Using the Lido protocol as an example, what are the risks of LSD protocol?

CN
链捕手
Follow
1 year ago

Original Title: On the risks of LSD
Original Author: sacha
Translation: Qianwen, ChainCatcher

Preface

This article is a response to some of Danny Ryan's views (will be presented in detail later).

The opposite of a fact is falsehood, but the opposite of a profound truth may well be another profound truth.
—Niels Bohr

Overall, I think Danny's position is great. But I also believe that his approach carries equally significant risks, which have not been adequately discussed in public.

I don't think Danny's views themselves are wrong, but I do think that there is another side to his views that has not been clearly conveyed. This is the purpose of this article.

Introduction to Dual Governance

Dual governance is an important step in reducing the governance risks of the Lido protocol. It represents a shift from shareholder capitalism to stakeholder capitalism. It also provides a practical way for Ethereum holders to have a say in changes to the Lido protocol.

Its main purpose is to prevent LDO holders from changing the social contract between the protocol and stETH holders without the consent of the protocol and stETH holders. Currently, LDO holders have significant power over the protocol, which can lead to significant changes in this social contract. These powers include:

  • Upgrading the Ethereum liquidity benchmark protocol code
  • Managing the list of members of the Ethereum consensus layer oracle committee
  • Changing the equity distribution among node operators in potentially harmful or unexpected ways (e.g., adding or removing whitelisted Ethereum node operators)
  • Changing the governance structure in unexpected or potentially harmful ways (such as minting or burning LDO, changing the voting system parameters)
  • Changing the total fee ratio of the Ethereum liquidity benchmark protocol outside the agreed range (and defining these ranges).
  • Deciding how to use the treasury

Except for treasury spending, all of these powers directly affect stETH holders. Dual governance fundamentally allows stETH holders to veto any of the above modifications to the Lido protocol without introducing new attack vectors or imposing excessive political burdens on stETH holders.

Node Operator Governance

Danny believes:

"The decision of who is a node operator (NO) involves two issues— who is added to the set and who is removed from the set. In the long run, this can be designed in one of two ways, either through governance (token voting or similar mechanisms) or through automatic mechanisms around reputation and profitability.

In the former, which relies on governance to determine the pattern of NO, governance tokens (such as LDO) become the main risk of Ethereum. If tokens can determine who can become the majority NO in this theoretical LSD, then token holders can force reviews, multi-block MEV cartel activities, etc., or NO will be removed from the set.

The governance of NO also has an obvious risk, which is regulatory review and control. If a set under an LSD protocol pledges more than 50%, the set will have the ability to review blocks (worse, since it can ultimately determine these blocks, the number will reach 2/3). In a regulatory review attack, we now have a unique entity—governance token holders, which regulatory agencies can request reviews from. Depending on the distribution of tokens, this may be a much simpler regulatory target than the entire Ethereum network. In fact, the token distribution of DAOs is generally terrible, with only a few entities deciding most of the votes."

Dual governance largely addresses the above issues. Specifically, if LDO holders attempt to unfairly remove NO from the set, the following situations will occur:

  • stETH holders with a smaller statutory number (e.g., 5% of the total) can extend the governance voting time so that those with a larger statutory number (e.g., 15%) can veto this wrong decision.
  • If the veto is passed, all subsequent LidoDAO proposals will be defaulted to veto status to avoid imposing more voting burdens on stETH holders.
  • Importantly, the governance body can only return to normal status if both the LDO governance body and participating stETH holders agree to resolve the conflict.

In summary, by giving stETH holders the power to veto changes to NO settings, LDO holders cannot unilaterally conduct reviews, multi-block MEV cartel activities, etc., because LDO holders themselves cannot remove dissenting NO.

Regarding Danny's second concern (regulatory review and control), the token distribution of stETH is fundamentally different from that of LDO, and is more diverse. Therefore, the combination of LDO and stETH is more resistant to such reviews. It is indeed not as widely distributed as ETH, nor as diverse as the distribution of Ethereum users, but this will improve over time.

Economic Factors for Selecting NO

Danny believes:

"In a scenario where NO is selected based on economic and reputational factors, we will ultimately fall into a similar cartelization, albeit automated cartelization.

Selecting NO based on profitability may be the only trustless (non-governance) way to ensure that NO is beneficial to the pool.

