5 USDC if you know who ^ is without googling it
⋅
by mike
friday – october 20, 2023
⋅
Acknowledgements
Special thanks to Data Always, Tim, Justin, Barnabé, Thomas, stokes, Vitalik, Danny, Izzy, Davide, Toni, & Dankrad for discussions and comments! :-)
⋅
tl;dr; Many different entities compose Ethereum’s consensus layer. In a recent Bankless episode, Danny presented a framework of four groups: app-layer users, holders, stakers, and node operators. He claimed that a healthy ecosystem has a clear distinction between each of these groups and that none of them are controlled by a single actor.
We explore this mental model further by presenting each group as a set and considering different relations between the sets. We begin by establishing the preliminary character list and notation, which we use to present four observations (that follow directly from definitions) and four desiderata (that are not guaranteed but are nice-to-haves). With this groundwork, we describe four “simplified” cases (labeled Cases 1-4
) and four “extended” cases (labeled Cases 5-8
) to unpack the structure of the protocol.
The simplified cases deal with the relative sizes of the base groups, whereas the extended cases focus on more targeted situations: (a) the difference between decentralized staking pools and centralized staking providers, (b) the implications of minimum viable issuance, (c) the concerns around an application that grows “too big to fail”, and (d) how restaking introduces another layer into the protocol. This article raises more questions than it answers, but the mental model seems useful as we consider the design space of the consensus layer.
⋅
Article | Description |
---|---|
Minimum viable issuance | Anders’ mega-thread on MVI |
How Lido Threatens Ethereum | Danny’s Bankless episode |
Concerns around centralization of stake | Izzy’s analysis of hyptothetical distributions |
⋅
Acronyms
source | expansion |
---|---|
NOs |
node operator(s) |
UASF |
user-activated soft fork |
CEX |
centralized exchange |
Before diving in, let’s lay a bit of the groundwork. In this article, we describe each group of network participants as belonging to a set. Danny’s recent Bankless episode inspired this framing and it seems worth expanding. To begin, we consider the following groups.
ETH
the asset beyond the amount needed to pay gas. These participants own the existing ETH
supply. Note that we don’t distinguish between custodial and non-custodial holders here; that is a can of worms for a different article.ETH
holders (we do not initially distinguish between centralized providers – e.g., Coinbase, trusted operator sets – e.g., Lido, and bonded permissionless operators – e.g., RocketPool… more on this later). If we refer to a specific node operator we label them as NO1,NO2, etc.Note: We don’t include the set of people who run nodes but don’t stake.
It would be more accurate to talk about the cardinalities of these sets, but since this is not a very formal piece, I am just going to abuse this notation for readability’s sake and to avoid writing |A| everywhere. Throughout the article, we mainly define the cardinality of each set as the “number of unique individuals” who constitute each group. When comparing node operators and solo stakers, we use the “consensus layer size” of each, implying that a single node operator could appear larger than the entire set of solo stakers because they control more validators than all the solo stakers combined. Lastly, we consider node operators as holders in that they represent ETH
delegated through them, but we acknowledge that the node operators do not own all the ETH
that they stake.
Given these definitions, it’s useful to explicitly note a few relationships that directly follow.
Observation 1; Users≥Holders
Since each holder is a user (even if their only use is to hold ETH
), this relation is always true. We could also write this as Users⊇Holders (i.e., users are a superset of holders).
Observation 2; Holders≥Stakers
Since each staker is a holder (they either stake the ETH
themselves or receive ETH
to stake on behalf of the true owner), this relation is always true. We could also write this as Holders⊇Stakers (i.e., holders are a superset of stakers).
Observation 3; Stakers≥NO,∀NO∈NOs
Since the total set of stakers is composed of pools (which delegate to node operators) and solo stakers, we can say that the stakers are larger than any single node operator. We will explore the situation where a single node operator comes to represent a large proportion of the total stakers. We could also write this as Stakers⊇NO,∀NO∈NOs (i.e., stakers are a superset of each node operator).
Observation 4; Stakers≥Solo
Since the total set of stakers is composed of pools (which delegate to node operators) and solo stakers, we can say that the stakers are larger than the solo stakers. This statement says nothing about the relative size of solo stakers versus other node operators. We could also write this as Stakers⊇Solo (i.e., stakers are a superset of solo stakers).
