Is Lido good for Ethereum?

Vibe check and anecdotal evidence from conversations with the Ethereum staking community about Lido:

The Ethereum community has a very healthy and passionate immune response to anything that is a threat to the decentralization and credible neutrality of Ethereum. Defending these principles was why Lido was created. Not to centralize Ethereum staking, but to provide an alternative to centralized exchange staking. This post is written by an Ethereum solo staker. It is not a post in defense of Lido, but simply a discussion about where Lido is today and what its plans are for its future.

Lido DAO contributors are working on creating permissionless modules to allow anyone to become an operator, expanding the existing permissioned set. There are two parts to that challenge, one is technical, and the other is social.

This is the first post in a series called “Lido Community Staking” that is being written for anyone who would like to learn more about the Lido protocol and DAO and what it would look like to be one of their community staking operators in the future.

About the author:

I’m Eridian, and I’m an Ethereum staking enthusiast. I wrote and maintain the EthStaker Knowledge Base and I’ve worked on a number of Ethereum staking-related projects such as DVStakers and Staking Directory. While participating in the Lido DVT trials, I decided to apply for the role of Community Lifeguard. The role is outlined in this forum post and the TLDR is that I don’t work for Lido, I’m a community participant who is compensated via a LEGO grant for my contributions to the Lido community. All opinions are my own, I simply want to support the diversification of the Lido node operator set, enabling thousands of solo stakers to participate in validating Ethereum.

The Ethereum Staking Ecosystem today

Source: https://dune.com/hildobby/eth2-staking

The Ethereum Staking Ecosystem without Lido

Expectation…

Reality - A different large staking provider takes its place.

Lido exists. While some people wish it didn’t, Lido does in fact exist. It is a very significant staking protocol on Ethereum and provides a service that people clearly want. If Lido was a bad product, or a better one was readily available, then market forces would naturally drive users toward those better alternatives. But the reality is that Lido has found a way to fill a specific need within the Ethereum staking ecosystem. Ignoring or dismissing Lido’s role in the market doesn’t change its significance and only leaves room for misunderstandings about the current landscape of Ethereum staking services. So, whether you’re a fan or a critic, Lido’s impact and continued relevance can’t be overlooked.

What even is Lido?

Lido is a protocol and a DAO. A set of smart contracts deployed on Ethereum and a governance token called LDO that is used to vote on changes to those smart contracts. Operators join Lido by an on-chain transaction that is then voted on by the DAO. If they are accepted, they are assigned a number of validators. This is all publicly visible onchain. As an example, in the image below you can see that RockLogic has created 9,000 validator keys, but only 5,800 have been approved by the Lido DAO so far, and all 5,800 have been funded. HashQuark has submitted 11,000 validator keys and all 11,000 have been approved by the DAO… but only 9784 have been funded so far.

Validators are funded in a round-robin where the operator with the lowest number of active validators and with available keys (in the example above that would be HashQuark) has their next validators funded.

Operators start with up to 100 approved keys which can be increased over time via a governance motion (which the Lido DAO can veto) so that operators can prove they are reliable and show they can maintain the standards expected of a Lido operator.

Could Lido force these operators to do anything? No. Lido doesn’t control the validator keys as these are generated by each operator. If the protocol needs to exit a validator in order to meet withdrawal requests, all it can do is signal to the operator to trigger a voluntary withdrawal. There are updates proposed to the core Ethereum protocol that could change that in the future. For example, withdrawal address triggerable exits in EIP 7002 would allow the withdrawal address smart contract to trigger exits of validators.

Could a Lido operator change the withdrawal address of the validators they run? No. This withdrawal address is set when the validators are created and the operators never have access to the deposited ETH or the withdrawal address.

