I think it’s a bit less about competition and more about addressable market size + taking into account the relationship between “bond-bearing” stake and unbonded stake the balance between them, and allowance for other likely bonded modules in the future. I know we use the “target share” phrasing, but I think it’s more accurate to think of this as a “stake share ceiling” rather than a “target” share. It’s very likely that multiple modules may eventually have 100% “target share” parameter values – it just basically means that the mechanisms of the modules are sustainable and battle-tested enough to be able to accommodate 100% of the protocol’s stake if needed and the supply+demand conditions and constraints are met. Which is why a more mature and intelligent distribution and reallocation mechanism will be needed by that time as well!

Regarding SR distribution and re-allocation mechanisms, while the research is important I’d just couch this desire with a consideration for timeframes here. Given the complexity of major changes to stake distribution mechanisms in the SR, I think these changes would be unlikely to affect what the mechanisms will likely look like in the next 12 months or so.

Makes sense and fully agree to the last point. This is likely going to be a longer journey to see through if some decision is reached and implemented, so some intermediate solution will definitely be needed.

Hello everyone!

I’m glad to share an intermediary document describing a possible approach to the bonding mechanism for CSM and probably some other staking modules. The approach is called Simple Bond. As the name indicates, this is a limited yet viable approach to implementing a bonding mechanism on the staking module level.

In the document, one can find not only a description of the Simple Bond but also alternatives considered.

Given the limitations of the Simple Bond compared to a more robust in-protocol bond approach, it is assumed that it will only be used for modules of a limited scale. I hope Lido contributors will be able to provide exact numbers later.

Community feedback and questions are appreciated!

Another day, another update!

Lido CS contributors are thrilled to present a working draft of the CSM Architecture

This document covers the main design aspects regarding possible CSM implementation. It corresponds to the initial CS Landscape document.

As for the next steps, Lido CS contributors will finalize the document and proceed with the development of the module code.

Community feedback and comments are appreciated!

Community Call (6)1920×511 42 KB

Embracing the Future of Staking with Obol Techne Credential Holders and Lido’s CSM

Hey Lido Community!

In our previous communication, we expressed our enthusiastic support for the Community Staking Module (CSM) and its potential to revolutionise Ethereum staking. As pioneers in Distributed Validator Technology (DVT), we at Obol Network highlighted how DVT can enhance the resilience and performance of solo stakers, thereby levelling the playing field and providing the technical infrastructure necessary for a more inclusive staking environment.

Recap of Our Ongoing Commitment

Our commitment to the CSM is driven by our core mission to advance the Ethereum ecosystem through innovative, decentralised solutions. Distributed validators (DVs), which we’ve championed and refined, represent a critical step forward in achieving these goals. By ensuring uptime, security, and performance, DVs are ideally suited to support the robust and decentralised nature of the CSM.

Why Techne Credential Holders are Ideal for CSM

The Obol Techne Credential Program is designed to identify and elevate those who have demonstrated skill and reliability in operating distributed validators. These individuals are proficient, and uphold industry standards and commitment to the Ethereum staking ecosystem.

We see Techne Credential holders as prime candidates to be node operators within the CSM. Their proven experience ensures that the CSM can achieve high-quality adoption right from the start, aligning with Lido’s mission of making staking simple, secure, and decentralized.

Supporting Early Adoption

To facilitate this, we encourage early adopters of the CSM to consider Techne Credential holders for node operation roles. These operators bring a wealth of experience and a track record of high performance, backed by on-chain credentials that attest to their capabilities.

Learn More and Get Involved

Interested in becoming a part of this transformative initiative? Whether you’re looking to earn a Techne Credential or explore how Techne holders can contribute to the Ethereum ecosystem, here are some resources to get you started:

Obol Techne Credential Program Overview

Current Wave Agenda & Status: Join the wave and start your journey!

Quickstart Guide to Distributed Validators

We’re excited to see how Techne Credential holders will help shape the future of decentralised staking through the CSM. Join us in this journey to empower a more robust and inclusive Ethereum ecosystem.

Looking forward to your feedback and engagement!

Thanks for the support of CSM!

I fully agree that Obol Techne credentials holders should be proposed to the Lido DAO to be Early Adoption participants.

A draft version of the CSM spec is now available.

