NFT
Listed

EigenLayer: Reselling Ethereum security

BbyA...nMtW
2 Jun 2023
118

https://www.eigenlayer.com/EigenLayer

Restake it to Make it

EigenLayer is a fascinating play. It's not another layer 2 for Ethereum, it's a blockchain, based on Ethereum that looks to productionise the Ethereum validator network. That means it will allow Ethereum validators to use their staking contracts to also provide security to other dapps, which will live on the EigenLayer. Practically speaking this means someone participating in staking on Ethereum will be able to restake that $ETH into an EigenLayer contract in order to provide security to another application and they'll get additional yield for doing so (on top of the yield staking $ETH gives them). With staking yields on Ethereum set to fall as more validators join the network you’ll see more and more stakers looking for ways to increase their overall yield.

This isn't too dissimilar in mechanics to how liquid staking contracts on Ethereum allow you to use your staked $ETH tokens in other defi dapps (in order to increase your yield) as well as still retaining the validator role and the staking rewards they represent. In broader sense though it's actually very different as what the restaking to the EigenLayer means is essentially you're copy pasting the same staking contract (which includes slashing, EigenLayer contracts will have the same slashing ability as Ethereum validator contracts do now) to another separate process in order to grant it the same security guarantees that your staked $ETH on Ethereum gives the Ethereum.
An even wilder future sees the validator network operate as a separate entity to Ethereum, where Ethereum itself is but one dapp that is accessing the power of that network. EigenLayer, in that sense, is trying to turn the Ethereum validator network into an on demand cloud security service. 

I think it's an ambitious goal but it’s got a solid core thesis. It's widely acknowledged that the killer app of Ethereum is its massive validator network. It's what has allowed Layer 2 chains to thrive as they've been able to leverage that network to instantly build their security and to immediately access the existing Ethereum ecosystem.

There is another, more complex argument, that EigenLayer increases Ethereum security in a way that current dapps (both protocols like Chainlink & Curve and Layer 2s like Arbitrum) don’t.
You'll have to listen to the Empire podcast episode below to hear Sreeram Kannan and Calvin Liu explain it in full as I don't fully understand it myself. It revolves around the concept of the weakest point of attack and the fundamental difference in EigenLayer's relationship to the Ethereum network as opposed to other dapps.


https://open.spotify.com/episode/2BgS6wMrQS1Ns0YPoBitbV?si=kyU3_ngGTbKkoIpNDcxw0w&utm_source=copy-link



Details details details

Luckily Sreeram Kannan’s interview with the Blockworks Research podcast makes it a lot clearer. 

https://open.spotify.com/episode/2vXhHiH7JRMgnOxdJabNi1?si=jA2QoqrhR3KkczlBhyAC9A

Sreeram is envisaging creating a market for levels of decentralisation so that solo stakers are able to compete with large stakers. That's important, if possible. As any blockchain is always under the threat of centralisation and capture by a single entity.
Now all that is great but there are caveats. 
The biggest caveat for me is around how slashing will work. 
Slashing someone's staked $ETH is a serious business. It can result in thousands to millions of dollars of collateral being wiped out. Thus the Ethereum validator contracts have very strict and clear rules around how that process happens. 
EigenLayer enables any dapp to inherit that slashing ability but across many different use cases. 

For example if you were securing an insurance contract you might instigate a rule where if counterparties didn't authorise a contract, within a certain period of time, you'd slash the staked $ETH which had been used to secure that contract. 
Another example, from the Blockworks Research podcast, was if you were running a storage network you might require storage providers to routinely send you a proof of storage and if they didn't comply within a certain timeframe you would slash the staked $ETH which was committed to ensuring that security.

Given the complexity here and the fact there is little chance any of these use cases will be able to be fine tuned the way the single Ethereum validation use case has been, EigenLayer uses a two step process in order to allow slashing to occur. 
The first step is via the smart contract that has been implemented for the staked $ETH to be restaked under. 

The second step is the most controversial; and the one which I think EigenLayer may eventually fail at. The slashing request is sent to a committee which will ultimately decide whether to allow it. This is a X number person committee that will be elected by the protocol layer as a whole through a DAO structure (yet to be set up). Sreeram didn't say what that number would be but the figure of 10-12 was thrown out by the podcast hosts and wasn't pushed back on...

I find it incredulous that an entire decentralised network of 'verify don't trust' smart contracts would narrow to one tiny choke point of a centralised, human committee, that would then be expected to make complex technical judgements across a possibly very wide range of different applications.
Also the insurance bond mechanism design, another safety measure, doesn't seem to be at all developed, despite being a seemingly key aspect of reducing risk for people staking significant sums of money.

It all seems very theoretical and the claimed benefits and features seem incredibly optimistic. Whilst Layer 2s like Optimism or Arbitrim, or a Layer 1 like Avalanche, may be successful working blockchains, the lived experience of them is often far from the stated optimal experience. They’re good, they’re just not great yet. 
This to me sums up a lot of the blockchain space at times. The tech is powerful, not just just technically but socially, and it gives rise to so many possibilities, but the details matter. It's what killed blockchain for the supply chain, insurance, etc.. projects. The general concepts were solid but when you got to the details they fell apart.

For example: Bitcoin, the longest running successful blockchain, couldn't make its original core thesis work: It has failed as a payments network. But it has succeeded as a digital asset and alternate store of value. That's been down to the technical details. Bitcoin is too slow, too expensive, and too rigid. But all those things made a really good digital asset as it retained and increased value over time and has proved incredibly secure.



