The Future of Ethereum Staking

# The Future of Ethereum Staking Mike Leach (@Wander) - 2022-10-16 ###### tags: `research` `staking` `decentralization` `report` ------------- One of the topics brought up recently at DevCon 6 pertains to the future of Ethereum staking. What do we expect the distribution of staked ETH to be in the future? Who will own these validators? Will it be large professional organizations, small independent operators, or some mixture of both? Several prominent speakers discussed their viewpoints, beginning with [the staking panel that I moderated]([youtube](https://youtu.be/Z-ayS2jGcjo?t=14236)) on behalf of the [Node Operator Association](https://nodeoperator.org/). The next day, Vasiliy Shapovalov of Lido went further into detail in [a talk dedicated entirely to this subject](youtube). [Quite a few in the Ethereum community were bothered by some of his comments](https://twitter.com/marceaueth/status/1580630154597974016), taking offense at the inference that hobbyist staking is somehow inferior to professional staking. While I don't believe he meant to convey that specifically (I encourage everyone to watch the above videos for full context), this topic is obviously divisive. ![](https://i.imgur.com/DtUX3e9.png) I think it's so divisive because it cuts right into the heart of one of Ethereum's most treasured values: decentralization. To small and independent operators, it's frustrating to think that a few big companies (or protocols) might control the majority of staked ETH. After all, decentralization isn't just an ideal, it's what makes the blockchain work in the first place. If the ETH stake becomes too concentrated, a lot of attacks on Ethereum become possible -- anything from taxing most transactions with extra MEV to censorship or double spends if the stake becomes extremely centralized. With that as the backdrop, let's analyze the current situation first before getting back to the question of the future. ## Part 1: State of the Stake (Oct 2022) ![](https://i.imgur.com/qSA28Tj.png) [The overall staking distribution](https://dune.com/queries/991483) ![](https://i.imgur.com/Lo0IBiI.png) [The liquid staking portion](https://dune.com/ratedw3b/Eth2-Liquid-Staking) ![](https://i.imgur.com/sbL8qbk.png) [The categories of stakers](https://dune.com/queries/991513/1716891) *Note that this includes Coinbase as a CEX despite the recent introduction of their liquid staking token, cbETH* Depending on how you slice it up, permissionless staking (Rocket Pool's 2% plus "Other" stakers' 26%) makes up roughly 30% of the total stake. Of course, permissionless options attract smaller stakers, so even though Rocket Pool has about 2% of the total stake, it has [~23% (1600+)](https://rocketscan.io/beaconchain) of the [~7250 Ethereum nodes](https://ethernodes.org). The other 70% of stake is made up of larger professional organizations. These orgs, with many millions under management, are who Vasiliy calls "the big boys". Some of these are CEXes like Coinbase or Kraken, some of these are Staking as a Service (SaaS) companies, and some of these are DAOs, like Lido, which contract out to SaaS companies but retain a claim to the stake. Broadly speaking, there is little difference in the operational effectiveness of networks made up of of small validators versus the larger ones. [Rocket Pool's whole network is within 2% effectiveness of the top rating and boasts significantly better client diversity](https://rated.network). Speaking of client diversity, the once-critical situation with consensus layer (CL) client distribution has [improved significantly](https://clientdiversity.org/) since the early days of staking. Whereas Prysm once dominated the chain, Lighthouse is now roughly equal to it, with the minority clients growing in popularity as well. That said, there is more work to do, especially with the execution layer (EL) client diversity. Geth is a legendary project deserving of all the praise it receives and more, but we should continue to push for adoption of minority EL clients as well. Personally, I'm really looking forward to [the new Nimbus EL client](https://github.com/status-im/nimbus-eth1). In terms of geographic diversity, [Ethereum needs improvement](https://www.nodewatch.io/). The sole consolation here is that Ethereum is no better than other blockchains in this regard, but we still have a lot to work on as a community to get more nodes running in South America, Central Asia, and Africa. **All in all, things look pretty good for Ethereum PoS as of Oct 2022.