peep-an-eip: validator withdrawals

draft / outline

goal:

• resource to explain how validator withdrawals will work and what users/validators need to do to execute them
• give some narrative about how we got here

todo

• logging
• eth1 analysis
  • https://notes.ethereum.org/@djrtwo/0x01-payable

outline

• what do we mean “validator withdrawals”?
  • warning: generally assuming post-merge
    • ethereum is a proof-of-stake network
    • consensus layer
    • execution layer
  • consensus layer: separate layer of the protocol from the EVM execution environment
  • actors called “validators” form consensus by validating the chain and attesting to its correctness
  • necessary for consensus security that validators lock up some ETH
  • the “stake”
    • some analogy to a “principal” of a loan
      • currently 32 ETH
    • if you do a good job validating, then rewards accrue
      • some analogy to “interest”
  • how to move ETH back to execution environment?
    • either bc
      • you are done validating?
      • or just want to move your rewards?
  • designing a solution to this problem: validator withdrawals
• how to implement?
  • first, when is a validator allowed to withdraw?
  • second, how is that signaled from the consensus layer to execution layer?
    • (as it originates on CL, need to signal to EL somehow where effects take place)
  • third, where does the actual ETH come from?
    • as new ETH is created at the consensus layer
• when withdraw?
  • need some consensus conditions met
    • ensure validators remain accountable
  • but assuming a withdraw would still keep incentive for a validator to be honest
    • can withdraw the extra funds
    • being generic here, bc you can have “full” or “partial” withdrawals
      • “all of the stake”
      • or just “the rewards”
    • examples:
      • validator has successfully “exited” the active validator set
        • both an exit queue and some delay to allow for catching “trailing slashing”
        • they can withdraw all of their balance
      • validator is active but has some balance over the “consensus stake weight” of 32 ETH
  • assuming it is safe to withdraw a validator’s ETH, just make a note of it in the beacon state
    • “put a receipt into some list of receipts”
  • the task then becomes:
    • how to make EL aware of the receipts in this list?
• important aside for validators:
  • will need to change withdrawal credentials from 0x00 to 0x01
  • indicates how withdrawals can be authenticated
  • move from BLS signature (e.g. cold storage key protecting stake) to any execution address
  • open pr: https://github.com/ethereum/consensus-specs/pull/2855
• how to signal?
  • lots of possible designs
  • big decision point:
    • “pull” vs. “push” semantics
  • another decision point:
    • how to credit the ETH in the EVM state?
  • analogy: pile of ETH
    • do you want to “pull” it from the consensus layer into the execution layer
    • or, do you want to have it “pushed” to you from the consensus layer to the execution layer
      • intuition here: someone else “does the work”
• what does pull look like?
  • as the execution layer owner (could be a smart contract) of the validator’s funds, I initiate a regular transaction that tells the system: “I would like to consume the i’th withdrawal in the list”
  • the “system” needs to know what the list is
  • and also to track which withdrawals in this list have been consumed
    • otherwise you could double-spend withdrawals and print eth :(
  • how does the “system” learn?
    • well, luckily, the beacon state has a cryptographic commitment
    • Merkle tree structure with SSZ
    • so can make proofs about receipts in the beacon state, IF this state root is exposed to the EL
    • this was the intent of https://eips.ethereum.org/EIPS/eip-4788
    • as we will see, ended up going the “push” route, so no immediate need for this EIP
      • although lots of other cool applications becomes possible if the EVM gets the state root, so I’d like to see sooner or later
  • how does the “system” keep track?
    • a few options on structure but ultimately, somewhere in the EVM keep some state, e.g. a bitfield to track which receipts in the withdrawal list have already been consumed
    • “stateful precompile”
      • no prior precedent
  • how to credit ETH?
    • assume a stateful precompile:
      • either pull ETH “out of thin air”
        • but again, no real precedent other than awarding the block subsidy to coinbase
      • a “quick and dirty” idea:
        • the precompile could have MAX_WEI eth and just pull down from this “endowment”
        • just looks like a normal balance transfer from a smart contract, this happens all the time
  • what would it look like end-to-end?
    • user: here is the receipt at index i that says I am owed X eth from a withdrawal and a proof that it is a valid withdrawal against the latest beacon state root
