Ethereum Protocol: Risks of Liquidity Staking

Liquid Staking Derivatives (LSD), such as Lido or other similar protocols, are a cartel-forming layer that creates significant risks to the Ethereum protocol and the associated capital pooled when they exceed critical consensus thresholds. Capital allocators should be aware of the risks to their capital and allocate to other alternative protocols. At the same time, LSD protocols should self-limit to avoid centralization and protocol risks that could ultimately destroy their products.

Note that while there is still a lot of room for improvement in current LSD protocols (such as Lido), this paper does not address the design flaws in these current implementations. Instead, the purpose of this paper is to show the inherent problems that exist in the LSD protocol when it exceeds the consensus threshold.

Cartelization

In extreme cases, if a LSD protocol exceeds a critical consensus threshold, such as 1/3, 1/2, or 2/3 (i.e., the pooled ETH stake in the LSD protocol exceeds 1/3, 1/2, or 2/3 of the total ETH stake in the Ethereum beacon chain), and through coordinated MEV (miner extractable value), block time manipulation, and/or (transaction) censorship - i.e., cartelization of block space, then staking derivatives can achieve excess profits compared to other unpooled ETH stakes. In this case, capital participating in ETH staking through other places will be frustrated due to the cartel's huge returns, thereby self-reinforcing the cartel's control over ETH staking.

The LSD protocol can minimize governance, upgradeability, and other risks over time, but the question of “who” can become part of the Node Operator (NO) set in the LSD protocol still exists. This lever is the main reason for cartelization.

Deciding who becomes a node operator (NO) for the LSD protocol involves two issues - who is added to the set of node operators and who is removed from the set. In the long run, this can be designed in two ways - either through governance (Token voting or other similar mechanisms) or through automated mechanisms around reputation and profitability.

Option 1: Governance of Node Operators

As for the first design method, that is, to determine NO (node ​​operator) through governance, governance tokens (such as LDO Token of Lido protocol) become a major risk of Ethereum. If the token can determine "who" can become the node operator in the theoretically majority LSD protocol, then the holders of the token can (through voting) force the NO to conduct activities such as transaction review, multi-block MEV extraction, etc., otherwise they will remove the NO from the node operator set.

In fact, the enforcement of such economic monopoly activities only strengthens the control of the token over NOs. If the token exercises its monopoly and obtains excess profits through destructive mechanisms, then, in extreme cases, NOs will not be as profitable as they would be if they operated independently. Therefore, a governance token that can determine NOs may become a self-reinforcing cartelization and abuse of the Ethereum protocol.

There is another obvious risk to this type of governance that determines NOs, which is regulatory scrutiny and control. If the pooled ETH deposits in a certain LSD protocol exceed 50% of the total deposits in the Ethereum protocol, then these pooled ETH deposits gain the ability to censor blocks (even worse, if these pooled ETH deposits account for 2/3 of the total deposits, then they can "finalize" these blocks). In a regulatory censorship attack, we now have an obvious entity - the holders of the governance token - to whom regulators can make requests to censor blocks. This may well be a simpler regulatory target than the Ethereum network as a whole, depending on the distribution of the token. In fact, the distribution of DAO tokens is generally very poor, with only a few entities determining the majority vote.

Therefore, in any form of token governance control of the LSD protocol by a majority, we are dependent on the goodwill of the DAO or any governance structure of the protocol. It is not safe to rely on the goodwill, anonymity, or geographic distribution of such an entity to prevent attacks, and we must view this as insufficient in the long run.

Option 2: Selecting Node Operators Based on Profitability

In terms of the second design approach, which selects “who” can be added to the LSD protocol’s node operator set based on NOs’ profitability and reputation, we actually end up with a similar, albeit automatic, cartelization outcome. First, it takes time and capital to enter the node operator set (i.e., invest some ETH, similar to Rocket Pool’s design, and then slowly demonstrate profitability and be allocated more ETH stakes). Although it takes time and capital to enter this node operator set, which may make it more difficult for new entrants to enter, this is not the true cartelization vector of this design. Instead, the cartelization vector of this design is that if NOs do not perform up to certain profitability standards, they will be automatically removed from the node operator set.

