Bolt - Alliance Workgroup Review
Key Terms
Ethereum-alignment and commitment to decentralize validation
Bolt has been designed with an Ethereum-first and proposer-centric approach. There are economies of scale pushing Ethereum towards centralized block production, and Bolt attempts to push back on this. Bolt does not rely on delegation, as it allows validators to directly issue commitments simply by running the Bolt sidecar. Bolt is a lightweight solution that does not significantly increase validator requirements. Its permissionless nature makes it unopinionated in the current relay and builder market competition, and therefore it does not favor specific relays or builders—an unhealthy outcome for Ethereum. Lastly, Bolt accelerates Ethereum’s roadmap towards stronger censorship resistance properties (Inclusion Lists, PEPC), defragmentation (based sequencing), and fast user experience (preconfirmations).
Use-cases for stETH adoption and integration
The benefits and use cases for stETH are twofold.
Firstly, Lido Node Operators (stETH validators) can access ancillary rewards in addition to the MEV-Boost auction. This leads to downstream benefits for stETH holders in the form of increased rewards.
Secondly, Bolt requires economic collateral to back commitments. Given that stETH is both highly liquid and has a high market capitalization, it stands as one of the few appropriate assets for collateral on Bolt. This use case induces additional demand for stETH.
Opportunities for node operators
Bolt enables proposers to deliver preconfirmations, thereby increasing validator rewards in a MEV-Boost compatible and safe manner. It leverages proposer commitments—a novel primitive that allows proposers (validators) to make credible commitments on the blocks they produce—to achieve this. Bolt plans to start with inclusion preconfirmations and progressively expand to different commitment types, further adding additional revenue streams for validators.
Security Review
Please see “Security Culture” section here for further detail
What are the processes for putting code into production? (Skip answer this is just subheading)
What is the release flow from the security perspective?
- Write and document code in open-source
- Internal review + implement changes
- External review by partners engineering teams + implement changes
- Devnet v1 deployment (after every deployment and audit, repeat steps 1-3)
- Devnet v2 deployment
- Testnet v1 deployment
- External audits by 1-3 teams
- Testnet v2 deployment
- External audits by 1-3 teams
- Mainnet v1 deployment
How does the team decide the code is ready for mainnet?
- Fully open-source to ensure a large review surface area
- Strong documentation to ensure a low barrier for reviewability
- HIgh code standards and expectations demanded by the team
- Rigorous internal review process
- Multi-party external review process
- Audits
- Multiple devnet and testnet deployments
- Testnets are participated and reviewed by many parties
Does the protocol have public audits? What parties conducted the audits?
- In the process of finalizing audit partners
What’s the issue summary (total issues / total fixed / crits and highs / crits and highs fixed)
- NA
How is the deployment verified against the audit?
- NA
What are the processes for managing security through TVL growth?
Is there a bug bounty? if yes — which and where
- Not yet announced, but Chainbound plans to implement a bug-bounty for v2 of bolt’s testnet and mainnet
Are there limits / thresholds on the project / TVL? Who controls those?
- There are no hard-coded limits, but as of now, there is a 1 ETH collateral target for validators
- There will be whitelists for collateral types
- TBD on who controls these. If these are upgradeable parameters, a multi-sig, which Lido can have seats on, will be the initial controlling party.
Are there any user funds on a multisig?
- No
Is the code upgradable? How and who controls upgradability?
- TBD (as bolt is in testnet)
- If there are any upgradeable contracts, a multi-sig, which Lido can have seats on, will be the initial controlling party.
What is the likelihood that the project will endure?
Is the project incorporated? How the legal structure looks like?
- Chainbound Inc is a Delaware C Corp
- A foundation will be set up for bolt
What’s the funding situation?
- Seed Round (2024): led by cyber.Fund, with participation from Maven 11, Semantic, Robot Ventures, Bankless Ventures, Anagram, and Chorus One
- Pre-Seed (2023): led by Delphi Ventures and cyber.Fund, with participation from SCP
What is the team size?
- Team of 7
- Expanding soon
Is the code open source? What’s the license?
Executive Summary
| Dimension | Conclusion |
|---|---|
| Security Evaluation | Commitment to run testnet launch, as well as having the public audit report and bug bounty upon any launch |
| Ethereum Decentralization | Direct, very positive |
| stETH Adoption | Direct, very positive |
| Benefits to Node Operators | Direct, very positive |
Recommendation: Accept
The Alliance Workgroup recommends accepting Bolt and endorsing it for the Lido Alliance.