CSM Early Adoption List for the Mainnet has been formed and published - community-staking-module/artifacts/mainnet/early-adoption/addresses.json at main · lidofinance/community-staking-module · GitHub

Preface

The main goal of the CSM Early Adoption Period is to grant community stakers the ability to join CSM at its early stages on the mainnet without unnecessary competition with professional operators and large staking players. Hence, the Early Adoption List is formed using existing sources of solo stakers. These sources are as follows:

• Ethereum solo stakers list formed by the Rated;
• Ethereum solo stakers lists formed by StakeCat;
• Gnosis solo stakers list formed by StakeCat;
• Obol Techne credentials holders;

In addition to the sources above, Lido contributors prepared several additional sources:

• Lido OAT holders with 6+ points on Galxe;
• Good performers from the CSM testnet;
• Purchasers of DAppNode Home x Lido before Sep 30th;

To ensure precise inclusion of the community stakers, fair participation criteria, and to avoid flooding of the module by the professional operators who can use delegated tokens as a bond, additional filtration of the lists above was performed, namely:

• Addresses associated with the slashed validators on the Ethereum and Gnosis mainnet were excluded;
• Identified Sybils were considered a single operator;
• Addresses associated with the professional node operators, including Simple DVT participants who identified themselves as professionals, were excluded;
• Addresses that demonstrated unacceptable performance during the CSM testnet were excluded;

The only exception to the filtration rules above was made for the professional Node Operators who have demonstrated good performance during the assessment period on the CSM testnet. They were not excluded.

CSM performance assessment criteria

During the performance assessment of the CSM testnet node operators, they were split into three groups:

1. Good performers with sufficient participation time;
2. Bad performers with sufficient participation time;
3. Participants with insufficient participation time;

CSM testnet performance assessment period was set to July 1, 2024 - September 30, 2024.

Sufficient participation time was set to four weeks. To calculate participation time, the following approach was used:

1. Fetch all beacon chain epochs during which at least one validator controlled by the node operators has been assigned attestations;
2. Calculate the total number of these epochs;
3. Participation time is considered sufficient if the sum is higher or equal to 6750 (225 epochs per day * 28 days). Otherwise, participation time is considered insufficient;

To estimate performance, the following approach was used:

1. Fetch all attestations assigned to all network validators during the assessment period;
2. Fetch all submitted attestations by all network validators during the assessment period;
3. Calculate the average submitted attestation rate for the node operator as totalSubmittedAttestations / totalAssignedAtteststions;
4. Fetch all attestations assigned to all validators controlled by the node operator;
5. Fetch all submitted attestations by all validators controlled by the node operator;
6. Calculate the average submitted attestation rate for the node operator as totalSubmittedAttestationsByOperator / totalAssignedAtteststionstoOperator
7. Performance is considered good if the node operator’s attestation rate equals or exceeds the network’s attestation rate minus 5%. Otherwise, performance is considered bad;

Good performers with sufficient participation time were included in the Early Adoption List. Bad performers with sufficient participation time were excluded from the Early Adoption List even if their addresses were in one or more lists of solo stakers. Participants with insufficient participation time were not considered during the Early Adoption List formation.

For the CSM testnet node operators who were in the Early Adoption List for the CSM testnet, an initial managerAddress was used for inclusion. The latest value for the managerAddress was used for the others as of September 30, 2024.

Additionally, the following criteria were applied to classify Node Operators as bad performers:

• Node Operators who committed severe MEV stealing and never repaid it back;
• Node Operators who have demonstrated malicious behavior during testnet that is not explicitly covered by the performance estimation algo (like intentionally skipping block proposals);
• Node Operators with slashed testnet validators (excluding slashings for testing purposes).