The definition of profitability is very problematic… Since the economic activities of the system change greatly over time, the design of the system cannot rely solely on a certain absolute indicator, i.e., it must earn X transaction fees.

When all operators use 'honest' technology, this profitability comparison indicator works well, but if a certain number of bad operators turn to using destructive technologies, such as multi-block MEV or adjusting block release times to obtain more MEV, they will distort the profitability target, causing honest NO to be automatically eliminated if they do not use destructive technologies in the same way.

This means that regardless of the method—NO governance or economic selection/exclusion—this pool that exceeds the consensus threshold will become a cartel layer. Either through governance directly forming a cartel, or through smart contract design forming a destructive profit cartel."

This analysis feels too binary. For Lido (or Ethereum), neither extreme (LDO governance of NO or purely algorithmic/economic selection/exclusion) is possible or desirable.

Dual governance is crucial for minimizing the risk of cartel abuse. And, as Danny correctly points out, profitability is a too simplistic indicator and cannot be relied on entirely.

There are many important factors that are difficult to verify on-chain, such as geographical distribution or jurisdictional diversity, which means that people may always need to play a role in some loop—although perhaps this can ultimately be simplified to voting to rebalance equity between node operators (new and old) annually.

Staked ETH Governance Scheme

Danny believes:

"Some people think that staked ETH holders can have a say in the management of the underlying LSD protocol, making it possible to support unfair token distribution and cartelization.

It is important to note that ETH holders, as the name suggests, are not Ethereum users, and in the long run, we expect the number of Ethereum users to far exceed ETH holders (holding ETH exceeds the amount required to facilitate transactions). This is a key and important fact that affects Ethereum governance—ETH holders or depositors do not have on-chain governance rights. Ethereum is a protocol that users choose to run.

In the long run, ETH holders are just a subset of users, and even ETH holders are just a subset of them. In the extreme case where all ETH becomes staked ETH under an LSD, the voting weight or suspension of staked ETH governance cannot protect users of the Ethereum platform.

Therefore, even if the LSD protocol and LSD holders are consistent in minor attacks and captures, users will not and cannot/will not react."

Hasu's response largely addresses these issues.

The Evil Nature of Governance

Danny believes:

"Even if LSD governance has a time delay, allowing capital to exit the system before changes occur, the LSD protocol is still susceptible to gradual governance attacks. Minor, slow changes are unlikely to cause capital to exit the system, but the system will undergo drastic changes over time. Nevertheless, this is true for any governance mechanism, whether it is primarily informal (soft) or formal (hard)."

Looking back at Danny's argument, minor, slow protocol changes driven by the EF are unlikely to cause DAOs/users to exit Ethereum, but the Ethereum protocol (and spirit) may still undergo significant changes over time.

In particular, it can change the way the protocol operates, breaking the social contract of early contributors.

While I am far from being a maximalist for immutability, I do believe that governance minimalism as a philosophy exists upstream of both soft and hard governance.

The downsides of hard governance have been widely discussed, and soft governance also has its own issues (more subtle and often obscured), involving unrecognized/unaccountable power, how to exercise power without sacrificing trustworthiness, and how to handle power vacuums (in the event of death or disaster). This is certainly not a panacea for eliminating all tail risks.

In other words, under soft governance, there are often a large number of unrecognized powers. Unrecognized power is unaccountable power. And unaccountable power almost inevitably leads to undesirable situations over a sufficiently long time span.

Gwart once tweeted, "Social punishment is Justin Drake coming to your door with a big knife, cutting your computer cable, and pointing at you saying 'You're a bad guy.'"

While this is a humorous expression, it does reveal a deeper potential contradiction, namely the contradiction between the need to maintain the protocol and the concentration of soft power among key actors.

In slightly more serious words from Dankrad, "Yes, we might have opinions about what you're doing at the staking layer, and this might include disrupting your protocol and breaking it."

User Representation

Danny believes:

"As mentioned above, LSD holders are not equivalent to Ethereum users. LSD holders may accept a governance vote based on review, but this is still an attack on the Ethereum protocol, and users and developers will mitigate this attack through the means they have—social intervention."

We can also look at this issue from the opposite perspective.

In almost all cases, user-led decisions tend to encourage market centralization in various important aspects.

99.9% of users may not care about forms of review that are not directly related to them, and most contributors to liquidity protocols tied to Ethereum may care about this.