** There are a few clearly dominant players, but none of them are individually powerful enough to harm the chain. Even if Coinbase, Kraken, Binance, and all 28 of Lido's SaaS contractors banded together to attack Ethereum, they could still only achieve some additional MEV extraction. A full consensus attack is unthinkable as of today, so in this sense, the decentralization of Ethereum's stake is at least acceptable. If you're a fan of the greater ideal of decentralization, however, there are worrisome trends. Only 30% of the Ethereum stake is supported by individual operators, and although some permissionless options like Rocket Pool are growing, permissioned models like Lido have grown significantly faster, leading to staking concentration on the backend into relatively few SaaS companies, data centers, etc. The question of a decentralized stake remains -- if Ethereum is so committed to decentralization in its designs, why are we only at an "acceptable" threshold in stake distribution? Before we answer this question, let's first back up the claim that Ethereum designs are biased toward small operators. ## Part 2: The Ethereum Protocol is Designed for Small Operators Despite the infamous delays, the Ethereum researchers and core dev communities are pretty good at their jobs. Knowing that decentralization is important to the health of the protocol, they decided to optimize for small or individual operations. While this bias may exist on a social level as well, I'm referring here to the design of the protocol itself. If you'd like to skip this section, here's a **tl;dr: all penalties applied to stakers hit large organizations harder, and owning the right to all rewards makes smaller operations much more profitable**. Put another way, although it's essentially identical to run one validator or 100 validators, the economics are much more painful if you have custody of others' stake. ### Economics of SaaS vs Individuals [Note: full calculations for this section can all be found here](https://docs.google.com/spreadsheets/d/1nSafILYiQSBHJv1HyoRHQgBUL25NTMdW47iRxDIecwM/edit?usp=sharing). #### Professional Staker Economics Large, professional operators must have a sizable operation to survive; at a 5% take rate from rewards, they need 40k ETH under management to approximate [GlassDoor's "most likely" wage for a sysadmin skillset (~100 ETH)](https://www.glassdoor.com/Salaries/sysadmin-salary-SRCH_KO0,8.htm). Amassing that much ETH from investors is no simple task, to be sure, but in addition, with that many validators, downtime also becomes a serious problem. For example, just 1 day of downtime in this scenario means an 11 ETH loss for their operation. ``` 40k ETH producing 5% APR = 2k ETH/yr 2000/365 = ~5.5 ETH/day For each day of downtime, -5.5 ETH opportunity cost and -5.5 ETH leak cost ~11 ETH loss total per day of downtime ``` Therefore, large operations are incentivized to invest heavily to ensure their validator keeps validating -- no matter what. This takes the form of operations which emphasize modularity but are more difficult to maintain and increase slashing risk. E.g. docker containers, complex backup procedures, multi-machine setups, etc. #### Individual Staker Economics Small operators, on the other hand, have it a bit easier. A solo staker needs only 2000 ETH to make 100 ETH/yr. If you're a Rocket Pool validator with 25% RPL collateral, you only need 1580 ETH worth of assets to make 100 ETH/yr, and with the upcoming bond reduction, you'll only need 1320 ETH for the same revenue of 100 ETH/yr. Obviously, that's still a lot of ETH in 2022, but it's significantly more approachable than 40k ETH. Plus, being slashed for double signing is a high penalty that is easy to avoid by simply accepting downtime. The leaking penalty for downtime is (outside of network emergencies) the minimum effective level, so small stakers can accept downtime in order to fully eliminate the risk of the more severe slashing scenario. Simple calculations reveal an expected loss of about 0.5 ETH per day of downtime for an individual staker. ``` 100/365 = .274 ETH/day profit For each day of downtime, -.274 ETH opportunity cost and ~.274 ETH leak cost ~.548 ETH loss total per day of downtime ``` Losing over half an ETH isn't great, but it might still be better than your clients losing 11 ETH. There's reports to write, fears to assuage, and the general frustration of making a mistake that others are affected by. Small operators don't have to worry about these things. They can accept a bit of downtime, still be very profitable, and they don't have to write reports about it or hear from investors. ### Trustless, Permissionless, Bondless Designs You've probably noticed a trend with Rocket Pool calculations above: if the bond is reduced, the profitability rises dramatically. However, if you watched Vasiliy's talk above, you'll know that he believes the bond is why current permissionless and trustless options like Rocket Pool aren't scaling as quickly as more centralized designs like Lido and the various CEXes. In a bond model, operators are required to post bonds