LDO+stETH dual governance

Today, I read an article written by Jeff Amico, who is the partner of a16z. In this article, he dives deep into how important and effective the “token delegation” can be on a DeFi protocol governance.

As we all know, governance participation is one of the vulnerabilities in our past governance practice. In the new governance mechanism, I think it is important to include the token delegation mechanism. The candidates should be widely nominated from the community members, which can represent different groups of interests.

Delegation is a complex topic.

On the one hand, it allows to overcome voter apathy and overall makes the governance more robust, so it’s definitely worth exploring for LDO governance.

On the other hand, it introduces one more dimension to the principal-agent problem and increases centralization risks of the governance, so it should be explored with caution especially given the current concerns around the LDO governance risks.

Where it definitely won’t work is stETH veto voting since stETH is not a governance token by design—it’s a claim on ETH that’s meant to be not only held but also used in the DeFi ecosystem, which is incompatible with the delegation mechanics incentives-wise (as well as from the technical perspective).

Definitely agree that stETH veto voting doesn’t need to be included in the delegation mechanism. Veto power held by stETH should be act as a guard of the governance system, which does not need to be frequently used.

On the other hand, it introduces one more dimension to the principal-agent problem and increases centralization risks of the governance, so it should be explored with caution especially given the current concerns around the LDO governance risks.

Could delegation mechanism raise the centralization risks? Yes, it does. But, based on the current $LDO token distribution conditions, the room of increase centralization risks is quite small.

image1133×841 50.9 KB

Now the top 95 $LDO holders( including dex pools & cex wallets), which own at least 1M $LDO token, hold more than 93% voting power. All the rest as a whole just represented less than 7% voting power, which just a little surpassed the voting threshold. That’s why Lido governance now and then has been criticized as a centralized governance. The delegation mechanism may somehow reduce the gap and empower some of the community members to more actively participate in the governance process. We should avoid the tragedy of “the abandoned mid-west”.

I like VeLDO , I have lost so much on LDO , could u guys care about the ture value of ldo?

Notes from the discussion here: 2022.06.16 - Proposal Discussion: LDO + stETH Dual Governance - HackMD

The reason that veLDO is an important step is that the Lido’s power structures need to be rebuilt.

May all of us, including the founders, have misassumed the growth speed of Lido. As a result, by the end of 2022, about 85% of $LDO total supply will be in circulation. As I have noted in another post, $LDO is distributed in a quite centralized way. veLDO will somehow solve this issue and restructure the power by setting up a much longer locked up time. The longer you lock up your $LDO, the more power you will have. This will give those community members, who came in later but have strong faith in Lido’s future, a chance to leverage their power by maximism their lockup time.

There is about 17% of the total supply left in the DAO treasury. By the end of 2022, that number will drop to 13~14%. Without healthy tokenomics, including economic models, it’s hard to imagine the treasury could have enough power to support a real long-term project.

hello all

the dual governance seems like a proper balance of powers among the protocol, stETH holders and the wider ethereum community.

the suggestion to burn LDO in a vote thats been vetoed by stETH is a novel idea to address potential gridlock but it should be dropped in relatively short order. there is economic value to LDO and to subject that to removal due to governance vote (even if by an attacker) is a worse outcome than even the antics of the MC and YGG governance battle. DAO governance is supposed to give everyone a voice; silencing an opposing voice is quite the opposite.

i would propose taking a lesson from dispute resolution in meatspace. something along the lines of, if there is a vote that meets certain conditions and there is gridlock resulting from this vote over x amount of time, then there is a committee which shall decide whether or not the proposal is in the best interest of LDO and the ethereum community and should be implemented. Following the approval of this concept, the community votes on this committee once every five years or so and the committee is therefore entrusted to make good decisions only upon gridlock. I think we can all identify folks who would make good and smart decisions. further, the number of proposals that would result in this kind of antagonistic gridlock are quite small, thus limiting the influence of the committee.

the attack vector here would be the committee vote. we can make prerequisites for committee candidates such as candidates can only be folks that have worked at LDO, own a financial interest in LDO and are approved by a majority of the largest tokenholders.

Lido will be a huge important protocol going forward and having resolution frameworks for these types of edge cases fills many weak points of governance.

Finally someone gets it.

ETH has no “in-protocol” governance mechanism other than forking. Giving stETH governance capability is basically attempting to enshrine some governance mechanisms at the EVM level.

Lido should be aiming to reduce governance exposures, not increase it.

Yes, I very much agree with this point of view, the team should pay attention to the veLDO option.

Why does veLDO matter?

• Dominate power is naturally risk aversion. With veLDO mechanism, some of the dominate powers(hold at least 5M $LDO) will hesitate to lock up all their token. If they did so, that would bound their interests closer to the long-term goal of Lido, and will prevent them from anything that will hurt the community.

