Risk assessment for community staking

Hi there!

As a contributor to the analytical workstream, I’d like to share my vision of the framework that could be used to evaluate the risks involved with validation.


The purpose of this valuation is to provide a quantitative approach to determining risk mitigation strategies for future staking module development, considering all actors involved.
I view this framework vision as a necessary tool for making informed decisions on managing risks and implementing mechanics for mitigation.

In particular, this framework could be used as a stepping stone for designing for more robust diversity in the Lido validator set; aligning with the goals outlined in Lido-on-Ethereum Community Validation Manifesto, while also considering limiting and mitigating risks for stakers, N.O. community, and Lido DAO.

As one of the ways to mitigate risk, a bonding model allows for both risk mitigation, as well as disincentivization of malicious or irrational actions with risk transferring

The approach details, analyses, and conclusions are detailed here: Risk assessment for community staking and were presented during No Community Call #8.


The gist of the research is identifying possible risk areas in terms of:

  • Validator liveness
  • Validator slashings
  • Rerouting EL rewards

For each of these risks, impact is assessed in terms of

  • Losses (lowering the total amount of rewards for the protocol)
  • Missed rewards (lowering possible rewards for the protocol)

This framework can be used as a high-level tool for evaluating the total impact in terms of losses and missed rewards. Mechanisms for mitigating those effects could be abstracted - for example, considering bonds as a tool only for transferring losses. For simplicity, the paper focuses only on bond compensation for both effects, but they could be mitigated or limited separately.

As a particular result of this research under realistic assumptions on future conditions, 4 ETH as a bond is enough to cover both losses and missed rewards even for the most impactful malicious or irrational actions, excluding cases of extremely EL rewards rerouting (which couldn’t be covered with a reasonable amount of bond). For these cases, given their rare nature, a valuation of possible effect is provided, establishing a way to limit exposure to this risk.

Actual values and possible effects are subject to assumptions on future conditions (network staking rewards rate, time to implementation of EIP-7002: triggerable exits, the structure of EL rewards), and level of risk-aversion in terms of events mitigated completely or partially (share of total network slashing simultaneously, share of validators subject to malicious or irrational actions)

Using this approach, different scenarios in terms of assumptions and risk attitude could be evaluated with different mechanisms (bond values, as an example) of managing corresponding risks considered within those scenarios

Thank you, feedback & suggestions are highly appreciated!

17 Likes

Great analysis @Mol_Eliza. Appreciate your efforts!

3 Likes

Hi there!

As an additional step, exploring the risk of EL rerouting, I’d like to share a research note on Non-linear bond as Sybil attack resistance mechanism

The conclusion is:
Non-linear bond could function as a mechanism to prevent Sybilling and EL-stealing strategies, but require a drastically high reduction in bond per validator to offset expected returns on performing stealing strategy, so it should be considered, but not as a determining factor to prevent EL stealing

For 4 ETH bond, for example, it would require a reduction to 2.8 ETH per validator to offset the edge of Sybilling and EL stealing strategy over not performing such an action.

5 Likes