as assurance that they will act honestly. But without some upgrades to Ethereum (EIP-4788, forced exits, etc), that's the only way the cryptoeconomics work for a permissionless and trustless staking pool -- otherwise operators have no incentive to contribute outsized rewards to the pool. Therefore, organizations like Lido can scale in ways that trustless protocols like Rocket Pool cannot today, but as a trade-off, they must heavily restrict their node operator set and trust in their contracted SaaS partners not to steal or make a mistake. [Unfortunately, it still happens occasionally](https://twitter.com/RP_Intern/status/1580687317471465472). Ultimately, however, this may be resolved with technological upgrades. Rocket Pool has plans to lower the bond over time, and other protocols like StakeWise have solid plans to eliminate it entirely through more complex designs. Lido is even researching trustless and permissionless designs of its own. ### Conclusion of Part 2 Clearly, there are a lot of ways that the Ethereum environment is better for smaller operators today, and there are even more benefits for small operators on the horizon. Maybe the dominance of centralized players temporary after all? Let's not be so hasty. There are plenty of other forces at play. ## Part 3: Real-World Economics Are Biased Towards Large Operators *Fair warning, this section is mostly a description of the financial laws of gravity.* Despite centralization concerns and the designs which disincentivize it, we still live in a somewhat centralized world, though. Why? ### Trust Makes Scaling Easy One reason is that trusted staking models are both easiest to implement and provide infinite scaling. There's simply nothing to stop a trusted custodian from expanding their share of the Ethereum stake in the same way that individuals are limited by their own capital. In the cryptosphere, trust is considered a flaw in the system, yet trust is so powerful that it has a way of creeping back into systems which are designed to work around it. I'm not even talking about the [coins which claim to be decentralized and are instead backed entirely by singular entities which users must trust completely](https://ripple.com/xrp/). I'm talking about the trusted models used by Ethereum's leading stakers, which lends them extra power over trustless options. #### Case Study: Liquid Staking Although trustless competitors like Rocket Pool exist already, Lido's trusted model remains the dominant liquid staking protocol by a huge margin. Famously, Lido has no legal agreements with validators and neither is there currently a technical way to force validators to comply with exit requests, all of which makes the trust in the Lido model evident. Compared to other liquid staking protocols, Lido was first to market and, crucially, has no barriers to accruing Ether because of this trust. To deposit with their trustless competitor, Rocket Pool, there needs to be enough node operators on the other side willing to match a deposit. Although this design is fully trustless, the liquid-illiquid actor matching is both complex and problematic for growth. Balancing the two sides has turned out to be difficult in practice, with this equation [typically resting at one extreme (liquid stakers waiting) or the other (node operators waiting)](https://rocketscan.io/depositpool). Another side effect of this design is a limitation on pending deposits. For those with large amounts of ETH to stake (thousands of ETH) who don't wish to operate a validator, the only realistic option is to use a trusted solution. Simply put, trust scales easily, and trustlessness does not. #### Case Study: Centralized Exchanges (CEXes) Another easy example of trusted models scaling very well are the CEXes like Coinbase, Kraken, and Binance. These players already have huge incumbant advantages due to existing userbases from their flagship products, so onboarding capital into their staking services is a relatively straightforward process. Coinbase recently created a liquid staking token, but even before that, they had a huge market share simply from emailing every ETH holder on their platform with the message "Did you know? You can get up to X% more by staking your ETH!" No wonder Vasiliy views CEXes as Lido's biggest competitors. #### Case Study: Staking as a Service (SaaS) Companies Many staking front-ends, including Lido, don't actually run validators themselves. This process is contracted out to companies like Stakefish and Figment, two of the biggest staking infrastructure companies. Their customers include hedge funds, smaller CEXes, and high net worth individuals -- all of whom are willing to give a small percentage of profits away for the simplicity of outsourcing the administration of validators. Like Lido and CEXes, SaaS companies also leverage