D.U.C.K. - Distributed Utilization of Configurations and Knowledge Proposal

TL;DR

We are proposing the initiative DUCK, Distributed Utilization of Configurations and Knowledge, with the goal to equip Lido node operators and beyond with open-source resources enhancing operations and mitigating risks in running staking infrastructure. Through the development of a Risk Framework, Mitigations & Controls Library, and the Communications Toolkit, node operators will have access to assets that they can customize based on their own unique setup and operations. This initiative seeks to adhere to the GOOSE framework and contribute to one of the proposed objectives in Hasu’s GOOSE Submission, to “attract a large number of high performance validators within the market”.

Purpose & Motivation

The wide usage of the Lido protocol in Ethereum’s staking ecosystem is powered by the ever-expanding set of node operators who use it. Each operator, with its unique operational methodology, contributes to the protocol’s strength and resilience. This diversity of processes, tools, systems, and geographies within the group of operators should be further nurtured and promoted.

With expected growth in the operator set, each with different team structures and sizes, global footprints, and operational complexities, collaborative and cooperative mechanisms should be devised. They should enable operators to effectively grasp crucial insights on risk management and mitigation, control measures, and operational best practices, information must not only be an open-source resource. It must be also presented in an organized, clear, and understandable manner.

The primary objective of this proposal is to bootstrap and facilitate community engagement with respect to information around node operator excellence. The community shall be encouraged to meaningfully contribute to the content and to engage in self-regulation when it comes to the utilization and review of these resources.

By disseminating and providing easy access to this knowledge, the node operator community will be empowered to increase robustness. It will ensure that all operators, irrespective of their technical proficiency, can engage with a wealth of information, experiences, and methodologies to adapt and customize to their own specific service model. Such an initiative not only bolsters the decentralization ethos Lido upholds, but also sets the stage for a more informed, inclusive, and robust staking landscape overall as stated in [Hasu’s GOOSE Submission].

Deliverables

Our proposal outlines the development of open-source resources aimed at supporting node operators with dedicated information covering knowledge and tools on risk management, mitigations, controls measures and best practices in the industry.

Delivery Approach

The proposal focus is on the Alpha Release. That includes the delivery of three components (A, B, C) within four months. We will kickstart with a public call for participation, inviting any node operators who are willing to contribute to the working group building towards the Alpha Release. Together with the volunteer node operators and our teams, we will ensure efficient completion.

The Alpha Release is designed to establish a robust groundwork for engagement with an initial focus group during the following Beta Phase. This initial focus group will include smaller and larger operators who will evaluate the utility and contribute to the content of the Alpha Release. The Beta phase will also include work around the post-handover governance process that encompasses the ongoing maintenance, editing, and updating of the content. Potential ways can be engagements with other protocols and their DAOs to accomplish mutual funding for the maintenance work. An alternative can be the creation of a DAO that can fund itself through operator support or certification services on top of the content.

Following this, the Beta Release will undergo a comprehensive review by a wider audience, encompassing both minor and major operators, to ensure its refinement before the Public Release. This phase will be used for the transition to the previously designed post-handover model.

To accomplish the deliveries, we propose to create five teams with expertise in the required fields. The Creation team is leading the resource creation by coordinating and supporting the other teams. The Risk team is contributing to risk related components of the delivery. The Security team is contributing insights in security procedures and standards, and the InfraOps team & Volunteers team is providing infrastructure and operational insights as well as expertise contributions.

All resources will be released under the Apache 2.0 copyright license, enabling open collaboration, innovation, and free use of the resources by the community.

The detailed Alpha Release work breakdown for the different workstreams is as follows:

Delivery Team

The Delivery Team is responsible for producing the required deliverables and ensuring that all content is presented accurately and timely, driving the project towards its objectives.

The Delivery Team will work closely with Lido DAO NOM workstream contributors and relevant stakeholders in the Alpha Release.

Fees & Payment

The total funding request is $77,600.00, payable in DAI, for the Alpha Release. The proposed payment structure involves an initial 50% ($38,800.00) payment to commence the work, followed by the remaining 50% ($38,800.00) upon final delivery approval.

At the end of the project, the Lido DAO NOM workstream will determine if all listed deliverables have been achieved in quantity and quality and, if that is the case, proceed with the payment.

