On staking pools and staking derivatives
https://www.paradigm.xyz/2021/04/on-staking-pools-and-staking-derivatives
Paradigm, Apr 21
The transition from Proof of Work (PoW) to Proof of Stake (PoS) is Ethereum’s most anticipated milestone since its inception. Instead of using the energy-costly PoW to extend the blockchain, PoS allows users to stake their ETH and operate block-producing nodes called validators.
The first step towards PoS in Ethereum was launching a standalone network that can come to consensus, called the Beacon Chain. In return for providing security to this system, stakers are rewarded with new ETH from inflation. In the future, the Beacon Chain and Ethereum as we know it will merge, allowing stakers to also earn the transaction fees and Miner-Extractable Value (MEV) that currently go to PoW miners.
Ethereum’s PoS protocol does not provide stakers with some of the functionality they have come to expect in other PoS implementations like Cosmos, Tezos, and Polkadot. The rationale behind that is to incentivize decentralization, but we posit that the market will always step in to make staking more efficient and convenient. So it is important to ensure that the solution that has the most private benefit to stakers also leads to a healthy systemic outcome for Ethereum as a whole.
In this post, we explore the problems that ETH stakers experience today. We then show how staking pools and staking derivatives solve these problems for stakers while, counterintuitively, also increasing the effective security of the network.
How does solo staking ETH work?
To solo stake in Ethereum, a user has to deposit 32 ETH to the ETH2 Deposit Contract, along with specifying two key parameters:
The validator public key: Before depositing, the user generates a keypair for their validator. The private key is used to sign on blocks, whereas the public key serves as their unique identifier.
The withdrawal credentials for the deposited 32 ETH: Once withdrawals are enabled, the principal (32 ETH) and staking rewards can only be withdrawn to this address.
Critically, the public key and withdrawal credentials do not need to be controlled by the same entity.
The user is then expected to operate an ETH2 validator node and sign on blocks when it’s their turn, or get penalized for not following the protocol.
What are the problems of ETH stakers?
The efficiency and convenience of a staking protocol can be broken down into the following properties, along with their Ethereum implementation:
Minimum amount needed to stake: This determines the barrier to entry.
A minimum of 32 ETH is required, and people can only stake in 32 ETH multiples.
Delegation: Can stakers outsource the work of running the physical validator node, or do they have to do it themselves? If delegation is impossible, hardware and bandwidth requirements can prevent some people from staking.
There is no in-protocol way to delegate stake to other validators.
Lockup: How long does it take to withdraw staked funds? Longer lockups tend to increase the security of the protocol, but also make it less attractive for stakers due to lower flexibility and higher opportunity costs.
Today, stakers cannot withdraw ETH from the Beacon Chain at all. After withdrawals have been enabled, the lockup period for unstaking will be 27 hours.
Returns: How much do stakers earn over time? The higher the returns, the more people will stake, leading to higher security.
Stakers on the Beacon Chain currently earn inflation rewards. After the merge, they will also earn transaction fees and MEV. The inflation rewards depend on how much ETH is currently staked. More staked ETH implies less inflation rewards per validator and vice-versa. Today ~4m ETH is staked, leading to an annual return of 7.8%.
These properties represent significant hurdles for stakers. All else equal, they would prefer to be able to stake any amount of ETH, delegate the operation of their infrastructure, and withdraw their staked ETH instantly. If possible, they would also like to use their staked ETH in other applications, as has become standard procedure in decentralized finance.
Below, we discuss
how staking pools solve delegation and the minimum stake requirement; and
how staking derivatives—issued by these staking pools—address the long lockup and allow stakers to unlock liquidity on their staked ETH.
How does a staking pool work?
On its face, a staking pool works similarly to a mining pool in PoW, but due the nature of PoS it can offer additional benefits to its customers:
By pooling ETH together, stakers can bypass the 32 ETH minimum requirement. This allows smaller stakers to participate in PoS.
Instead of having each user operate their own validator(s), the pool handles the operational aspect of staking. Some may also insure customers against protocol penalties like slashing.