Preliminary versions of the smart contracts code are available in the GitHub repo as well as Oracle code and CSM Prover Bot code.

Hello everyone! CSM testnet is approaching, with the launch in EA mode planned for July 1, 2024.

I’m glad to inform you about that and invite everyone interested to join!

During the EA period, only eligible addresses can join. Check your eligibility here. If you are not eligible, no worries! Later in July 2024, the testnet will be switched to the public testing mode, and everyone will be able to join!

A preview version of the CSM Widget is already deployed at https://cms.testnet.fi. Once the CSM testnet is active, you will be able to follow simple instructions to join CSM!

Following the post above I want to share the list of the CSM parameters used for testnet contracts deployment. Deployment artifacts can be found in CSM GH repo.

Note that deploying the contracts does not mean that the testnet is active now. Actual activation will be performed in the same way as for the mainnet over the corresponding on-chain vote.

CSM parameters for the testnet

The doc aims to provide values for all configurable and constant CSM parameters and motivations for why they are proposed to be so.

Constants

DEPOSIT_SIZE

uint256 private constant DEPOSIT_SIZE = 32 ether;

Proposed value = 32 ETH

This constant represents the deposit size to activate a validator on the Beacon chain. Until EIP-7251 is implemented, 32 ETH will be the only possible value. Given that CSM would require an upgrade to smart contracts after EIP-7251, it is proposed to have a constant value of 32 ETH for the first version of CSM.

BEACON_ROOTS

address public constant BEACON_ROOTS = 0x000F3df6D732807Ef1319fB7B8bB8522d0Beac02;

Proposed value = 0x000F3df6D732807Ef1319fB7B8bB8522d0Beac02

This constant represents the address of the EIP-4788 contract. The address is taken from the official EIP docs.

DEFAULT_BOND_CURVE_ID

uint256 public constant DEFAULT_BOND_CURVE_ID = 0;

Proposed value = 0

The first curve added to the CSAccounting.sol is used as a default curve for the CSM Node Operators. The initialize function of the CSAccounting.sol contract checks that the curve passed has ID=0 after addition (the curve added in the initialize function call is the first curve added).

Immutable variables

INITIAL_SLASHING_PENALTY

uint256 public immutable INITIAL_SLASHING_PENALTY;

Proposed value = 1 ETH

This immutable variable is used by CSM to penalize the Node Operator’s bond in case of validator slashing. Until EIP-7251 is implemented, 1 ETH will be the maximal possible value (given the effective balance is 32 ETH). Given that CSM would require an upgrade to smart contracts after EIP-7251, it is proposed to have an immutable value of 1 ETH for the first version of CSM.

Note: This immutable variable is set indirectly by setting minSlashingPenaltyQuotient = 32.

elRewardsStealingFine

uint256 public immutable EL_REWARDS_STEALING_FINE;

Proposed value = 0.1 ETH

This immutable variable is used by CSM to add an additional fine to the MEV stealing penalty in case the Node Operator has committed EL rewards (MEV) stealing.

It is proposed to set a 0.1 ETH value for this immutable variable since this creates a disincentivisation to commit MEV stealing and compensate it “free of charge”. Several actions are required from the DAO side in case of MEV stealing:

• Detect the fact of stealing;
• Report the fact of stealing to lock bond funds;
• Confirm the fact of stealing using Easy Track motion.
  All these actions require effort and gas to perform; hence, the additional fine of 0.1 ETH seems reasonable.

maxKeysPerOperatorEA

uint256 public immutable MAX_SIGNING_KEYS_PER_OPERATOR_BEFORE_PUBLIC_RELEASE;

Proposed value = 10

This immutable variable is used by CSM to determine a maximal number of the validators operated by a single Node Operator in CSM during the Early Adoption period.

It is proposed to set a value of 10 for this immutable variable due to the following reasons:

• The Early Adoption period is aimed at attracting solo-stakers who typically operate no more than 10 validators due to hardware and financial limitations;
• Running 10 validators with CSM will be sufficient to cover operational costs with excess;
• Limit of 10 validators ensures that professional Node Operators will not be able to flood the module;
• Once the Early Adoption period ends, this limit will be removed.

maxCurveLength

uint256 internal immutable MAX_CURVE_LENGTH;

Proposed value = 10

This immutable variable is used by the CSM Accounting contract to determine a maximal number of validators starting from the very first one to have a custom bond requirements.

