Lido - Project Breakdown | Revelo Intel

Lido

Overview

Lido is a non-custodial liquid staking protocol launched in 2020. Users deposit funds into the protocol and receive a return on their investment in the form of staking rewards. By issuing an LST, (Liquid Staking Token) (pegged 1:1 to the underlying staked assets), users can stake their tokens without having to lock assets or maintain staking infrastructure.

Liquid staking is a mechanism used by protocols that take token deposits and issue a liquid yield-bearing asset that represents the user’s claim on the principal and future yield accrued from the initial staking deposit. 

The protocol is currently active on Ethereum. In the case of Ethereum, users who want to stake ETH with Lido deposit their ETH tokens into the Lido smart contract. After this deposit, the user gets stETH in return, which is a liquid and tokenized version of ETH. This means that every time there is an ETH deposit, stETH is minted and every time there is a withdrawal, stETH is burnt.

Staking is a crypto-economic primitive by which users who contribute to the network’s security with their tokens can earn yield in exchange for validating transactions.

Holders of stETH can use the token across DeFi (e.g. provide liquidity to ETH-stETH pools, borrow against stETH…) while the deposited ETH is distributed between Lido node operators. Node operators are selected by the Lido DAO and are responsible for running validator nodes on behalf of the protocol. In doing so, Lido abstracts away the complexities and challenges associated with maintaining staking infrastructure.

A validator is a virtual entity that participates in the consensus of a Proof of Stake chain. Validators are represented by a balance, public key, private key, and other properties. A single validator client can hold many key pairs and control many validators as well.

As a protocol, Lido is made out of the following structural components: a staking pool, liquid derivative staked assets, and the DAO.

Staking Pool

The staking pool is the primary contract of Lido. It is responsible for accepting ETH deposits and redeeming withdrawals. This is achieved by minting and burning stTokens, such as stETH. The process is started through the delegation of funds to node operators, whose software will keep track of and apply the corresponding rewards to each staking position.

On Ethereum, staking means depositing 32 ETH to activate a validator software that will process transactions and produce blocks. This is done by the software, but the node operators must make sure that the server is working and online at all times. 

As a reward for processing transactions and putting a deposit at risk of being forfeited (if the validator does not follow the rules of the consensus), validators are rewarded with newly minted ETH, priority fees, and MEV.

Users send ETH to the staking pool and the contract will mint stETH in return, all of this while simultaneously distributing the underlying ETH in a uniform manner across all validators.

There is an Oracle contract that is responsible for tracking the DAO balances of all validators on a daily basis. This oracle allows the balances to go up or down depending on whether validators accrue staking rewards or suffer penalties. Every 24 hours, oracles assigned by the DAO report balances that will mint or burn stETH depending on the node’s performance.

The Lido community has already begun conversations about expanding its oracle set and covering future gas expenses on a regular basis.

By pooling ETH from users together, staking pools can bypass the minimum 32 ETH requirement to participate in PoS. 

Instead of having each user operate their own validator, the pool handles the operational aspect of staking and maintains a reserve of liquid ETH to satisfy withdrawal demands

stETH or Staked Tokens

stETH is an ERC20 token that represents staked ETH on Lido. It is minted every time there is a deposit and it is burned every time there is a redemption of the underlying ETH.

stETH is the representation of the net value from the initial deposit + staking rewards – network penalties. Token balances are issued 1:1 to the underlying ETH staked in Lido and are updated by an oracle once every 24 hours at 12:00 UTC.

In traditional finance, yield-bearing assets such as sovereign bonds or mortgages are the foundations of multiple instruments such as derivatives, rehypothecation, inverse instruments… Prior to the first stages leading to the Ethereum Merge and the transition to Proof of Stake, Ethereum lacked such a yield-bearing asset like stETH.

Since staking is a commitment to contribute to the network’s security, assets need to be locked up to prevent “bank-run” situations. The lockup period varies by network. With Ethereum’s unique lockup mechanism, withdrawals depend on network upgrades.

Yield from staking is crypto’s equivalent of a risk-free rate

Lido on Ethereum APR

User’s APR (Lido Staking APR) = Protocol APR * (1 – Protocol Fee)

The protocol APR accounts for the rewards of both the Consensus layer and the Execution layer:

Base rewards are inversely proportional to the square root of the total staked ETH in Ethereum. This is why the amount of rewards per validator decreases as the overall number of Ethereum validators increases.

Lido DAO

The Lido DAO is a decentralized solution created with governance purposes and the intention of decentralizing the community of users and validators. Otherwise, users would be forced to trust a single point of failure.

Contrary to other DAOs, the Lido DAO faces a series of challenges and features some odd differences due to the nature of its operations:

The DAO members govern the protocol’s stability by:

Lido V2

Lido V2 went live on May 15, 2023, following a successful on-chain vote that was initiated on May 12, 2023.

This significantly improves the Ethereum staking experience whilst pushing the Lido protocol further down the road toward increased protocol decentralization.

What is Lido V2?

V2 is Lido protocol’s largest upgrade to date and a step change on the road toward further decentralization. The objective of this upgrade is to promote a platform that is more inclusive, open, and transparent, while simultaneously advancing the fundamental mission of simplifying staking, ensuring maximum security, and maintaining Ethereum’s decentralization and resistance to censorship.