trust to ensure there are no barriers to scaling. Accordingly, they have quickly grown to represent a large portion of the Ethereum stake. ### Technology that Benifits the Big Boys Of course, trusted arrangements aren't the only reason for the centralization of staked Ether. Though technology advancements generally provide benefits to everyone, they may not necessarily produce net decentralization. #### Restaking For example, although it's helpful to any staker in the near future, in the medium or long term, [restaking](https://www.eigenlayer.xyz/) may tip the scale further in favor of large-scale operators. Staking is essentially leasing out computational resources and putting up a bond to ensure availability. Nevermind that your leasee is a blockchain -- it's a leasee nonetheless. And when you're leasing out the same computational resources with the same bond for mulitple leasees via restaking, you'll need not only higher availability but also increased computing and bandwidth requirements to ensure you can meet your obligations. Over time, the staking market may saturate to the point where it's difficult to make substantial profit from the kinds of staking operations which small operators can afford. That is, low-spec machines run from a home network connection. Sure, you can always contribute to Ethereum consensus if you have 32 ETH and [a raspberry pi](https://github.com/diglos/ethereumonarm), but if the market matures to the point where staking APR is very low, you may be better off [investing that ETH elsewhere](https://www.convexfinance.com/stake) while the bigger stakers can restake to boost their risk-adjusted yields. #### Distributed Validator Technology (DVT) DVT (a scheme where validator signing duties are split across multiple trusted nodes) is another technology which will likely change the staking landscape heavily. Like with restaking, both enterprises and small stakers will appreciate the benefits of a distributed setup, but as we discussed above, enterprises have more to gain by preventing downtime because it's more expensive for them. For example, a SaaS org may use DVT to eliminate the need to back up its nodes. If a single node in a distributed set experiences downtime, it can be securely destroyed and rebuilt without taking down the entire validator. Multiple nodes would have to go down at the same time for real downtime to occur, and that's more likely to be a network issue than a hardware or software problem. Ultimately, DVT is great for individuals with some trusted friends but even better for a big SaaS company. ### Other Factors #### Growth Mindset Many small stakers are content without growing their node operation. Centralized organizations are usually committed to growth and will therefore chase it. Even if the growth-oriented fail consistently, they'll still grow eventually, and capital will become centralized in this way. The only way to offset this force in the long run would be a more decentralized token distribution, but... #### Existing Wealth Inequalities and Economies of Scale The real-world distribution of wealth is most likely the greatest point in favor of large operators. Although Ethereum has [one of the best initial distributions among all blockchains](https://i.imgur.com/UDQ0b0i.png) and [wealth inequality has generally fallen over the last 50 years](https://ourworldindata.org/global-economic-inequality) (mostly due to the elimination of extreme poverty), we continue to live with [very high inequality](https://ourworldindata.org/global-economic-inequality#global-income-inequality-is-very-high-and-will-stay-very-high-for-a-long-time) on a global scale. Even if it does become a [global settlement layer](https://media.consensys.net/joe-lubin-why-ethereum-will-become-the-global-settlement-layer-9b5f90d85be2) which might even be [a necessary step on the path to post-scarcity](https://archive.devcon.org/archive/watch/6/ethereum-is-solarpunk/?tab=YouTube), Ethereum can't equalize wealth by itself. Despite all its achievements, it's simply a very good value transfer technology. As such, Ethereum cannot erase inequality by itself, though it can optimize the economy a bit more. Our existing extreme wealth inequality is the inescapable environment in which Ethereum lives. And, of course, Ethereum has no wealth redistribution mechanism, so in the absence of this, centralization is inevitable. What's more, the inertia of inequality is exacerbated by economies of scale. A large SaaS organization can invest more into growth, creating a multiplicative effect which gathers more capital over time. Even if the margins are lower due to increased expenses for a large staker, economies of scale still work. Once you clear the profitable level of assets under management, any extra capital ingested will contribute to this growth