LDO+stETH dual governance

Lido DAO currently has governance power over most of the protocol code and parameters.

In this post, we discuss the current scope of governance, the associated risks, and how these risks can be minimized by reducing the governance scope (via ossification) and by aligning incentives between the DAO and stakers (via dual governance structure).

Table of contents

• Current governance mechanics
• Scope of governance
  • Worst-case scenarios
    • stETH holders
    • Ethereum network
• The problem
  • Reducing the governance scope
  • Solving the principal-agent problem
• Dual governance
  • Unstuck mechanism
    • Option: burn rogue LDO after successful veto
  • Protection from veto abuse
    • Option: significant timelock instead of veto
    • Option: expropriate stETH tokens
  • Dual governance scope
  • Including more governance parties
    
  • Implementation complexity
• Next steps

Current governance mechanics

Let’s start with a recap on the current Lido governance mechanics.

Lido protocol is governed by the LDO token. Any change has to be approved via a DAO vote, which can be:

• A standard Aragon vote that has to gain support from at least 5% of the LDO total supply (not circulating supply) and get more support than opposition.
• An optimistic “Easy Track” motion that is strictly limited in scope, cannot upgrade protocol code, and can be opposed by 0.5% of the total LDO supply.

More detailed explanation of the current mechanics and upcoming improvements can be found in this note.

Scope of governance

As detailed in the governance risk FAQ, Lido DAO currently has control over the following components of the Ethereum liquid staking protocol:

• Upgrades of the Ethereum liquid staking protocol code:
  • Lido at 0xae7ab96520DE3A18E5e111B5EaAb095312D7fE84: implements stETH token mechanics, stake buffering, general coordination between other contracts. Acts as the main interface to the protocol.
  • Withdrawals at 0xB9D7934878B5FB9610B3fE8A5e441e8fad7E293f: implements ETH undelegation (currently a stub).
  • Oracle at 0x442af784A788A5bd6F42A01Ebe9F287a871243fb: manages the consensus layer oracle committee and ensures consensus within its members.
  • NodeOperatorsRegistry at 0x55032650b14df07b85bF18A3a3eC8E0Af2e028d5: manages the list of node operators and new stake distribution between them.
• Adding and removing node operators; changing the mechanics of node operators registry via a code upgrade.
• New stake distribution among node operators: DAO sets the upper limit on the number of validators each node operator can run.
• Protocol and node operator fees: which percentage of staking rewards goes to the DAO treasury and node operators.
• The LDO governance token mechanics and issuance.
• Protocol treasury.

Of the control levers listed above, only protocol treasury management doesn’t affect Ethereum network security directly or indirectly.

An important nuance is that, though Lido DAO (LDO token and governance smart contracts) is deployed on Ethereum, LDO holders possess governance power over liquid staking protocols on other chains like Polygon and Solana. While this governance power is unidirectional (from Ethereum to other chains) and Ethereum liquid staking protocol is by far largest of all staking solutions governed by Lido DAO, the multi-chain governance setup means that LDO holders have incentives related to other chains, and these incentives are not necessarily aligned with those of Ethereum network participants.

Worst-case scenarios

Let’s examine the worst-case scenarios that Lido governance capture could trigger for stakers and the Ethereum network as a whole.

stETH holders

Due to the control over stETH code upgrades, Lido DAO can upgrade the stETH contract in a way that would allow burning stETH on an arbitrary address and minting stETH to an arbitrary address. Thus, even though the DAO currently has no control over the ETH that backs stETH, it can effectively steal funds from any user by upgrading the code to burn their stETH and mint it to another address.

Post-Capella (probably 2023H1), due to the upgradeability of the withdrawal smart contract, Lido DAO would be able to steal the withdrawn ETH given that the withdrawal process is assisted by a node operator. For this, the DAO would need to maliciously upgrade the withdrawal contract to allow extracting the received ETH and then persuade or trick a node operator into initiating the exit.

After smart contract-initiated withdrawals are implemented (likely not earlier than 2024), the DAO would also be able to trigger withdrawal of an arbitrary validator and steal the withdrawn ETH without assistance from the node operator.

