Lido protocol technical contributors are excited to present the proposal for Lido V2 – Lido protocol’s largest upgrade to date and a step change on the road toward further decentralization.
The two major focal points of this upgrade are:
- Staking Router: Thanks to a new modular architectural design, anyone can develop on-ramps for new Node Operators, ranging from solo stakers, to DAOs and Distributed Validator Technology (DVT)clusters. Together, they will create a far more diverse validator ecosystem.
- Withdrawals: This all encompassing Lido on Ethereum protocol upgrade will allow stETH holders to withdraw from Lido at a 1:1 ratio, realizing a key milestone of a truly open on / off ramping into the Ethereum staking ecosystem.
The purpose of Lido on Ethereum was offering users an alternative to centralized staking platforms - such as exchanges - whilst also negating the technical and financial challenges of running a solo node. Throughout, the Lido protocol has adhered to providing the highest standard of security and usability to its users.
This proposal is designed to drive a more inclusive, open and transparent platform whilst building on our core mission to make staking simple, as secure as possible, and keep Ethereum decentralized and censorship-resistant.
The Next Major Upgrade
In the coming months, Ethereum will mark an important moment with the network Shanghai / Cappella hard fork. This upgrade enables withdrawals to Ethereum stakers who have supported the network since the first days of the beacon chain and beyond.
The implementation of withdrawals fulfils a core goal of Lido on Ethereum by allowing users the freedom to stake and unstake at will. Given this freedom, the market will shine a bright light on platforms offering the best experience, security record, and wider composability within the DeFi ecosystem.
The advent of the Staking Router and module-based infrastructure for validator sets will catalyze development both throughout Lido on Ethereum and externally through third party contributors.
Lido protocol was an early adopter of liquid staking and initially used only BLS-based 0x00 withdrawal credentials (WC). Upon the availability of smart contract-based WC, Lido protocol promptly switched to the more secure 0x01 WC. Currently, a small portion of validators, around 12%, still use 0x00 WC that is managed by a 6-of-11 threshold scheme.
To mitigate the risk associated with the distributed custodian, the intention is to rotate these credentials to the smart contract-based ones via a ceremony. During this ceremony, participants will sign a rotation message that will be broadcast to the consensus layer network.
The implementation of withdrawals coupled with the Staking Router proposal will contribute to an increase in the decentralization of the network, a more healthy Lido protocol, and enable the long-awaited ability to stake and unstake (withdraw) at will, reinforcing stETH as the most composable and useful asset on Ethereum.
Introducing the Staking Router
Presenting the Staking Router, a major protocol upgrade that moves the operator registry to a modular and more composable architecture.
The Staking Router will act as the nucleus of the Lido vision: a platform where stakers, developers, and node operators can collaborate without friction and drive the future of a decentralized Ethereum together.
Ethereum should be a credibly neutral home for applications and their users. The mission of Lido on Ethereum is to provide a secure and accessible staking platform and contribute to Ethereum’s overall decentralization.
Lido is firmly committed to further diversifying its operator and validator set, which reduces the risk of downtime or censorship while maintaining network performance, and neutrality.
Overview
The Staking Router is a controller contract that would allow Lido to evolve into an extensible protocol via a modular infrastructure. This will work by essentially treating the various modules as sets of validator pools that can act as potential supply for the protocol. Each module will be responsible for managing an internal operator registry, storing validator keys, and allocating stake and rewards between the operators that participate in the module.
Each module could include various types of Node Operators, ranging from community stakers, to professional or fledgling staking organizations, to DAOs, who may run validators independently or in concert via infrastructure such as DVT. Additionally, Node Operators will be able to participate via multiple modules. Besides product features, it could also allow the storing of keys on L2 or off-chain, lowering protocol costs and increasing the potential number of node operators.
Modular architecture would facilitate faster experimentation with various Node Operator configurations. This would reduce some of the technical hurdles whilst speeding up the iterative process of expanding the set of Node Operators.
The Staking Router is poised to benefit a variety of stakeholders who use Lido, including:
- Stakers: They benefit from a more diverse and secure Node Operator set, as their deposits will be distributed over a much greater number of independent entities, mitigating network-downtime risk and improving Ethereum’s resiliency.
- Node Operators: Through the new modules, additional types of Node Operators such as solo stakers, small groups, DAOs, and professional node operators will be able to increase their avenues of participating in the Lido protocol.
- Developers: Users will be able to propose and implement modules using different node operator compositions and with a variety of competitive characteristics (such as cover options and fee structures) and apply for inclusion into the Staking Router’s module set.
The Staking Router architecturally shifts the Lido protocol towards an aggregator strategy, encompassing a more diverse validator set and offering the possibility for different approaches, technologies, and greater overall flexibility throughout the protocol.
Furthermore, the Staking Router will allow for individual modules (and the corresponding subsets of their respective validators) to operate with custom parameters, such as fees or collateral requirements adding yet more elasticity amongst validator sets.
Staking Modules Future Direction
Currently, Lido utilizes a singular NodeOperatorsRegistry contract which is a DAO-controlled registry of curated Node Operators.
The Staking Router proposal would allow for the introduction of additional modules enabling a more diverse operator base by leveraging mechanics such as DVT, bonding, and reputation scoring, in order to introduce permissionless entry into the Node Operator set.
- Community Module: bonded permissionless node operators with an optional mechanic to effectively lower the bond requirement according to reputation (e.g. based on successful performance).
Moving forward, some of these modules could include:
- DVT Module: DVT-enabled validators (with optional bonds) such as Obol’s Distributed Validator Clusters or SSV nodes.
- Off Chain or L2 Module: reduces gas costs by pushing the storage of validator keys to an off-chain or layer 2 solution.