Final formation algorithm

Given all mentioned above, the resulting algorithm for the Early Adoption List formation looks as follows:

1. Take the deposit address from the solo stakers list by Rated;
2. Take addresses from the Ethereum solo stakers list B and list Rocket Pool by StakeCat;
3. Take addresses from the Gnosis solo stakers list by StakeCat;
4. Take addresses of the Obol Techne credentials NFT holders (base, bronze, silver, gold) as of September 30, 2024;
5. Take addresses of the Lido OAT holders with 6+ points on Galxe as of September 30, 2024;
6. Take address of the Lido<>DAppNode buyers;
7. Combine addresses from steps 1 to 6 into one list, excluding duplicates;
8. Take the lists of the addresses associated with slashed validators on the Ethereum mainnet and Gnosis mainnet;
9. Take addresses associated with the professional node operators;
10. Take addresses of the CSM testnet bad performers with sufficient participation time;
11. Combine addresses from steps 8 to 10 into one list, excluding duplicates;
12. Exclude addresses from step 11 from the list of addresses from step 6;
13. Take addresses of the CSM testnet good performers with sufficient participation time;
14. Take addresses involved in Sybil activity except for the first address for each Sybil;
15. Exclude addresses from step 14 from the list of addresses from step 13;
16. Combine addresses from steps 12 and 15 into one list, excluding duplicates;

Appendix

Check your EA eligibility here or here.

A Note from the NOM Contributor Workstream on Professional Operators participating in the CSM during the Early Adoption Period

We appreciate that all Professional Node Operators who took part in the testnet are eager to try out CSM on the mainnet. However, we want to highlight that the primary purpose of the Early Adoption period is to give solo operators and community stakers a chance to participate. This will enhance decentralization and open access to staking for more people.

That is why, if you are a Node Operator part of the Curated Set or a Professional Node Operator running delegated stake, we kindly suggest that you hold off on submitting your keys for the first month or so, so that solo operators and community stakers can be the first to participate. The Early Adoption period will last for a while, so there’s plenty of time for you to get involved, or even join after the EA period ends.

Hello, community stakers!

Thanks to your support, two issues with the Early Adoption list were identified:

• Rocket Pool list by StakeCat contained addresses of the RP Nodes that never activated a minipool;
• The algorithm of EA list composition had an issue that resulted in the inclusion of the multiple addresses associated with a single solo staker;

@GLCstaked_StakeCat resolved the first issue in Merge pull request #6 from Stake-Cat/RPL-invalid · Stake-Cat/Solo-Stakers@1e3d714 · GitHub.

The second issue was resolved in fix: Update sources and algorithm for EA List (#342) · lidofinance/community-staking-module@5dfc2a2 · GitHub alongside the update of the Rocket Pool list by StakeCat.

The latest version of the EA list can still be found here and here

Thanks for your help and support!

Snapshot vote started

We’re starting the Lido Community Staking Module Mainnet Release Setup Snapshot, active till Thu, 10 Oct 2024 16:00:00 GMT . Please don’t forget to cast your vote!

Snapshot vote ended

The Lido Community Staking Module Mainnet Release Setup Snapshot vote concluded!
The results are:
Approve CSM mainnet release: 70.6M LDO
Reject CSM mainnet release: 86 LDO

Community Staking Module contracts were deployed on the mainnet. One can validate deployment by running fork-tests:

1. Clone GitHub - lidofinance/community-staking-module: Community Staking Module is the first ever permissionless staking module in Lido
2. Set up env GitHub - lidofinance/community-staking-module: Community Staking Module is the first ever permissionless staking module in Lido
3. Prepare env for tests

export CHAIN=mainnet
export RPC_URL=<ETH_MAINNET_RPC_URL>
export DEPLOY_CONFIG=./artifacts/$CHAIN/deploy-$CHAIN.json

4. Run tests

just test-deployment

In addition to the main CSM contracts, a supplementary Easy Track factory was also deployed

After additional verifications and tests, these contracts will be proposed to the Lido DAO for inclusion as a staking router module.

Appendix 1. Detailed addresses

• CSModule: 0xdA7dE2ECdDfccC6c3AF10108Db212ACBBf9EA83F (proxy)
• CSModule: 0x8daea53b17a629918cdfab785c5c74077c1d895b (impl)
• CSAccounting: 0x4d72BFF1BeaC69925F8Bd12526a39BAAb069e5Da (proxy)
• CSAccounting: 0x71FCD2a6F38B644641B0F46c345Ea03Daabf2758 (impl)
• CSFeeDistributor: 0xD99CC66fEC647E68294C6477B40fC7E0F6F618D0 (proxy)
• CSFeeDistributor: 0x17Fc610ecbbAc3f99751b3B2aAc1bA2b22E444f0 (impl)
• CSFeeOracle: 0x4D4074628678Bd302921c20573EEa1ed38DdF7FB (proxy)
• CSFeeOracle: 0x919ac5C6c62B6ef7B05cF05070080525a7B0381E (impl)
• CSVerifier: 0x3Dfc50f22aCA652a0a6F28a0F892ab62074b5583
• CSEarlyAdoption: 0x3D5148ad93e2ae5DedD1f7A8B3C19E7F67F90c0E
• HashConsensus: 0x71093efF8D8599b5fA340D665Ad60fA7C80688e4
• GateSeal: 0x5cFCa30450B1e5548F140C24A47E36c10CE306F0
• CSMSettleElStealingPenalty: 0xF6B6E7997338C48Ea3a8BCfa4BB64a315fDa76f4