The pool can maintain a reserve of liquid ETH to satisfy demand for immediate withdrawal, similar to how a bank would. This eliminates the withdrawal period, assuming that not all customers want to withdraw at the same time.
Finally, the pool can offer a token that represents the staked ETH which can be used in other applications. This point is so important that we dedicate a full chapter to its discussion further below.
Staking pools can either be centralized or decentralized, each with their own set of tradeoffs.
How does a centralized staking pool work?
Any big exchange can trivially implement a staking pool. In fact, many already support (or will support) Beacon Chain staking.
The exchange simply needs to:
Allow users to opt into staking, in return for staking rewards.
Run the validators using the customer’s ETH.
Since the exchange does the staking, the user does not need to run any infrastructure. Offering instant liquidity is very easy for them as well, since they already have large liquid ETH reserves. Given how valuable customer acquisition and liquidity is to the exchange business, they can offer this service at no additional cost to the user.
How does a decentralized staking pool work?
Now that we have established the differences between solo and pooled staking, as well as how centralized staking pools work, we will explore the architecture of a decentralized staking pool, using Lido as an example.
From the user’s perspective, things are very straightforward: They deposit ETH into an Ethereum smart contract, and receive stETH as a receipt. The stETH token’s balance adjusts over time to reflect the distribution of staking rewards that accrue to the contract. That means, 1 stETH will always represent 1 ETH staked.
From Lido’s perspective, each time 32 ETH is buffered on the Ethereum smart contract, the DAO selects a new validator from a governance-controlled registry. It then calls the deposit contract, assigning the 32 ETH to that validator’s public key, and uses the LidoDAO’s withdrawal credentials.
There are two questions that need to be answered here:
How are the withdrawal credentials managed? The withdrawal credentials are an ETH2 BLS key, split to a 6-of-11 multisig using a distributed key generation ceremony. This is not optimal, but also not a risk while withdrawals from the Beacon Chain are not enabled. By the time stakers can withdraw, Lido will have transitioned to an ETH1 smart contract as the withdrawal credential instead of a multi-sig. After that point, 1 stETH will be trustlessly redeemable for 1 ETH, assuming the smart contract has no administrative functionalities over the funds.
Who are the validators and how do they get into the registry? Validators are professional staking businesses like p2p.org, Chorus One, or stakefish, that have to be approved by governance. Each validator has a maximum stake that they can own, which is also voted on by governance.
Unpacking the stETH token
We have already established that stETH is a claim on staked ETH and any rewards accruing in the smart contract. This is also called a staking derivative.
Staking derivatives will have a major impact on the entire Ethereum ecosystem, including ETH stakers, regular ETH holders, the competition between pools, and even Ethereum itself.
Stakers: The main benefit for stakers is rehypothecation, which allows them to stake while simultaneously using the principal in other applications, similar to how Uniswap’s LP tokens can be used as collateral across DeFi. This greatly lowers the opportunity cost of staking.
Non-staking ETH holders: If stETH can be used as collateral to borrow ETH, it can unlock demand to borrow ETH to use it in leveraged staking. This would push up the rates for supplying ETH1, ultimately benefiting all ETH holders with higher interest rates.
Competition between pools: The existence of stETH grants its pool an important network effect. This network effect creates a strong incentive to stake with the market leader, which indicates that ETH staking derivatives could follow a power-law or winner-take-all distribution due to the liquidity moat and network effects associated with them. As a result, it is possible that stETH will replace ETH in many use cases, and potentially even replace ETH altogether.
Ethereum: There exists a popular argument that staking derivatives lower the security of PoS because they separate block production from staking and slashing. This is also known as a principal-agent problem, and can lead to scenarios where the block producers may not be incentivized to follow the protocol since they have nothing at stake.
However, this argument has to be weighted against the benefits: If staking derivatives lower the cost of staking, they could lead to far more (or even all) ETH being staked. Note that this is a perfect example of a virtuous cycle: the more liquid stETH becomes, the lower the opportunity cost of staking, which leads to more ETH being staked, which in turn further deepens the liquidity of stETH, and so on.
