Should Lido on Ethereum be limited to some fixed % of stake?

Awesome write-up Vasiliy & Sacha! Very thorough, and thoughtfully presents all the pros and cons - much appreciated.

There is one spot where I’m not fully following, which is that an increased fee would adversely impact current users who have no way to withdraw today.

Every current stETH user can simply sell their stETH on the secondary market.

Here’s the mechanism as I’m envisioning it:

1. Slightly increase stETH fee
2. Users who are not okay with the higher fee will sell stETH (let’s call these exits). New users who are okay with the higher fee are directed to buy the exits’ stETH, and then mint new stETH over and above that.
3. If the adds continue to exceed the exits, inch up the fee again.
4. Continue raising the fee until the adds equal the exits. When that happens, the adds are entirely buying stETH, not minting new stETH, so total ETH staked stops increasing.
5. Keep the total staked flat (at this higher fee) until the market share drops to 15%. Lido holders / DAO treasury benefits from this higher fee.
6. Once below the 15%, lower the fee again to resume growing

The above mechanism shouldn’t upset any existing stETH holder since they can just be one of the exists any time they want, get their ETH equivalent back, and reshuffle it to another staking pool.

The interesting question is regarding the price elasticity of the fee. In other words, would the total fee income going to the treasury end up being lower, on par, or higher vs a lower fee % plus higher market share.

Assuming Lido would otherwise maintain 30% share, dropping it to 15% share would imply that the portion of the fee going to the DAO would need to be double in order to maintain breakeven. My understanding is that out of the current 10% fee, 30% (or 3pts) goes to the Treasury. So for that to double to 6pts, the breakeven fee would need to be 13%. So if it goes above 13%, this is actually more profitable for the DAO treasury vs status quo, and if it doesn’t then it is less profitable.

To me Lido is just like a collective of honest indoor shrimp farmers gathering together to fight against the mega-shrimpfarming conglomerate.
It’s the exact same struggle.

This unecessary battle between aligned collectives is distracting us from our real goal.

I’m against the limits because they favor the big shrimpers

Hi All,

I want to thank the Lido governance community for having this important discussion.

Let me present my view, with supporting arguments, and my suggested course of action.

In short, my view is that Lido may do best (for ethereum) to self limit market share for, say, two years. Vitalik’s suggested method of a Lido system upgrade to automatically increase the end-user fee when market share exceeds the target sounds good to me. With this method, I like that Lido effectively converts its market leader position into excess fees in exchange for promoting the overall health and neutrality of the liquid staking market.

However, it makes sense to me that if Lido self limits, that may help any competitor that’s positioned for unbounded growth to rapidly grow its market share and potentially become the “new Lido”. It sounds like Coinbase and Kraken may be considered to be candidates to benefit the most from a Lido self limit.

Yet, Kraken’s ETH staking program is 5x smaller than Lido today (I don’t have Coinbase numbers handy), so the idea of Kraken or Coinbase growing to become a Lido-sized-share concern would require a 5x gain in market share, which in my view, is effectively impossible as other competitors will grow at the same time and work to balance share.

As well and, imo, more importantly, may we reasonably expect Kraken or Coinbase to rapidy launch a fully fledged staking token? By “fully fledged”, I mean it seems to be insufficient for Kraken or Coinbase to merely launch a liquid staking token, they also may need to engage in the practical work of growing that tokens importance in defi to solidify the Lido-sized-share network effect. This practical work may include encouraging stakers to withdraw their tokens from the CEX and use it in DeFi, and doing the community and partnership work to grow defi integrations for the CEX token, which may have regulatory implications. Crucially, if Lido self limits and Coinbase fills that void by growing to, say, 25% market share, but if Coinbase doesn’t have a token with a mature Lido-sized-share network effect, then the potential credible neutrality threat to eth would be, in my view, an order of magnitude or two less because, as established by Georgios and Hasu’s seminal article on the topic, what may make a Lido-sized share threatening to eth is not that it has 33% share, it’s that it has 33% share in the context of a heavily entrenched, strong defi-side network effect for stETH. If Coinbase has a 25% share but no/a weak token, it seems to be no true problem for eth, as Coinbase’s 25% share would be unsustainable without being fueled and defended by a strong token.