The upgrade brings a variety of improvements and a few features to the platform, with the 2 main focal points being:

The implementation of withdrawals coupled with the Staking Router will contribute to an increase in the decentralization of the network, a more healthy Lido protocol, and enable the long-awaited ability to stake and unstake (withdraw) at will, reinforcing stETH as the most composable and useful asset on Ethereum.

Staking Router

The introduction of the Staking Router as a controlling contract aims to transform Lido into a flexible protocol by implementing a modular infrastructure. This approach involves treating the modules as collections of validator pools that can serve as potential resources for the protocol. Each module will have the responsibility of managing an internal operator registry, storing validator keys, and distributing stakes and rewards among participating operators.

These modules can encompass different types of Node Operators, ranging from community stakers to professional or emerging staking organizations, as well as DAOs. These operators can run validators independently or collaborate through infrastructure like DVT. Additionally, Node Operators will have the opportunity to participate in multiple modules. Apart from enhancing product features, this approach also enables the storage of keys on L2 or off-chain, reducing protocol costs and expanding the potential number of node operators.

The modular architecture enables quicker experimentation with different configurations of Node Operators. This helps overcome technical challenges and accelerates the iterative process of expanding the pool of Node Operators.

The Staking Router is poised to benefit a variety of stakeholders who use Lido, including:

The implementation of the Staking Router brings about a structural transformation in the Lido protocol, transitioning it towards an aggregator strategy. This shift involves incorporating a wider range of validators and introducing the potential for diverse approaches, technologies, and increased flexibility across the entire protocol.

Moreover, the Staking Router enables the individual modules, along with their specific subsets of validators, to function with customized parameters. This includes the ability to set fees or establish collateral requirements, further enhancing the versatility of the validator sets.

Staking Modules Future Direction

The Staking Router proposal allows for the introduction of additional modules enabling a more diverse operator base by leveraging mechanics such as DVT, bonding, and reputation scoring, in order to introduce permissionless entry into the Node Operator set.

Moving forward, some of these modules could include:

Finally, the Staking Router orchestrates deposits and withdrawals to satisfy the DAO’s desired stake distribution and allows DAO-set treasury staking rewards and stake allocation algorithms to control the validator distribution.

Ethereum Withdrawals With Lido

Lido V2 adds functionality for in-protocol ETH withdrawals.

As a continuation of the recent Ethereum Shapella Upgrade, the implementation of withdrawals simplifies the process of unstaking ETH from the Lido protocol.

This improvement addresses several previous drawbacks associated with staking on Lido, resulting in a more streamlined and efficient utilization of Lido’s staked ETH within the Ethereum DeFi ecosystem.

Due to the inherent complexities in Ethereum’s network design where the Consensus and Execution Layers function somewhat separately, the withdrawal mechanism added to Lido’s protocol design will have two modes:

Turbo Mode

The default mode of operation is employed under normal circumstances unless there is a severe event or unforeseen situation that impacts the Ethereum network. In Turbo Mode, withdrawal requests are expedited by utilizing all available ETH from user deposits and rewards. The exact timeframe for exiting the network remains uncertain; however, in the best-case scenario, withdrawal requests can be processed within hours without necessitating a validator exit.

To ensure a seamless process, contributors have put forth proposals for automation tooling, both for the protocol itself and Node Operators. These tools aim to automate various tasks related to validator exits, thereby reducing potential delays.

Bunker Mode

In order to handle withdrawals in an organized manner during catastrophic scenarios, the concept of Bunker Mode has been introduced. The primary objective of Bunker Mode is to safeguard against malicious actors who might exploit the situation to gain an unfair advantage over other stakers by intentionally delaying withdrawals across the entire protocol.

By implementing Bunker Mode, any negative consequences resulting from such scenarios can be shared among the stakers, ensuring a fair and equitable distribution of the impact.

Claimant

Due to the asynchronous nature of Ethereum withdrawals, withdrawals will have the following functions via a Request/Claim process.

V2 Security

In order to ensure confidence in the protocol, Lido V2 underwent multiple security audits (see Audits section for detailed information) consisting of the following:

The protocol upgrade has achieved full functionality for Lido on Ethereum by enabling withdrawals from stETH to Ether.

This upgrade has not only provided the ability to withdraw stETH as Ether but has also created avenues for exploring and collaborating with the Staking Router architecture, presenting new opportunities for experimentation and partnership.

Why the Project was Created

Lido was launched in December 2020, shortly after the Ethereum Beacon Chain went live. The protocol aimed to address key challenges associated with Ethereum staking, such as the need to stake multiples of 32 ETH, the operational barriers requiring technical expertise, and the issue of ETH being locked until the Shanghai upgrade. The goal was to make staking more accessible and liquid. As Lido gained traction, it expanded to support other chains, enhancing its multichain approach and adapting to the unique aspects of various Proof of Stake networks.

In order to participate in staking, there is a requirement to deposit 32 ETH in a node validator software. This deposit serves the purpose of being an economic incentive for storing data, processing transactions, and adding new blocks to a Proof of Stake chain. In the case of Ethereum, validators earn rewards from ETH issuance, priority fees, and MEV.

The DAO was founded by notable figures in the cryptocurrency industry, such as ParaFi Capital, Stani Kulechov, and Cobie among others.

