now if the CSM has been activated the Lido protocol only has 32% of staked ETH. “but that would never happen!” sure it has, Lido was at ~30% in May 2022 and is at 32% now in Nov of 23. Other decentralized LSPs have grown (in absolute terms at least, and some in relative as well), and the number of decentralized LSPs has substantially increased. In this case, the set (both Lido and the network) is not only better decentralized, but there’s no bearing on whether the relative growth that may have gone to Lido has gone to other decentralized alternatives (or CEXs, which seems to be the trend regardless).

You claim that the CSM economic incentives would do so at the the “expense” of decentralized alternatives, but IMO the reasons you’ve outlined aren’t really convincing.

NOs get in CSM get a higher fee than Curated ones

Ok, so what? They will run much fewer validators, so it makes sense.

subsidize APR in order to convert operators from decentralized staking protocols.

I don’t buy this argument, but by this line of argumentation all decentralized LSPs are really just trying to take users from each other, ergo DiVa doing it is OK but it’s not ok if Lido is doing it because the only consideration that matters here about this is whether is someone near 33% or not which is obviously untrue (there’s other things that matter, and might not matter more to you, but they certainly do to me and others as well).

Also, I think here you’re not taking into account the secondary rewards for other LSPs (e.g. have you factored in RPL rewards here?).

As Dima points out, these are not subsidies. The protocol is not incurring losses to provide these increased incentives, it is not changing overall fees on stETH (to make the token itself more attractive), and because this module is permissionless it can be benefitted by anyone; rather it is a reasonable analysis given that these operators would run fewer validators overall (both in mean and median) compared to the curated set, and given that running validators is roughly a fixed cost (or rather starts out ~fixed and then increases with size and complexity but basically only at the professional level) it’s clear that rewards must also be greater for this to be an economically enticing endeavor.

This is further aggravated by the possibility that Lido will provide financial incentives to solo-staker software providers or node clients, which can drive their UX to favor Lido installations over other decentralized alternatives.

Nothing stops other protocols from doing this as well, or creating their own solutions to do so. Monopolistic behavior is characterized when someone is using their position to do things that others cannot, preventing them from doing so on equal footing, or crowding them out. None of these are the case. In this case it is expressly the opposite! If Lido DAO were to support these implementations in open source applications would make it easier for other LSPs to do the same at a fraction of the original cost, since a lot of the code could be re-used across the different LSP implementations. It’s pretty clear if you just apply this “danger” to another similar topic: DendrETH: A trustless oracle for liquid staking protocols , the mutual support in Dendreth by multiple LSPs not only has the benefit of the creation of a solution which could be utilized by multiple protocols (by virtue of being coordinated across a group of participants and thus commonly useful), but also minimizes (or even potentially reduces) the cost of this resource being develop (and possibly used) by competitors to zero.

Looking at the impact the Lido protocol has had on the network, it’s clear that it has meaningfully decentralized it in numerous substantial ways: distribution of stake and preventing single entity CEXes or NOs from amassing outsized stake weight, client diversity (CL and EL), infra diversity, geographic diversity, censorship resistance, sustainable funding of client teams, etc… Where it definitely needs improvement is permissionless participation and a broadened NO base – it’s odd to now say “well, you can’t decentralize there too, that’ll be bad for others!”. Most importantly, large-scale cannibilization of other decentralized LSPs is unlikely IMO. 1) these protocols already have strong communities and often largely sticky NO sets because of their economic models. To wit, they rely on secondary token and/or utility token dynamics which means that the NOs are largely “illiquid” unless they are in a position to not incur serious losses when transitioning, 2) saying Lido has a monopolistic position is something bandied about constantly without the facts to back it up. The protocol does not have a monopoly, only ~32% of stake flows through the middleware (by definition you could have a network with 2 additional participants at this market share) and it is highly liquid stake (i.e. liquidity and withdrawals make it extremely easy for people who disagree with the product to leave it VERY fast). Monopolistic position would be something like 51%+ (in the case that monopolistic acts were utilized) (or 67%+), and using monopolistic powers or mechanism to do things like close the market, crowd out competitors, mandate that node operators who use lido do not use any other LSPs, etc., none of which it does (in fact the protocol is more open and freer in terms of entry and exit than others in these regards). 3) Competitors and self-styled decentralization clergy do not get to declare for everyone else what is decentralized and promotes decentralization or not. I realize we all have different view points, but historically the actions of the Lido DAO and most importantly the impact of the Lido protocol on the network prove that it has been practically and pragmatically one of the largest decentralizing forces on the network. You believe that a Lido capped at 33% will practically decentralize the network further, I believe it will not, and we’ll end up with something far worse.