In short, I think that if Lido self limits, the risk of Kraken or Coinbase becoming the “new Lido” may be effectively zero.

imo, an important context item for my view is that a Lido self limit should be explicitly temporary. Say, for two years. There is a popular view that if Ethereum needs altruistic self-limiting to work, then it’s not going to work writ large. I think this view is substantially correct in general, but, imo, Lido’s current monopoly seems to be highly circumstantial in the early lack of “competitive competitors”. So I think there may just be a temporary need for Lido to self limit for two years, during which time Lido would hover around 1/3 stake or even exceed it, depending on the fee targeting tuning parameters, per Vitalik’s method. At the end of the two years, I’d be interested to see Lido consider removing the self limit-- or perhaps the Lido governance community may end up finding that they enjoy earning the extra fee revenue associated with the self limit.

To zoom out for moment, at a high level, there are roughly two kinds of decisions, reversible ones and irreversible ones. If Lido self limits now and asap, it sets the stage to maximize ecosystem health going into the merge, and if a CEX token threatens to catch up and become the “new Lido”, the community may easily revisit the self limit fee target tuning parameters.

I love the idea of the Lido community shipping Vitalik’s method of fee targeting now and asap, before the merge.

For example, Lido could initially target a market share of 30% with a high fee penalty for exceeding that. Then, if a CEX token threatened to take over, that 30% share target could be adjusted to 45% or the fee slope could be lessened to a “medium” fee penalty instead of high.

In short, if Lido doesn’t self limit, there seems to be, afaict, a ~100% chance of Lido becoming even more dominant and attracting 35%, 50%, 85% of stake. But if Lido does self limit now, before the merge, we’ll have successfully reduced that ~100% chance to, say, ~0% given appropriate fee targeting. And if Lido’s self limit creates, say, a 50% chance of a Kraken or Coinbase token taking over, then Ethereum’s credible neutrality will, imo, be in a significantly better position because of the following three items:

1. a 50% chance of a Coinbase token taking over is significantly less than Lido’s ~100% chance of becoming further dominant without a self limit. I think I have worked to demonstrate that Coinbase’s chance of becoming the “new Lido” is much less than Lido’s chance of becoming increasingly hyper-dominant for the reasons above.

2. if Coinbase starts to take over, we have immediately accessible levers to gradually relax or wholly reverse Lido’s self limit.

3. if Coinbase starts to take over, Lido would still have 30% share at this time, and that puts us in a duopoly situation, which, imo, is significantly healthier for ethereum than, without a self limit, the realistic prospect of Lido running 80%+ of staked ETH.

In short, I see (i) a Lido self limit as the only remotely realistic avenue to prevent Lido from soon running a majority/supermajority of stake, (ii) Lido’s self limit as being flexible and reversible, and (iii) the estimated worst-case scenario of a Coinbase token taking over as being extremely unlikely and also, if it happened, more like a relatively healthier duopoly.

I think that if Lido may be able to ship a self limit now and asap, before the merge, using Vitalik’s fee targeting method, would be a huge win for ethereum’s credible neutrality. Personally, I’d strongly welcome such a self limit for a temporary period of two years and would look forward to Lido maintaining a ~30% share for years to come.

Lido should not artificially limit itself.

The rhetoric surrounding this idea continues to come from adversarial stakeholders, individuals who do not understand Lido’s systems, and people who are misinterpreting the genuine concerns of some in the Ethereum community.

Lido certainly has room to improve in:

• It’s internal decentralization to ensure each staking party has sufficient fail safe and stop gap measures they can introduce in light of a bad actor or exploit.

• Measures to fairly prevent system price gouging.