Ethereum network

Lido DAO or Lido team has no direct control over validators or the node operators running them. Indirect control stems from the fact that currently, Lido governance manages a whitelist of node operators that can participate in the protocol:

1. Lido Node Operator Subgovernance Group (LNOSG) consisting of representatives of Lido team and whitelisted node operators’ teams proposes changes to be made to the node operator set, e.g. adding new members.
2. No changes to the set can be made without an explicit DAO vote by LDO holders.
3. Lido DAO can vote for inclusion or exclusion of any set of node operators, not only those proposed by LNOSG.

Thus, Lido DAO (represented by LDO holders) can exclude any operator from the list, preventing them from getting new stake.

As a result, the worst-case scenario would be a cartelization of the protocol’s validator set. As discussed in The Next Chapter for Lido, it would most probably happen gradually, by directing new stake to a subset of node operators and gradual withdrawal of other node operators (that will become possible after smart contract-initiated withdrawals are implemented).

The problem

The root cause of Lido governance introducing additional risks is a principal-agent problem between stakers (the principal) and LDO holders (the agent). The problem exists because LDO holders don’t have the exact same incentives as stakers.

One manifestation of this problem is that, due to the governance having power over multiple blockchains, a “supranational” organization (Lido governance) currently makes unilateral decisions over a “national” protocol (Ethereum liquid staking).

We propose to deal with this problem using a dual approach:

1. Reduce the scope of governance as much as possible via ossification.
2. For the remaining governance scope, break the principal-agent problem by introducing a dispute and resolution mechanism for misaligned incentives between stakers and LDO holders.

One could argue that, even if Lido governance is aligned with stakers, this still won’t protect ETH users since “ETH users” is a different set than “ETH stakers”. However, we believe this property is something related to PoS design in general and thus cannot be changed by Lido (nor that is it necessary). See Hasu’s explanation for a more detailed reasoning.

Reducing the governance scope

Reducing the power of governance over the Lido protocol via ossification is the most effective solution to governance risks, and is something the Lido team plans to propose as early as possible.

However, ossification only becomes an option after the ETH2 specification gets finalized and battle-tested, so we need an interim solution until then.

Also, even after ossification, some of the governance scope will still remain, namely management of the node operator set (including control over the parameters of a permissionless registry).

Solving the principal-agent problem

This brings us to the following problem: given that the current governance scope will remain for some time, and that certain aspects of node operator set management will be governance-controlled even after the ossification, can we describe a governance mechanism that satisfies the following goals?

1. Solve the principal-agent problem between Lido and stakers by preventing proposals from passing that would be hazardous for stakers.
2. Don’t introduce new attack vectors, e.g. from stakers on Lido.
3. Allow Lido to recover from a “captured/stuck” state of LDO governance.

The answer we propose is a dual-governance framework between LDO ad stETH holders discussed below.

Dual governance

Let’s modify the current LDO governance mechanics as follows:

• LDO holders can still propose and vote in the same way as before.
• A timelock is added between LDO vote passing and execution (LDO execution timelock).
• By default, Lido governance is in the global state where, after a timelock, any successful LDO vote can be executed (normal state).
• However, a quorum of stETH holders can apply a veto, switching Lido governance into the adversarial state where no LDO vote can be executed unless it’s specifically un-vetoed (veto state).

Gov flow chart2044×2484 280 KB

Transition to veto state:

• Any stETH holder can lock their stETH in a dedicated escrow contract.
• The governance transitions to the veto state as soon as the total amount of stETH locked in the escrow contract minus stETH pending withdrawal (see below) exceeds a certain threshold (veto threshold).

Veto state:

• No LDO vote can be executed in veto state unless execution of this specific vote is explicitly allowed via anti-veto voting. This includes unexecuted votes started in the normal state.
• An LDO vote created in veto state cannot be executed even in normal state unless its execution is allowed by a passed anti-veto vote.
• LDO execution timelock is significantly larger than in the normal state.