While this proposal could be a net positive in a world where Lido self-limited, the reality is that Lido continues to increase its dominance with a stated goal to replace centralized staking.

Again, it doesn’t. Lido stake weight is today only slightly above what it was in May of '22.

The size of stETH has already been an extremely contentious topic, with the risk of social slashing looming over Lido. This proposal should not pass without modifictions, as it can damage Ethereum’s decentralized staking and further increase the risk of social slashing for Lido.

This is FUD at best. There’s no real threat of social slashing looming over Lido, and it’s disingenuous to say so. Social slashing is of course Ethereum’s last and ultimate resort against an attacker, but there is zero reason to believe that the Lido protocol (a) could be practically utilized (* by practically I mean "with a reasonable likelikhood and in a way that is actually possible realistically vs just theoretic) to attack the network at current stake share, above 33%, and even above 50%, (b) that that attack wouldn’t be met with extreme prejudice not only by existing stakers, node operators, the Lido community, and the wider Ethereum community itself, and that (c) that there wouldn’t be enough time for an immune response to materialize and be deployed.

Social slashing is a defense mechanism whose main usefulness and utility is as a deterrent against malicious acts in the first place. It is exactly for this reason that it makes such little sense for the DAO to attack the network or for anyone else to try to use the DAO for a vehicle to try to do so. Once the network uses this it will seriously endanger its credibility and ability to use this mechanism in the future against real substantive threats. For a very similar reason things like “MVI” and issuance changes are short-sighted, many see that economic security is “overpaid for” when in reality the “overpayment” creates positive externalities in terms of user confidence and a culture of economic and social security that is much more easily assailed otherwise.

Why is this premature? It’s not realistic or practical to propose a structure when there are so many moving parts that are exogenously determined. The work can progress in parallel and the fee structured can be agreed upon closer to testing. Rocketpool’s fee structure was constantly changing and even changed last minute (and then after it went live). I agree that a fee structure should be put forth clearly before the actual “go live” of the module happens (which would require an on-chain vote regardless), but there’s plenty of time in between then and now.

but decentralizing WITHIN Lido as an entity does not decentralize the beacon chain.

Lido is not one entity, it is a protocol used by multiple entities. It absolutely does and has, decentralized the beacon chain, from all practical effects, and especially from the perspective of staving off centralized stake (which recently and in light of growing institutional appetite has begun to skyrocket again). I guess you can loosely look at the DAO as one entity, but saying “pure DAO == any other entity (e.g. a company incorporated in a jurisdiction)” is plain wrong.

If this economic model is useful in pulling in net new solo stakers to the protocol (which I think most will be), or at least existing stakers running some sub-set of their new validators on Lido as well as existing decentralized LSPs, it is absolutely worth doing. If the worry is that this economic model is better than other LSP models well then they can just come up with better models – besides, there are things that are important besides such APR, and the affordances that RP gives to its NOs (e.g. via the minipool contracts) are a unique feature and selling point on their own, and one that contributors don’t wish to propose to compete on EXACTLY because it has already been done and done well. The point is to make solo staking as economically viable as possible, not to pump bags.

Thanks for the opinion @micho and @hanniabu! Let me explain why I cannot agree with you here.

First, solo operators have a more complex incentive structure than just seeking profit. Many (most?) of them are also doing this to contribute meaningfully to the network security.

Second, participating in Lido doesn’t keep operators from participating in other protocols or solo staking. The highest barrier is gaining the skills required to successfully run a validation setup; after that, running more validators doesn’t add significant complexity, and costs increase only sub-linearly until a very significant scale of operation. You assume staking operations market is a zero-sum game but, if you inspect it carefully, you’ll see it’s a positive-sum game instead: it’s common for operators to participate in multiple protocols due to the low marginal cost of running additional validators. If you’re already in this business, there’s no economic sense for you to not run validators for all protocols offering more rewards per validator than it costs to run one (and the more validators you run, the lower this minimally acceptable revenue per validator becomes).

Third, the community staking module won’t operate at the other protocols’ expense. It’s actually the other way around: by offering additional revenue stream for solo node operators, the module will make validation more sustainable and attractive for individuals, which will only increase the overall amount of them on the market and, as a consequence, will bring additional node operators to protocols like DiVa and RocketPool due to the cost structure I mentioned above. The community staking operations market is even more of a positive-sum game than the overall staking operations market.