• Processes on the arbitration of (unlikely) system wide voting or dispute resolution among validators.

But, let’s not make the mistake here of thinking that Lido is a centralized staking entity.

Lido arguably isn’t even a staking entity, but instead, a rewards incentive and protocol layer for staking entities to be able to provide staking as a standardized service.

This is why it’s disingenuous to suggest that Lido “controls” XX% of stake when comparing it to entities like Coinbase or Kraken.

Lido is directly aligning the incentives of many parties, whom are normally adversarial, and forcing them to act in the best industry of the protocol as it favors their business long-term to do so.

Further, competition here is paramount. As the Ethereum community the only thing that should matter is the most robust and secure staking that is not owned by a single entity.

Artificially capping Lido would result in benefiting other parties who would not be competitive in their offerings under normal circumstances. I doubt we would see Binance or Coinbase stop their offerings under any circumstance, and if people can’t get more stETH or their is a premium, they’ll go to these other leading entities.

If other parties wish to take marketshare, they should do so by being a competitive standard of product.

I appreciate the seriousness with which Lido is examining the centralization concerns, I think being a market leader in such a critical space does require a great deal of responsibility - and that there is more than can be done in building the right system guard rails.

But Lido’s focus should be on making the best protocol to onboard more staking entities and reducing any potential vectors of misuse through trustless implementations, and not artificially capping itself, which would only help to serve low-quality and centralized offerings.

I am against any limitations being put on LIDO for leading the liquid staking market. If u disagree consider how you’d feel when Coinbase or Kraken take over instead. i think lido should stay transparent and thoughtful on how the validators are chosen and that’s basically all the market should care about on the subject. don’t punish lido for being the best in the market.

Glad we finally got this out there

From my perspective the way that the argument to limit staking solutions as a whole has been put forth, and the assumptions it makes, do a disservice to the Ethereum community. This is not to say that there is no risk and that it shouldn’t be considered; in fact I would argue that Lido has been incredibly candid and honest about the risks that the protocol and the product present in general, what mitigation mechanisms exist or have been identified, and what the plan is for them to be implemented and improved on. Ultimately, however, the question at hand fails because it does a bad job in presenting the risks at hand, and it presents a specific solution as the only viable option even though ultimately it’s not.

For one, it lacks nuance. It’s really not that simple as “any one organization with dominance introduces existential risks”, because “one organization” and “dominance” are not simple things to define, and differ greatly when you compare different organizations and what and how much they can influence things. Second, and most importantly, it obfuscates the much larger, more immediate, and potentially more ruinous risk which is “how much direct control does any one or set of entities have over the network” by conflating organizations/entities of different type and not considering the differences between direct and indirect control. Not only does it draw attention away from this risk, but it explicitly allows for entities with direct control to amass critical power because it focuses on “umbrella” entities/organizations instead of examining the entities where the locus of power really lies.

I’ve put together a document detailing my thoughts on the staking landscape (warning: long and not beginner-friendly) in Ethereum, and I’ll be pointing to relevant portions of it in my summarized argument below.

• Lido does not have the control over its validators that people think it does. This was a conscious design choice and Lido continues to show that the choices it makes are driven by the protocol’s best interests. It’s disingenuous to pretend that it does, or that stake share via an on-chain protocol that is basically a federation of independent operators is the same thing as stake share of a solely or tightly-controlled group of them.
• Limiting any one staking solution, or even multiple staking solutions, to some fixed % of stake does not do what you think it does
  • Each protocol is different, and how decentralized each protocol is actually materially affects how decentralized the underlying network is, especially if they’re capped/limited to the same level
  • For this to even remotely work then you need to classify different staking solutions differently and potentially also cap by classification, and you need a way to enforce caps at the protocol level because there will be actors who will not self-cap (which is a nightmare to do, operationally/logistically, and it will probably spell the death of the network in any case)
• Permissionlessness is not decentralization, and assuming that permissionless solutions at large scale are similarly decentralized to how they are at small scale is dangerous (and we should actually examine how good they are at small scale, too)
• Self-capping the leading protocol does not make other protocols more competitive, in fact it allows them to grow despite being less competitive which means that you end up with a worse network
• Self-capping the leading protocol only allows non-aligned actors who were slow to join the chance to catch up and leapfrog lagging aligned actors (i.e. you end up with a worse network)
• Even if a miracle happens and all actors self-cap, this leads to a market that competes only on APR across staking solutions, which benefits centralized actors over decentralized ones, which means that decentralized solutions must rely on stakers’ willingness to pay a “decentralization premium” just to compete (nevermind offering a product that’s better for the network)