multiplier. As a final example of the intractability of inequality, even the permissionless nature of Rocket Pool can't prevent this outcome. [The top 10 nodes make up about a quarter of the entire protocol's TVL](https://rocketscan.io/tvl), and it's likely that many of those nodes are run by the same entity. ### Conclusion of Part 3 Despite all of Ethereum's best efforts to design a system that promotes decentralization, there are a myriad of forces working against that effort. And right now, based on our observations so far, these forces are winning. If we're lucky, we're in an equilibrium where this acceptable level of decentralization is maintained. If we're unlucky, industry players may start to conglomorate at any number of layers: DAOs, SaaS companies, data centers, labor contractors, etc. ## Part 4: How Do We Stop the Real World From Defeating Decentralization? To summarize Part 2 and 3, the Ethereum project is optimized around decentralization and equal participation, but the real world is a profoundly unequal place right now, and Ethereum is no exception. Some industries lend themselves particularly well to small businesses (e.g. wedding planning), and others lend themselves to economies of scale (e.g. selling groceries). With its low margins but obvious scaling benefits, staking is probably more similar to selling groceries than wedding planning. Although outliers exist, we should still expect the ordinary by definition. Generally, most industries have a few big, dominant players alongside countless smaller actors. How do we protect decentralization by preventing this tendency? If designing Ethereum around small operators isn't enough, how do we preserve or improve the decentralized network health we enjoy today? In my view, Ethereum needs a professional staking group which is designed to protect the ecosystem from the start. Like all public goods, this project must be not-for-profit, since a profit motive might corrupt the mission by reincentivizing a closed system where newer operators are seen as competition to existing ones (a problem which [Lido is already grappling with](https://research.lido.fi/t/withdrawals-on-validator-exiting-order/3048/12)). This is ultimately why the [The Node Operator Association (NOA) ](https://hackmd.io/@VVander/NOManifesto) was founded. NOA is a collective of professional node operators working together to offer staking services with a commitment to network health first. We're taking great pains to design an organization which can have a positive impact on decentralization and network health. For one, NOA will keep membership carefully open such that small stakers can grow their businesses simply by joining and running nodes. As we've seen, there's no reason to create barriers of entry that harm the vision of decentralization when Ethereum is already designed to benefit smaller stakers in the first place. Second, NOA will use a scoring and tiering system to maximize fairness of validator distributions. We can only be a positive force for Ethereum if we are fair, but without incentivizing contributions from members and donors, the mission may fail regardless. To thread this needle, NOA is working on a model to fairly represent the contributions of its members and donors. In a nutshell, if you contribute more, you will get more in return from NOA. Another important piece of this puzzle is treating each member equally. NOA is explicitly forgoing a governance token to ensure each member has equal power in determining the future of the organization. Governance tokens reinforce existing inequality, and we can't have one while claiming to be a public good. Only members will be able to make and vote on governance proposals, but anyone is welcome to join the conversation. Finally, we feel it's best to embrace and build upon existing protocols so that we can share success. NOA already has a great relationship with the existing staking protocols, and we will continue to embrace these relationships and promote the staking industry as a whole. ## Conclusion Despite our best efforts, staking is not decentralized. Today, the biggest companies have an advantage over the whole ecosystem and are, at best, neutral to Ethereum's long-term health. In the long run, this is in no one's best interest, and the Ethereum community must create and fund organizations which align with greater forces to promote ecosystem health. What if we could create an organization which promotes decentralization by empowering small stakers? In the end, it all comes back to the social layer. What kind of future do we want for Ethereum? One where greed and competition dominates? Or one where cooperation creates mutual opportunity? ----------------- Additional Sources: https://shsr2001.github.io/beacondigest/notebooks/2021/07/19/measuring_decentralization.html