Could a Lido operator steal rewards and MEV? Yes. There’s nothing technically stopping them, but there are a few things to consider when thinking about “stealing” rewards. Firstly, sending funds to the wrong address is not always malicious theft e.g. misconfiguration of clients can cause addresses to be wrongly set. For the permissioned Lido operators, the risk of theft is mitigated by aligned economic and reputation incentives. If an operator is running hundreds or thousands of validators, the risk/rewards is hugely weighted towards them following the rules. As each operator is a known entity, they also carry reputational risk from misbehaving which provides additional mitigation. If MEV stealing does occur, the DAO can vote to not allocate that operator new validators. For future permissionless operators, these incentives change, as there’s no longer a reputational risk, and the reward for theft can be significantly more than the cost of the attack. Therefore, introducing permissionless operators does increase the risk of reward theft and that risk needs to be managed appropriately.

What/who is the Lido DAO, who are the largest LDO holders and what does the token distribution look like? Does LDO present an attack vector for Ethereum given Lido’s significant total stake? These points are out of scope for this initial post, but will be covered in detail in the future post “LDO - Who holds the power?”.

Lido is/isn’t centralized?

Lido consists (at the time of writing) of 31 individual permissioned operators (with an additional 7 recently approved). They each run different hardware, different clients and can choose which MEV relays they use. They are located in diverse geographic locations and legal jurisdictions to provide high resilience and redundancy. These operators include client teams such as Prysmatic Labs (Prysm), Nethermind, Chainsafe (Lodestar), Sigma Prime (Lighthouse) and Attestant (Vouch/Dirk). You can view all the operators yourself here, here, and here.

Is Lido centralized because it only has 31 operators? What if it had 5,000+ operators and allowed for permissionless entry? Having more operators isn’t a single cure to all the concerns raised about Lido. It doesn’t solve the problem of the Lido DAO having indirect control over a significant portion of the Ethereum consensus layer, and more operators doesn’t mean all operators are equal either. For example, if there are a few large permissioned operators with 98% of the stake and lots of smaller permissionless operators with the remaining 2%, that doesn’t make it decentralized, but a highly centralized system that also has permissionless entry.

A possible scenario - A large number of permissionless operators…

… with a tiny fraction of the total validators.

Even in a system where a majority of participation is permissionless, it does not necessarily make it decentralized or evenly distributed.

Lido Alternatives - Centralized exchanges

The simplest way to stake is to use a centralized exchange. It involves the minimum number of steps and doesn’t require self-custody of your crypto assets. One of the main problems with this approach can be summarized with the phrase “Not your keys, not your crypto”. If you have to ask permission to withdraw your assets, then one day that permission might not be granted which usually happens at times when you really need your assets back (think insolvent exchanges/bank runs). Centralized exchanges are opaque and don’t rely on smart contracts to guarantee access to funds.

Lido Alternatives - Permissionless protocols

This is where Lido is moving towards with their V2 staking router and permissionless modules, but it isn’t there yet. There are protocols that already allow you to join as an operator, fully permissionlessly, with no questions asked. How do they achieve this? By using a bond. A bond is a deposit that can be used to encourage good behavior and limit the influence of bad actors on the system.

Depending on how bonds are used, they can also create a capital efficiency problem. If someone with a large amount of ETH wants to stake with a protocol, a proportional amount of bond is required to match it. Even in a protocol where there was a 10:1 stake-to-bond ratio, if a staker comes along with $100m in ETH, the operators need to come up with $10m ETH in bonds just to create the validators. This limits the growth of bonded protocols forcing them to follow a narrow growth trajectory so that large amounts of ETH are not left waiting around for operators to come up with the matching bond. This is one reason why Lido has been able to scale so quickly compared to other protocols, as it can absorb almost any amount of ETH, making it very capital-efficient.

Is Lido against solo stakers?

Everyone loves a good vs. evil story. David vs. Goliath, the Rebel Alliance vs. the Empire, DeFi vs. TradFi.

Unfortunately, the reality is never that simple, and just because one option is “good” or “better” doesn’t make all other options “evil” or “bad” by default. Solo staking is and always will be the gold standard of Ethereum staking. It’s what the protocol has been designed for and is the measure by which all other staking solutions should be compared.

However, not everyone can run their own Ethereum staking machine. There are many reasons for this including the capital cost of the required ETH and the desire to set up and maintain hardware. These are not insurmountable issues and there are entire communities such as EthStaker who make it as easy as possible to solo stake. However, even with all of these resources available, there are many people who will not solo stake from home and instead look to a service provider.