Given the focus of CSM on the Community Stakers and security considerations regarding MEV stealing protection, it is assumed that having a differing value for the bond of the 10th and further validators for CSM Node Operators makes no meaningful sense. Hence, it is proposed to allow custom bond values for the first 10 validators controlled by the CSM Node Operators while keeping the bond requirement constant for the rest of the validators.

minBondLockRetentionPeriod

uint256 public immutable MIN_BOND_LOCK_RETENTION_PERIOD;

Proposed value = 0

This immutable variable is used by the CSM Accounting contract to determine a minimal value for the configurable bondLockRetentionPeriod parameter, which determines the time for which bond funds will be locked, given no further actions.

bondLockRetentionPeriod is introduced to ensure that locked bond funds will be unlocked automatically once the bondLockRetentionPeriod ends. Unlike the mainnet, it is proposed to have more flexibility on the testnet, so 0 minimal value allows to test bond lock retention in a reasonable time.

maxBondLockRetentionPeriod

uint256 public immutable MAX_BOND_LOCK_RETENTION_PERIOD;

Proposed value = 365 days

This immutable variable is used by the CSM Accounting contract to determine a maximal value for the configurable bondLockRetentionPeriod parameter, which determines the time for which bond funds will be locked, given no further actions.

bondLockRetentionPeriod is introduced to ensure that locked bond funds will be unlocked automatically once the period ends. To provide a feasible unlock time without actions from the Lido DAO side, it is proposed to set the upper boundary for the period to 1 year (or 365 days).

earlyAdoptionTreeRoot

bytes32 public immutable TREE_ROOT;

Proposed value = 0xc9a9c1576cf4f3213ad9075b72a1f1b147914a252ad927fa4ca3460ff0723ca9

This variable is used by the CSM Early Adoption contract to determine the root of the Early Adoption eligible participants. The source tree can be found here.

Storage variables

keyRemovalCharge

uint256 public keyRemovalCharge;

Proposed value = 0.05 ETH

This variable is used by CSM to determine the amount of ETH to be confiscated from the Node Operator’s bond in case deposit data is deleted. Due to CSM’s optimistic FIFO stake allocation queue, deletion of deposit data might require a call to the cleanDepositQueue method to ensure proper queue operation.

According to the approximate gas estimations, a call of the csm.cleanDepositQueue(150) (clean the next 150 queue items) with 1 invalid batch in the queue costs around 1,000,000 gas. With a gas cost of 50 gwei (extreme value), the call will cost ~ 0.05 ETH.

Note: keyRemovalCharge value is configurable after deployment; hence, it can be set to a different value later (can even be 0)

bondLockRetentionPeriod

uint256 bondLockRetentionPeriod;

Proposed value = 8 weeks

This variable is used by the CSM Accounting contract to determine the time for which bond funds will be locked, given no further actions.

Given the limitations above, it is proposed that the actual value for the bondLockRetentionPeriod be set at 8 weeks. This will give enough time for the Lido DAO to act in case of MEV stealing detection and ensure no excessive lock time in case no actions are taken by the Lido DAO.

setResetBondCurveAddress

Proposed value = 0xc4DAB3a3ef68C6DFd8614a870D64D475bA44F164 (Dev team EOA)

This address will be granted with two roles: SET_BOND_CURVE_ROLE and RESET_BOND_CURVE_ROLE.

With these roles, the address will be able to set and reset the bond curve for the particular Node Operator.

chargeRecipient

address public chargeRecipient;

Proposed value = 0xE92329EC7ddB11D25e25b3c21eeBf11f15eB325d (Lido DAO Treasury contract)

This variable is used by the CSM Accounting contract to determine the recipient of the charge type penalty. A penalty that is not burned but confiscated with the following transfer.

Given that all operational costs for the Lido On Ethereum protocol are covered by the Lido DAO Treasury, it is proposed to transfer funds confiscated from the Node Operator’s bond to the Lido DAO Treasury.

bondCurve

Proposed value = [2 ether, 3.9 ether, 5.7 ether, 7.4 ether, 9 ether, 10.5 ether]

Validator 1 - 2 ETH
Validator 2 - 1.9 ETH
Validator 3 - 1.8 ETH
Validator 4 - 1.7 ETH
Validator 5 - 1.6 ETH
Validator >= 6 - 1.5 ETH

This variable is used by the CSM Accounting contract to determine the default bond requirements for the CSM Node Operators.

