Yesterday afternoon, the US Securities and Exchange Commission (SEC) announced an enforcement action against Kraken for its staking services business, alleging that offering custodial staking represents a security and stating that all such providers must “register and provide full, fair, and truthful disclosure and investor protection”, which is another way of saying “staking services cannot be offered to US retail customers” because such disclosures are undefined and appear functionally impossible to concoct without SEC guidance and lol they’re not going to give that.
If there’s any doubt that other providers (e.g. Coinbase) will suffer the same fate, I present the following sentence from the press release:
When investors provide tokens to staking-as-a-service providers, they lose control of those tokens and take on risks associated with those platforms, with very little protection.
In the wake of FTX’s 10-figure fraud, wherein users’ coins were perpetually donated to Alameda’s sinking balance sheet, the SEC appears, perhaps understandably, very sensitive to any form of custodial crypto service. The net result is that US residents will soon be unable to “one click stake” crypto assets, including ether. On the margin, this is probably a headwind for markets but on further inspection it may turn out to be a sheep in wolf’s clothing.
Unlike many of the other bizarre and unhelpful SEC enforcement actions that, absent clear rules, have “guided” the crypto industry into a land of confusion, this one may actually be a net benefit. In fact, it has made me re-examine my displeasure with the SEC as a mercurial, gaslighting cloud of chaos whose leader spends his evenings sharpening the knife he repeatedly uses to violently stab our fledgeling industry before it can grow wings. Perhaps the SEC is, ironically, forcing crypto to meaningfully decentralize and realize its full potential faster that scheduled. Perhaps the SEC is, indirectly, doing us a great service. Byzantine generals, unite!
Now that CEX stakers are (or will soon be) a thing of the past, it’s important to understand what options exist going forward and why you might want (or not want) to use them. This article will cover what I consider to be the three most feasible options: Lido, RocketPool, and home staking, with a pro/con list at the end.
The Electric Kool-Aid Lido Test
With a death knell handed to centralized staking services, a logical progression would be toward decentralized providers, i.e. the so called “liquid staking derivatives” (LSDs), of which Lido is the most prominent example. While Lido necessitates US users go through two additional steps relative to CEX staking (withdraw ETH from exchange, stake with Lido), these steps are relatively painless for even the marginally crypto-savvy and may be net-positive for many users, especially those who wish to wrap to wstETH and avoid ongoing taxable rebases.
The Lido depositor experience looks much the same as staking with a centralized provider like Kraken: user deposits ETH and earns staking yield; user may unstake at any time and receive their deposited ETH plus accrued interest (in ETH). So can we expect the SEC to crack down on Lido? I’m sure they would love to, but you can’t always get what you want. This environment will be a real test of Lido’s purportedly decentralized architecture; if the SEC can find some legal mechanism to punish Lido operators en masse, you can expect they will pursue it.
Lido System Overview
Whether or not to expect such enforcement will depend on how you view Lido’s architecture, which I will explain here. Note that I’m not a Lido expert; I’ve simply read their docs and have a general understanding of how cross-chain systems work.
The Lido system is comprised of a series of smart contracts and a disparate set of participants who are motivated to keep the system running.
The DAO is responsible for managing pretty much everything in the Lido system, such as setting fees and determining system participants. As with other DAOs, these levers are implemented on chain in a series of smart contracts. The DAO is governed by the LDO token.
Node operators generate the rewards; they own physical staking equipment (generally industrial-scale) and first generate a bunch of BLS validator private keys, which are monitored by their consensus client for activation. Operators must submit the corresponding BLS public keys to the Lido DAO for approval. If authorized, these validator keys are added to a general pool; each time the Lido system receives 32 ETH in deposits, the next validator key in the pool receives that ETH and activates. The node operator who owns this key is responsible for continuously staking and receives a portion of the rewards for doing so (this is currently 5% but is configurable by the Lido DAO). One concern here is that the operators may be less incentivized to avoid slashing than they would be if it was their 32 ETH at stake, but nevertheless a sound cryptoeconomic incentive does compel operators to care about their job, as they receive fees for simply operating equipment and may have future validator keys rejected by the DAO if prior slashing offenses have occurred. One other risk to note is that only node operators, who control the validator private keys, can withdraw stake by exiting the validator via their consensus client; this means there is functionally no way for the DAO to compel withdrawals, though indirectly this is enforced by the cryptoeconomic incentive system because a sure-fired way to get your future validators blacklisted is by holding previous deposits hostage on the beacon chain.
Because the beacon chain is a separate system, the Ethereum execution environment (a.k.a. Mainnet) cannot check its state and therefore cannot inherently determine what rewards have been generated in a given time period. It is critical that the amount of stETH in the execution environment match deposits + rewards on the beacon chain and to make this possible, oracle operators (also selected by the DAO) run some bespoke software to capture state from the beacon chain and forward it to mainnet. After looking through the contracts I’ll admit this is the piece that makes me the most uneasy; the documentation suggests oracle state updates are checked via a Merkle proof system, though it’s unclear how that happens and the oracle calls I have found (such as this one) are simply publishing updated balances (i.e. uint256 values) and do not include any proof data. Thus, it appears there is oracle risk, though this is partially mitigated by requiring a quorum of identical oracle reports in order to finalize state for a given epoch. Still, this appears to be the riskiest part of the system and the one requiring the most trust, as oracle providers appear to have no cryptoeconomic incentive (i.e. they receive no rewards) to participate honestly and must instead be trusted by social consensus.