Anti-veto voting:

• Any participant having their stETH locked into the escrow possesses veto power equal to the stETH amount locked.
• While governance is in veto state, any possessor of veto power can create an anti-veto vote for any specific LDO vote that’s passed, not executed, and had no associated anti-veto vote created.
• An anti-veto vote is for the following outcome: allow execution of the specific LDO vote while the governance is in veto state.
• An anti-veto vote is active for a fixed amount of time (anti-veto voting period) divided into two phases. During the first phase, any possessor of veto power can vote for or against the outcome. During the second phase, one can only vote against the outcome. Veto power of a participant is snapshotted at the moment they vote (not at the moment of vote creation).
• An anti-veto vote is passed if, during anti-veto voting period, it attracts participation from at least some fixed percentage of total veto power snapshotted at the moment of vote start (anti-veto quorum), and the amount of veto power supporting the outcome exceeds the amount of opposing veto power.
• The outcome of a passed anti-veto vote becomes effective as soon as the veto voting period ends: the respective LDO vote’s outcome becomes executable by anyone regardless of whether the governance is in veto state.
• Failing an the anti-veto vote (either because it doesn’t get the quorum or because the majority opposes) means that the respective LDO vote’s outcome becomes unexecutable under any present of future circumstances.

Transition to normal state:

• Any participant possessing veto power can initiate withdrawal of their stETH from the escrow. This immediately destroys the participant’s veto power, transfers the participant’s stETH into the “pending withdrawal” state, and starts a veto withdrawal delay after which the participant can withdraw these stETH. Veto withdrawal delay should be significantly longer than anti-veto voting period.
• As soon as the total amount of stETH locked in the escrow contract minus stETH pending withdrawal becomes less than veto threshold, a timelock starts lasting enough time for ETH withdrawals from the Lido protocol to be processed (veto lift timelock).
• During the timelock period, the governance is still in veto state.
• If, after the timelock passes, the total amount of stETH locked in the escrow contract minus stETH pending withdrawal is still less than veto threshold, the governance transitions to normal state.
• A participant whose stETH are pending withdrawal can change their mind and cancel the withdrawal. In this case, veto withdrawal delay is cancelled (meaning that if the participant decides to withdraw again, they will need to wait full veto withdrawal delay again) and veto power equal to the stETH amount is assigned to the participant.

The mechanism satisfies the first condition outlined above: solving the principal-agent problem between stakers and LDO holders. Let’s discuss how we can satisfy the other two conditions: allowing the governance to recover from a captured state and not introducing new attack vectors.

Unstuck mechanism

The dual-governance setup allows stakers to block any adversarial change. However, if the governance is permanently captured, there is no way for valid LDO votes to pass, and so the protocol simply stays in a gridlocked state.

That is not a bad outcome assuming withdrawals are enabled, but if possible, we would also like the ability for governance to “unstuck itself” and move forward without falling back to social intervention aka Ethereum hardfork.

Option: burn rogue LDO after successful veto

For this, the following mechanism could be implemented:

• Change the main LDO voting mechanics to use vote escrow-locked LDO (veLDO) as the source of governance power instead of pure LDO, similar to the veCRV mechanics.
• If, for a certain LDO vote, an anti-veto vote gets the quorum and gets rejected, all LDO tokens that supported the LDO vote get burned.

This effectively redistributes the LDO governance power of the attacker or incentives-misaligned DAO members between other LDO holders, allowing the protocol governance to unstuck without involving social consensus.

A variation of the mechanics is possible: instead of burning all LDO tokens supporting the vetoed vote, burn some percentage of them (from each LDO supporter) that’s proportional to the amount of veto power that voted against lifting the veto.

One important effect of this approach is that, since stETH effectively gets the power of burning LDO, the governance power of LDO is mostly transferred to stETH.

Protection from veto abuse

We also want to ensure that the veto power of stETH holders cannot be abused and doesn’t open new attack vectors on stakers.