For example, most users do not care, and should not care, about the geographical distribution or jurisdictional diversity of Ethereum nodes, but contributors to Ethereum-bound liquidity protocols will certainly care and can take practical measures to maintain Ethereum's resilience in these areas.

Capital Risk and Protocol Risk

Danny believes:

"The above discussion mostly focuses on the risks posed by the LSD pool (such as Lido) to the Ethereum protocol, rather than the risks faced by those holding capital in the pool. Therefore, this may be a tragedy of the commons—everyone rationally decides to use the LSD protocol for staking, which is a good decision for users, but a progressively worse decision for the protocol. However, in fact, the risks faced by the Ethereum protocol when it exceeds the consensus threshold are linked to the risks faced by the capital allocated to the LSD protocol.

Cartelization, abuse of MEV extraction, and review systems are all threats to the Ethereum protocol, and users and developers will respond to these threats in the same way as traditional centralized attacks—by leaking or burning through social intervention. Therefore, centralizing capital into this layer for cartelization not only endangers the Ethereum protocol, but also endangers the centralized capital.

This may seem like a "tail risk" that is difficult to take seriously or may never happen, but if we have learned anything in the cryptocurrency space, it is that—if this risk can be exploited or has some unlikely "critical edge cases," it will be exploited or collapse faster than you imagine. In this open and dynamic environment, fragile systems collapse time and time again, and vulnerable systems are exploited time and time again."

In the words of Nikolai Mushegian, in an open system, the entire world can interact with it, and incentives are not just a suggestion. They are more like physical laws, such as gravity or the law of entropy. As long as any part of the system is incompatible with the incentive mechanism, it is only a matter of time before it is exploited. Any naive idea cannot reduce this risk.

Relying on commitments to prevent bad actors opens the door to tail risks, and tail risks can be said to be just as serious, if not more serious, than the risks emphasized by Danny.

Self-Restraint

Danny believes:

"The Ethereum protocol and users can recover from the centralization and governance attacks of LSD, but this is not ideal. I suggest that Lido and similar LSD products self-restrain for their own benefit, and I suggest that capital allocators recognize the inherent aggregation risk in the design of the LSD protocol. Due to the inherent extreme risk, the funds allocated to the LSD protocol should not exceed 25% of the total staked Ether. Imposing restrictions artificially cannot guarantee good results."

In fact, artificially limiting liquidity staking products is unlikely to lead to good results.

Because the period that commitments can be maintained is limited.

The ultimate outcome is likely to be a victory for all parties that cannot be influenced by the community: liquidity staking on exchanges, institutions (and licensed) staking products, or protocols that are even less changeable (and less flexible).

These idealistic ideas have a good starting point, but they are divorced from reality, much like the blind spots that the EF often has. It is these kinds of mistakes that led to exchanges dominating the Lido plan before its launch.

Addendum: Public Goods are Very Beneficial

So, what does a world where Lido wins mean for the future of Ethereum public goods (especially the role of Lido DAO in promoting this future)?

In the words of Kelvin Fichter, the EF is an independent non-profit organization with a closed governance structure, and should not (and cannot) be the primary coordinator of public goods in the Ethereum community.

Therefore, I believe that good validators are a public good that needs financial support, and the EF should not rely on it to provide funds (partly because its closed governance structure and super-soft power cannot formulate trustworthy neutral rules well), and only a successful liquidity staking protocol (>50% market share) can afford the financial inefficiency required to maintain a good staking market, sponsor expensive validators, provide ecosystem support, and still be profitable in the long run (over the next 100 years)."

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

ad
Bitget: 注册返10%, 赢6200USDT大礼包
Ad
Share To

Related Articles

avatar
avatarCoin Gabbar
31 minutes ago
Dropee Daily Combo And Question of the Day 01 July 2025
avatar
avatar深潮TechFlow
32 minutes ago
Monad MFR plans to debut in Asia: focusing on user growth, registration channel is now open.
avatar
avatar链捕手
42 minutes ago
The "Big and Beautiful" bill ignites controversy, will the crypto industry also see tax cuts?
avatar
avatarTechub News
58 minutes ago
Will Trump's "Beautiful Bill" help cryptocurrency miners?
avatar
avatar律动BlockBeats
1 hour ago
Brad Pitt's F1 movie still makes people in the crypto community proud.
APP

X

Telegram

Facebook

Reddit

CopyLink