Corresponding research concerning the bond size can be found here.

earlyAdoptionBondCurve

Proposed value = [1.5 ether, 3.4 ether, 5.2 ether, 6.9 ether, 8.5 ether, 10 ether]

Validator 1 - 1.5 ETH
Validator 2 - 1.9 ETH
Validator 3 - 1.8 ETH
Validator 4 - 1.7 ETH
Validator 5 - 1.6 ETH
Validator >= 6 - 1.5 ETH

This variable is used by the CSM Accounting contract to determine the bond requirements for the Early Adoption participants.

Corresponding research concerning the bond size can be found here.

The Early Adoption benefits approach is described here.

elRewardsStealingReporter

Proposed value = 0xc4DAB3a3ef68C6DFd8614a870D64D475bA44F164 (Dev team EOA)

This address will be granted with the role: REPORT_EL_REWARDS_STEALING_PENALTY_ROLE.

With this role, the address will be able to report the facts of MEV or EL rewards stealing by CSM Node Operators to lock a bond amount equal to stolen ETH. Penalty application is performed by easyTrackEVMScriptExecutor granted with the SETTLE_EL_REWARDS_STEALING_PENALTY_ROLE role.

CSM Oracle

avgPerfLeewayBP

uint256 public avgPerfLeewayBP;

Proposed value = 500 BP

This variable is used by the CSM FeeOracle contract to determine the difference between average network validator performance and CSM validator performance that is treated as “good performance”. The actual formula is performanceThreshold = avgPerformance - avgPerfLeewayBP.

It is proposed to set the avgPerfLeewayBP to 500 BP (5%) to provide meaningful leeway for the community validator’s performance while keeping the threshold high enough to maintain compatible APR for the stETH holders.

oracleReportEpochsPerFrame

Proposed value = 225 * 7

This variable indicates the length of the CSM Performance Oracle frame. It is proposed that it be set at 7 days to ensure a meaningful number of the test cycles for CSM Performance Oracle.

oracleMembers

Proposed value = current Lido Oracle members

0xF0F23944EfC5A63c53632C571E7377b85d5E6B6f [Chorus One]
0xb29dD2f6672C0DFF2d2f173087739A42877A5172 [Staking Facilities]
0x31fa51343297FFce0CC1E67a50B2D3428057D1b1 [p2p]
0xD3b1e36A372Ca250eefF61f90E833Ca070559970 [Stakefish]
0x3799bDA7B884D33F79CEC926af21160dc47fbe05 [Rated]
0x4c75FA734a39f3a21C57e583c1c29942F021C6B7 [bloXroute]
0x81E411f1BFDa43493D7994F82fb61A415F6b8Fd4 [Instadapp]
0xf7aE520e99ed3C41180B5E12681d31Aa7302E4e5 [Chainlayer]
0x12A1D74F8697b9f4F1eEBb0a9d0FB6a751366399 [Lido]
0xD892c09b556b547c80B7d8c8cB8d75bf541B2284 [Lido]

Given that CSM Oracle has a form of the common Lido Oracle module, it is reasonable to ask existing Lido Oracle members to run CSM Oracle instances.

NOTE: The initial set of Oracle members will be different to allow for smooth migration of the existing Oracle members to a new version of the software.

hashConsensusQuorum

Proposed value = 6

Given that CSM Oracle will have the same members as the common Lido Oracle, it is reasonable to use the same value for the quorum = 6.

NOTE: The initial quorum will be different to allow for smooth migration of the existing Oracle members to a new version of the software.

fastLaneLengthSlots

Proposed value = 0

Calculation of the CSM Oracle report takes significantly more time than for the common Lido Oracles (AO, VEBO). Also, the report frame for the CSM Oracle is 28 days. Given that ‘fast lane’ was introduced in the Lido v2 upgrade to allow for performance and participation monitoring of the Oracle runners, non-zero value for the common Lido Oracles (AO, VEBO), and the facts about CSM Oracle outlined above it is reasonable not to use ‘fast lane’ feature for the CSM Oracle.