Who Can We Sue?
If you’re the SEC, you should recognize that the plan of attack just got much more complicated, as there is no single entity responsible for the whole Lido system. Instead, it has basically three classes of participants: DAO voters, node operators, and oracle operators. Who “controls the stake” is quite unclear because in a sense, all of them do.
However, I would argue that the root of the system does clearly roll up to DAO voters, who can theoretically attempt a complete system shutdown if necessary (e.g. in the event of an SEC settlement). This would probably look like an indefinite pause on staking deposits, coupled with a withdrawal process for node operators.
It should be noted that such a system shutdown could get messy in a hurry. Firstly, the SEC only has jurisdiction over the US, and this restriction is highlighted by the fact that Kraken will continue offering staking services to non-US clients. How could Lido disentangle US vs non-US users? It’s hard to say. Secondly, while DAO voters can block (“pause”) new deposits, they cannot force withdrawals from the consensus layer — as pointed out earlier, only the node operators can do that. If it is not possible to add new deposits/validators to the system, Lido’s cryptoeconomic incentive structure breaks down, as the DAO no longer has leverage over node operators, because there is no way for the operators to add more validators to the system (i.e. no new revenue), and because operators (and depositors!) will continue earning rewards so long as the validators are kept active. This means that for an SEC action to be truly enforced, it may need to simultaneously compel both the DAO and all of the node operators to shut down, and who knows where everyone is located. ¡Ay caramba!
This is not to say the US government could not land a coordinated shutdown of Lido—the system does have some centralizing pressures, namely the node operator whitelist and the fact that operating nodes at scale increases margins. However, such a regulatory attack would be quite difficult in practice, and generally speaking the government is not great at difficult things. Furthermore, given that users are not being harmed by Lido, and are instead making money from it, one might expect the appetite for such a complex takedown to be relatively low compared to, you know, fighting actual crime (of course, as we’ve seen, this logic is not always followed). My personal take is that Lido is sufficiently decentralized to stave off such an attack, at least for the time being. However, there are a few points in the system architecture that do make me a bit nervous (e.g. lack of oracle incentives) and I hope Lido will continue to evolve over time, because it probably is the best option for novice, US-based users to stake their ether, and on the margin I do think that is a net benefit to the network.
Swimming with Rockets
A less popular but still noteworthy LSD option is that of Rocket Pool. From a depositor’s perspective, this is quite similar to Lido: you deposit your ETH and get a token representing that stake (rETH), which you can use to do DeFi stuff. The main differences are related to the operators, so I’ll keep this section brief.
With RocketPool anyone can permissionlessly operate a node and may start a validator by staking 16 ETH and utilizing 16 ETH from the user deposit pool. Half of the rewards +15% go to the node operator, making it more lucrative to create two RocketPool validators than to create a single validator of your own. Due to its permissionless nature, RocketPool tends to attract smaller-scale home stakers, while Lido is more geared toward industrial-scale providers. Note that there is a catch: in order to spin up a RocketPool validator, you need to lock up “at least 1.6 ETH worth of RPL”, which is RocketPool’s native token.
The RocketPool oracle system is itself a DAO and unlike Lido, it is monetarily incentivized to do its job, though this incentive is in the form of the RPL token.
There is also a general RocketPool DAO, which votes on system parameters like fee rates for node operators. As you might expect, the DAO is also governed by the RPL token.
Overall, RocketPool is a reasonable option with less centralization pressure, more node operators, and a lower susceptibility to regulatory attack (100x more nodes = 100x more headache). However, be aware that due to RocketPool’s smaller scale as compared to Lido, rETH is currently not as useful in the DeFi ecosystem as is Lido’s stETH. Also, I would personally be a bit more concerned about the average “quality” of a RocketPool node operator—small scale home stakers can often go offline and are more prone to mistakes than you might expect from professional, industrial scale staking providers.
Fallback to Home
There’s one type of staker that the SEC definitely won’t touch: the home staker. If you have 32 ETH, you can purchase a machine, sync consensus + execution clients, and deposit your ether. Woohoo, you’re staking from home! And there will be no G-men chasing you down for running open-source software on your own computer and staking your own assets; free speech, baby!
While there are some excellent resources and a lovely EthStaker community, home staking is geared toward more advanced users and is not an option for people with A) <32 ETH and B) poor Internet connectivity. As any home staker will attest, it is vital to have a stable, high bandwidth Internet connection and you need to constantly monitor your staking box for breakages. For example, I once had a power surge which corrupted Geth’s state and I had to resync from scratch, which took like 2 days — not only did I lose revenue for that time period, my balance was actually reduced while inactive.