Since the described dual governance mechanism cannot be used to propose any changes, the only new attack vector it could add is governance griefing attack, where someone possessing a large stETH amount uses it to prevent any governance proposal from passing for an indefinite period of time.

This attack is hard to pull off since fair participants can always obtain additional stETH, either from market-buying or by minting from ETH, and use it for lifting the veto from specific votes. Thus, the amount of capital required to stop the governance is extremely high. However, without any additional mechanics, cost of the attack is small since stETH is withdrawable for ETH and so the attacker doesn’t lose any funds unless slashing happens in the meantime. At the same time, the profit from the attack generated by e.g. opening a short position on LDO and/or stETH might be significant.

Two things can be done to further disencentivise this type of attack: making it less effective and/or more expensive. Let’s discuss both of them.

Option: significant timelock instead of veto

To make the governance griefing attack less effective, the dual governance mechanics could be changed so that veto state enforces a significant (say, half a year) timelock on the execution of LDO vote’s outcome instead of preventing the execution altogether.

In the case of governance capture, the timelock would give stakers enough time to withdraw their funds from the protocol (or the Ethereum community to fork the chain before withdrawals are implemented). At the same time, the governance griefing attack now makes much less sence since it can only slow the governance down instead of completely stopping it.

The obvious downside of the approach is that it makes any recovery from governance capture impossible, even if the attacker is willing to negotiate. This is especially undesirable pre-withdrawals.

Option: expropriate stETH tokens

Another way of disencentivising the attacker is increasing potential cost of the attack.

For this, escrowed stETH could be prevented from being withdrawn from the escrow (expropriated) if they voted against the majority in an anti-veto vote that got the quorum. If the anti-veto vote didn’t get the quorum, no stETH is expropriated.

That is, stETH of a participant get expropriated if:

• The participant supported an anti-veto vote, this vote got the quorum and was rejected.
• The participant opposed an anti-veto vote, this vote got the quorum and was passed.

Expropriated stETH don’t contribute to the veto threshold, don’t generate veto power and cannot be withdrawn from the escrow. However, LDO holders can launch a vote for releasing expropriated stETH tokens of a certain participant. This vote should also be in the scope of the dual governance.

This mechanism makes an unsuccessful attack, be it a governance capture attack or a governance griefing attack, more expensive since the capital used to apply or lift the veto can be lost.

At the same time, the ability for the fair participants to unlock the attacker’s stETH (by launching an LDO vote for the unlock and lifting the veto from it via anti-veto voting) leaves room for negotiation with the attacker and gives fair participants more leverage in this negotiation.

That said, the following griefing attack is still possible:

1. Buy or mint stETH amount larger than veto threshold.
2. Lock it into the escrow => governance is transferred to veto state.
3. Immediately initiate the withdrawal.
4. After the veto withdrawal delay ends, withdraw stETH and unwrap to ETH.

The maximum cost of the attack is the opportunity cost of locking stETH for veto withdrawal delay period, and the effect is either that governance is paused for veto lift timelock period, or that fair participants are required to escrow-lock at least the same amount of stETH and actively vote for lifting the veto from all new LDO votes.

Dual governance scope

Instead of applying dual governance to any LDO vote, we propose to limit its scope to the following governance decisions:

• Upgrading the Ethereum liquid staking protocol code (see the list of contracts in the Scope of governance section).
• Managing the list of consensus layer oracle committee members.
• Managing the Ethereum node operators set and its parameters.
• Changing the total fee percentage of the Ethereum liquid staking protocol outside of the agreed boundaries (e.g. can be set between 5% and 20% by an LDO vote, anything outside this only via dual governance).
• Minting and burning LDO.

This leaves managing protocol treasury, changing protocol fee within the sane limits, and upgrading any code external to the Ethereum liquid staking protocol (i.e. not listed in the Scope of governance section) out of the dual governance scope, allowing LDO governance to execute non-critical actions witout additional friction. At the same time, any potentially hazardous decision goes through additional timelock and veto phases.

Including more governance parties

It’s arguable whether aligning incentives between LDO holders and stakers is enough or more parties should be included in the governance.

