Lido Community Staking: Bonding
The second blog of a four-part explanatory series about Lido Community Staking Module (CSM), will dive into its bonding mechanism. Check out the rest of the parts of the series below:
#1: Overview of Community Staking Module (CSM)
#3: Rewards & Penalties
#4: Stake allocation & Validator Exits
A bonding mechanism was proposed to be utilized in CSM to facilitate permissionless onboarding of independent Node Operators. Taking into account the staking landscape, bonding has proven effective in:
Onboarding numerous independent Node Operators in a permissionless manner;
Allowing for the creation of mechanisms that would compensate stakers in the possibility of inappropriate or malicious actions by Node Operators;
Increasing economic alignment between Node Operators and stakers.
Only ETH (stETH) as Bond Token
ETH will be the only token required for bonding, with no additional tokens needed. The requirement of secondary bonding assets is unacceptable for some Node Operators, especially ETH maximalists since they would prefer to not have exposure to assets which may fluctuate in value compared to ETH. Furthermore, using ETH as a sole bond token keeps straightforward logic of collateral and possible implications it is intended to cover, existing in ETH only.
It is proposed to stake the bonded ETH instead of locking it in the contract as an unproductive asset, so Node Operators would gain the staking rewards once they deposit the bonds.
Bond as a Coverage
It has been proposed that bonds be utilized as cover in the scenarios when Node Operators intentionally or accidentally negatively impact staking rewards. The following specific cases are considered:
Validator balance after exiting is lower than the default MEB (i.e. 32 ETH, but it might be changed with EIP-7251);
It cannot be 100% guaranteed that the bond is sufficient to cover all possible losses, especially if malicious actors were to steal a huge amount of MEV. To significantly reduce the risk of uncovered losses, CSM will introduce a unique bonding mechanism that associates bonds with the Node Operator instead of the individual validator. This means the aggregate total of bonds provided by an operator that runs multiple validators could cover the losses caused by any of its validators.
Another important feature of the proposed model is non-linear bonding, useful for reducing the appeal of Sybil attacks (i.e. an entity controls multiple Node Operators, each with at least a validator). It allows Node Operators to operate more than one validator with bond requirements that decrease based on how many validators have been registered with the NO address. Ongoing research indicates that gradual bond reduction can discourage Sybilling and EL stealing. Furthermore, it lowers entry barriers for those who want to run more validators.
Bond Size Considerations
The figures for bond size and non-linear bonding curve have not been decided yet. These will be voted on by the DAO sometime before mainnet release, taking into account the latest changes in factors such as technical validator risks and Ethereum updates.
At present, according to a recent risk assessment analysis, a 4 ETH bond is sufficient to cover possible losses and most missed profits in a modelled realistic scenario, and a 2 ETH bond is sufficient to cover all direct losses (CL penalties) in the same realistic scenario.
In addition, a competitive bond size (i.e. 4 ETH or even less) should be applied to further lower the entry barrier to run a validator and to be more profitable for Node Operators than vanilla solo staking or other staking services. Lido contributors in the analysis introduced two metrics (i.e. “rewarded capital” and “rewarded capital multiplier”) to easily compare capital efficiency of bond provision among different protocols.
After the introduction of CSM’s bonding design, the next post will discuss the innovative design of reward measurement and distribution, as well as penalties. Stay tuned!