During 2022, stTokens have found their primary use case in lending markets, with the Aave stETH lending pool taking up the majority of the usage. For instance, users can use stETH as collateral to borrow ETH, swap ETH for stETH, and do this again in order to build up a leveraged strategy.

Whether it is through a centralized provider or a decentralized protocol, liquid staking derivatives have shown product-market fit and new staking solutions are likely to start being developed. Overall, the amount of ETH being staked is ever-increasing and is likely to increase once withdrawals are enabled on the Ethereum mainnet. As more protocols start to integrate and build on top of liquid staking derivatives, the utility and availability of stETH will continue to increase due to its current adoption.

The evolution of Lido

V1 had its foundation in a carefully curated set of operators, but Lido V2 represents a significant evolution. It reshapes the platform into a versatile marketplace for stake allocation, with strong support from the DAO’s governance structure.

The Staking Router lies at the heart of Lido’s vision, bringing together stakers, developers, and node operators to nurture a decentralized Ethereum ecosystem. Lido V2 streamlines stake management by implementing Distributed Validator Technology (DVT), which disperses validators across multiple machines, fortifying resilience and reducing vulnerability to single points of failure. DVT achieves this by breaking the validator’s private key into fragments and distributing them across a network of computers, rendering attacks more complex and ensuring fault tolerance. This evolution underscores Lido’s dedication to establishing a robust Ethereum validator set while upholding high standards in quality, security, and decentralization.

Lido V2 brings several notable improvements to its platform, including the introduction of a user withdrawal option. Building upon the foundation of V1’s Curated Node Operator Registry, it now embraces the StakingRouter, effectively evolving Lido into a dynamic stake allocation marketplace with diverse staking modules.

These include the following:

The Staking Router

The Staking Router serves as a central smart contract manager for various groups of validators, organizing them into separate modules. Each module is responsible for specific tasks such as managing node operators, securely storing their digital keys, and handling the allocation of stakes and rewards.

To ensure smooth coordination, all modules, despite their unique internal workings, must adhere to a common set of rules, referred to as an “interface.” This standardization allows the Staking Router to interact seamlessly with every module, ensuring that essential information, like the digital keys of its validators, is provided consistently.

During the development of the Staking Router, the team considered various types of validator groups that could work with it, including:

DVT achieves this by breaking the private key that secures a validator into fragments and distributing them across a network of computers, forming a “cluster.” This setup not only complicates the task for potential attackers, as the complete key is not stored on any single machine, but also offers fault tolerance. Even if some nodes in the cluster go offline, the remaining nodes can continue to perform the necessary signing, bolstering the overall robustness of the validator network.

The key features of DVT (Distributed Validator Technology) include:

  1. Fault Tolerance: DVT ensures that the validator remains operational even if one machine within the distributed cluster goes offline.
  2. Enhanced Uptime: The use of distributed validators can lead to significantly improved uptime, with the potential to achieve up to 99.9% availability.
  3. Beneficial for Solo Stakers: Solo stakers or small-scale operators can benefit from DVT as it allows their nodes to stay online, even if individual nodes within the cluster experience downtime.
  4. Geographical Diversity: DVT promotes geographical diversity within the validator, incorporating clients from different locations. This diversity enhances the validator’s resilience to various stressors and failures.
  5. Client Diversity: DVT enables each validator to consist of various client implementations. This diversity helps prevent specific software bugs from negatively impacting the overall performance of the validator. In a network with numerous validators adopting DVT, you would have validators composed of diverse clients, making the network more resilient, varied, and distributed across different regions of the world.
  6. Offchain or L2: DVT offers an improved version of the Curated group. It can save on transaction fees by storing validator keys off the main blockchain, in a separate layer or an off-chain database.

All of these different groups, including Curated, Community, and DVT, have distinct rules and features, but they are designed to seamlessly work with the Staking Router, enhancing the overall flexibility and robustness of the ecosystem.

Lido V2 marks a substantial upgrade, featuring a range of enhancements geared towards improving user experience, capital efficiency, and security. The introduction of the StakingRouter transforms Lido into a modular stake allocation marketplace, offering users more diverse staking options. This innovation is accompanied by a new stake allocation algorithm designed to optimize the distribution of incoming deposits across various modules.

The integration of DVT (Distributed Validator Technology) and new fee distribution mechanisms further strengthens the system’s resilience and offers financial incentives. With upcoming updates centered around bond support, withdrawal integrations, and Layer 2 compatibility, Lido is well-positioned to continue shaping Ethereum staking positively. It places a strong emphasis on decentralization, performance, and broadening participation in the ecosystem.

Sector Outlook

Lido can be classified as a Staking as a Service (STaaS) protocol. The protocol acts as a non-custodial, cross-chain infrastructure provider that allows users to delegate their assets in return for a tokenized derivative position (stAssets) that represents a claim on the underlying stake pool and yield. Simultaneously, Lido reduces the opportunity cost of staking, since stAssets are not locked and can be used across DeFi.

Centralization Risks

By having a predefined set of carefully selected node operators, Lido can be quick at responding to protocol changes. However, this can also leave stETH holders in a disadvantaged position where they will have little time to react. When compared with other competitors such as Rocket Pool, its larger share of node operators running validators allows the protocol to gradually discuss any critical change or modification in the flow of incentives.

