Ethereum Security, One Year Post-Merge

Ethereum Security: Time for a Restake?

‍

Let’s wind the clocks back a year. On September 15, 2022 one of the largest events in the nascent blockchain history occurred when Ethereum switched from Proof of Work (PoW) to Proof of Stake (PoS), known colloquially as “The Merge.” ESG scrutinizers self high-fived, BTC maxis clutched their ASICs in contempt, gamers rejoiced for a brief moment before all of their chips turned to AI compute, and the world kept spinning.

‍

Now, one year later, Proof of Stake has continued to deliver on all of its promises and advancements of “The Merge” have come to fruition: reduced energy footprint, increased scalability, and decreased transaction times for the network. The benefits have been shining as bitcoin has seen bloat on the network due to the ordinals and inscription movement on the chain increasing transaction times by over 370,000% (not a typo) from one year ago as certain groups look to use bitcoin either for similar use cases as Ethereum or just for giggles. You decide.

‍

But this is still the real world, and there’s bound to be a hidden downside lurking in the shadows of the shiniest visions of a bright future. For all of the promises fulfilled by Vitalik and the Ethereum nobles, there remains the inevitable risk grimly prophesied before the switch to PoS. I’m talking about the “C” word: centralization.

‍

This has to do with the existing incentives and distribution of Ethereum, which have created a structure that could leave the network’s fate in the hands of just a few parties. Previously, the thought was that the centralized exchanges (CEXs) would control all of the ETH loot given so many deposits, but SBF made sure to come out with the new 2022 edition of self-custody Scared Straight that we get to relive starting today. Everybody fled the CEXs and looked for more puritan methods of custody and participation in staking which led to the rise of Liquid Staking Tokens (LSTs) with one in particular getting most of the attention: Lido’s Staked ETH (stETH). This band of LSTs, led by stETH, have been around since before The Merge.

‍

What do Liquid Staking Tokens do though? Let’s use stETH as an example; stETH is a token that represents staked ether in Lido, combining the value of initial deposit plus staking rewards. stETH tokens are minted upon deposit and burned when redeemed. stETH token balances are issued 1:1 to the ether staked by Lido.  

Post-Honeymoon Security

As we’ve turned the page on the first anniversary of Ethereum moving to PoS, the next book in the canon has begun writing itself, with a heavy emphasis on the best way to solve this gradual centralization of Ethereum. The current relationship status sees Lido as a big winner… and a big vulnerability. Lido sits at 32% control of all staked ETH and therefore the Ethereum consensus. A dream across chains, parties, and participants of the decentralization movement probably didn’t include a single party controlling a third of the network. To some, this is fine. Lido has proven to be a reputable participant in its months-long life span even though Vitalik himself recently identified some room for improvement due to this large honey pot of governance.

‍

‍

Enter the cartel: a group of Ethereum staking providers - including RocketPool, Stakewise, Stader Labs, and Diva Staking - assembled while agreeing to limit their share of validators to 22% each to prevent one (cough cough Lido) from controlling over 33% needed for attacks. In the same post linked above, Vitalik pointed out flaws in Rocket Pool, an alternative to Lido. Lido allows staking via derivative token stETH, while Rocket Pool enables permissionless nodes, but Buterin warns both models have centralization risks. The 22% limit aims to ensure at least four entities would need to collude for a "rogue chain" attack. Nothing about this is binding so it amounts to a big pinky promise by the squishy cartel. Lido governance politely declined the pinky promise. Suddenly, these proposals make sound money start sounding a bit fiat-y (eww!). The silver lining here is there is at least some genuine thought being given to how to solve the centralization issue - even if it does include deep rooted past-fiat-life trauma.

‍

Vitalik agreed with the cartel approach as pretty decent duct tape for now, but he also posited that a longer-term "minimal viable enshrinement" could address risks at the protocol level.  Examples include changing staking penalty rules to make trustless liquid staking more viable, rather than a full liquid staking system as we currently experience.

Why don’t we just get a re-stake?

‍

While there isn’t a clear solution in sight for Ethereum security, we imagine there will be a combination of solutions deployed as we would expect in an open and decentralized network.

‍

While security personnel create a perimeter around Ethereum consensus, a new primitive called “restaking” is emerging and allows Ethereum stakers to validate and secure other networks (on top of Ethereum) by reusing their staked ETH. EigenLayer (who we wrote about in a previous entry’s Featured Funding Find) has been front and center of the restaking narrative and enables permissionless programmable restaking via smart contracts. Anyone can create covenants for validators to follow when validating Ethereum AND other protocols, extending Ethereum's decentralized security model to new use cases. Now, one can now use the same staked ETH mechanisms to help validate other networks and applications known as actively validated services (AVSs). Rather than recruiting new validators, new networks simply “rent” the Ethereum security via restakers on this pooled security marketplace (not that kind of security, Gary). The EigenLayer protocol consists of stakers, who commit ETH or LSTs, and operators providing validation services. Oh, and by the way, these stakers can use LSTs such as stETH, cbETH, and others.

‍

If anyone has done the books for anybody seeking yield in the world of staking and DeFi, there doesn’t ever tend to be just one stop. Degens are gonna degen and will continue to seek yield. So get your risk adjusted return calculators out and make up some inputs because this one is going to get fun.

‍

Vitalik acknowledges the inevitable "dual-use" of staked ETH, but "recruiting" Ethereum consensus for separate application purposes risks community splits. Expanding validator duties should be avoided and resisted due to high systemic risks. Some in ethereum may denounce such a hedonistic proposal to sell Ethereum’s security to the highest bidder in chunks. “Uh, excuse me, sorry for the stupid question here, but isn’t that a risk already inherent with LSTs?”  That’s a great question! But the LSTs might say something like, “yeah, well I guess that’s true, but do you want to add another layer of additional risk? We already provided one, but you can definitely trust our risk, just not a new risk on top paying you for it…which is what we do”.

‍

Sounds like fun for accounting! I’ll just figure out my ETH balance + staking rewards + LST token rewards + restaked [insert LST] ETH rewards and be on my way. It’s safe to say the complexity here continues to compound for enterprise tracking as everyone decides which offshoot congregation they feel most at home with their security risk…and rewards of course.

‍

This blog post originally appeared in Triple Entry, the web3 accounting and finance newsletter. Subscribe to Triple Entry here!

‍

Cover photo by Zoltan Tasi on Unsplash