Lido Community Staking

If you want to stake on Ethereum today, there are a number of options available to you:

• Solo stake (requires 32 ETH)
• Buy an LST (e.g. rETH, stETH)
• Stake with a pool (e.g. Stakefish, p2p)
• Operate a node with a pool (e.g. RocketPool, StakeWise V3, Stader, Diva)

(Check out staking.directory for a list of available Ethereum staking options )

This list is set to grow quickly with many new staking pools and DVT solutions coming to mainnet soon. You could apply to be a permissioned Lido operator, but this requires a proven track record of staking, professional infrastructure, incident response teams, etc., so it’s challenging and very competitive!

As a result of the Lido V2 update, modules can be created that allow for a wider range of staking parameters, with a permissionless solo staking module being a top priority for many Lido DAO contributors.

While the details are still being worked out, the idea is that anyone (permissionlessly!) will be able to become a Lido node operator and run an Ethereum validator. There will likely be a bond requirement for security and economic alignment, but that bond will be significantly less than the 32 ETH required to solo stake.

A detailed description of V2 modules will be explained in a future post “Lido V2 modules explained for Solo Stakers”.

So, is Lido good for Ethereum?

Ultimately, Lido fills a specific role within the Ethereum staking landscape. This post wasn’t written to give a direct answer to that question, but instead to provide information to show what Lido looks like today and its direction in the near future. Lidos value to Ethereum depends on how it adapts to challenges and critiques concerning its governance and decentralization. As the Ethereum staking ecosystem continues to evolve, keeping a balanced perspective on protocols like Lido is necessary for a resilient, inclusive, and decentralized network.

Eridian, a huge shout out for this post
Easy to read and understand, explaining the basics behind Lido protocol, as lots of misconceptions and speculations have spread across the community in the recent times.

You are a true Community Lifeguard

Looking forward to this future post

Just to add a bit of context here, as it may sound strange that the Lido DAO approved only 5,800 keys for one operator, but almost 2x for another.

RockLogic ready to deposit keys were limited, following April slashing incident involving its validators. This was implemented, as a result of 2 votings:

1. Vote #154 on Aragon, which set staking limit to 5,800.
2. April Slashing Incident: Key Limit Follow-up on Snapshot, which signalled token holders preference to lift RockLogic staking keys limit after operators, that have joined Wave 5 onboarding, catches up to 5,800 keys.

It’s all about the nuance:

• LIDO in moderation is good to Ethereum
• a LIDO monopoly is extremely damaging to Ethereum

Multi-operator liquid staking protocols are a great counter-balance to centralized exchanges. But LIDO is not the only one, and it should not be.

LIDO can abuse its network effects and superior product to crush competitors and claim as much dominance as possible. It can also acknowledge that LIDO is both a hedge against centralization and also a massive centralization thread.

LIDO being good or not for Ethereum depend on its own actions, and the lack of self-awareness to its own risks points to the negative direction

Having a different assessment of the risks, their likelihood, impact, identifying and examining other risks – largely unaddressed by the wider community , often because of how opaque and “non-memetic” they are – and how they may be managed is not the same thing as lack of self-awareness.

I think the Lido community and the DAO have put a lot of thought and effort into identifying, researching, analyzing, publicly acknowledging, discussing at length, and offering insights into how these (and other) risks might actually materialize (or not). Examples include:

• the self-limiting discussion from a year ago,
• my analysis of general risks around LSPs and staking and how self-limiting actually pushes other very serious risks under the surface
• sacha’s recent point by point analysis of danny’s criticisms
• pushing forward in depth analysis and identification and measuring of on-chain censorship
• countless conversations on twitter, at conferences, in person, etc.

I welcome engaging on the substance here vs broad strokes generalizations, so can we get to that instead?

LIDO being ok with a single protocol capturing all the stake is my problem here. The reality today is that LIDO has the most concentration of stake by far, so it should take the most heat to divert market forces away from it.