Business vs. Hobby

By allowing anyone to become a validator, protocols like Rocket Pool are attractive to hobbyists or technical individuals who don’t dedicate their lives to the business of staking. This lowers the barrier to entry for new participants. This also favors decentralization and is more aligned with the ethos of crypto. The model of Lido, instead, incentivizes professional operators while, at the same time, following a multichain strategy. Because of this, it is unlikely that any professional operator would have enough resources available to operate in multiple chains simultaneously.

Competitive Landscape

Rocket Pool

Rocket Pool is another alternative to liquid staking, where users can stake ETH to receive Rocket Pool’s staked ETH wrapper, rETH, in return. rETH can be traded back to ETH + staking rewards.

Rocket Pool also offers Node Staking, where running a node only requires a minimum of 16 ETH compared to the usual minimum of 32 ETH. This is made possible when the node operator deposits 16 ETH and the remaining 16 ETH are assigned by the protocol from users who are depositing ETH with Rocket Pool.

Stakewise

StakeWise is a non-custodial Ethereum 2.0 staking service that allows anyone to benefit from the yields available on the Beacon Chain. For every 32 ETH collectively deposited into the pool by users, StakeWise creates a new validator and adds it to the network. Users can deposit ETH and receive sETH2 in return. Holders own the rights to the pool’s staking rewards. As long as sETH2 is held, rETH2 (reward ETH) will accrue as a reward from staking.

Ankr

Ankr offers liquid staking across multiple chains such as Ethereum, Avalanche, Binance, and many more. By depositing tokens with Ankr, users get Ankr’s liquid staking token. For example, depositing ETH will get users ankrETH in return. Ankr’s liquid staking tokens are yield-bearing assets that will grow in value, such that 1 ankrETH will be worth more than 1 ETH over time.

frxETH

frxETH, by Frax Finance, acts as a stablecoin loosely pegged to ETH where 1 frxETH always represents 1 ETH and the amount of circulating frxETH matches the amount of ETH in the Frax ETH system. Holding frxETH alone is not eligible for staking yield and should be thought of as holding ETH itself.

sfrxETH, representing staked frxETH, allows users to earn a staking yield on their frxETH. Users can exchange frxETH for sfrxETH by depositing it into the sfrxETH vault. The exchange rate of frxETH per sfrxETH increases over time as staking rewards are added to the vault.

EtherFi

EtherFi offers liquid staking for Ethereum. Users can stake their ETH and receive a liquid staking token (LST) in return, which can be utilized across various DeFi platforms. EtherFi focuses on providing a secure and decentralized staking solution. Ether.Fi uniquely combines Liquid Staking Token (LST) and Liquid Restaking Token (LRT) functionalities within a single framework, a feature integrated from the protocol’s inception. Unlike other liquid staking protocols, Ether.Fi allows stakers to retain custody of their keys, reducing custodial risk by eliminating node operators’ control over users’ assets.

Lido is in the lead and represents the large majority of liquid-staked ETH with over 70% of all liquid-staked ETH.

Comparisons of Insurance Protection Between Lido, Rocket Pool, and Stakewise

In tail risk events where Lido has no funds to cover insurance expenses, the penalties of node operators (slashing, offline…) are socialized across all stETH holders.

When compared to other competitors like Rocket Pool, we see that, due to the permissionless nature of the protocol, node operators must post collateral as insurance protection. Because of this, there is no need to run a DAO insurance fund.

Stakewise uses insurance from Nexus Mutual and there is no insurance at the pool level.

Chains

Lido is primarily focused on the Ethereum ecosystem, leveraging the security and decentralization of Ethereum to provide robust liquid staking solutions.

Lido staked assets are present in the Ethereum mainnet (stETH). stETH as a rebasing asset is minted at a 1:1 ratio from each deposit, and to match the underlying token balance, it rebases daily to factor in the rewards accrued from staking. This occurs regardless of where the asset is located, whether in a wallet, a DEX, or a lending pool.

For Users

Liquid staking derivatives have the advantage of being liquid yield-bearing assets. These assets are tradeable tokens that can benefit from the composability of DeFi applications on any given chain.

Lido’s Staked ETH, stETH, is considered high-quality collateral (backed by ETH) and DeFi users are prone to using it as collateral on money markets or for LP positions in order to earn additional rewards on top of a yield-bearing asset.

Users

There are 2 key parties involved: users who stake the underlying asset (stakers), and node operators who are responsible for the actual staking process and infrastructure maintenance.

When users stake ETH, the protocol mints a staked representation, stETH. stTokens are ERC-20 utility tokens that allow users to claim their underlying position along with the rewards or penalties accrued from staking.

  1. Stake any amount of tokens to access daily staking rewards
  2. Receive liquid stTokens to start accruing rewards in real time
  3. Use stTokens across DeFi

Node Operators

Node operators enable the liquid staking derivatives offered by Lido. The more resilient and performant this validator set is, the more effective it becomes for the protocol to increase community awareness and reduce the inherent protocol risks.

Since earnings and slashing penalties are socialized across node operators, it is critical for all stETH stakeholders to maintain a reliable and secure set of node operators.