Libraries:

• AssetRecovererLib: 0xa74528edc289b1a597Faf83fCfF7eFf871Cc01D9
• NOAddresses: 0xF8E5de8bAf8Ad7C93DCB61D13d00eb3D57131C72
• QueueLib: 0xD19B40Cb5401f1413D014A56529f03b3452f70f9

As the author of the original comment I want to highlight a typo in the following text. 1800 slots in Ethereum terms is 6 hours not 6 days. According to the ETH specs SECONDS_PER_SLOT = 12, hence 1800 slots is 1800 * 12 = 21600 seconds or 21600 / 3600 = 6 hours.

On-chain voting plan Staking Router + Community Staking Module upgrade announcement - #6 by Maksim_Kuraian

On-chain vote to activate CSM on the Ethereum Mainnet is live!

Vote today to support Ethereum decentralization

CSM mainnet is live! https://csm.lido.fi/
Run your first Ethereum validator using CSM with 1.5 ETH (1.3 ETH afterwards) as an Early Adoption member

Community Staking Module (CSM) was added to the Lido protocol on October 25, 2024, via on-chain vote #180. This was a significant step towards decentralizing the Lido protocol. Since adding the module, more than 180 Node Operators have joined the protocol!

One of the main factors limiting further decentralization of the Lido protocol is the current target share of the CSM. Due to security and safety considerations, the initial target share was set to 1% of the protocol TVL. Today, CSM has already occupied ~0.4% of the protocol TVL, and it keeps growing.

On-chain data about CSM validators’ performance collected by the Rated network looks promising. CSM is still in the Early Adoption phase, which ensures that most Node Operators are independent participants, each running up to 12 validators. The average validator count per Node Operator is slightly below 7.

To ensure further expansion of the Lido protocol decentralization, the module’s target share is proposed to be increased to 2%.

Given the current distribution of the validators between Node Operators in CSM and the acceptable performance of the module in general, it is reasonable to assume that the risks of increasing the module’s target share can be assessed using the existing risk assessment. In this assessment, the main risk factors are:

• Module capture by a single Node Operator;
• Poor performance of the validators in the module;

These factors only partially hold for the current validators in the module due to the observed diversity of the Node Operators and demonstrated performance. Hence, one can assume that the risk of an additional 1% of the target share can be assessed as the initial 1% in the original research, which was made using the assumptions but not the actual data about the performance and validator distribution in the module which was not available by the time the research was made.

Since CSM will still operate in early adoption mode, only new Node Operators can occupy additional module capacity. Once the Early Adoption period is over, an additional risk assessment should be performed to argue about further increasing the target share.

I generally agree with this. While I agree to have a lively discussion on this and move to Snapshot relatively quickly (i.e. at least as a signal to have approval to proceed), I would suggest that we consider the below as well before (assuming the Snapshot vote passes), proceeding with the on-chain vote to increase the module’s stake share limit:
Wait to have at least one (maybe two?) Performance Oracle Reports for Mainnet CSM (so that we can examine performance of the module “as the module would”, do a comparison performance as per oracleagainst rated and beaconchain data to see if there are any outliers or unexpected results – this was thoroughly tested on testnet, but doesn’t hurt to doublecheck on mainnet, too), and also to give a little bit more time for some validator activities (proposals, sync committees) to play out across a larger subset of the CSM NO sub-set and observe the effects of those on performance. We could consider that a positive outcome for a Snapshot vote basically consists of “proceed with onchain vote to increase module share if everything looks good or raise issue in community forums if something looks off”, and still potentially effect the limit increase within 2024 for example.