Staking from home is the ultimate decentralization flex and if you care about the Ethereum in an altruistic sense, there is no better thing you can do than enlist your ether and start securing the network. It’s fun!
If you know what you’re doing, home staking is as close to risk free as you’re going to get, as there are no counterparties or custodians to worry about. That said, I would be remiss not to address some glaring disadvantages relative to liquid staking options.
Can’t Fight City Hall
One inherent problem with home staking comes from statistics. Each validator has a 1/N chance of proposing any given block, where N is the number of validators on the consensus layer globally. So if you operate 10 validators, you are 10x more likely to propose the next block than someone who runs 1 validator.
While each block proposal has a fixed reward of 0.03 ETH, the fees collected from proposing the block are variable, meaning they follow some sort of probability distribution. I won’t get into the nuances of MEV here, but suffice it to say that most validators run mev-boost and we can use MEV-block-production data as a proxy for the fee distribution we want.
The above chart (from here) shows the median block fee over time for mev-boost users, as well as the median+/-25th percentile values. The main takeaway is that the +25th percentile is consistently further from the median than is the -25th percentile. Put another way, the mean is consistently higher than the median block fee; last I checked, almost twice as high!
Unfortunately, home stakers get the ass-end of this discrepancy, which comes from the presence of outliers. While most block rewards sit somewhere in the 0.01-0.1 ETH range, there are a few that come along at 10+ETH—in fact, I’ve seen blocks with fees as high as 350 ETH. These blocks are outliers, which affect the probability distribution by giving it a fat tail to one end; 10 ETH is ~9.95 ETH larger than the median fee, while 0 ETH is only ~0.05 ETH lower than it. This asymmetry pushes the mean fee reward above the median.
Let’s do some quick napkin math for sake of example. Suppose there are 500,000 validators in the system and a home staker operates 5 validators, while a large pool operates 50,000. Suppose also that every 1 in 10,000 blocks is an outlier, with a 10 ETH reward, while every other block rewards 0.05 ETH. What is the expected reward of each participant over a 30 day period?
30 days = 2,592,000 seconds; 12 seconds/block → 216,000 blocks produced
(5 / 500,000) * 216,000 → 2.16 expected blocks for home staker
(50,000 / 500,000) * 216,000 → 21,600 expected blocks for pool
(1 / 10,000) * 2.16 = 0.000216 → ~0 expected outlier blocks for home staker
Expected reward: 0.1 ETH → 0.02 ETH per home staker validator
(1 / 10,000) * 21,600 = 2.16 → ~2 expected outlier blocks for pool
Expected reward: 1100 ETH → 0.022 ETH per pooled validator
With 0.000216 outlier blocks expected by the 5 validator home staker, we would need to wait 4,630 days until this staker could expect one validator block, over which time the staking pool will have proposed an expected 10,000 outlier blocks. Hopefully this nonlinear outcome makes some intuitive sense to you. The take home message is that home staking is simply less profitable than pooling stake amongst many parties.
Note that this topic is widely known and there has been recent interest in establishing smoothing pools for home stakers, wherein everyone sets their fee recipient to be a smart contract and each validator gets a prorated share of the total pool. If widely used across home stakers, this would largely ameliorate the discrepancy, so I hope the idea gets more legs!
Liquidity Lockup
Another disadvantage comes from the fact that when you stake from home, your ether is locked in the beacon chain and cannot be used. This is a stark contrast from LSDs like Lido, which give you a derivative token, which you can then use across DeFi for your other money making schemes.
The LSD advantage should be pretty obvious. If you think you can get more than 1.5% on your USD, it behooves you to deposit your ETH on Lido, wrap it to wstETH, and create a Maker CDP (wstETH → DAI → USDC → USD). The risk-free rate of return is currently sitting at ~5% (thanks Jerome) so I think it’s safe to say this should be a winning proposition.
Which Option is Best For You?
To close out, I’ll summarize what I see as the pros and cons of each staking option from the perspective of a depositing user. Draw your own conclusions!
Lido
Pros:
Easy user interface and higher expected rewards due to large pool size
Ability to wrap staked ether into wstETH, avoiding rebalances (a.k.a. taxable events)
Large market for wstETH, allowing further yield potential in e.g. DeFi
Cons:
Relatively centralized, with higher regulatory risk than other options (though obviously lower than in the CEX killing fields)
Relatively high counterparty risk due to fewer node operators
Non-incentivized oracle system (at least as far as I can tell)
RocketPool
Pros:
Similarly easy user interface
Very low regulatory risk due to permissionless node operation and much larger operator count
Relatively low counterparty risk due to more node operators (though perhaps higher risk of them making mistakes due to their more amateurish nature relative to Lido professionals)
Cons:
Marginally lower expected yield than Lido due to smaller pool size
Smaller market for rETH
Lots of weird RPL token stuff
Home Staking
Pros:
Zero regulatory risk
Zero counterparty risk
Cons:
Ether is locked and illiquid
Lower expected rewards (though this may be mitigated in the near future by smoothing pools)
Staking equipment + stable Internet connection + some technical chops required
I hope this article was helpful and would appreciate any and all feedback!