I disagree with your analysis of the general risks around LSPs, and I believe that if the following line materializes it would be very bearish for Ethereum:

The point of “winning” liquid staking isn’t to swim in a Scrooge McDuck pool of ETH – it’s to prevent chain capture by CEXes or staking solutions with direct control, to work to ossify and minimize governance over time, and to turn the staking protocol’s liquid token into a slightly better version of WETH. That’s it, that’s the game.

While it’s your full time job to defend LIDO’s interests (nothing wrong with it) I felt the need to express dissent on such a positive thread so far until my answer. I apologize if my answers are not sufficiently in depth to your standards but I would rather post my generalized thoughts than stay silent.

• There’s an implicit assumption here that “multiple protocols having roughly equal shares of stake is necessarily and always better than a single protocol sufficiently decentralized doing so”. This is a claim made all the time by those that demand that Lido self limit but haven’t seen persuasive arguments that this is the case. For the same reason it’s perfectly fine for Ethereum to be the leading DeFi network and Ethereum shouldn’t self-limit how much total defi happens on Ethereum vs other networks. There’s no difference here in terms of market power laws. The only difference is what the risk and governance structures around these protocols are, which is why nuanced takes are necessary.
• The second is that there is a corollary here that if Lido somehow does this other market participants will fall in line (I think that’s at best a naive take) and that the risk somehow goes away if Lido does this but that if this is happening behind the scenes it’s not a risk. The risks that I raise in the general analysis around LSPs that this line of thinking leads to are either ignored or sidestepped. Since you disagree with it, and we agree that this is about nuance, let’s go into the details here so that I can at least understand your position?
• I don’t agree with the implication that expecting that something is the likeliest realistic (and largely unavoidable) outcome means that you necessarily also desire it; it doesn’t, and “being ok” with it doesn’t mean that you’re also not actively working to try to ameliorate the pernicious aspects of an eventuality like this. If you recognize something as an eventual outcome, I see roughly four options: a) do something about it (position yourself in such a way that if this is the outcome the best possible version of it materializes), b) stick your head in the sand and pretend it’s not going to happen, c) do something about it in the sense that you attempt to apply social pressure to change the outcome, or d) change the environment so that the possible outcomes change. I’m not in a position to do (d), that’s something not in my purview and outside my accessibility. the (c) crowd is doing fine on its own. You’re saying “give us enough time to fix it”, and I’m saying a) I don’t think you can fix it (because it’s not “fixable”), and b) I don’t think it’s a good idea to break the market in the hopes that you can figure out a way to (because in my estimation this actually makes the risks you’re worried about worse, not better).

My job is to (try to) help create a better overall validator set for Ethereum. Part of how I see that job is engaging with people whom I respect but ultimately may deeply disagree with on how exactly to do that. Engaging in details and specifics is really the only way to make progress here.

I’m glad you felt comfortable enough to express dissent here, but the choice is not “post a generalized thought or stay silent” – that part is up to you. If you’re going to paint everyone with a broad brush, though, and say that there’s a lack of self-awareness, you shouldn’t be surprised when someone has a problem with that characterization.

Ok, why? What are the more bullish outcomes that you have in mind and how do you see them coming to fruition?

My most bullish outcome would be:

• some non-negligible (ideally 5-10%) of independent stakers
• multiple liquid staking protocols with different risk profiles none exceeding key thresholds
• CEXes having minimal staking share

That would make me very happy. Bearish cases (one or many) are:

• no independent stakers, or < 1%
• single liquid staking protocol having monopoly on stake
• CEX (individually or combined) having too much stake

Plus the idea that in the future a liquid staking derivate with replace WETH and permeate all Ethereum applications sounds so bonkers to me. Like having the entire ecosystem critically dependent on a single protocol is an absurd level of risk for some yield points. LIDO would become the JPMorgan Chase of crypto, too big to fail and with indirect power over everything. If the Ethereum ecosystem is so irresponsible, I would prefer to abandon the space and go somewhere else.