GateSeal

gateSealFactory

Proposed value = 0x1134F7077055b0B3559BE52AfeF9aA22A0E1eEC2 (Lido Gate Seal Factory)

The address of the deployed gateSealFactory.

sealDuration

Proposed value = 6 days

This variable indicates the length of pause activated by the corresponding GateSeal instance. It is proposed that it be set at 6 days (the same as for the WithdrawalQueue). 6 days is sufficient to prepare for an emergency upgrade and initiate on-chain votes to upgrade contracts or prologue pause.

sealExpiryTimestamp

Proposed value = deployTime + 365 days

This variable indicates the period during which the corresponding GateSeal instance can be used. It is proposed to set it at deployTime + 365 days (the same as for the WithdrawalQueue). 365 days is sufficient to ensure CSM code reliability or to deploy a new GateSeal instance.

sealingCommittee

Proposed value = 0xc4DAB3a3ef68C6DFd8614a870D64D475bA44F164 (Dev team EOA)

It is proposed that CSM Multisig (to be created) be used as the sealingCommittee address in CSM to allow for a fast reaction to unexpected situations during CSM operation.# CSM parameters

The doc aims to provide values for all configurable and constant CSM parameters and motivations for why they are proposed to be so.

image1280×720 50.5 KB

Here is all you need:
Start exploring CSM here: CSM page with all the information about the module, its design and mechanisms, how to participate in it as a node operator, all necessary resources and links
Get prepared for CSM here: Technical guide for setting up hardware for Ethereum validation, nodes, a CSM validator and more
Check your eligibility for CSM Early Adoption here: Tool that helps you to check if you can join CSM during the Early Adoption period
Join CSM testnet here: CSM Widget where you can create a node operator in CSM, manage keys, rewards, roles and get alerts
Chat about the CSM testnet here: CSM community is always around to chat and help
Celebrate the CSM launch here: Public CSM testnet announcement soaked in Lido contributors happiness

The Early Adoption period will last for ~two weeks, and then CSM will be open for everyone. Stay tuned!

CSM_Perm3840×2160 535 KB

Community Staking Module (CSM) testnet update here:

CSM testnet is now fully permissionless for everyone, transitioned from the Early Adoption mode. If you are intereted in run Ethereum validators, time to try with no more than 2 ETH.

As bonus, high-performing testnet participants can qualify for the mainnet ‘Early Adoption’ phase, so go give it a shot!

Testnet overview published

Community Staking Module LIP is now published

Gm, community stakers!

CSM is getting closer to the mainnet release and it is time to propose the values for the CSM Mainnet Deploy Parameters.

Your comments and feedback are welcome!

The same content is also published on IPFS - https://ipfs.io/ipfs/QmcNrpzS6oeeMK9SNABrWS4qWtEfUcSiYJqkRD43WuMo2f
https://gw3.io/ipfs/QmcNrpzS6oeeMK9SNABrWS4qWtEfUcSiYJqkRD43WuMo2f

CSM parameters

The doc aims to provide values for all configurable and constant CSM parameters and motivations for why they are proposed to be so.

Constants

DEPOSIT_SIZE

uint256 private constant DEPOSIT_SIZE = 32 ether;

Proposed value = 32 ETH

This constant represents the deposit size to activate a validator on the Beacon chain. Until EIP-7251 is implemented, 32 ETH will be the only possible value. Given that CSM would require an upgrade to smart contracts after EIP-7251 i, it is proposed to have a constant value of 32 ETH for the first version of CSM.

BEACON_ROOTS

address public constant BEACON_ROOTS = 0x000F3df6D732807Ef1319fB7B8bB8522d0Beac02;

Proposed value = 0x000F3df6D732807Ef1319fB7B8bB8522d0Beac02

This constant represents the address of the EIP-4788 contract. The address is taken from the official EIP docs.

Immutable variables

INITIAL_SLASHING_PENALTY

uint256 public immutable INITIAL_SLASHING_PENALTY;

Proposed value = 1 ETH

This immutable variable is used by CSM to penalize the Node Operator’s bond in case of validator slashing. Until EIP-7251 is implemented, 1 ETH will be the maximal possible value (given the effective balance is 32 ETH). Given that CSM would require an upgrade to smart contracts after EIP-7251, it is proposed to have an immutable value of 1 ETH for the first version of CSM.