Here I guess I’m not sure I 100% follow. For example, the discussion is a bit different if EA adoption starts tapering off at like 1.1% VS at 1.9%, as disabling EA at that juncture would have a different effect on the overall composition of the validator/NO-set in CSM once 2% is hit. There’s also the question of if whether at that time triggerable exits are live (on Ethereum) and implemented (in Lido and CSM). So, just adding here from my perspective a few other things for the community to explicitly have in mind as we consider timings to increase module potential capacity.

I agree here. I think two reports are a good milestone. The first report is scheduled for November 22, and the second one for December 20. Hence, the contributors and community can analyze the performance data after Christmas and New Year’s.

Sorry for not properly explaining it. The idea is that for the currently discussed share increase (from 1% to 2% with EA enabled), I find the existing risk assessment sufficient. But once the module is fully permissionless, some of the factors (potential capture of a significant part of the module, Sybil attacks, etc.) will be more likely compared to EA mode, which mitigates most of them. Hence, I think that new research will be required.

Gm Community stakers!
After a while since the original post, I came to the conclusion that the proposal to increase CSM share should be extended with the CSM permissionless phase transition. Please find the updated post below.

CSM share increase and transition to permissionless

Community Staking Module (CSM) was added to the Lido protocol on October 25, 2024, via on-chain vote #180. This was a significant step towards decentralizing the Lido protocol. Since adding the module, more than 225 Node Operators have joined the protocol!

One of the main factors limiting further decentralization of the Lido protocol is the current target share of the CSM. Due to security and safety considerations, the initial target share was set to 1% of the protocol TVL. Today, CSM has already occupied ~0.51% of the protocol TVL and keeps growing.

On-chain data about CSM validators’ performance collected by the Rated network looks promising. CSM is still in the Early Adoption phase, which ensures that most Node Operators are independent participants, each running up to 12 validators. The average validator count per Node Operator is slightly below 7.

Another important topic to consider is the transition to the module’s permissionless phase. This will make CSM fully permissionless and remove the limit of 12 validators per Node Operator.

According to the on-chain data, the number of new operators joining weekly CSM decreased, indicating that most of the addresses eligible for Early Adoption had already joined. Also, several participants indicated they are willing to spin up more than 12 validators, which is currently impossible.

Given that, it is proposed to end the Early Adoption period and transition CSM to a fully permissionless mode alongside a share increase from 1% to 2% to ensure further expansion of the Lido protocol decentralization.

Permissionless operators not eligible for Early Adoption will have to submit a bond of 2.4 ETH for the first validator (compared to 1.5 ETH for the EA participants). This ensures meaningful sibyl protection and protocol safety should significant MEV stealing or slashing happen.

Given the current distribution of the validators between Node Operators in CSM and the acceptable performance of the module in general, it is reasonable to assume that the risks of increasing the module’s target share and transitioning to the permissionless mode can be assessed using the existing risk assessment. In this assessment, the main risk factors are:

• Module capture by a single Node Operator;
• Poor performance of the validators in the module;

These factors only partially hold for the current validators in the module due to the observed diversity of the Node Operators and demonstrated performance. Hence, one can assume that the risk of an additional 1% of the target share can be assessed as the initial 1% in the original research, which was made using the assumptions but not the actual data about the performance and validator distribution in the module which was not available by the time the research was made.

Without strong objections within the research forum discussion, the proposal will be moved to the snapshot stage around December 12, 2024. Should Lido DAO support the snapshot proposal, the actual on-chain vote might take place in January 2024.

Fully support this! While I think we should try to figure out what kind of parameterizations of CSM (or a CSM-alike module) may allow permissionless module scaling to double digits; in my opinion it makes sense to proceed with ending the Early Adoption period sometime within the next two months and double the total stake share module for the limit in the near future, so that once permissionless mode is turned on there is enough capacity to examine what kind of participants use the module and how, which will be useful in further analysis of module scaling impacts.

Hey there!

Would also like to support this proposal, as it unlocks the absolutely fascinating opportunity for joining completely permissionless, further improving protocol decentralization.