In the end, limiting the leading protocol only allows other protocols to play catch up. Some will argue that “if they catch up, we can revisit”, but this is not very reasonable. Why give them the opportunity (and power) that comes with catching up at all? Is the risk that’s introduced (and overall detriment to decentralization) worth it? The protocols that will catch up the fastest are ones that can leverage economies of scale and are unconstrained from a supply perspective. The reality is that there is a lot of capital waiting on the sidelines to enter the staked ETH market which is waiting for the merge to be done with (and likely withdrawals too). This capital is most likely to enter via KYC/AML onramps and offramps, especially if more KYC-friendly solutions take off or finally release their liquid staking token. Everyone is looking at the landscape now and ignoring what the landscape will most likely be in 12-18 months from now. Placing limits and constraints now is going to make competition later magnitudes more difficult, and the best solution is not to constrain the market leader but to do everything we can collectively to make it the best version of itself.

A time-horizon for the self-limit is an interesting idea, as some major events will completely change the market dynamics over time:

1. Currently the liquid staking market is subject to large economies of scale due to liquidity pool requirements for the staking tokens, leading to a winner-takes-most market. Once withdrawals are allowed, this goes away, and very likely we are no longer in a winner-takes-most market.

2. Distributed Validator Technology will become available and widely adopted, allowing Lido to take on a much more decentralized node operator network.

I think you make a good argument for Lido to not self limit based on, we may call it, endogenous and virtuous grounds of capitalism. But, I also think your argument may be a bit oblique in the sense that it doesn’t directly address the suggested primary reasons for Lido to self limit.

I’d be interested to know your specific views on the core of the argument for Lido to self limit, ie. that

1. Lido’s monopoly is circumstantial due to the early and current lack of “competitive competitors”. That’s to say, liquid staking is not necessarily destined to be a monopoly, it just happens to be one right now.

2. If Lido doesn’t self limit, it may be expected to run a supermajority of stake in the months/quarters following the merge. To give some anecdotal context here, I’m part of an informal working group of liquid staking oligopolists, and our general consensus has been that nobody is close to catching up to Lido and it’s completely unrealistic to expect a competitor to catch up before the merge and Shanghai hypergrow Lido deposits.

3. Having a single liquid staking provider running 30%, 66% of stake is a significant perceived and real reduction in ethereum’s credible neutrality, and should be avoided if possible. It’s a perceived reduction in credible neutrality for obvious reasons. But, it’s a real reduction in credible neutrality, too, as the Lido governance community has non-trivial power to force validators to follow their wishes, for example, by threatening to kick them off the platform.

4. Lido’s self limiting may be explicitly temporary for the reasons above. With a two-year temporary self limit, competitors may be expected to substantially catch up, and if they don’t catch up within two years, Lido will have done right by the ecosystem. Note that, of course, Lido will still grow a lot during the two-year self limit period, as only their share is self-limited, not their amount of ETH staked.

What do you think?

Lido’s current market cap is only ~$400M. That means that for $200M, someone could take over 51% of the governance vote and use it to carry out an attack on Ethereum by pressuring / swapping operators.

What % market share can Lido get to before the social layer of Ethereum finds this untenable and executes a fork to slash Lido validators?

