Node Operator Admission: Everstake as stVault Professional Operator

1) Identification

Everstake is an institutional validator operating 40k+ validators across 80+ networks, serving 1.6M+ addresses with $7B+ staked and 99.98% uptime. We request admission as stVault Professional Operator (Tier-1) and intend to apply for Professional Trusted after ≥3 months of successful operations.

Why Everstake:

• Ready distribution. Wallet, custodian, exchange and AM channels we already serve can route deposits to stVaults at GA.

• Proven ops & decentralization. Multi-geo, multi-provider footprint; disciplined rollouts, 24/7 monitoring, client diversity.

• Safety-first controls. Clear RBAC (Everstake = Owner; any wrapper = FUND/MINT/REPAY only), PDG bond separate from slashing; Everstake as default Depositor & Guarantor.

• Institutional UX. Native Mint/Repay with capacity-aware throttling/queue; policy-capped secondary-market fallback; MPC + ERC-4626 rails and reporting.

2) Business case

Distribution we can activate on day one

• Channels: existing integrations across wallets, custodians, exchanges, and asset managers (B2B and B2C). Public logos include Exodus, BitGo, Anchorage Digital, Copper, Safe, MetaMask and others.

• Audience size: 1.6M+ unique addresses and large institutional cohorts already staking with Everstake.

• Coverage: infra in 10+ countries and 420+ servers with enterprise SLAs to serve regulated clients.

What we will offer

• Rails:

  • MPC — isolation accounts, role-based approvals, reporting/exports aligned with audit needs.

  • Wrapper — ERC-4626 flows via SDKs and direct on-chain access.

• Tracks:

  • A0 (Vanilla): staking-only with Mint/Repay liquidity.

  • A1 (Looping): policy-gated leverage track operated by an approved strategy wrapper; instant deleveraging playbook; conservative venue allowlist.

  • (A2 sleeves reserved for future iterations.)

Capacity & headroom ask (Professional Tier-1)

• Ask: admit at Tier-1 within the Professional track; reserve-ratio, mint cap and validator tiers per committee policy.

• Utilization: we expect rapid take-up via wallet & custodian channels + institutional allocators; we will publish weekly usage telemetry and PDG cadence to support staged tier increases.

• Sourcing profile: mix of institutional tickets and retail wallet flow

3) Operations & decentralization

Infra & rollout discipline

• EL clients: Geth (primary) with Besu/Nethermind/Reth as secondaries; staged rollouts.

• CL clients: Lighthouse/Teku/Prysm mix; canary cohorts → batch waves with rollback SOP.

• DVT posture: 3× SSV Stader clusters (~1,300 active keys), 1× SSV Lido cluster (~80 keys), 2× LidoObol clusters (~160 keys).

• Remote signing & slashing-protection: Web3Signer + external slashing-protection DB; no keys on validator hosts.

• Change management: GitOps / IaC, PR reviews, maintenance windows; canaries then phased rollout with rollback playbooks.

• Monitoring & alerting: Prometheus/Grafana; liveness, attestation, block status (proposed/missed/slashing) and MEV health checks; relay bid monitoring; Grafana/Zabbix alerts.

Infra footprint

• BM/Cloud mix: ~50/50 with validator/signer isolation.

• Orchestration/IaC: Ansible / Terraform

• Network hardening: VPC + segmented subnets, firewalls.

• HA/DR: Tested failover playbook; RTO ≈ 20 minutes.

Geo / jurisdiction

• Core regions: Germany (3 zones), Netherlands.

• Independent providers: Worldstream, Leaseweb, Cherry, OVH, GCP, Linode, Givemecloud.

• Data residency: KMS in GCP multiregion.

MEV posture

• Relay allowlist & neutrality: Per Lido Relay Maintenance Committee list (non-censoring / resilience-first).

• Fallback: Local block-building enabled for proposer availability.

• Monitoring & failover: Relay health checks, auto-failover thresholds, bid monitoring, and alerting via Grafana/Zabbix.

4) Security & assurance

• Key management: Remote signer (Web3Signer) with keys in KMS/Safe; no keys on validator hosts. Signer runs on isolated VPC/subnet with allowlisted callers. Least-privilege access; PDG/role ops gated. External slashing-protection DB in place.

• Certifications: NIST CSF, SOC 2 Type II, ISO 27001; GDPR compliant

• Audits / pen-tests: periodic external reviews; remediation tracking; vulnerability disclosure policy.

Hi!

Thanks for applying — we’re glad to see you moving forward with your onboarding as a Node Operator for stVaults.

As a member of the stVaults Committee, I can confirm that the Committee has begun the assessment process. We’ll keep you posted on the progress.

As a delegate of the stVaults Committee, I am posting to confirm that the relevant ET motions establishing Everstake’s status as an stVaults Identified Node Operator have now been enacted.

Following the committee’s assessment of Everstake’s application, Everstake’s has been assigned to the Basic Identified Operator Category under the stVaults framework, in line with the scope of its application.