Note: This immutable variable is set indirectly by setting minSlashingPenaltyQuotient = 32.

elRewardsStealingFine

uint256 public immutable EL_REWARDS_STEALING_FINE;

Proposed value = 0.1 ETH

This immutable variable is used by CSM to add an additional fine to the MEV stealing penalty in case the Node Operator has committed EL rewards (MEV) stealing.

It is proposed to set a 0.1 ETH value for this immutable variable since this creates a disincentivisation to commit MEV stealing and compensate it “free of charge”. Several actions are required from the DAO side in case of MEV stealing:

• Detect the fact of stealing;
• Report the fact of stealing to lock bond funds;
• Confirm the fact of stealing using Easy Track motion.
  All these actions require effort and gas to perform; hence, the additional fine of 0.1 ETH seems reasonable.

maxKeysPerOperatorEA

uint256 public immutable MAX_SIGNING_KEYS_PER_OPERATOR_BEFORE_PUBLIC_RELEASE;

Proposed value = 12

This immutable variable is used by CSM to determine a maximal number of the validators operated by a single Node Operator in CSM during the Early Adoption period.

It is proposed to set a value of 12 for this immutable variable due to the following reasons:

• The Early Adoption period is aimed at attracting solo-stakers who typically operate a few validators due to hardware and financial limitations;
• Running 12 validators with CSM will be sufficient to cover operational costs with excess;
• Limit of 12 validators ensures that professional Node Operators will not be able to flood the module;
• Given the fact that bond requirements for the mainnet were reduced compared to the testnet, it is proposed to have the same ~16 ETH worth of bond to correspond to keys limit;
• Once the Early Adoption period ends, this limit will be removed.

maxKeyRemovalCharge

uint256 public immutable MAX_KEY_REMOVAL_CHARGE;

Proposed value = 0.1 ETH

This immutable variable is used by CSM to determine a maximal value to be set as keyRemovalCharge.

It is resonable to limit the maximal value of keyRemovalCharge with 0.1 ETH given the maximal operational costs for the protocol assosiated with key removal.

maxCurveLength

uint256 internal immutable MAX_CURVE_LENGTH;

Proposed value = 10

This immutable variable is used by the CSM Accounting contract to determine a maximal number of validators starting from the very first one to have a custom bond requirements.

Given the focus of CSM on the Community Stakers and security considerations regarding MEV stealing protection, it is assumed that having a differing value for the bond of the 10th and further validators for CSM Node Operators makes no meaningful sense. Hence, it is proposed to allow custom bond values for the first 10 validators controlled by the CSM Node Operators while keeping the bond requirement constant for the rest of the validators.

minBondLockRetentionPeriod

uint256 public immutable MIN_BOND_LOCK_RETENTION_PERIOD;

Proposed value = 4 weeks

This immutable variable is used by the CSM Accounting contract to determine a minimal value for the configurable bondLockRetentionPeriod parameter, which determines the time for which bond funds will be locked, given no further actions.

bondLockRetentionPeriod is introduced to ensure that locked bond funds will be unlocked automatically once the bondLockRetentionPeriod ends. Since MEV stealing confirmation requires some time from the Lido DAO side (verification of the MEV stealing fact + actual confirmation by EasyTrack that takes 72 hours), setting the lower boundary for the bondLockRetentionPeriod value to 4 weeks is considered safe.

maxBondLockRetentionPeriod

uint256 public immutable MAX_BOND_LOCK_RETENTION_PERIOD;

Proposed value = 365 days

This immutable variable is used by the CSM Accounting contract to determine a maximal value for the configurable bondLockRetentionPeriod parameter, which determines the time for which bond funds will be locked, given no further actions.

bondLockRetentionPeriod is introduced to ensure that locked bond funds will be unlocked automatically once the period ends. To provide a feasible unlock time without actions from the Lido DAO side, it is proposed to set the upper boundary for the period to 1 year (or 365 days).

earlyAdoptionTreeRoot

bytes32 public immutable TREE_ROOT;

Proposed value = 0x359e02c5c065c682839661c9bdfaf38db472629bf5f7a7e8f0261b31dc9332c2

This variable is used by the CSM Early Adoption contract to determine the root of the Early Adoption eligible participants.