Thus, I firmly believe that the addition of this module is a net positive for the network, for the Lido protocol, and for other staking protocols as well.

Thank you @micho for sharing the feedback here. @Izzy and others have shared their thoughts on other elements of your post but to address your specific point here on the fee split, while 7.5% is “just a number” at this point I think it directionally does make sense for the fee split to be higher than the curated NO set, given the profile of NOs in the CSM. Simple reason being that there’s known economies of scale for running validators & aggregating stake within a single operator – which is to say to even approach the same type of economics (margins) as a large operator like those you’d find in the curated set, solo/home-stakers ought to be paid more on a %-basis.

You can kinda see similar logic at work here in Staking Router Module Proposal: Simple DVT which has a proposed 8% / 2% fee split (DVT cluster operator / DAO).

Dear Lido team,

On behalf of Nethermind, we are all very excited to see the CSM initiative progress!

Furthermore, we would like to offer our services in making interaction with the CSM more accessible to the Ethereum community, via our Sedge tool—a one-click setup tool for PoS network/chain validators and nodes.

As an Ethereum Node Setup Wizard, Sedge can be extended to support the CSM initiative, by developing the integrations required for it to streamline and facilitate the onboarding of new permissionless operators to the Lido protocol on the Community Staking Module.

We are looking forward to discussing this collaboration further in the upcoming RFPs, and in this way, assisting with the facilitation of permissionless liquid staking within Lido!

Hi all,

Fernando from Ethereum on ARM here.

After reading the discussions about the CSM, this is very promising, particularly given Lido’s significant presence in the staking market.

For CSM to truly enhance and bring balance to Ethereum’s validator landscape, the participation of Solo stakers is crucial. This not only represents a key aspect but also a significant challenge. Ensuring fairness and avoiding negative impacts on other groups is vital (as @micho said). We should remain vigilant, and ready to implement changes if necessary.

We are all very interested in LIDO moving to a more decentralized staking model and will support it from our side.

Regards.

Following the discussion with @micho during LidoConnect me and @Mol_Eliza prepared an explanatory post about bond and staking rewards economics. We have decided to make it a separate post to have a dedicated place for the further discussion.

Eth Docker was created to make solo staking easy. It integrates with RocketPool and SSV, and people run solo validators alongside RocketPool validators (“minipools”) with it.

It makes sense to me to also integrate it with CSM. I see this as “one more”, not “take NOs away from other protocols”.

Lido Finance have already created a Proof-of-Concept of an integration, is my understanding. My role would be to discuss the design so it fits with the rest of Eth Docker, then accept a PR into upstream. Ongoing maintenance To Be Discussed.

Snapshot vote started

We’re starting the Lido Community Staking Module Snapshot, active till Thu, 14 Dec 2023 16:00:00 GMT . Please don’t forget to cast your vote!

This proposal is very detailed and well-articulated, highlighting its potential value in the Ethereum ecosystem. I fully support the initiative and look forward to its implementation, but I have a couple of questions:

• Could you elaborate on the reasoning behind the difference in planned fees for node operators in the CSM (7.5%) compared to the Simple DVT Module (8%)?
• Regarding the allocation of ETH deposits to operators within the CSM, how is the order determined? Will it follow the same approach as in the permissioned module, or will it incorporate performance metrics as a factor?

Hi, @iicc! Thanks for your questions.

Could you elaborate on the reasoning behind the difference in planned fees for node operators in the CSM (7.5%) compared to the Simple DVT Module (8%)?

The 7.5% staking fee is just a reference. Actual numbers will be proposed closer to the module deployment. I see no major reasons to propose CSM operator fee to be less than Simple DVT operator fee.

Regarding the allocation of ETH deposits to operators within the CSM, how is the order determined? Will it follow the same approach as in the permissioned module, or will it incorporate performance metrics as a factor?

Stake allocation is described in the Community staking landscape - HackMD. TL;DR stake will be allocated to validators in an order similar to the keys upload (bond lock) order.

I see a few actually

• Total TVL of CSM will almost definitely be larger than that of S-DVT (since threshold will be multiples higher)
• In S-DVT there are multiple NOs per validator (which means you need to run more total validators in order to have the same absolute revenues, as an NO)
• Total number of validators that will be runnable by a single NO will also be multiples higher (CSM is permissionless, technically one operator could take up the whole module I guess if they wanted to, this isn’t possible in S-DVT)
• While S-DVT doesn’t require a bond, the CSM bond itself is proposed to be staked (which means that the opportunity cost of the bond is a lot lower than in other LSPs) and current design points to NO getting rewards on entire 32 effective balance vs just [32-bond].