On the risk side raising staking share seems feasible, as risk mitigation scales with the module size, while still far below threshold for possible correlation penalty, with a reasonably good performance observed and no signals of possible Sybilling for potential EL stealing observed with current validators per NO distribution:

image571×455 12.7 KB

GM! We support the proposal to increase the Community Staking Module (CSM) share from 1% to 2% of the protocol’s total value locked (TVL) and transition the module to a fully permissionless phase. This proposal aligns with the long-term goals of decentralization, inclusivity, and resilience for the Lido protocol and Ethereum’s staking ecosystem. Below are the key reasons for our support:

1. Advancing Decentralization

• Progress in Diversification: The CSM has onboarded over 225 independent Node Operators (NOs), indicating effectiveness in diversifying the validator set and reducing central points of failure.
• Permissionless Access: Transitioning to a fully permissionless model removes entry barriers, enabling more validators to participate without requiring approval, thereby enhancing network decentralization. However, without appropriate safeguards, there’s a risk that a single operator could control multiple NOs, leading to centralization.
• Sybil Resistance Mechanisms: The bond requirement and oversight by the CSM Committee and LNOSG help to mitigate such centralization risks by making it economically and procedurally challenging to monopolize validator slots.
• Removal of Validator Limits: Lifting the 12-validator cap per NO allows capable solo stakers to meaningfully increase their rewards from solo staking and incentivise new solo stakers to pick up this skillset.

2. Data-Driven Confidence

• Strong Performance Metrics: On-chain data from the Rated Network shows that CSM validators exhibit solid performance. The average validator count per Node Operator (NO) is slightly below 7, suggesting a balanced distribution under the Early Adoption phase.
• Addressing Validator Skewness: The previous skewness observed in the Testnet—where three operators managed a disproportionate number of validators—was mitigated by limiting NOs to 12 validators during Early Adoption.

3. Balanced Risk Mitigation

• Financial Commitment via Bonds: The proposed permissionless phase includes a 2.4 ETH bond requirement for new operators, higher than the 1.5 ETH for Early Adoption participants. This bond acts as a Sybil resistance mechanism and a financial deterrent against malicious activities like MEV stealing or validator slashing.
• Governance and Oversight Structures:
  • CSM Committee: Responsible for overseeing CSM operations and governance, the committee manages permissions, addresses emergencies, and enforces penalties. Comprising six members with a 4/6 multisig threshold, it aims to ensure decisions are executed securely and efficiently.
  • Lido Node Operator Sub-governance Group (LNOSG): Plays a critical role in evaluating and onboarding new operators, ensuring they align with Lido’s standards and contribute to decentralization. LNOSG’s oversight adds an additional layer of scrutiny.
• Risk Assessment Alignment: The observed performance and diversity of current validators suggest that increasing the CSM share from 1% to 2% poses manageable incremental risks, and we agree this should be assessed with the original risk assessment that accounted for potential centralization and performance issues.

Conclusion

Transitioning the CSM to a fully permissionless phase and increasing its share to 2% of the protocol’s TVL is expected to promote decentralization and scalability while maintaining security through financial and governance safeguards. The involvement of the CSM Committee and LNOSG provides oversight to help manage risks associated with permissionless participation. We encourage the community to support this proposal, recognizing its potential to enhance the resilience and inclusivity of the Lido protocol and contribute positively to the Ethereum staking ecosystem. Additionally, we advocate for continued discussions on implementing further safeguards to ensure that decentralization and security remain priorities as the protocol evolves.

More Node Operators through CSM is a great way to decentralize Lido, as control won’t be concentrated in the hands of just a few

I think by increasing the CSM share to 2%, especially with the transition to permissionless mode, we’ll see more solo-stakers and independent Node Operators joining, which can make Lido become a stronger and more diverse staking platform.

That said, how will Lido assess and monitor the performance of new Node Operators once we switch to permissionless? Is there a system in place to detect and remove low-performing ones?

Overall, this is a positive move, and I’d vote yes!

Hello, this is my first post on the forum but I am one of 200+ early adopters I’m thrilled to see it expanded and excited to allocate more ETH. I am a little unsure of timing and how best to prepare for the transition. Will it be a race? What kind of safeguards are possible?

It’ll effectively be a race but I don’t think the module will get filled up fast enough for that to be a concern. That said if you’re already one of the early adopters you have a leg up on those who aren’t.

All you need to do is prepare the keys and then submit them + enough bond (although you can even do that before hand if you want) ASAP once the module becomes permissionless. Since your nodes are already fired up and you’re familiar with the UI, and are already set up, you’ve effectively done 95% of the work already!