Enter Vitalik

I’ve had this post in a draft for a couple of months (everything above) but just hadn’t found the time to post. 
I’m glad I didn’t because just recently Vitalik Butlerin dropped a neutron bomb into the restaking debate with his blog post warning against the risks to the core Ethereum security model.
Key to note Vitalik doesn’t speak for Ethereum perse. He’s not the CEO. He holds a lot of influence but Ethereum is a consensus governance model at the end of the day.

https://vitalik.ca/general/2023/05/21/dont_overload.html 


Vitalik makes some interesting points about the ways in which expanding the functions of the Layer 1 security mechanism to enable that security to be exported to other applications is a very dangerous thing if not kept to a very narrow set of design.

Vitalik is largely ambivalent towards something like EigenLayer as long as the restaking mechanism doesn’t end up relying on the Ethereum mainnet as its ultimate fall-back security. And what I mean by that is, if EigenLayer ultimately relies on the Ethereum mainnet conducting a hard fork to rescue stolen funds (or resolve a community division) then that threatens the core consensus of the Ethereum chain, and if that consensus is compromised enough then Ethereum will lose all its' value as participants will no longer have any trust in it.

All this from one protocol that was leveraging Ethereum security.

Vitalik argues that restaking can be low risk but that there is a slippery slope here that can quickly lead to high risk. This example from the blog post lays this out clearly:

  • Dogecoin decides to switch to proof of stake, and to increase the size of its security pool it allows Ethereum stakers to "dual-stake" and simultaneously join its validator set. To do so, Ethereum stakers would have to change their staking withdrawal address to a smart contract where anyone can submit a proof that they violated the Dogecoin staking rules. If someone does submit such a proof, then the staker's validator is forcibly exited, and whatever of their $ETH is left is used to buy-and-burn DOGE. Low-risk.
  • eCash does the same as Dogecoin, but the project leaders further announce: if the majority of participating $ETH validators collude to censor eCash transactions, they expect that the Ethereum community will hard-fork to delete those validators. They argue that it will be in Ethereum's interest to do so as those validators are proven to be malicious and unreliable. High-risk.



The blog post is deeply detailed so I’d encourage you to dig into it to better understand the conceptual and technical considerations here. It’s written in a way that even non technical people will be able to follow the concepts and scenarios he lays out.

Something to consider while reading through it is: When do the Layer 2 projects become a real and present danger to the security of Ethereum?
It’s not covered in the post itself and I feel like that’s because Ethereum are staking so much on the Layer 2 solutions helping fix the accessibility issues (super high transaction fees) Ethereum has that they don’t really want to delve into the risks right at this moment.

However I think there are risks here that should be talked about.  

At present we only really have optimistic rollup Layer 2s so any attack on them is likely to be identified before the rolled up transaction blocks are finalised on Ethereum as this process takes 7 days. It’s really hard to hide significant malicious activity, for 7 days, on an open ledger.

However that doesn’t mean it can’t happen and with the advent now of zk rollups we have a Layer 2 solution which resolves to Ethereum in much shorter time windows thus opening the door to large scale attacks that are able to corrupt the zero knowledge proofs and get their changes committed to the Ethereum mainnet.

Ethereum validators don’t know what is happening on Layer 2 at the transaction level. All they can see is the transaction summary that’s submitted to Ethereum in order to be included in the next available block and whatever fraud proof is generated. Should you see the fraud proofs corrupted (whatever security you can think of has been able to be compromised, often in ways you never could’ve predicted), then you’ve got fraudulent transactions now on Ethereum mainnet. 
Should any of these Layer 2s start to hold larger TVL than Ethereum herself (and on current trends that is a likely possibility) then there becomes a huge incentive to hard fork Ethereum in order to protect a very large chunk of all the capital in the broader Ethereum ecosystem.



‌Sreeram responds

The first half of the weekly round up from the The Defiant team is an interview with Sreeram Kannan talking about the Vitalik article about the risk to the Ethereum protocol posed by applications who look to expand the validator set uses, like EigenLayer does for restaking. 


Ethereum's "Systemic Risk", PulseChain, Solana AI, Multichain issue, Tornado Cash
https://www.youtube.com/live/rthlIUzTBuM?feature=share



Sreeram does what he’s done in a number of interviews I’ve watched and avoids many of the more pointed questions raised both by the Defiant team and particularly the Vitalik article.
In fairness he addresses the main issue, the slippery slope problem, by saying EigenLayer won’t let that happen. When Sreeram is pushed to explain how EigenLayer is going to protect against that he doesn’t really have an answer.

The best answer he gives is the veto council (the one which is a dozen or so humans) will protect against it. But even then he goes onto explain he expects the veto council to be temporary as apps on EigenLayer will transition to permissionless slashing after a period of time and he never discusses how EigenLayer will handle the issues of that slippery slope Vitalik warned against, if a dapp is heading down that path, but it’s not under the control of the veto council.



Ethereum the nation state

Camila Russo, the founder of Defiant, had the best takeaway from the Vitalik article (and I’m paraphrasing):

Ethereum has become a de facto government for a bunch of other protocols. Vitalik is essentially saying Ethereum will not be conducting bailouts for actors in the ecosystem in the advent of non-core Ethereum validation issues. That is, an app/protocol has seen transactions committed to its own consensus which have then been validated correctly on Ethereum herself (remembering Ethereum consensus only is concerned with the transactions directly on the Layer 1).


It’s a very interesting take on the Ethereum stance as I expect a large number of players within the Ethereum ecosystem (implicitly or explicitly) assume the Ethereum will act to support the ecosystem outside of permission-less security via its social consensus. 
I very much expect the biggest players are banking on this as a guarantee.
And Ethereum has hard forked before to protect a large dapp. That’s why we have Ethereum Classic (which, to his credit, Vitalik mentions explicitly in his post).


Interesting times ahead.

You can have some cake

Cakes On Solana

Enjoy this blog? Subscribe to andrew-

2 Comments

NFT
Listed