• veLDO will give newcomers a chance to leverage their power in governance. Assuming the maximum lock up time will be 6 years and decrease linearly. A community member who locked up 1M $LDO for 6 years, will have the same power as those who locked up 6M $LDO for 1 year. This will encourage more new members to join Lido DAO and make the whole community stronger.

Thank you so much for summarizing and bringing up great questions! I’ll try to provide my perspective here, hoping that other community members will weigh in as well.

I don’t have the data readily available at hand (maybe @irina can help here), but I’m definite that these two are very distinct sets. You can get some stETH metrics here: Dune.

Judging from Etherscan data, about half of total stETH supply is held by three protocols: AAVE (31.5%), Curve (12%), and Maker (5.5% via wstETH token). The rest of stETH is distributed in a much more diverse way, and for the three protocols, it would be both very damaging reputation-wise and non-trivial technically (they’ll need to vote for a protocol upgrade) to use stETH they hold in a Lido veto voting.

The fact that Lido is a multi-chain service is one of the causes of the principal-agent problem this proposal tries to address: due to the Lido governance having power on other chains, LDO holders (the agent) may have incentives that are misaligned with Ethereum stakers (the principal).

While I beleive that the Ethereum liquid staking protocol is the central service Lido provides, and will remain so in a foreseeable future (and, as far as I can tell, the whole team beleives the same), the mere possibility of having non-aligned incentives justifies introduction of a safety mechanism like the one proposed here.

That said, multi-chain governance is just one cause of the principal-agent problem which is present even in mono-chain setups.

While I think this is a good outcome for Ethereum given that Lido will be able to eventually ossify its core contracts, there are other optimal outcomes, e.g.: most stake being taken by small independent entities each holding 1-2% of stake at most; an oligopoly of staking solutions with varying degree of centralization, each taking no more than 10-15% of stake; 3 largest solutions taking 90% stake, but each a with sufficiently decentralized validator set and network-aligned governance. The question is whether these other optimal states are reachable, and the opinions here vary greatly accross the Ethereum community.

In my opinion, the most probable outcome is the largest service taking the majority of stake (say, 50-60%), with the next 30-40% being distributed between 3-5 large solutions. In this case, it’s critical for the largest service, be it Lido or some other solution, to provide a robust and diverse validator set and to be aligned with stakers.

Integration of liquid staking mechanics into the base protocol should result in a less complex and more liquid setup. But that doesn’t mean this setup will be more decentralized—I’d argue it will be quite the opposite.

Given that ETH is not and should not be a governance token, the stake distribution mechanism has to be non-opinionated and completely based on data available onchain, which basically means that any entity would be able to register as many validators as they can economically and operationally afford, no matter whether these validators are distributed jurisdictionally and geographically, whether mono-client or whitelabel setup is used, and so on.

This setup, combined with the effect of economies of scale, will result in the majority of stake being anonymously taken by large entities (and/or entities running whitelabel nodes) that have no incentives or obligations to decentralize and generally act in the best interest of the network and stakers.

One might think about some mechanism that allows bringing the meatspace data onchain to introduce decentralization incentives (and we’re actually researching this as part of the Lido’s upcoming permissionless node operator subset), but it’s a very complex research that will require multiple iterations over several years. Moreover, integrating it into the consensus rules will make the latter significantly more complex and fragile, so I’d argue that the best place for the validator set selection mechanics is still the more flexible execution layer.

I think the community should take veLDO mode as seriously. Although the treasury has enough LDO to incentivize LP currently, it is not sustainable. When we are in the bear market with cheaper and cheaper LDO price, the incentive action indicates sending tons of governance powers to NON-LIDOer in a cheaper price, which could cause a more centralization governance problem. Everyone has to admit Lido cannot ignore LDO. Why not construct a more health token economy.

Thank you @skozin for all the thoughtful replies – makes sense on all of them. And yes I also suspect there’s a very wide range of opinions across the ethereum / Lido communities particularly on the last two questions (Lido market share and enshrined liquid staking).

I am not sure where I personally stand definitely on either.

On decentralization incentives, it’s a interesting idea for sure. One could imagine a quadratic distribution mechanism (with community governed parameters such that we can adjust the degree to which it is linear vs superlinear vs quadratic or something more extreme).

Vote escrow is a nice mechanics but it’s not without deficiencies, at least in the plain form. The main one is that the locking mechanism can be easily circumvented by using a smart contract and introducing a market for locked voting power. If not prohibited on either code or incentives level, this market will naturally arise (e.g. see Convex and cvxCRV token).

For example, it can work like this:

1. You send your LDO to a smart contract. The SC locks your LDO for a max period, receives non-transferrable veLDO, and mints you a transferrable xLDO.
2. The SC allows you to get LDO back by burning xLDO and waiting for a lock period to pass.
3. The SC allows xLDO holders to collectively use veLDO for voting for/against some Lido governance decision by running an internal vote among xLDO holders and voting for the leading outcome.