Given that Lido is a non-custodial protocol, node operators can’t directly access user funds. Because of that, they rely on a public key setup to validate transactions with staked assets. As an incentives alignment mechanism, Lido node operators are compensated by earning a commission on the staking rewards generated from the funds that have been delegated to them.​​

Node operators are added and removed to and from the protocol by the Lido DAO. The whitelisting process starts with the Lido Node Operator Sub-Governance Group (LNOSG), which is a committee of current node operators that evaluates new applications based on factors such as reputations, past performance, security, infrastructure reliability, etc. Once the LNSOG approves an application, it submits a proposal to the DAO that is subject to voting by token holders.

Lido Operator Set Types

There is no list of requirements for being a node operator. However, each chain carries on a series of preconditions that must be met:

A good validator set allows users to use dapps with the lowest risk of downtime or censorship. For that to happen, the validator set needs to deliver censorship resistance and performance under all kinds of adverse conditions.

Node operator guide: https://docs.lido.fi/guides/node-operator-manual

Oracle operator guide: https://docs.lido.fi/guides/node-operator-manual

Deposit security committee manual: https://docs.lido.fi/guides/deposit-security-manual

Simple DVT Module

Distributed Validator Technology (DVT) functions as a system that operates similarly to a multisig setup for running a validator. Rather than relying on a single node operator, DVT relies on multiple node operators, each managing distinct nodes that communicate and collectively reach consensus to fulfil validator responsibilities.

The benefits of DVT are substantial. It enhances validator resilience, mitigating single points of failure through active:active redundancy, mitigating risks of validator downtime. It also promotes decentralization in various aspects, including across infrastructure, geographical distribution, and client diversity. Additionally, DVT enhances security by using Distributed Key Generation (DKG), adding an extra layer of protection against potential threats.

The fastest route to enhancing Lido protocol’s decentralization and security lies in adopting DVT. By accommodating a more extensive range of Node Operators, this technology significantly amplifies the network’s decentralization, distribution, and resilience. DVT’s flexibility allows for the use of various hardware setups, diverse client implementations (like EL and CL clients), and wider geographical distribution.

The Simple DVT Module opens doors for solo stakers, community stakers, existing node operators, and other staking organizations. It invites them to participate in the upcoming third and fourth Lido DVT testnets. Following rigorous performance assessments, the Lido Node Operator Subgovernance Group (LNOSG) will propose clusters for mainnet deployment, leading to a richer diversity of validators.

With Simple DVT Module approved, it will serve as a temporary module, operating initially at 0.5% of Lido stake, with potential for expansion through DAO votes. It is not intended to operate indefinitely, but rather to pave the way for more sophisticated DVT modules that could allow for elements of permissionless onboarding. The proposal also grants the Simple DVT Module Committee the authority to execute Easy Track governance motions, efficiently facilitating cluster operations, while still allowing LDO holder input. This critical step in the adoption of DVT technology is a testament to Lido’s commitment to decentralization, accessibility, and innovation.

Community Staking Module

The Community Staking Module, or CSM, is the first to offer permissionless entry allowing community stakers to operate validators by providing an $ETH-based bond.

CSM has the following features:

Why Stake ETH?

Lido unique depositors: https://dune.com/queries/872031/1520166

Lido depositor’s total volume distribution: https://dune.com/queries/96707/193813

Overall, the main benefit of running a validator in Proof of Stake is to keep the network secure and fairly decentralized. Otherwise, the chain is at risk of being controlled by large corporations and staking providers like Coinbase, Kraken, and Binance… who are subject to political and regulatory risks.

Besides, there is an added benefit to participating in staking, since it can give access to a risk-free rate that is paid out in the native currency of the underlying chain

Target Users

There are 3 ways to participate in staking:

Although there is an element of luck to it, any user who has the technical knowledge to participate on their own has an incentive to do so in order to receive MEV bribes from running their own node. 

This can be a good alternative for people who do not have the minimum requirement of holding 32 ETH and who are willing to accept the tradeoffs that come from delegating funds to centralized or DAO-managed entities. This also introduces exposure to smart contracts risk, technical risk from upgrades to Ethereum, the inherent price risk of holding a liquid staking derivative…

Lido belongs to pooled staking. It is a permissionless protocol where users can delegate their tokens in order to participate in the network’s security. Like other pooled staking protocols, Lido has built out its own smart contracts, which come with its own benefits and risks.

It is a non-custodial protocol where participants can maintain custody of their own assets. The process of transferring assets to the protocol is known as delegation. This functionality is supported by most PoS chains, which means that anyone running a validator can accept delegations in order to increase their staked position. Validators will charge a commission and distribute each delegator’s share of rewards. Nevertheless, the rewards distribution process will be slightly different depending on the chain.

The primary goals of Lido are:

Investing Strategies

When using a Liquid Staking Derivative token, you are delegating your validating duty to a node operator that pools ETH from users and stakes it on their behalf. As a user, in order to pick a suitable liquid staking protocol, you will need to look at things such as historical/projected APR, node operator count, custodian risk, and DeFi integrations.

If a node operator to whom you have delegated your funds does not follow the rules of consensus of the underlying blockchain or experiences frequent periods of downtime, it is possible for the user to lose its funds.