After completion of the Alpha Release, the delivery team will evaluate necessary efforts for completion of the Beta and Public Release and intents to request appropriate funding in a new proposal.

All payments will be made to this Ethereum address: eth:0x1b28728B06BEEd3a5363DA146B59dB372bbAd047

17 Likes

I’m glad to say that the LEGO council resoundingly approved this grant request.

NOM workstream contributors have been in discussions with with the teams supporting this initiative for the last few months, and it’s nice to see the proposal fleshed out in public.

I’m very excited about both the open spirit of how the work will be approached (and would love to see high participation from the Lido NO set), as well as the deliverables/artifacts themselves.

:duck:

9 Likes

Thank you Izzy, thank you for all your support! Looking forward to making this happen :duck::duck::duck:

5 Likes

I fully support the DUCK initiative! :duck:

Sharing knowledge across Lido node operators is an essential step toward increasing the resilience of the Lido protocol. It lowers the entry barriers for new operators and provides a platform to leverage for future V2 modules. This proposal aligns with the ethos of decentralization, and I’m excited about the prospect of all Ethereum node operators having access to organized, open-source resources. The emphasis on community engagement and collaborative effort is something that I would like to support in any way that I can. Let’s push this forward and work together to ensure the longevity and success of our staking infrastructure!

6 Likes

Really thrilled about this initiative. The amount of knowledge and experience we have laying dormant in the curated set of Node Operators is massive, glad that’s being opened up the the broader community. I’ve talked to a few Node Operators about this, and they all seemed to be very keen on sharing their knowledge, which is already awesome. It’s great Lego is facilitating this initiative. LDG!

7 Likes

I only have a couple of words of caution around this proposal and perhaps is more something to be wary of during delivery and any future discussion around adoption or ‘assessment’ vs. the framework of NOs:

  1. There should be an agreed level of granularity beyond which this work should not pursue. This will allow there to continue to be diversity, at least at the detailed level, of implementation of Node Operators. The worst effect of this work would be if all operators start running in the same way.
  2. (related to 1) I’d argue against any future proposal of assessing NOs vs. the framework and documentation developed because, again, the risk of homogeneity.
5 Likes

Fully agreed on the first account, and it’s why I (in discussions leading up to the formation of the proposal) did my best to steer this away from creating a “standard” but rather towards a system for the formalization of relevant knowledge into frameworks that can be applied across spectra of maturity levels (from small to large operators, from small to large numbers of validators, from immature to more mature orgs, from less automated to more automated setups, from cloud-based to baremetal-based infra, etc).

The second point I would like to prod a little bit. I think open frameworks like this will be necessary to gauge the quality of node operators at a level that can scale. In my opinion if this proposal and overall efforts succeeds it won’t really create one framework, but many, so it should be relatively doable to match an NO to a sub-set of established practices that fits their “persona” so to speak. To wit, it should be an exercise that leads to the improvement in quality of a robust set of variations on how to run nodes well (at scale), versus a tendency towards a singular “best” one. If the latter occurs, I agree it’s certainly undesirable and should be avoided. In this vein, the assessment should be more of a “community accountability” type thing, where I imagine third parties (e.g. security auditors, process auditors, and other consulting type orgs) – bust most importantly, peers – could come in and review an NO against relevantly applied sub-sets of this framework, but it would not be necessarily so that that review/assessment has a direct impact on things like stake allocation, but it could be something that is taking into account.

3 Likes

Thanks for highlighting your concerns! As Izzy mentioned, we are fully focussed on trying to cover as many design options as possible with a granularity level, that does not lead to a reduced diversity across the operator landscape. We will keep that in mind during the work on this initiative :+1:

1 Like

Thank you both @Izzy and @JulianU . I can see that the aim is to ensure / improve overall quality but I am reassured that you’re both conscious of the risks around “standardization” :pray:

4 Likes

Call out to the node operator community

Hi all,

We need your feedback & input on the upcoming initiative. To get in touch with the team, please use this form. We appreciate your support and are excited to co-create D.U.C.K. with you!

Looking forward to connecting and best regards from the team!
:duck: :duck:

2 Likes

Hey,

Is there someone here who is handling the documentation who we can reach out to?