One option would be to include block producers, making Lido more into an actual neutral DAO of participating node operators (in Adam Cochran’s words, “Lido arguably isn’t even a staking entity, but instead, a rewards incentive and protocol layer for staking entities to be able to provide staking as a standardized service”). This could be done, for example, by requiring node operator (super)majority to approve the veto state in order for it to be applied and using quadratic weighting based on the amount of stake.

Another option would be to somehow include Ethereum users, whatever it might mean.

We think, however, that dual governance is likely enough and that Lido probably doesn’t need to align more incentives than between stakers and LDO holders in order to minimize the protocol governance risks, as explained in Hasu’s note.

One more argument against including more parties is smart contract risk: the more parties are involved in the governance, the more complex the interactions between them, the more the probability of unnoticed bugs in the implementation or unforseen effects in the governance mechanism design.

Implementation complexity

Discussing implementation details is out of scope of this post, but let’s provide some estimates on the complexity:

• The basic dual governance mechanism could be implemented in the form of a proxy (Aragon forwarder) sitting between the Aragon Voting contract and the governed Lido contracts. Then, all in-scope permissions together with their management rights can be re-assigned from Voting to this proxy contract. Time to ship is expected to be around 3-4 months.
• Option: burn rogue LDO after successful veto would take extra 3–4 months on top of that.
• Option: significant timelock instead of veto would take additional 2–3 weeks.
• Option: expropriate stETH tokens would increase the shipment time by 2–4 weeks.
• The option of including node operators into the governance would take additional 2–5 weeks, depending on the approach.

Next steps

Reducing the governance-related risks is the topic of importance that cannot be underestimated, especially for a protocol sitting as close to the underlying network as Lido does. At the same time, any change to the governance structure could have unforseen or second-order effects and thus should be thoroughly designed and peer-reviewed.

We invite you to contribute to the discussion and share your opinion about the proposed dual governance framework, both in general and regarding the described mechanics.

After the initial discussion, the Lido dev team will prepare and share in this thread a more technical proposal detailing the general architecture, APIs and changes required to implement the basic mechanism together with the initially-selected set of options.

Sam, Eugene, Hasu, Izzy, Vasiliy

Great, “Checks & Balances” model, let’s fight!

BTW, super for the veLDO model. This is the king of the options. Let us set a 6-year maximum lock time. We can find out who the diamond hand is and who the paper hand is.

WAGMI!

Overall I like this proposal, this has the potential to address a lot of the community backlash regarding cartelisation and centralisation.

Personally, I strongly support the “dual governance scope” part of the proposal. The stETH holders shouldn’t be empowered to veto every governance decision, that would be too much. The stETH holders need to be empowered so that they can protect themselves, not so that they can limit any and all proposals. Decisions about treasury management, for instance, should be left to LDO holders exclusively.

The burning mechanism may not be the best choice, since it will also make normal community members hesitate to participate in governance, just because of the fear of standing on the wrong side. The alternative option is a 3~6 months $LDO token locked up(for veLDO, a 3~6 months lock time extension) penalty, with a 1~3 months voting power frozen would be fine. With this kind of “Impermanent loss” risks, the attackers will need to pay a price for their behaviors. In the meantime, normal community members will feel more calm while they need to make a choice.

An exciting proposal! Our research on Optimistic Approval (~ negative consent) and DeFi capital structure models should be helpful in analyzing this. The capital structure models we developed in our Stablecoins 2.0 paper and our decentralized governance paper model the conflicting incentives between system users (e.g., stETH holders) and governors (e.g., LDO).

See also our governance extractable value (GEV) article in Our Network, which I am unfortunately unable to link to here (as a new forum user).

There are two immediate places this could be useful:

• In evaluating the “burn rogue LDO after successful veto” option discussed in the proposal. In particular, this slashing could introduce a further incentive problem similar to problems faced by minority shareholders (for which there are often minority protections).
• In tuning parameters of the proposed mechanism. E.g., in analyzing costs of governance griefing attacks

Happy to discuss and conceivably help build this (we are planning a similar application in Gyroscope).