Most Liquid Staking Protocols offer insurance protection against slashing.

stETH Leverage Strategy

Since stETH is tradeable, there are opportunities in the open market. One of the most used strategies allows for building up a leveraged position by:

  1. Getting stETH (swapping ETH for stETH on Curve, or staking ETH on Lido)
  2. Supplying stETH as collateral on a money market like Aave
  3. Borrow ETH against stETH collateral
  4. Use the borrowed ETH to acquire more stETH (e.g. swapping on Curve)
  5. Going back to 1 and repeating this process multiple times until the user reaches a desired LTV risk tolerance

The tradeoff of this strategy is that the leveraged positions can be liquidated if stETH trades at a significant discount against ETH. This puts stETH collateral at risk of going through a liquidation cascade where. As the selling pressure increases, more and more users are forced to sell their stETH to cover their borrowing positions, which further exacerbates the selling pressure.

Self-Repaying Loans

Since Lido’s stETH is a productive asset that rebases (increases in balance) every 24 hours, users can lend their stETH holdings or use it as collateral in order to earn extra rewards by lending and receiving interest payments from borrowers on money markets (all while earning rewards on a daily basis, lowering the liquidation ratio, and offsetting borrow rates every 24 hours).

Aave V3 went live on Ethereum mainnet on January 27, 2023. Lido’s wstETH was launched with e-mode activated. This improves the capital efficiency of the correlated assets offered by the protocol (e.g. ETH and stETH). Hence, users can get higher collateralization and borrowing power, with an LTV ratio of up to 90% and a liquidation threshold of 93%

For Investors

Business Model

The balance of a validator can go up because it receives rewards or down due to slashing and staking penalties.

stETH is a rebasing token. This means that, with every Oracle update, the stETH to ETH ratio is recalculated. If the rewards from participating in staking are larger than the slashing penalties, a profit is made and the balance of stETH will increase by the same amount.

The protocol applies a 10% fee to the staking rewards it accrues and distributes half of it to node operators according to their share in the total stake value. The other half goes to the Lido treasury.

Lido’s Insurance Fund

Lido was developed as DAO, which means that it can choose to maintain its own insurance fund to cover slashing penalties. This approach matches well with Lido’s incentive distribution, where all staking rewards are socialized among participants.

By handling penalties and covering slashing expenses directly, the DAO can insure its users’ stETH funds whenever critical upgrades executed at the protocol level lead to an economic loss.

Insurance in Lido has been implemented as a result of 3 stages:

  1. Purchase coverage from Unslashed
  2. Offer the option for self-cover using 50% of protocol fees
  3. Cap insurance funds and redirect revenue to other operating expenses

Tokens

The LDO token grants governance rights in the Lido DAO. Voting weight is proportional to the amount of LDO tokens that a voter stakes in a voting contract.

Due to the complexities of the stETH token contract, Lido built wstETH, which is a wrapped version of stETH designed specifically for composability and to simplify smart contract integrations. 

stETH is a rebase token. This means that stETH is a token that increases in balance as it accrues rewards from staking. This has some drawbacks in DeFi. For example, as a liquidity provider, the staking rewards would go to the liquidity pool instead of to your position. 

stETH holders deposit stETH in the wrapper contract and receive wstETH, which retains a constant balance. This solves the problem around stETH being a rebasing token. Thanks to this wrapper, stETH can grow in value instead of growing in balance (every unit will be worth more, instead of getting more units).

wstETH maintains a constant balance and wstETH holders can swap wstETH for an underlying amount of stETH held in the Lido wrapper contract

LDO Token Allocation

1 billion LDO tokens were minted upon launch in December 2020, which were allocated as follows:

With the exception of the DAO Treasury, all tokens have a 1-year lockup followed by a 1-year vesting period. These tokens were fully vested in December 2022.

Governance

The Lido DAO executes upgrades directly on-chain. Users can submit proposals to the DAO in order to discuss and make decisions on parameters such as adding/removing node operators, setting the fee structure, choosing oracles…

The LDO token is the governance token of choice and proposals can be approved by the DAO through:

Proposals that affect the core protocol are referred to as LIPs (Lido Improvement Proposals) and are submitted to Lido’s research portal. All proposals must meet a series of documentation and format requirements that are reviewed by an editor. After successful submission, the community is given a chance to actively engage in a discussion on the Lido research forum. Prior to voting on-chain, the DAO will use Snapshot for an off-chain vote that will measure the sentiment around a certain proposal. Afterward, if the proposal is deemed appropriate by DAO participants, the governance vote will be conducted on-chain.

Even though all governance decisions are currently executed using LDO as the governance token of choice, there is currently an active proposal discussing a LDO + stETH dual governance model.

The Lido’s Herald is the best place to stay up to date with the latest state of governance. There is also a bot to get notifications on Telegram.

Lido Node Operators Sub Governance Group

The Lido Node Operators Sub-Governance Group was started after a proposal was submitted to Lido’s governance forum in February 2021. The proposal was initiated by founding node operators from Certus One, P2P, StakeFish, Staking Facilities, and Chorus One. The goal was to form a committee and use their collective experience to consult the LiDo DAO with regards to the admission of new node operators.

Expanding the Oracle Set

Lido is working on the expansion of its Oracle set and covering the associated gas fees on a regular basis. Prior to the proposal, the DAO’s oracle set relied on a team of 5 people who were node operators at the same time. The quorum was set at ⅗. Currently, the community has voted in favor of onboarding 4 new oracles and setting the quorum at 5/9. The additional members are Rated, bloXroute, Instadapp, and Kyber Network.