Kicking off node operators based on profitability is probably the only trustless (non-governance) way to ensure NOs are beneficial to the LSD protocol pool. But defining profitability is problematic - either you define some absolute number (like a good baseline ETH issuance reward), or you need to define some relative number (like within 10% of average/normal profitability).

But given the unpredictability of MEV/transaction rewards in certain time windows, and the importance of MEV rewards to long-term profits, these numbers need to be dynamic and compared to other node operators/validators over time. That is, due to the high volatility of the system's economic activity over time, the system cannot be designed to have some absolute metrics - such as having to make X amount of profit from transaction fees.

This profitability comparison metric may work well when all node operators are using “honest” techniques, but if any number of NOs use disruptive techniques (such as multi-block MEV extraction or adjusting blocks to obtain more MEV) that distort the profitability target, then the honest NOs will eventually be kicked out of the node operator set (if they do not join and use these disruptive techniques).

So this means that no matter which of the above approaches is used - whether it is governance of NOs or selection/expulsion based on profitability - this pool of funds exceeding the consensus threshold will become a level of cartelization. It is either a direct cartel formed through governance, or a destructive and profitable cartel formed through smart contract design.

Staked ETH as a backing for governance

Aside: Some believe that LSD ETH holders could have a say in the governance of its underlying LSD protocol, thereby becoming a security backstop for a potentially poorly distributed, plutocracy-ruled governance token.

It is important to note here that ETH holders are not Ethereum users by definition, and in the long run, we expect there to be many more Ethereum users than ETH holders. This is a key and important fact about Ethereum governance - ETH holders or stakers are not granted on-chain governance. Ethereum is a protocol that users choose to run.

In the long run, ETH holders are only a subset of users, so ETH holders who participate in staking are even a subset of this subset. In extreme cases, that is, all ETH participates in staking through a certain LSD protocol, the governance voting weight of the staked ETH cannot protect the Ethereum platform for users.

The insidious nature of governance

Even if there were a time delay in LSD governance that allowed pooled funds to exit the system before a governance change occurred, the LSD protocol would be subject to a “boiling frog” governance attack. Small, slow changes are less likely to cause staked capital to exit the system, but the system can still change dramatically over time.

Furthermore, as mentioned before, LSD holders are not the same as Ethereum users. LSD holders may accept a governance vote that would be required for some form of censorship, but this is still an attack on the Ethereum protocol that users and developers will mitigate through the means at their disposal: social intervention.

It is important to note that "staked ETH can always be exited in the face of malicious governance" is actually technically incorrect today and is not certain to be correct in the future. The validator's activation key is the only key in the current Ethereum PoS design that allows exits from staking. While there are many proposals to add BLS and smart contract exit credentials to initiate exits, these have not yet reached consensus on purpose or design.

Risk to Capital vs. Risk to the System

Much of the discussion above has focused on the risk that LSD pools (like Lido) pose to the Ethereum protocol, rather than the risk to people holding capital in the pool system. As such, this appears to suffer from the “tragedy of the commons” — everyone makes a rational decision to stake using that LAS protocol, which is a good decision for users but an increasingly bad decision for the protocol. However, in reality, the risk to the Ethereum protocol and the risk to capital allocated to that LSD protocol are bundled together when the consensus threshold is exceeded.

Cartelization, abusive MEV extraction, (transaction) censorship, etc. are all threats to the Ethereum protocol, and users and developers will respond to these threats in the same way as traditional centralized attacks - namely, through social intervention to burn. Therefore, the pooling of funds into this cartelization layer not only puts the Ethereum protocol at risk, but also puts this pooled capital at risk in turn.

These may seem like “tail risks” that are hard to take seriously or may never happen, but if we have learned anything in the Crypto space - if it can be exploited or has some unlikely “critical edge case”, then it will be exploited or broken faster than you think. In this open dynamic environment, fragile systems break time and again, and vulnerable systems are attacked for fun and profit.

The Ethereum protocol and users can recover from an LSD centralization and governance attack, but it won’t be pretty. I recommend that Lido and similar LSD products self-limit for their own good, and that capital allocators be aware of the capital pooling risks inherent in the LSD protocol design. Due to the inherent and extreme risks associated, capital allocators should not allocate more than 25% of the total ETH staked to the LSD protocol.