See Community Staking Module - #62 by dgusakov for details

Storage variables

keyRemovalCharge

uint256 public keyRemovalCharge;

Proposed value = 0.05 ETH

This variable is used by CSM to determine the amount of ETH to be confiscated from the Node Operator’s bond in case deposit data is deleted. Due to CSM’s optimistic FIFO stake allocation queue, deletion of deposit data might require a call to the cleanDepositQueue method to ensure proper queue operation.

According to the approximate gas estimations, a call of the csm.cleanDepositQueue(150) (clean the next 150 queue items) with 1 invalid batch in the queue costs around 1,000,000 gas. With a gas cost of 50 gwei (extreme value), the call will cost ~ 0.05 ETH.

Note: keyRemovalCharge value is configurable after deployment, hence, it can be set to a different value later (can even be 0)

chargePenaltyRecipient

address public chargePenaltyRecipient;

Proposed value = 0x3e40D73EB977Dc6a537aF587D48316feE66E9C8c (Lido Treasury)

This variable is used by the CSM Accounting contract to determine the recipient of the charge type penalty. A penalty that is not burned but confiscated with the following transfer.

Given that all operational costs for the Lido On Ethereum protocol are covered by the Lido DAO Treasury, it is proposed to transfer funds confiscated from the Node Operator’s bond to the Lido DAO Treasury.

bondLockRetentionPeriod

uint256 bondLockRetentionPeriod;

Proposed value = 8 weeks

This variable is used by the CSM Accounting contract to determine the time for which bond funds will be locked, given no further actions.

Given the limitations above, it is proposed to set the actual value for the bondLockRetentionPeriod to 8 weeks. This will give enough time for the Lido DAO to act in case of MEV stealing detection and ensure no excessive lock time in case no actions are taken by the Lido DAO.

setResetBondCurveAddress

Proposed value = 0xC52fC3081123073078698F1EAc2f1Dc7Bd71880f (CSM multisig)

This address will be granted with two roles: SET_BOND_CURVE_ROLE and RESET_BOND_CURVE_ROLE.

With these roles, the address will be able to set and reset the bond curve for the particular Node Operator.

bondCurve

Proposed value = [2.4 ether, 3.7 ether]

• Validator 1 - 2.4 ETH
• Validator >= 2 - 1.3 ETH

This variable is used by the CSM Accounting contract to determine the default bond requirements for the CSM Node Operators.

Corresponding research with regard to the bond curves can be found here.

earlyAdoptionBondCurve

Proposed value = [1.5 ether, 2.8 ether]

• Validator 1 - 1.5 ETH
• Validator >= 2 - 1.3 ETH

This variable is used by the CSM Accounting contract to determine the bond requirements for the Early Adoption participants.

Corresponding research with regard to the bond curves can be found here. Early Adoption benefits approach is described here.

elRewardsStealingReporter

Proposed value = 0xC52fC3081123073078698F1EAc2f1Dc7Bd71880f (CSM multisig)

This address will be granted with the role: REPORT_EL_REWARDS_STEALING_PENALTY_ROLE.

With this role, the address will be able to report the facts of MEV or EL rewards stealing by CSM Node Operators to lock a bond amount equal to stolen ETH. Penalty application is performed by easyTrackEVMScriptExecutor granted with the SETTLE_EL_REWARDS_STEALING_PENALTY_ROLE role.

CSM Oracle

avgPerfLeewayBP

uint256 public avgPerfLeewayBP;

Proposed value = 500 BP

This variable is used by the CSM FeeOracle contract to determine the difference between average network validator performance and CSM validator performance that is treated as “good performance”. The actual formula is performanceThreshold = avgPerformance - avgPerfLeewayBP.

It is proposed to set the avgPerfLeewayBP to 500 BP (5%) to provide meaningful leeway for the community validator’s performance while keeping the threshold high enough to maintain compatible APR for the stETH holders.

oracleReportEpochsPerFrame

Proposed value = 225 * 28

This variable indicates the length of the CSM Performance Oracle frame. It is proposed that it be set at 28 days.

Note: One day = (3600 * 24) / (32 * 12) = 225 epochs.