Voting Process

Research Forum

The Research Forum is where all ideas are proposed and discussed between community contributors. The goal of these discussions is to suggest ideas and provide feedback.

The usual timeframe for moving forward with a proposal is 7 days. After that, the proposal is incorporated to Lido’s snapshot space.

Snapshot Voting

When a proposal is moved to Snapshot, token holders will participate in a process of gasless voting that takes place off-chain.

Voting power is linearly proportional to LDO token balances (the more tokens the greater the voting power). The preferred timeline is 7 days and the voting period must end at least more than 24 hours before the next Aragon on-chain voting stage starts.

Aragon Voting

Lido uses the Aragon DAO framework for voting proposals on-chain. This reduces the operational burdens associated with voting fatigue. Aragon scripts can update smart contracts, approve funds transfers…

Aragon voting lasts 72 hours and has 2 phases:

Emergency Track

During emergencies, votes can start without going through all the steps. This process is immediately started on Aragon and bypasses voting on Snapshot or on the Research forum.

Even if it is an emergency, it is still recommended to give an update on a forum post. This will serve as extra contextual information to prevent mistakes in the future.

Lido Committees

Some of the activities of the DAO are governed by committees.

Transactions from committees usually go through Easy Track. Votings on Easy Track are based on the principle of vetoing. A Motion to vote is placed and if more than 0.5% of users veto a Motion, it stops. Otherwise, it could be enacted.

The list of committees includes:

Risks

Liquid staking provides stakers with the benefits of having access to immediate liquidity, composability of staked assets across DeFi applications, and the distribution of a staking position across multiple validators. However, the liquidity conditions on the market can also result in depegging events, stakers taking on custody risk or smart contract risk, and even risks of network centralization.

Governance Risks

Under the current model, due to the control of the LDO token over the protocol, the DAO can upgrade contracts in a way such that stETH tokens could be burnt on an arbitrary address and minted on another. Because of that, even though the DAO has no control over the ETH backing stETH, there is still a chance that funds can be stolen or misappropriated.

Besides, since the Lido DAO or the Lido core team have no direct control over Ethereum validators or the node operators in charge of running them, the DAO (represented by LDO holders) could exclude legitimate node operators, since it votes for the inclusion or exclusion of new members that are not necessarily proposed by LNOSG. This could result in a worst-case scenario where the protocol’s validator set could direct a new stake to a subset of node operators and partially withdraw the funds of other node operators.

The root cause of the problems that stem from Lido as a DAO is a manifestation of the principal-agent problem between stakers (principal) and node operators (agent). The problem stands because LDO holders don’t have the same incentives as the users who stake.

An ongoing proposal suggests granting stETH holders power to veto proposals voted on and passed by LDO holders

In its current state, the Lido DAO can execute transactions on behalf of the Lido agent contract. This contract can upgrade core parts of the protocol, holds the DAO treasury, and has exclusive admin rights on most of the DAO smart contracts.

Lido itself does not run any validators, since all of them are run by well-known node operators who are unlikely to cause any harm to the Ethereum network.

Governance cannot turn off validators, make a block reorg, or suddenly change the validator set.

Through governance, node operators have the power to:

As a DAO, Lido has no direct control over the actions performed by node operators and the stake allocated to them

Right now, the Lido DAO controls the code behind the Lido protocol and the stETH token. However, malicious votes can affect the balances of stETH holders and the DAO has no control whatsoever over the funds that are already at stake.

Dependency Risks

Dependency risks occur when a protocol relies on external tools in order for a core function to work properly. One of the dependencies was for an Oracle report.

To generate the report, the Oracle code must coordinate the gathering of data from CL (Consensus Layer) and EL (Execution Layer) nodes. Specifically, the Oracle requires information about the EL block corresponding to a particular CL slot.

On the 8th of April 2023, the Oracle report finalization had been made 6 hours later than usual ~12 pm UTC. The delay had been caused by the occurrence of an edge case with a report slot being missed on the Consensus Layer, preventing the software from collecting the data.

A fix was implemented on the same day of discovery. Lido Contributors released an update for the off-chain Oracle including the fix for the said edge case. Oracle holders checked the release code and updated off-chain Oracles. The updated code now appropriately addresses situations where slots are missed.

No user tokens had ever been at risk, and the off-chain code for the Oracle for the now-running Lido V2 upgrade works with said edge case correctly.

Security

All liquid staking derivatives are subject to smart contract risk, slashing risk, centralization risk, and regulatory risk.

Economic losses can be mitigated through insurance solutions such as Nexus Mutual, good operational security practices, self-custody… As far as regulation goes, Ethereum will be most likely declared a commodity by US regulators, while the EU will implement MiCA regulation.

Since Lido has decided to not set a limit on its size, it is possible that one day it could hold the majority of staked ETH. In worst-case scenarios, any failure could then spill over and affect the entire Ethereum ecosystem

Audits

Past vulnerabilities

UI Malicious Code Injection

On March 1, 2022, Lido received an Immunefi report from the United Global Whitehat Security Team informing about a vulnerability in the UI that affected Lido’s staking widgets at stake.lido.fi, terra.lido.fi, easytrack.lido.fi, and two informational sites at lego.lido.fi and careers.lido.fi

The vulnerability affected the way that the Javascript library NextJS images module handles a particular edge case that allows for malicious code injections and open redirects. It was discovered that a malicious code injection could allow a potential attacker to change the page contents and send funds to his personal wallet address instead of to Lido’s staking contracts.