I represent Simply Staking and we are a node operator. We have a Tool that we would think would fit perfectly on the documentation.

For reference, the tool is an Ethereum Doppelganger checker tool: GitHub - SimplyStaking/DoppelBuster: Ethereum doppelganger checker tool

4 Likes

Hi @Damien, sent you a DM! Thanks for reaching out!

1 Like

Hi all,

We have exciting news to share with you:

:rocket: :duck: The Initial Draft of D.U.C.K. is live! :duck: :rocket:

For the last 2 months, the :duck:-expert teams have been working on putting together a first version of the D.U.C.K. Knowledge Base. We are finally there and thrilled to share it with the Lido community and beyond!

Over the next 4 weeks we will be gathering feedback from all the great contributors who have signed up to support this initiative on the road to Alpha Release at the end of March. This will help us to ensure that the content is best suited to support the wider Node Operator community!

If you would like to take a look at the Initial Draft yourself, please visit the D.U.C.K. GitBook!

:duck::duck::duck:

4 Likes

Great stuff!

Just looked through it and there are some tools from our end might be useful to others as well (refering to Collection of Tools, Scripts & Templates - D.U.C.K. - Knowledge Base ):

4 Likes

The amount of information and detail in the documentation is impressive. It is really hard to find new things to add or to correct. Fantastic work!

4 Likes

Good knowledge base, very useful for both beginners and experienced users

3 Likes

Hi all,

We are excited to announce the launch of D.U.C.K.!! Over the last 4 months all 17 members including the Core Team and all Contributors from the Lido Node Operator Community and beyond managed to collaboratively develop the D.U.C.K. knowledge base. It provides extensive insights into node operation relevant risks, mitigations & controls as well as communication best practices. With 77 identified risks, 27 mitigation dimensions, 36 controls dimensions, references to industry-proven IT standards ISO27k and SOC2 and much more, we hope to provide strong support for the broader node operator community. As of now, we invite everybody to explore and interact with the D.U.C.K. Knowledge Base.

We would also like to thank Lido DAO NOM Workstream and LEGO for their trust and funding of this initiative as well as their cooperation during this endeavor.

Regarding the proposed deliverables under the original proposal, we want to provide the references for the sake of full transparency:

Node Operations Risk Framework

  • Risk identification & categorization (LINK)
  • Risk assessment & communication procedures (LINK)
  • Risk record-keeping templates (LINK)
  • Review & audit procedures (LINK)

Mitigation & Controls Library

  • Mitigation strategies & Best Practices (LINK)
  • Controls catalog (LINK)
  • Implementation Guides library for selected controls (LINK)
  • Ready-to-use tools, scripts, and templates (LINK)

Communication Toolkit

  • Stakeholder strategy (LINK)
  • Incident Communication Protocols (LINK)
  • Ready-to-use templates & toolkits (LINK)
  • Ecosystem Collaboration Blueprint (LINK)

By providing these references the core team behind the D.U.C.K. initiative considers the proposed deliverables as completed. We kindly ask a LEGO representative to confirm the deliverables and proceed with the agreed payment procedure for the remaining 50%.

5 Likes

As a contributor to the NOM workstream, I’ve been involved in the preparations for this grant, as well as in following the regular updates provided by Julian and his team. Initially, I was optimistic about this grant, and I can now say that DUCK has exceeded my expectations. The foundation is rock solid, and the content gathered from all the amazing Node Operators who have eagerly contributed is extremely valuable, even at this early stage. I can’t wait for this duck to fly on its own power, and I will be glad to help push this initiative further. Major thanks to Julian and Lionscraft, the entire Core Team involved and of course all the amazing volunteer Node Operators involved!

5 Likes

Thank you Julian for the update.

The core team and contributors from the community have delivered excellently here. I think the quality of the work and especially the breadth, depth, and content is an amazing first foray into the formalization of standards-grade risk and controls in this space, and I’m exceedingly happy that it’s as a result of an open and collaborative effort, and fully open sourced.

Huge kudos to Lioncraft for managing this initiative and to all of the node operators who contributed their time and effort share their hard-earned industry expertise, tooling, and insights.

4 Likes