The Our Network piece on GEV, for reference

Well done. This is brilliant.

i have not have enough time to read and digest this

there is not one critique its all just cheers ! lol

i’m betting less than 30 people in the world actually read this proposal and thats a big deal given that lido has better than a 50-50 chance of indirectly taking over ethereum

also, hasu im sure a good guy and i have manifested alpha from his work - but i do not think he saw luna collapse coming and actively has a podcast with su zhu, who actively promoted luna and depositing in anchor for 20%

note that hasu also never recommended that lido should sell some eth to cover their expenses, in fact no one did, which means we’re all a bunch of amateurs, myself included

so before we go all kumbaya, acknowledge that there are plenty of byzantine actors in the luna ecosystem (e.g. jump crypto, literally dumped LDO and stETH to try to save its trash ponzi) and that we should take it slow before we dilute the value of the ldo token, of its only current value …

with that said, looking forward to digging into this

As this proposal has made up an innovative framework for future governance, I’d like to add some specific details. Let’s call them ‘options of the options’.

• Change the main LDO voting mechanics to use vote escrow-locked LDO (veLDO) as the source of governance power instead of pure LDO, similar to the veCRV mechanics .

veLDO should not only have voting power. There should be a percentage of protocol fee, which is now distributed to DAO treasury, distributed to veLDO holders. This idea came out of my mind based on two reasons:

• As we introducing $stETH holders involved in the governance mechanism, it will dilute the power of $LDO holders, which it was initialize defined. $LDO holders hand out their power of protocol governance for some financial interests, that’s a fair play.

• You can’t assume every $LDO holder has the interest, or ability, to directly participate in the whole governance process. To incentive more broadly governance participation, a delegation mechanism and economic interests are needed.

Let’s set a cap(e.g. 50%) of the shares which veLDO holders as a whole could own. It can be issued with a lower percentage(e.g. 15%) and increased by governance vote.

A “Goodbye Letter” from JAI BHAVNANI (founder of Rari)really touched me.

As the space trends towards efficiency, basically all tokens will trend towards 0. They will be re-rated for the risks that they underwrite or adjusted for EV of capital owned. If they aren’t owning capital or underwriting risk, then they are useless over the macro. On-chain governance is overrated (should likely be structured as a liability more than an asset) and we should be pushing for complete immutability. DeFi has lost its way with tokens and governance.

I can’t say that I fully agree with him on his point of view, but I think he really pointed out some vulnerabilities among most of the DeFi protocols. Hope we can better handle these issues and make a healthy environment for all community members.

It’s a good proposition, and I totally agree.

locking in the escrow contract could decrease the captical efficiency of stETH while locked stETH can’t get extra reward by being used in defi. Also, stETH used in defi project or wstETH can’t be used to veto. It will totally decrase the cost of malicious attack as we know most stETH now is used in defi protocols.

Just guess you guy will proposal LDO + stAssets dual governances for the resting chains if they reach enough TVL.

In the dual governance model, LDO governance power waters down, which Lido dao and the Ethereum commnity want to see. LDO power ossification lets me think if it is a good way to have stAsset governance only for one single chain staking (stETH for ethereum staking while stMatic for Polygon staking)? If yes, the question becomes how we could govern the protocol by stAssets only?

It could be a long-term plan while core actions are regularly buying back and burning $LDO until there is no LDO.
Firstly, Lido is trying to get more shares in supported chains and expand to other chains. Incentivizing LP in $LDO plays a key role. The treasury holds only ~177mil $LDO that could support ~3yrs LP incentives based on the current reward budget (5mil per month). $LDO buyback and burning could help increase LDO value directly so that the dao has more money to expand the business (to more chains if Lido Dao expects). In this way, we could use fewer LDO to incentivize LP later.
There are several possible questions:

1. If All $LDO is burnt, how to incentivize the business. The answer could be to use the protocol fees. Also, I don’t think burning all tokens can be done in the coming 4 or 5 years according to the current revenue.
2. How to do if Lido becomes a blue-chip protocol later while there are much fewer LDO tokens, which will cost a lot to buy them back. Lido could propose to set a token void threshold, below which the token cannot be used for governance anymore. However, there could be many ways to handle it.
3. If there is no $LDO, who can decide how to use the treasury. Simply use stETH governance or let the stAsset holders with the most protocol fees decide.