I’m not sure 8%/2% makes sense for CSM, to be honest, we need to do quite a bit of of analysis here. It may make sense at like 1% but I really don’t think it does at 10% module threshold.

Hey! I really wanna help and implement alerting for CSM on Forta. I’ve been working with Forta bots at Threat Research Initiative (TRi) for about a year and now I want to write alerting based on the existing Lido repo (lidofinance/alerting-forta). Also I’ve already contributed on Lido via PR #431 and will continue to improve bots

Hey Lido Community!

Having examined the proposal for the Community Staking Module, we have voted in favor of its integration into the Lido protocol, and look forward to seeing solo stakers deploy distributed validators (DVs) to make their CSM validators more resilient and performant.

DVs allow to address challenges currently faced by solo stakers—namely, how to attain and sustain uptime and performance comparable to professional operators. The application of DVs presents a great solution to level the playing field for at-home stakers.

At Obol Labs we have participated in relevant Solo Staker initiatives, such as Operation Solo Staker in collaboration with EtherFi, Dappnode, Avado, and the DVStaker + ETHStaker teams, where distributed validators have been key to enable solo stakers all over the world to run Ethereum validators.

Solo stakers wanting to become Lido node operators through this module can have several key benefits by leveraging DVs, including:

1. Improving Uptime and Effectiveness through Squad Staking: DVT allows solo stakers to collaborate and run validators on Ethereum as a squad This allows solo stakers to run fault-tolerant validators, improving uptime and effectiveness. DVs enable active-active redundancy, ensuring the validator remains operational even when one or more nodes are offline (as long as the threshold of online operators is met).
2. Protection against Private Key Compromise: Through Charon’s Distributed Key Generation (DKG), the private key never exists fully in a single place. In a DKG, each Charon client finds one another on the internet, establishes a secure and encrypted line of communication, and then creates BLS private key shares in a manner where no one client ever controls or knows what the full private key is. This mitigates risk caused by private key theft if the operator were attacked.
3. Lowering Maintenance Overhead: DV clusters provide a safety net for at-home operators. In the event of a node failure, other cluster members can continue operating the validator, reducing the need for 24/7 maintenance and minimizing the impact on accrued rewards.
4. Lower Bonding Requirement: Given the derisking nature of DVs, the bonding requirement that is posted by solo stakers to the Lido protocol could be potentially reduced if they are operating with DVs, considering the probability of your validator getting slashed with a DV cluster is significantly reduced. Today, validator redundancy can only be achieved through active-passive setups. This creates slashing risk as both active and passive environments could be up at the same time, which could cause double-signing. Active-active setups inherent in DV clusters solve this problem.
5. Client Diversity + Geographical Distribution: Each node in a DV can run different consensus, validator, and execution clients. This reduces the risk operators have of client failures or bugs while improving client diversity for Ethereum. Additionally, nodes can also be run across different geographies. This benefit was evident during May 2023’s Beacon Chain incident (the chain stopped finalising). DV clusters remained unaffected due to their diverse client configurations.

To further deep-dive into how distributed validators can help at-home stakers, check out this article:
How DVT Helps: At-Home Validators.

For more details on DVT, check out this article: What is DVT and How Does It Improve Staking on Ethereum?

We look forward to seeing this module deployed in the future!

please init a new post instead of replying in the unrelated thread. will removed it.

Snapshot vote ended

Thank you all who participated in vote, we reached a quorum and “Approve” option wins!

Keep an eye out for updates and news.

Appreciate community support for this important game changing initiative!
I’m glad to be a part of the contributors team to develop CSM

Great! We plan to support Lido CSM with Stereum.

Thanks everyone for the discussion here!

I’m putting here the link to the RFP for CSM integration and inviting everyone who has indicated their interest in developing an integration with CSM to check it out!

That’s awesome! You should make a thread about this as I’d love to know how to integrate.

Very excited for the potential of the Community Staking Module as one of the initiatives to expand the Lido node operator set massively via permissionless entry!

Wanted to highlight that the initial proposal suggests a gradual increase from 1% to 10% of the entire Lido stake presumably based on becoming competitive with RocketPool, the leading competing solution in this market. I believe Lido DAO decision-making on stake distribution should be disconnected from module development and acceptance proposals and requires its own mechanism to ensure a long-term optimal and sustainable solution.

This is what I am taking an initial deep dive into via recently LEGO-approved Staking Router Distribution Mechanism research. I invite people interested in this topic to join the conversation and communication channel established around it linked in the thread!