Without staking derivatives, we might expect 15-30% of ETH to be staked. However, with staking derivatives, this number could be as high as 80-100%, because there is no additional cost to staking compared to non-staking.
To show why this leads to higher economic security, consider the following attack scenarios:
If 20% of all ETH is staked, and an attacker wanted to acquire 66% of all stake (a critical threshold to corrupt the chain), they would have to buy 40% of all ETH in the open market.
If 60% of ETH were staked, but the stETH is liquid, then the attacker would have to buy 66% of all stETH, which also comes down to 40% of all ETH. Note that this has additional steps, where the attacker would first have to redeem the stETH to remove the honest validators and then re-stake their ETH.
Above 60% staked, the share of all ETH the attacker would have to buy is now higher than 40% and only increases from there.
If 100% of ETH are staked, then the attacker would need 66% of all stETH to get to the same threshold.
We can conclude that if staking derivatives can increase the number of ETH staked above 60%, they would strictly increase Ethereum’s economic security instead of decreasing it.
So who will win the staking market?
Decentralization is often seen as an invisible benefit that comes at a higher price, and as a result users are often not willing to pay for it (see e.g. Binance Smart Chain vs Ethereum debate). This line of thinking does not apply to decentralized staking pools, because they have three critical advantages over their centralized counterparts.
They are more socially scalable: One metric that matters for PoS security is how much of the stake is controlled by a single entity. For exchanges, that number might be capped at 15-30%; at more than that, there might be social concerns about power centralization in the Ethereum ecosystem. A decentralized staking pool can control any share of the network, as long as each individual validator in the DAO is not too big and as long as the withdrawal credentials cannot change / be voted on.We have to emphasize how important it is that the decentralized staking pool by that point has shed all of its governance functionality. Neither fees, nor withdrawal addresses, nor the validator registry can be allowed to be changed by human inputs.
Their staking derivative is trustless: A large exchange like Coinbase or Binance can only issue a custodial token, whose adoption is necessarily capped as—all else equal—users strictly prefer a trustless token over a trusted one. This causes centralized pools to miss out on the staking derivative’s network effect.One could point out that with WBTC, a centralized token was able to win the market for tokenized BTC. However, we posit that this is only because BTC on Ethereum can’t be tokenized in a way that is both trustless and capital-efficient, whereas for staked ETH that is possible.
They have fewer restrictions around MEV Extraction: Institutional staking pools (e.g. exchanges) may have social and reputational constraints that prevent them from extracting certain forms of MEV. This allows smaller staking firms and decentralized pools without these constraints to provide higher returns for their stakers. This could turn the aforementioned decentralization premium for using a decentralized staking pool into a decentralization discount.
These benefits are so large, that the leader in pooled staking will likely be a decentralized / non-custodial staking pool. If said pool is sufficiently governance-minimized, it could possibly win the entire market without causing any systemic risk for Ethereum.
Conclusion
Staking pools and their staking derivatives are subject to similar market realities as MEV extraction, in the sense that their existence is inevitable. As long as there is a private benefit to creating and using them, they will exist and flourish. However, if the right solution wins and is sufficiently adopted, it can lead to systemic benefits for Ethereum as well.
Due to stETH’s vast network effect and the fact that decentralized pools can be both non-custodial and possibly earn more revenue from MEV, we see it as likely that a single such decentralized pool can win the whole market.
As a result, we should be focused on making sure a non-custodial and robust version of stETH wins the market instead of a centralized one, to ensure a good systemic outcome.
Notes
1 - We also refer the reader to Chitra and Evans’ work on staking versus lending and the equilibria which manifest between these 2 forces. ↩
Disclaimer:
Paradigm owns LDO tokens
Acknowledgments: Thanks for valuable discussions and reviews to Arjun Balaji, Vasiliy Shapovalov, Konstantin Lomashuk
Last updated