I understand there are governance proposals (such as letting stETH holders veto), but not clear when those are coming out, nor what % of stETH holders would be active voters.

It’s also worth noting that a similar fork threat is there to prevent CEXs from taking too large of a share. A CEX like Coinbase has much more to lose from that type of slashing than even Lido does, because they have other business lines which would be impacted / bankrupted by what is to them a side business. Why would they take that kind of risk instead of just self-limiting their share?

1. I have no idea what this has to do with a need to self limit. It does not change the attack vector here. What is relevant is, “is Lido owning all the stake a risk or not” - not “what would it be if others launched at the same time”

2. It’s entirely possible that Lido could see a supermajority stake in that time frame. Which once again suggests that Lido should look towards ensuring that safe guards are in place to responsibly manage such a possibility. I would agree this is a concern with capping if the actual validators staking were a single entity. But, if there are credible safe guards in place, then it is no different.

3. The perception part is irrelevant to the core issue. Now, the reduction in credible neutrality does matter. That solution to this is not to artificially stunt growth, but to ensure, in advanced, that there are policies in place for this. For example, that could range from holding a governance vote to limit governance power on certain matters if Lido owns more than XX share, or, creating a more clear policy for what type of reasons are acceptable to vote a party off of the platform. There are plenty of solutions that don’t involve stunting.

4. The self limiting being temporary, is not in and of itself a justification for it to be implemented.

Ultimately for self limiting to be the right solution you’d need to show:

• 1. There is a specific attack vector of concern.
• 2. That specific attack vector cannot be solved via smart contract implementation, governance changes or other policy measures.
• 3. This attack vector is a concern specifically because of Lido’s implementation and would not be present if each of these validators within Lido were acting independently.

If there is a specific attack vector, that creates systemic risk and cannot be solved in any other manner then sure exploring self-limiting should absolutely be on the table.

But, while we’ve heard the proposal of self-limits and other anti-Lido rhetoric for months now, I’ve yet to see specific and detailed concerns.

Given that I assume a lot of the concern stems from:

• People concerned ideologically without looking at the specifics.
• Individuals jumping the gun without looking at actual attack vectors.
• Entities who are competitive with Lido and their associates.

We’re identifying a potential concern, and skipping right up to the nuclear solution and I’ve yet to see compelling cases why there isn’t better ways to address these concerns.

[Re: Lido monopoly being circumstantial] I have no idea what this has to do with a need to self limit. It does not change the attack vector here. What is relevant is, “is Lido owning all the stake a risk or not” - not “what would it be if others launched at the same time”

It seems that the fact that the monopoly is circumstantial and not necessary is relevant because some people feel a Lido self limit is inappropriate because all roads lead to an eventual liquid staking monopoly, so why prolong the inevitable? Hasu has taken this view. I strongly disagree, as I think liquid staking can and is best to be an oligopoly, and a Lido self limit may be how we get there in practice.

The self limiting being temporary, is not in and of itself a justification for it to be implemented.

I totally agree, self limiting being temporary is not in and of itself a justification for it to be implemented. But, I think making any self limit temporary is important because, imo, the natural steady-state here seems likely to be a completely free staking market. I see us as merely in the unfortunate position that Lido did so much of a better job out of the gate than competitors in terms of growing market share. Now, for the overall health of ethereum, I think competitors need time to catch up. Lido doesn’t owe them that time, of course. We’re asking Lido to self limit for the good of the chain and not out of any obligation.

Ultimately for self limiting to be the right solution you’d need to show:

1. There is a specific attack vector of concern.
2. That specific attack vector cannot be solved via smart contract implementation, governance changes or other policy measures.
3. This attack vector is a concern specifically because of Lido’s implementation and would not be present if each of these validators within Lido were acting independently.