To expand on this, there can be many modules of the same type (or modules with overlapping types, e.g. DVT + Community) operating within the same staking set. Each module will be able to express a specific purpose or theme via the types of operators that they leverage to produce validators to add to the pool.
Finally, the Staking Router orchestrates deposits and withdrawals to satisfy the DAO's desired stake distribution, and allows DAO-set treasury staking rewards and stake allocation algorithms to control the validator distribution.
Withdrawals
Withdrawals will enable users to unstake their stETH and, in return, receive ETH at a 1:1 ratio for their staked ETH.
As withdrawals are a basic feature of liquid staking, we’ve strived to make the best possible design, balancing user experience and speed of operation with the safety of the protocol.
Due to the inherent complexities in Ethereum’s network design where the Consensus and Execution Layers function somewhat separately, the proposed withdrawal mechanism added to Lido’s protocol design will have two modes: Turbo and Bunker mode.
Turbo Mode
This is the default mode used unless there is a catastrophic event or unforeseen scenario affecting the Ethereum network. In Turbo Mode, withdrawal requests are fulfilled quickly, using all available ETH from user deposits and rewards. The length of time to exit the network is uncertain; however, in the best case, withdrawal requests can be processed within hours without requiring a validator exit.
In order to make the process as smooth as possible, contributors have proposed automation tooling for both the protocol and Node Operators. This tooling will work to help automate processes around validator exits, minimizing possible delays.
Bunker Mode
To orderly process withdrawals under catastrophic scenarios, Bunker Mode is proposed. Its purpose is to prevent sophisticated actors from gaining an unfair advantage against other stakers by delaying withdrawals in the whole protocol and socializing the negative impact.
Claimant Overview
Due to the asynchronous nature of Ethereum withdrawals, withdrawals are proposed to function via a Request/Claim process.
- Request: user locks the stETH as withdrawal request.
- Fulfillment: The protocol sources the ETH to fulfill the withdrawal request, locks the ETH, burns the locked stETH, and marks the withdrawal request as claimable.
- Claim: The user claims their ETH at any time.
Fulfillment time is also uncertain. Expect a couple of hours in the best case, and it should be below a week for the majority of requests most of the time. However, in the worst case scenarios it may be significantly longer.
It should also be noted that whilst a user waits in line to withdraw (and exit the network) they will not receive staking rewards.
Approach to protocol upgrade security
This major proposal upgrade to Lido V2 has been the most intensively scrutinized code yet, with seven different independent audits.
Security is of the utmost importance, with countless hours dedicated to internal and external testing.
According to the recently introduced audits policy, we have booked slots with several audit service providers to conduct diverse and thorough security assessments of all the upgrade-related codebase. Some of them are long-time partners, while others will contribute to Lido security for the first time.
Find the full list of confirmed audit service providers below:
- Sigma Prime will be auditing the updated dc4bc version designed for the 0x00->0x01 Withdrawal Credentials rotation ceremony.
- ChainSecurity will be the first auditors to take a close look at the Staking Router code in January. ChainSecurity’s work will be used to find out potential weaknesses of the new crucial protocol part before merging it into the final protocol upgrade code.
- Oxorio will be conducting a cover to cover audit of the protocol with enabled Ethereum withdrawals code base in February-March.
- Statemind will be conducting a cover to cover audit of the protocol with enabled Ethereum withdrawals code base in February-March.
- HEXENS will be conducting a cover to cover audit of the protocol with enabled Ethereum withdrawals code base in February-March.
- MixBytes() Camp security audit contest of the protocol smart contracts is scheduled in February-March.
- Certora will be the final contributor to the protocol upgrade security providing the full protocol audit and formal verification in February-March.
The full list of audits performed on the Lido codebase with detailed reports can be looked up in the dedicated public Github repo.
Launch Details
As with anything at the bleeding edge of technological advancement, the plan below is more of a rough guide than a finalized schedule, and is subject to change.
Beginning of February:
Code freeze & security audits start.
End of February:
Signal snapshot vote on the upgrade, for pre-commitment on “upgrade params” and overall design buy-in from the DAO.
Beginning of March:
Testnet on Goerli.
All code (on-chain and off-chain), Oracle & NO automation is tested.
March / April:
Withdrawal credentials rotation ceremony (0x00 -> 0x01).
Protocol upgrade pre-hardfork.
Mainnet contracts deployment.
Aragon regarding protocol upgrade.
Scheduled Shanghai/Capella hardfork.
A Call to Devs - Let’s Build This Together
Lido V2 opens the development ecosystem to external contributors from all corners of the Ethereum ecosystem.
The rollout of Staking Router’s modular functionality will arrive over time with initial priority given to community and DVT based modules.
Soon, community developers, project teams, and researchers will be able to contribute directly to Lido by proposing Staking Router modules that will be vetted by the DAO.
After the upgrade is in, Lido DAO invites you to join our research forum where further updates will be released for collaborative proposals. The Lido protocol aims to foster and support external contributors wherever possible.
Conclusion
As set out here, Lido protocol’s mission is to make staking simple and secure, while keeping Ethereum decentralized and censorship-resistant.
Within this context, the Staking Router is a key milestone towards the goal of fostering the best validator set for Ethereum – one which doesn’t compromise on either quality, security or decentralization.
Over the past two years, Lido protocol has grown in stature to become an integral building block in both the Ethereum ecosystem and overall DeFi landscape. To date, more than one hundred thousand unique staker addresses have deposited over 4,815,040 ETH into the Lido protocol, underlining a resounding success of the goal to democratize access to staking.
Lido protocol’s commitment to trustless staking, democratizing the network, and increasing the resilience of the Ethereum protocol remains as strong as ever. The Lido protocol looks forward to sharing more with our ever growing community of users, Node Operators and LDO holders as Lido V2 is rolled out.