Great proposal! Can you explain a bit further what you mean by ossification in terms of governance?

In literal terms ossification is the gradual process of something turning into bone (or, metaphorically, hard like bone). When used in terms of protocols and/or governance it describes the evolution of something which may start off somewhat flexible into something more rigid and fixed.

This may include making pieces of the protocol less governable and/or making them immutable (non-changeable). For example, removing or reducing certain functionality (e.g. the ability to mint stETH) or, making smart contracts non-upgradeable. In general, there’s a balance that needs to be maintained because if you ossify too early, you may not leave enough flexibility in the protocol to adapt to new network-level functionality or changes; on the other hand, if you never ossify then it means that governance may always pose a critical or systemic risk to a protocol, and the larger the protocol grows the more costly and complex it becomes to mitigate potential impacts.

Today, I read an article written by Jeff Amico, who is the partner of a16z. In this article, he dives deep into how important and effective the “token delegation” can be on a DeFi protocol governance.

As we all know, governance participation is one of the vulnerabilities in our past governance practice. In the new governance mechanism, I think it is important to include the token delegation mechanism. The candidates should be widely nominated from the community members, which can represent different groups of interests.

Delegation is a complex topic.

On the one hand, it allows to overcome voter apathy and overall makes the governance more robust, so it’s definitely worth exploring for LDO governance.

On the other hand, it introduces one more dimension to the principal-agent problem and increases centralization risks of the governance, so it should be explored with caution especially given the current concerns around the LDO governance risks.

Where it definitely won’t work is stETH veto voting since stETH is not a governance token by design—it’s a claim on ETH that’s meant to be not only held but also used in the DeFi ecosystem, which is incompatible with the delegation mechanics incentives-wise (as well as from the technical perspective).

Definitely agree that stETH veto voting doesn’t need to be included in the delegation mechanism. Veto power held by stETH should be act as a guard of the governance system, which does not need to be frequently used.

On the other hand, it introduces one more dimension to the principal-agent problem and increases centralization risks of the governance, so it should be explored with caution especially given the current concerns around the LDO governance risks.

Could delegation mechanism raise the centralization risks? Yes, it does. But, based on the current $LDO token distribution conditions, the room of increase centralization risks is quite small.

image1133×841 50.9 KB

Now the top 95 $LDO holders( including dex pools & cex wallets), which own at least 1M $LDO token, hold more than 93% voting power. All the rest as a whole just represented less than 7% voting power, which just a little surpassed the voting threshold. That’s why Lido governance now and then has been criticized as a centralized governance. The delegation mechanism may somehow reduce the gap and empower some of the community members to more actively participate in the governance process. We should avoid the tragedy of “the abandoned mid-west”.

I like VeLDO , I have lost so much on LDO , could u guys care about the ture value of ldo?

Notes from the discussion here: 2022.06.16 - Proposal Discussion: LDO + stETH Dual Governance - HackMD

The reason that veLDO is an important step is that the Lido’s power structures need to be rebuilt.

May all of us, including the founders, have misassumed the growth speed of Lido. As a result, by the end of 2022, about 85% of $LDO total supply will be in circulation. As I have noted in another post, $LDO is distributed in a quite centralized way. veLDO will somehow solve this issue and restructure the power by setting up a much longer locked up time. The longer you lock up your $LDO, the more power you will have. This will give those community members, who came in later but have strong faith in Lido’s future, a chance to leverage their power by maximism their lockup time.

There is about 17% of the total supply left in the DAO treasury. By the end of 2022, that number will drop to 13~14%. Without healthy tokenomics, including economic models, it’s hard to imagine the treasury could have enough power to support a real long-term project.