Risk assessment for community staking

Hi there!

As a contributor to the analytical workstream, I’d like to share my vision of the framework that could be used to evaluate the risks involved with validation.

The purpose of this valuation is to provide a quantitative approach to determining risk mitigation strategies for future staking module development, considering all actors involved.
I view this framework vision as a necessary tool for making informed decisions on managing risks and implementing mechanics for mitigation.

In particular, this framework could be used as a stepping stone for designing for more robust diversity in the Lido validator set; aligning with the goals outlined in Lido-on-Ethereum Community Validation Manifesto, while also considering limiting and mitigating risks for stakers, N.O. community, and Lido DAO.

As one of the ways to mitigate risk, a bonding model allows for both risk mitigation, as well as disincentivization of malicious or irrational actions with risk transferring

The approach details, analyses, and conclusions are detailed here: Risk assessment for community staking and were presented during No Community Call #8.

The gist of the research is identifying possible risk areas in terms of:

• Validator liveness
• Validator slashings
• Rerouting EL rewards

For each of these risks, impact is assessed in terms of

• Losses (lowering the total amount of rewards for the protocol)
• Missed rewards (lowering possible rewards for the protocol)

This framework can be used as a high-level tool for evaluating the total impact in terms of losses and missed rewards. Mechanisms for mitigating those effects could be abstracted - for example, considering bonds as a tool only for transferring losses. For simplicity, the paper focuses only on bond compensation for both effects, but they could be mitigated or limited separately.

As a particular result of this research under realistic assumptions on future conditions, 4 ETH as a bond is enough to cover both losses and missed rewards even for the most impactful malicious or irrational actions, excluding cases of extremely EL rewards rerouting (which couldn’t be covered with a reasonable amount of bond). For these cases, given their rare nature, a valuation of possible effect is provided, establishing a way to limit exposure to this risk.

Actual values and possible effects are subject to assumptions on future conditions (network staking rewards rate, time to implementation of EIP-7002: triggerable exits, the structure of EL rewards), and level of risk-aversion in terms of events mitigated completely or partially (share of total network slashing simultaneously, share of validators subject to malicious or irrational actions)

Using this approach, different scenarios in terms of assumptions and risk attitude could be evaluated with different mechanisms (bond values, as an example) of managing corresponding risks considered within those scenarios

Thank you, feedback & suggestions are highly appreciated!

Great analysis @Mol_Eliza. Appreciate your efforts!

Hi there!

As an additional step, exploring the risk of EL rerouting, I’d like to share a research note on Non-linear bond as Sybil attack resistance mechanism

The conclusion is:
Non-linear bond could function as a mechanism to prevent Sybilling and EL-stealing strategies, but require a drastically high reduction in bond per validator to offset expected returns on performing stealing strategy, so it should be considered, but not as a determining factor to prevent EL stealing

For 4 ETH bond, for example, it would require a reduction to 2.8 ETH per validator to offset the edge of Sybilling and EL stealing strategy over not performing such an action.

1169×456 49 KB

Hi there!

Within the incredible advancements of Community Staking Module initiative it seems reasonable to determine risk parameters utilising the existing framework, based on current observed network conditions and suggest the bond curve structure(s) for upcoming mainnet launch.
Focused on this problem i’d like to share my recent research on Risk assessment for community staking (Sep 2024 update)

The gist of the research

Bond curve & fee level suggestion

For completely permissionless participants:

• 2.4 ETH for the first validator
• 1.3 ETH for any consequent validators

For Early Adopters (EA):

• 1.5 ETH for the first validator
• 1.3 ETH for any consequent validators

6% fee (Node Operator Rewards Rate) for all participants

image906×465 50.5 KB

Risk mitigation

Suggested bond & fee structure, provides:

• Sufficiency for risk transferring of consequences of any operational mistakes
• Cost of Attack for any intentional malicious being two times higher than actual consequences for the protocol
• Bond curve form, incentivizing consolidation validators on one Node Operator, even for actors considering EL stealing, therefore drastically reducing reasonable stealing opportunities, and any possible consequences

Market alignment

Suggested values provide:

• Amazing opportunity for all permissionless participants: +70% increased staking rewards for participants : +70% increased staking rewards for paricipants with 2.4 of capital, increasing to more than +100% staking rewards for participants with >5 ETH of capital (which is enough to run 3 validators)
• Even greater opportunity to Early Adopters, with increase in staking rewards starting from +118%
• Reasonable level of risk mitigation, suited even for extreme scenarios
• Sustainable DAO fee level of 4% for the module

Will there be any changes once EIP-7521, or MaxEB, go live?

Thank you for question @ErwinSmith!

There would be definitely an update (but not necessarily changes), based on new specifications, and possbile realization of implementing increased MAX_ЕB.

The crucial thing there worth mentioning is, definitely, possible drastic decrease in initial slashing penalty (which is still under discussion) - if implemented that may lead to lesser level of risk exposure and, hence, possible lower bond required for the same mitigation.

Exciting to see CSM moving forward! Can you help understand how you are looking at capital effciency because the numbers don’t quite make sense to me.

Let’s say you are a solo staker with 32.4 ETH and CL+EL rewards are 3.5%.

With one solo validator you earn 1.12 ETH/year.

With CSM you can run 24 validators earning 2432.035*.06 = 1.6128 ETH/year.

This looks like a 44% increase in staking rewards not a 100% as calculated in the post?

Can’t seem to edit, but that should say 24 x 32 x .035 x .06 = 1.6128 ETH/year

Thank you @stakey!

That’s a cool (well, to my taste) part.

1.6128 is correct estimation of rewards for performing validation duties (Node Operator rewards)

But the bond provided is aslo staked, therefore generates: 32.4 x 0.035 x 0.9 (applying 10% stETH fee) = 1.0206 ETH/year rewards

Total rewards are 1.6128 + 1.0206 = 2.35125 (+135% over 1.12 ETH / year).
Or +132% over 1.134 if, to compare with the same capital, we suppose that 0.4 ETH remaining from one solo validator in base scaneario is also somehow staked with 0% fee )

Ahh, forgot about the bond’s yield! Thanks for clearing that up for me.

Nice! We’ve also been wondering how the increase to 2048 ETH MAX_EB for each validator would affect its bond to stake ratio in the CSM. We think it has the potential to help small operators like us operate more profitably in the CSM (which we’re currently in the testnet).

The crucial thing there worth mentioning is, definitely, possible drastic decrease in initial slashing penalty (which is still under discussion)

from Slashing penalty analysis; EIP-7251 - Economics - Ethereum Research it seems like they’re leaning constant or sublinear