Motivation is presented in the CSM Architecture document.

oracleMembers

Proposed value = current Lido Oracle members

0x140bd8fbdc884f48da7cb1c09be8a2fadfea776e [Chorus One]
0x404335bce530400a5814375e7ec1fb55faff3ea2 [Staking Facilities]
0x007de4a5f7bc37e2f26c0cb2e8a95006ee9b89b5 [p2p]
0x946d3b081ed19173dc83cd974fc69e1e760b7d78 [Stakefish]
0xe57B3792aDCc5da47EF4fF588883F0ee0c9835C9 [MatrixedLink]
0x61c91ECd902EB56e314bB2D5c5C07785444Ea1c8 [bloXroute]
0x1ca0fec59b86f549e1f1184d97cb47794c8af58d [Instadapp]
0xA7410857ABbf75043d61ea54e07D57A6EB6EF186 [Kyber Network]
0xc79F702202E3A6B0B6310B537E786B9ACAA19BAf [Chainlayer]

Given that CSM Oracle has a form of the common Lido Oracle module, it is reasonable to ask existing Lido Oracle members to run CSM Oracle instances.

hashConsensusQuorum

Proposed value = 5

Given that CSM Oracle will have the same members as the common Lido Oracle, it is reasonable to use the same value for the quorum = 5.

fastLaneLengthSlots

Proposed value = 1800

The ‘fast lane’ was introduced in the Lido v2 upgrade to monitor the Oracle runners’ performance and participation. Given the data observed on the testnet, it is proposed to set the value to 6 days (1800 slots).

GateSeal

gateSealFactory

Proposed value = 0x6C82877cAC5a7A739f16Ca0A89c0A328B8764A24

The address of the deployed gateSealFactory.

sealDuration

Proposed value = 6 days

This variable indicates the length of pause activated by the corresponding GateSeal instance. It is proposed that it be set at 6 days (the same as for the WithdrawalQueue). 6 days is sufficient to prepare for an emergency upgrade and initiate on-chain votes to upgrade contracts or prologue pause.

sealExpiryTimestamp

Proposed value = deployTime + 365 days

This variable indicates the period during which the corresponding GateSeal instance can be used. It is proposed to set it at deployTime + 365 days (the same as for the WithdrawalQueue). 365 days is sufficient to ensure CSM code reliability or to deploy a new GateSeal instance.

sealingCommittee

Proposed value = 0xC52fC3081123073078698F1EAc2f1Dc7Bd71880f (CSM multisig)

It is proposed that CSM Multisig be used as the sealingCommittee address in CSM to allow for a fast reaction to unexpected situations during CSM operation.

CSM keeps shipping updates, great to see.

My only feedback would be to consider setting the max keys to 24 so solo stakers can fully migrate a single validator over. I would expect that 24 is still well below what would entice pro-operators.

Thanks for all the hard work.

Make that 25 for the EA Bond Cruve

Thank you for the updates on the CSM parameters!

There are two things that we’d like to ask.

1. What would be the maximum target share of this module?

We’re asking this question, although it might be better asked elsewhere, because CSM is an important initiative to increase Lido’s decentralization and this parameter matters quite a lot.

2. What is the key reason behind the proposed change of fastLaneLengthSlots, from 0 to 1800 (6 days)?

There are some changes made compared to the ones proposed for the parameters posted on June 24th, such as bondCurve, but the change of fastLaneLengthSlots stood out as it was relatively harder than others to speculate the reason behind.
Were there significant changes in the time required for CSM Oracle reports?

Thanks for your questions!

1. What would be the maximum target share of this module?

It would be 1% according to the DAO vote Snapshot
This parameter would be outlined in the Staking Router update vote.

2. What is the key reason behind the proposed change of fastLaneLengthSlots, from 0 to 1800 (6 days)?

After internal discussions, the decision has been made to keep the fastLane functionality enabled for CSM Oracle to ensure that Oracles do not have issues processing data. Initially, it was assumed redundant, but later, the decision was changed to keep it.

PS. The previous post with parameters was about CSM testnet, and this one is about CSM mainnet.

Note that this is just the proposed starting value, and obviously if CSM is successful and the community finds that it makes sense to do so, this limit can be increased (as it has been for SDVTM).

Thanks for the suggestion. To collect community opinions, a community poll has been held in Lido Discord. The community voted to keep the limit at 12 validators per Node Operator during the EA period.

Screenshot 2024-09-30 at 10.37.00946×440 23.1 KB