Objectives for community SR modules

Objectives for community SR modules

Group
Intro

The main focus of community-powered Staking Router (SR) modules revolves around enabling permissionless entry into the Lido Node Operator (NO) set. These modules aim to achieve an increase in the number of independent operators, which in turn will lead to the establishment of a more robust validator set.

The main principles of module design

All the components of the Lido on Ethereum NO set are expected to be:

Trustless

  1. Modules should strive for a high degree of trustlessness, minimizing the need to rely on human intervention for their operation.
  2. In cases where trustlessness is not feasible, decisions should be subjected to a vote by the Lido DAO.
  3. If the DAO is unable to make a decision (e.g. due to operational considerations, multiple actions, or specific expertise requirements), a dedicated committee should make the decision under the DAO's ultimate authority.

Secure

  1. Each module must have a well-defined risk model, including identified risks and corresponding mitigations, which must be approved by the DAO.
  2. A thorough review by the Lido Protocol contributors is mandatory for each module.
  3. Each module must undergo thorough audits conducted by reputable entities specialized in blockchain security, which need to be approved by the Lido on Ethereum Audits Committee.

Ethereum aligned

  1. Modules must not undermine Ethereum's credible neutrality, censorship resistance, or resilience.
  2. Economic dependencies outside of the Ethereum ecosystem should be avoided, ensuring modules remain economically self-sustaining within Ethereum.

High-level desirables for the modules are:

  1. Streamlined and well-documented NO maintenance that minimizes the need for specialized skills.
  2. Modules should strive for a high degree of trustlessness, minimizing the need to rely on human intervention for their operation.
  3. Provision for validator exits upon request from both the Lido DAO and NOs.
  4. Provisions for the Lido DAO to exit NOs and for NOs to exit voluntarily.
  5. Incorporation of a defined risk model with built-in risk mitigation mechanisms for all identified risks, either within the module itself or in the underlying protocol.
📌
Bonds and Distributed Validator Technology (DVT) are considered crucial risk mitigation mechanisms in permissionless staking solutions. While these mechanisms are discussed individually in the following section, it is important to note that they can be combined in various ways within different modules. For instance, a module may utilize bonds without DVT, or a combination of bonds and DVT, or even rely solely on DVT without bonds while incorporating other risk mitigation mechanisms.

Additional desirables for the DVT-based modules:

  1. Ensuring optimal diversification of NOs within DVT clusters, such that no single NO dominates the cluster. Clusters consist of different combinations of NOs.
  2. DVT modules are likely to require bonds as an entrance requirement, facilitating both permissionless access and resilience. However, there can be different designs and approaches to mitigate the risks associated with validator malfunction.
  3. The degree of coordination in DKG (Distributed Key Generation) approaches can vary based on factors such as the module's composition of operators and entry mechanisms. While early modules may employ various levels of coordination-based DKG, the ultimate goal is to achieve zero or minimal coordination, largely asynchronous, trustless, and verifiable DKG.

Additional desirables for the bond-based modules:

  1. Ensuring a bond size and commission rate that are competitive within the market.
  2. The proposal of a sufficient bond size should be based on a risk assessment conducted by the development team, which must be accepted by the Lido DAO. The purpose of the risk assessment is to determine the required bond amount for security, considering various malicious behaviors that include (but are not limited to):
    1. Validator malfunction: This refers to instances where a validator receives fewer rewards than expected due to:
      • being offline and missing attestations, proposals, and sync rewards, resulting in penalties
      • slashing occurs when a validator is penalized for violating the network's consensus rules, leading to a reduction in rewards.
    2. EL rewards stealing: This refers to the malicious act of rerouting EL (Execution Layer) rewards to a personal address, diverting the rewards for personal gain.
    3. Inactivity leak: This pertains to situations where validators fail to perform their required duties and consequently lose stake due to their inactivity.
  3. It is highly recommended to use ETH/stETH as the primary bond for SR modules. However, other tokens can be utilized as a supplementary bond alongside the primary bond (ETH/stETH). In such cases, the module's development team is responsible for managing the complexities and risks associated with the supplementary bond. Approval from the Lido DAO is mandatory to incorporate supplementary tokens as a bond.
📌
1^1 Full-featured bonds has not been implemented at present – Learn more. However, it is possible to explore alternative forms of bonds within the framework of the module, provided that viable mechanisms for their implementation are proposed and established.