    • system (e.g. precompile): let me verify the proof, and make sure this index has not already been redeemed. If it all looks good, then I will send you the ETH (perhaps out of my huge endowment)
• ok, so this would work but:
  • “stateful precompile”
    • entirely new EVM concept
    • would complicate testing, etc.
    • esp if this thing has MAX_WEI and or arbitrary “credit” powers
  • scheduling is on the user
    • they pay gas and take up block space from other users
• so for these reasons, current favored solution is the “push” style semantics
• what does push look like?
  • rather than a simple list in the beacon state, withdrawals are now put into a queue
  • and the consensus layer becomes responsible for dequeuing withdrawals at a certain rate and placing them into the execution payload
  • so now, the execution layer (which already does a lot)
    • does not have to track which withdrawals have been consumed
    • can use block space for other transactions
    • doesn’t need to manage synchronizing the beacon state root into the EVM somehow
    • doesn’t need some novel “stateful precompile” concept
    • from the EL perspective, much simpler — just apply the balance increases from the withdrawals
      • very much like we already do w/ coinbase transactions
  • to answer the prior key questions for this stage of the process:
    • how does the system learn?
      • it just processes the payload (like it already does)
    • how does the system keep track?
      • it doesn’t, this logic is now handled by the consensus layer
        • better division of responsibilites
    • how to credit ETH?
      • again, a few options you can imagine but simplest is to just treat like a coinbase “transaction”
  • what does it look like end-to-end?
    • user: does nothing
    • system: when I encounter a withdrawal in the execution payload, I just increase the balance according to the details in the receipt
• get us to where we are now:
  • push-style withdrawals, managed by the CL, processed by the EL
  • one dangling question: how are withdrawals structured in the execution payload?
    • the CL will have some structure by definition of the SSZ schema (whatever goes into the beacon state)
    • the interface to the EL (engine API) can have whatever schema as long as it gets the relevant data across
    • but, we want the EL to be able to independently process execution payloads w/o having to ask the consensus layer for data
      • e.g. if the EL is syncing
      • so need some way to structure the withdrawals
• how to structure withdrawals at EL?
  • again, “quick and dirty” and a much cleaner solution
    • “quick and dirty”
      • abuse EIP-2718-style transaction types
      • just make a new type that has special semantics
      • this was the approach in https://eips.ethereum.org/EIPS/eip-4863
    • “cleaner” solution
      • new type of object: “operation”
      • looks like a transaction but is firewalled from EVM concerns
        • which we want
  • main problem w/ new txn type is that you now need special logic for processing a common concept, the transaction, but this new type of transaction doesn’t touch the actual virtual machine, unlike all other transaction types to date
  • also this new transaction type can “credit” ETH, which is also substantially different from existing transaction types
    • e.g. coinbase is not “written” down as a transaction anywhere
  • so, instead, prefer the much cleaner idea of “operation”
    • new type of thing that lives alongside transactions but it fundamentally different
    • bonus: symmetry to how many rollups structure themselves, so can re-use code/concepts at several layers of the stack
• one final feature to look at, now that we have the high-level pipeline in place
  • partial withdrawals
    • can “skim off” excess ETH over the “consensus stake weight” of 32 ETH
    • will happen automatically when it is secure to do so and a given validator has excess balance
    • rotate over the entire val set to check every N epochs
    • once some ETH has been identified as withdrawable, it is put into a withdrawal receipt just like a full withdrawal
    • rest of the process is the same from there
    • open PR: https://github.com/ethereum/consensus-specs/pull/2862
    • still some fine-tuning to do around exact parameters, etc.
• tl;dr
  • CL changes: https://github.com/ethereum/consensus-specs/blob/dev/specs/capella/beacon-chain.md
  • EL changes: EIP-4895: Beacon chain push withdrawals as operations
    • https://eips.ethereum.org/EIPS/eip-4895
  • as a user / validator, you don’t need to do anything once you have switched to 0x01 credentials
    • withdrawn eth will simply appear where you specify, when the requisite conditions are met
    • e.g. no special “withdraw” operation, on top of your exit
  • when?
    • CFI for Shanghai (fork after the Merge)
    • https://github.com/ethereum/execution-specs/blob/master/network-upgrades/mainnet-upgrades/shanghai.md