These criteria seem fair to me. To address them

1. I think it has been demonstrated that specific attack vectors of concern are reasonably likely to exist https://twitter.com/dannyryan/status/1524044529669525510

2. afaik, these attack vectors can’t be eliminated in general by contracts, gov changes, or policy, because they stem from Lido being a non-hyperstructure, with governance exerting significant control over the Lido staking platform and set of validator operators

3. I think the attack vectors can be partitioned into those that are viable even if validators are acting independently, such as smart contract exploits, and those that rely on Lido governance’s ability to potentially coerce operators into taking certain actions, including by kicking operators off the platform, or reducing their proportion of stake, or creating social pressure among operators. Personally, I see these attack vectors as significant given the context of ethereum becoming a settlement layer for trillions in annual remittances.

We’re identifying a potential concern, and skipping right up to the nuclear solution

fwiw, I think the phrase “nuclear solution” is inappropriate here because Vitalik’s fee targeting method gives granular control over the self limit apparatus, it’s not an extremist mechanism. As well, the very phrase “nuclear” implies you can’t reverse dropping a nuclear bomb, whereas we can simply turn off a self limit mechanism if it becomes inappropriate in the future.

Conflict of interest discoslure: I am not long or short LDO or RPL or any related token, and I’m extremely long ETH, and I have no plans to change these positions.

I am not arguing that a monopoly is inevitable.

Just that something being, or potentially being, a monopoly in this case, is not grounds that are sufficient for it to be a negative thing, nor for justifying the particular proposed solution.

These are rather vague generalities, that Danny seems to be suggesting can be managed through coercion of requiring a player to comply with bad behavior or risk being removed from the platform.

Which would also be highly against the long-term viability interest of the DAO itself.

Either those actions are ones that:

A) Can be directly be performed by governance.

or

B) Can only be implemented via coercion of voting a validator party out of the system.

If it is A, then it can be restricted by policy or contract.

If it is B, then it can be restricted by policy, contract, or voting measure. (i.e. the best way to prevent B is probably just to own more LDO if you care about preserving the actions of the ecosystem)

Governance can always be limited contractually, and by participant behavior.

If however, the argument is that we can’t trust voters to do the right thing because incentives are misaligned then either:

A) We need to fix the incentives to align them to the long term health of the Lido protocol rather than short term action.

Or

B) We need to think this entire decentralized system in the first place.

Did you just say “I’m part of an informal working group of liquid staking oligopolists”? That’s fine but you do have a specific interest here, just like everyone; and I think its the crux of the issue.

It’s an ideological perspective that Lido is too centralized and therefore will exert negative action.

I think that is a good concern to raise - but let’s not talk in generalization, let’s talk about specific attacks and we can talk about how they can be prevented line by line.

Trying to understand your position better. If Lido were to achieve, say, 80% share of all staked ETH, is that something you would view as undesirable? Or do you think it’s perfectly fine (even desirable?) given the right governance rules?

If undesirable, then what would be the ‘ideal’ % share, in your mind?

If desirable, what would the governance rules need to look like to fully secure the entire Ethereum network from an attack?

I think that it is for the most part fine. It’s like saying “is it ok for weth to be 90% of all wrapped Ethereum?”

What matters is the details.

stETH doesn’t represent Ethereum that is staked with one single host - and that’s critical.

I think that if Lido continues to focus on ensuring that there are safety measures on having ETH staked with as many diverse entities as possible, incentivizes governance participation, and perhaps adds some level of fail safes to ensure each validator host can temporarily halt a potentially harmful action short term, then there is no reason we can’t be comfortable with it having the vast majority of staked Ethereum.

In its current implementation, I already feel mostly comfortable with it, but I am sure there are things that can be improved significantly still. Those can and should be explored.

None of those seem to rise to the level of needing to self-stunt growth.

Thanks for clarifying

The way I see it, if there were a lot more node operators, and they were permissionless (with respect to Lido’s governance), I would feel much better about it.

But if it happened before these things, then it would represent an attack vector for someone who buys up 51% of LDO supply, which is pretty accessible to a lot of individuals, hedge funds, governments, etc.