Beyond the four observations above, we can also identify four corresponding outcomes that are “desirable” from the protocol perspective. These are ~by no means~ guaranteed, but rather what we intuitively design for in a healthy ecosystem.
Desiderata 1; Users≫Holders
The simplest goal is that the set of people interacting with dApps, NFTs, stablecoins, DeFi, etc., is a much larger set than the collection of participants holding significant amounts of ETH
(as adoption increases, it seems reasonable to assume that Users would grow faster than Holders). This may become increasingly true as we move towards a fee-abstracted world where a user doesn’t need to hold ETH
to pay for gas. Note that we don’t specifically focus on “read-only” users who consume blockchain data, but rather are more concerned with those who transact in the Ethereum ecosystem in some way.
Desiderata 2; Holders≫Stakers
The ratio between holders and stakers corresponds to the “proportion of ETH
supply staked” – ≈22% and counting as of October 2023. This value plays an important role in the Ethereum protocol. Too low of a value (e.g., <1%) presents the clear issue of insufficient economic security (it is too cheap, in ETH
terms, to attack the network). Conversely, too high of a value (e.g., >99%) may have second-order effects that are hard to predict. Staking limits (e.g., through an issuance curve that approaches negative infinity as the staked supply increases) and MEV burn (which also reduces the net issuance by diminishing the MEV rewards) are the main “arrows in the quiver” to achieve this outcome – see Vitalik’s “Paths towards single-slot finality” for additional ideas.
The exact impact of having nearly the entire supply staked (Holders≈Stakers) is uncertain. One issue it presents is on the social governance layer. With most of the supply locked in the consensus layer and a majority of users interacting only with derivate versions of ETH
, the staking pool DAOs or DeFi protocols that issue these derivatives have immense power in the protocol. Another negative aspect is the elimination of the “medium of exchange” property of ETH
the asset. While ETH
still behaves like “collateral money” and LSTs denominated in ETH
preserve the asset’s “unit of account” nature, the lack of circulation could pose real threats. Additionally, with a large majority of the ETH
supply staked, there is no ETH
that could be deployed to counteract a malicious consensus-layer actor that controls a majority of the stake.
Desiderata 3; Stakers≫NO,∀NO∈NOs
From a consensus perspective, the protocol security is improved if the set of Stakers is significantly larger than any individual NO (to prevent finality delays, reorg attacks, strong censorship, etc.). It’s important to note that some node operators have a coordination layer between them, while others may be completely independent. One of the main points of disagreement with regards to staking pools, using Lido for example, is whether to treat them as a single node operator with 32% of the stake or 31 distinct operators with around 1% stake each. There are reasonable arguments on both sides and this article isn’t aimed at addressing that discussion. On the other hand, centralized staking providers, using Coinbase for example, are best understood as single node operators with 10−19% of the total stake.
Desiderata 4; Solo≫∅
This simply states that we want the set of solo stakers to be far from non-empty. It seems likely that solo stakers will only ever constitute a relatively small portion of the total stakers (current estimates are around 5% of the total stake), but solo stakers do represent a much larger portion of the total nodes in the system.
With this framework, let’s examine a few hypothetical distributions. We start with four “simplified” cases (labeled Cases 1-4
). We call them simplified because they only focus on the sets we have defined so far and follow from the observations above. We then analyze four “extended” cases (labeled Cases 5-8
). Each of the extended cases explores a more realistic aspect of the staking ecosystem; the goal of these thought experiments is to tease out how the simplified model can be made more realistic. We conclude with a set of open questions, each associated with one of the cases.