This way, we’ll end up with a more centralized governance without any benefits from the locking mechanics (since xLDO is still transferrable and will have a liquid market).

This can be dealt with by prohibiting smart contracts from minting veLDO. This is a very efficient technique but it prevents voters from using decentralized escrows or multisigs like Gnosis Safe for holding their LDO, which I don’t think is acceptable.

Unfortunately, EVM doesn’t allow to get the complete call stack, only the first (tx.origin) and previous (msg.sender) addresses, so there seems to be no easy way of adding a whitelist of smart contract proxy and implementetion code hashes to allow well-known multisigs.

One complex way of doing this may look like this:

1. Split veLDO minting into two transactions: transferring LDO and receiving veLDO.
2. Transferring LDO to the minting SC (first transaction) gives the address the right to later either mint veLDO or receive LDO back.
3. Minting veLDO (second transaction) requires the caller to provide a Merkle proof of the first transaction that allows the SC to check whether the multisig proxy and impl code is whitelisted, whether it was invoked by a EOA, and whether the invocation directly transferred LDO (in contrast to invoking some other SC).
4. If the proof is correct and all checks pass, veLDO is minted to the LDO sender address. Otherwise, LDO is returned to that address.

It’s not an easy thing to implement but it’s doable (though adding each new multisig implementation to the whitelist will take a lot of development time and effort).

One more consideration to keep in mind is that blocking or whitelisting smart contracts doesn’t prevent a centralized version of the voting power market from emerging.

Appritiate your kindness and patient response. Some of the technology implementation details are quite clear, which I haven’t deep dive before.

I know how influential Convex is inside the Curve ecosystem. No need to mention what a significant role it plays in the Curve stETH-ETH liquidity incentive plan. As you have said, it is unacceptable to take action to prevent it with the risk of collateral damage.

Here is the question: Even if veLDO will not be adopted, could these risks be immune based on the current conditions? What’s the difference between LDO governance and veLDO governance while facing the threat?

IMO, just like you can’t prevent the other LSD protocol breaking the market share threshold even if we take a self-limited cap. If there will be huge interests in the LDO governance power, there will be some Convex alike protocol emerge and take that role. At that time, a decentralized and strong community will stand out and protect Lido from such attacks.

After the dual governance model is implemented and we go to the minimum governance model, the main $LDO governance may focus on DAO treasury management. The reason that I strongly recommend the veLDO mechanism is simply because of the deep demand for restructuring the Lido governance power. By the end of 2022, about 85% of the total $LDO supply will be unlocked and held in a small group of holders. TBO, at that time, I would feel ashamed to participate in Lido governance without 5M $LDO in my bag. Even though veLDO may not be perfect to solve all the issues we are facing, it is still providing a reliable solution to somehow balance the power.

Looking forward to more inspiring insight on this proposal.

So is there a better way? Now LDO is also very centralized.In my opinion, LDO+stETH dual governance simply weakens the rights and interests of LDO, resulting in LDO becoming less and less valuable in the future, and even losing the necessity of existence. this is not good.

如果ldo的价值被进一步减少，我想不出我持有它的任何理由了

It actually introduces another question that one-token-one-vote is a good governance way? For current Lido, I don’t think so coz the top 100 token holders could decide any thing here.
I agree that veLDO mode somehow introduces the bribe model later but it could accummulate the power from the holders with the small amount. To avoid the bribing project with too much power, we could set a upper voting limit for the project(like 10%, the number is not absolute and fixed for all voting cases), which should be considered for the top token holders as well. Also, we could increase stETH holder veto power to avoid LDO centralization governance in this case.

To explore a real decentralization governance, we still have a long way to go.

when the market emerges, it means more competition as well.

Nothing in ve-model solves the principal-agent problem between LDO stakeholders and stETH holders. If anything, it exacebrates them by explicitely embracing short-term vote bribing. It’s got its flaws and benefits, but I don’t think discussion of them in this proposal would be fruitful because it’s completely orthogonal to the main thing here.

Principal-agent problem can be solved by reducing agent’s (in that case LDO holders) power or by increasing principal’s power. Reducing LDO power is a great goal, but unachievable until Ethereum ossifies enough. Hence, if we are to do anything with principal-agent problem at all, we are left with empowering stETH holders in some way.

@vsh yeah, fully agree here. This discussion, though interesting, is definitely out of scope of this proposal.

The vote escrow model was mentioned as part of the “Burn rogue LDO” option as a means of locking LDO being used to vote—as this option requires LDO immobility for the main vote+veto vote period. But it can also be achieved without the ve-model, e.g. we could require the voter to lock LDO into the voting contract for the mentioned period.