Imagine a hedge fund that shorts ETH and stETH, spends $200M to secure majority vote of the Lido DAO, and then starts rotating in their own node operators. Even if it’s a slow process due to no withdrawals, stETH would still tank and they’d make a profit.

Or is that an impossible scenario (sincerely asking, I just made it up, maybe I’m not thinking through it clearly)?

What would be the worst case scenarios an exploit at the smart contract level lead to? (Asking as a non-technical user of stETH, holder of LDO and long ETH)
Can an attacker hold ETH’s staked through Lido hostage?
Could he trigger validators’ exit and steal the ETH?
Could he trigger a mass slashing?

What could an attacker do with 51% of the LDO?

My main concern is avoiding a black swan event in which an exploit or hostile takeover threatens all of the ETH network.

I think the main problem with current proposed solutions is that they either harm Lido disproportionately, or are fundamentally unfair (increasing the performance fee while withdrawals are impossible).

Alternative solution: introduce a small deposit fee when Lido’s share is above some threshold - charged in ETH during a deposit.
A linear deposit fee that starts at 0% at a 22% share in total staked share, and ends up at 100% at (obviously impossible) 100% achieves the following:

• generates a liquid ETH treasury right now. Potentially could be used to burn LDO, or distributed to LDO stakers. Distribution details are beyond the scope of this thread.
• substantially helps the stETH peg without spending LDO to defend it, because with such a fee it makes sense to buy stETH even slightly above 1.
• they don’t unfairly change the terms for existing stakers that can’t exit.

I think the second point is strong enough to think about a deposit fee regardless of the stance on the centralization issue - although maybe with less aggressive fee levels.

Why should something be done?

I’m not worried about LIDO stakers being hostile, but the issue is that they aren’t anonymous, leaving them vulnerable to hostile governmental regulations.
The main risk is that perceived vulnerability to such regulations makes their existence more likely - no government wants the humiliation of legislating a law that can’t be realistically enforced. While I think that even with much higher LIDO concentration the worst case scenario is a period of chaos and rapid disappearance of custodial staking - such regulation would greatly harm the whole ecosystem, including the value of ETH and especially LDO.

In the medium term, I think staking pool dominance is a temporary consequence of no withdrawals, and eventually the issue will solve itself. Small stakers with less than 32 ETH are still going to use them in the future - but larger stakers are going to solo stake to not pay any performance fees.

What about competition from exchanges?
I agree that growth of stETH is preferable from dominance of exchange staking. The main advantage of stETH is its value as collateral and high liquidity - which isn’t easy to compete with at this point. Even if it starts to happen, it’s not going to happen overnight - and if they actually start growing too fast all limits can be removed.

What is the safe dominance level?
Outside of specific risks, any single staking pool becoming too big is simply bad marketing for ethereum.
Given that value of LDO strongly depends on the value of ETH, I think regardless of technical/legal arguments, there’s a an optimum point beyond which growth of LIDO eth staking (as a fraction) directly harms LIDO itself.

I think everyone can agree that stETH growing to (virtually impossible) 100% of staked ETH would be very bad and should be avoided.
At 0% the problem of course doesn’t exist.
Therefore, there’s some dominance level between 0% and 100% at which LIDO should start to self limit its share via some mechanism.
Which means that instead of a binary question: should LIDO try to self-limit now, I think there are two separate questions to ask: what should the limiting mechanism be and at what dominance level should it activate.

A linear deposit fee is a very simple mechanism with one parameter: dominance level at which fee starts being positive. This makes it easy to vote on - a weighted average vote for the minimum percentage value.

A few questions to identify.

1. why should lido restrict itself, while other Cexchanges and holders do not?
2. Is it safer to restrict lido oneself and then give up the shares to the Cexchange?
3. what if the interests of the lido holders suffer greatly after the restriction?
   let people make their choice,if they like lido,welcome,if not,find anothers

Is CEX safer than LDO?i dont think so,be youself,Lido