Case 1
Users≫Holders≫Stakers;Stakers≫NOs;Solo≫∅
“Balanced” (best outcome)
ETH
supply is staked, and with Stakers≫NOs, no single node operator has an outsized influence over the consensus layer. It is worth noting that node operators can have different levels of decentralization (e.g., the behavior of some NOs might be correlated through a shared governance layer á la Lido). We will touch on this more in Case 5
, but for now, the aspect we are focused on is that the different node operators are relatively similar in size.ETH
supply is not staked.Case 2
Users≫Holders≫Stakers>NO1;NO1≫NO2,NO3,Solo
“Winner-take-most” (medium outcome)
ETH
staked, we can claim Holders≫Stakers (for now). Lido, which for this example we treat as a single node operator, controls a significant percentage of the total stake (≈32%), and other pools lag so we cannot claim that the pools are evenly distributed (note that this figure is slightly worse than today’s reality and instead represents a world where a single pool controls ≥50% of the total stake). Instead, we denote Stakers>NO1 and NO1≫NO2,NO3,Solo, meaning that NO1 has an outsized influence over the stakers.ETH
supply is not staked.Case 3
Users≫Holders≈Stakers;Stakers≫NOs;Solo≫∅
“Full supply for staking pool distribution” (medium outcome)
Case 1
, with NO1,NO2,NO3 approximately even in size, implying a more balanced stake distribution among node operators. Solo stakers still constitute a non-trivial portion of stakers.ETH
supply is staked, so we must acknowledge that Holders≈Stakers. However, with a more balanced stake distribution among the pools, we can claim that Stakers≫NOs. This situation could arise if, for example, changes to the protocol made it easier for staking pools to compete but more likely that all ETH
is staked directly or delegated.ETH
holders.ETH
staked, the monetary properties of ETH
the asset change.ETH
that could enter the consensus layer.Case 4
Users≫Holders≈Stakers>NO1;NO1≫NO2,NO3,Solo
“Too big” (bad outcome)
Cases 2 & 3
above. With a large percentage of the ETH
supply staked, we have Holders≈Stakers. Similarly, a single pool controls a significant portion of the staked ETH
so Stakers>NO1 and NO1≫NO2,NO3,Solo. Not only does NO1 control a majority of the staked ETH
, but also a majority of the total ETH
supply.ETH
holders.ETH
staked, the monetary properties of ETH
the asset change.ETH
that could enter the consensus layer.While the above cases are (hopefully) easy to follow and intuitive, they lack a bit of grounding in reality. Each of the next four cases extends this model to better reflect what we are seeing today and what we might expect in the coming years. None of these examples aim to be comprehensive either, they just add some nuance (again… hopefully lol).
Case 5
– Staking protocols vs centralized staking providers
“Decentralized staking protocol ≠ centralized staking provider”
PoolA
is composed of 30 distinct node operators (labeled NO1, NO2, ..., NO30
), while centralized exchanges CEXA
and CEXB
, on the other hand, are single logical entities.stETH
holders are intentionally avoiding CEXs and would reallocate to a different, more decentralized solution – we can only speculate.Case 6
– Minimum-viable issuance and solo-stakers
“Solo stakers are priced out by falling rewards resulting from minimum-viable issuance”
ETH
supply mechanism that ensures the economic security of Ethereum without overpaying the consensus layer participants. This is a relatively new line of thought and Anders’ megathread is a clear voicing of the ideas. The biggest question around this framing is whether or not it completely removes the viability of solo staking. For example, consider the case where the consensus layer issuance adjusts based on staking demand. If the issuance curve goes negative (e.g., staking *costs* ETH
), solo stakers may be completely priced out if the only way to have positive expected rewards is through pooling (for MEV smoothing) and/or restaking to earn additional yield.Case 7
– AppX
getting too big to fail
“AppX
is too big to fail, making them the ultimate arbiter of consensus-layer truth.”
AppX
will have an immense influence over the future of the protocol and the coordination of a user-activated soft fork (abbr. UASF) becomes much easier.Case 8
– Restaking finding mass adoption
“All ETH
is restaked, adding another layer of delegation and incentive (mis)alignment.”
ETH
node operator set.ETH
is restaked. In this case, the exact distribution of stake among node operators is rivaled by the distribution of restaked ETH
among the set of node operators in the restaking protocol. We have another layer of trust in the system, which results in another layer of risk. In this world, a misbehaving restaked ETH
node operator set could do outsized damage to the consensus layer of Ethereum.ETH
supply staked? Should we instead consider targeting a fixed amount of ETH
staked? How do we choose this target? (Again referencing Anders’ work on this topic.) Given the protocol is unaware of the market cap of ETH
or the amount of value it secures, is there any reasonable target beyond, “as much as possible”?ETH
staked by decreasing issuance? Does that immediately price out solo staking? Do we need to move quickly to avoid a situation where a majority of ETH
is staked?ETH
costs? Are there in-protocol mechanisms (e.g., “validator metadata” ) that could protect solo stakers while pressuring large node operators to self identify? Can restaking protocols deliver value to solo stakers without being sybil attacked by delegated operators?ETH
have a healthy distribution? What is the true “economic security” of restaked ETH
if the restaking node operator set is not well distributed?