I think all of these make sense, and I’d personally even like solo stakers to be ~15% (I’m assuming a subset of solo stakers running LSP validators, or “native-LST” validators if that’s ever a thing) which I think is doable in the long-run with simpler hardware requirements (e.g. once we have some form of statelessness), battle tested DVT, etc. My biggest issue with

is that the key thresholds argument is one based on technical thresholds that ignores how risk actually pools, at which layers, and where the “pressure points” are from a practical perspective. It pushes things like aggregate operator risk to the network under the surface (which is IMO is actually the most important thing to be able to identify, assess, and evaluate), and makes them almost impossible for the protocol or community at large to reason about.

I don’t think the purpose behind it is just for yield points. The point is that actors, capital, liquidity, etc will coalesce around the most utilitous solution. This is basically the role that ETH has in DeFi. What’s the difference? I’m not saying it’s necessarily a good thing, but it’s just how these things tend to work. Ethereum is wildly successful in large part because it’s the locus of defi activity (and vice versa, in a virtuous cycle).

The WETH analogy is less-so about ubiquity and more-so about it being something that is so “sturdy” that it’s basically equivalent to ETH. Obviously there are different levels of inherent technical, economic, etc complexity at play here, but I believe that LSTs can eventually become solid enough that they achieve a similar kind of status. I just don’t think it’s likely that you’re going to see a lot of LSTs achieve this per network.

I think the natural progression here is one LSP (it could be 2-3, it happens in some markets, I just don’t think it’ll happen in DeFi due to liquidity drivers) becoming a defacto standard and basically eventually getting assimilated into the protocol. Either via enshrining it/them or a version of it/them when the base layer becomes stable enough to do so or by other means. Much of the indirect power that the DAO might have is because the protocol cannot be ossified because Ethereum itself is not yet “done” (at least insofar as staking applications on it are concerned). The only thing that can be done is to constantly meter or shed as much of that indirect power as possible whenever the base protocol allows it to, or when/if it’s not possible to do that yet to provide for safe egress so that failure modes are not of the “too big to fail” variety.

Seeing how strong market forces are, enshrining could be a stable long term solution. Meanwhile, quoting from Vitalik’s post I’m at:

socially encourage ecosystem participants to use a diversity of liquid staking providers, to reduce the chance that any single one becomes too large to be a systemic risk

In the continuation of the thought that you quoted, Vitalik readily admits relying too much on moralistic pressure is perilous and that doesn’t lead to stable equilibriums, and that social pressure is just one option to consider.

In the short term, one option is to socially encourage ecosystem participants to use a diversity of liquid staking providers, to reduce the chance that any single one becomes too large to be a systemic risk. In the longer term, however, this is an unstable equilibrium, and there is peril in relying too much on moralistic pressure to solve problems. One natural question arises: might it make sense to enshrine some kind of in-protocol functionality to make liquid staking less centralizing?

I honestly believe that social pressure is good. But it can take many forms, and especially when it’s of the moralizing kind it can be net detrimental. I think that this moralistic approach can lead to deterioration of near-term equilibria in addition to long-term ones. We can see this on chain right now (look at recent staking deposits and consider what extrapolation of this means), not to mention in terms of the deterioration of the likelihood of harmonious outcomes given the flavor of argumentation being employed (types of moralistic arguments and ad hom attacks being leveled).

Net deposits over last 30d

Unidentified is just not yet labeled/attributed (i.e. could be and likely is an existing large entity). #2 + #3 are ~33% more than Lido protocol inflows. This is in line with what happened the last time social pressure was applied (~last summer) – stake share largely drifted towards centralizes staking solutions (large entrenched NOs, CEXes).

Much like cigarette and oil companies do “research” and then gaslight everyone saying they investigated themselves and found no wrongdoing

Much like cigarette and oil companies do “research” and then gaslight everyone saying they investigated themselves and found no wrongdoing

Whereas shouting “Lido BAD” over and over again without being able to acknowledge the positives is like saying oil companies don’t provide any benefit to humanity and should be eradicated (even though they support our entire modern world).

If you haven’t read the self limiting post in a while, I think it’s worth the read. Very hard to say that the community has not discussed risks.

What’s terrible to see is the reality - as everyone is pointing their finger at “bad guy Lido”, the decentralized protocols are losing share to CEXs and centralized Node Operators. That is the real threat to the ecosystem.