With phishing being one of the most common practices for attacking projects in crypto, this vulnerability could have led to a significant loss of funds. Thanks to Immunefi’s bug bounty program, Lido paid out two rewards bounties, one for critical malicious code injection and one for a low-tier open redirect.

bETH Anchor post-mortem

On January 26, 2022, the Anchor bETH integration had been migrated from the Shuttle bridge (a Terra-Ethereum bridge) to the Wormhole bridge. However, the upgrade lacked smart contract API versioning. This allowed two users to send a total of 443.56111857 webETH (Terra-side Wormhole bETH) to inaccessible Terra addresses, effectively blocking their funds.

On January 27, 2022, the affected users were refunded from the dev team’s funds. The dev team was later on refunded by unlocking stETH from the AnchorVault contract on Feb 10th, 2022.

The root cause was that upgraded contracts retained backward compatibility, allowing users to send transactions from the old UI version to the new contracts without reverts.

To prevent such kind of incidents from happening, the team has implemented versioning into the AnchorVault and formulated the policy for upgradable contracts across the Lido codebase. The policy has been published as LIP-10. On a lower level, all state-changing methods used in the UI now include a version number as the parameter, preventing the Txs formed by old UI versions to ever pass into the contracts after the upgrade. Internal guidelines regarding contract upgrades have been tweaked as well.

The fix has been implemented so that no third-party integrations are interrupted. On Ethereum, the AnchorVault received a tweak to take the refunded stETHs into account in internal calculations. For the Wormhole bridge, bETH tokens locked on the Ethereum Wormhole bridge address corresponded 1-1 to the webETHs on Terra. On the Anchor side, as webETH balances don’t affect rewards distribution (only original bETH token balances do), so no impact as well.

Disrupted rewards distribution due to missed Oracle reports post-mortem

On November 9 and 11, 2022, the Lido Oracle failed to report validator balance updates, causing the rewards distribution to occur every other day instead of daily.

Due to the extreme market conditions on the day of the incident, the protocol saw an unexpectedly high amount of execution-layer (EL) rewards.

As a result, the oracle was unable to finalize reports because of an outdated security threshold for rewards. When the rewards exceeded this threshold, the oracle’s security check was triggered and, due to the unexpectedly high yield, the protocol put the distribution of rewards on hold.

This series of events happened before the Ethereum Merge when the only source of earnings was the consensus layer (CL), and the maximum APR across Ethereum was 10%. As such, Lido set up a security cap on the daily positive rebase at 10/365%.

With the Merge hard fork, the protocol started generating additional rewards from the execution layer through priority gas fees and MEV and accumulating them in a special vault. These rewards are then re-staked with a daily limit of 0.02% of the total stETH supply (around 940 ETH at the time of the incident) to prevent sandwich attacks. Thus, execution layer rewards provide an additional APR of up to 7.3%. This made it possible for the protocol to exceed the 10% APR threshold and fail the security check—precisely what happened on November 9, 2022, which was a particularly profitable day for the protocol with the execution layer reward vault exceeding the 940 ETH limit.

The rebase still occurred every other day because the rewards spread over the previous two days. With the EL APR halved, the overall APR was able to slip under the 10% security threshold, and the user balances were updated.

The team fixed the situation by launching an Aragon vote and the Lido DAO approved the change, and the threshold was updated.

The following actions were taken:

Deposit front-running vulnerability

On Tuesday, Oct 5, the vulnerability allowing the malicious Node Operator to intercept the user funds on deposits to the Beacon chain in the Lido protocol was reported to Immunefi. On Wednesday, Oct 6, the short-term fix was implemented. Currently, no user funds are at risk, but the deposits to the Beacon chain are paused.

The vulnerability could only be exploited by the Node Operator front-running the Lido.depositBufferedEther transaction with direct deposit to the DepositContract of no less than 1 $ETH with the same validator public key & withdrawal credentials different from the Lido’s ones, effectively getting control over 32 $ETH from Lido.

To mitigate the vulnerability, Lido contracts should be able to check that Node Operators’ keys hadn’t been used for malicious pre-deposits.

Lido proposed to establish the Deposit Security Committee to check all deposits made and approve the current state of deposits and available Lido keys as safe. DepositContract provides the Merkle root encoding of all the keys used in staking deposits, and NodeOperatorRegistry can be amended to provide an index of the current state.

To implement the proposed mitigation, the DAO would have to:

As all things require a significant amount of work & time, Lido proposed to prepare to start with a small committee to unblock deposits in the protocol as soon as possible, simultaneously assembling a bigger team to run a guardian daemon as well.

Economic Attack Vectors

There is a risk of loss of funds as a result of slashing or misbehaving.

Centralization Risks

Lido has become the largest provider of staking services on Ethereum and its market share has been a recurrent concern due to the concentration risks of having such a large entity controlling the network.

On the one hand, an investment firm like Paradigm has come up with a research paper that argues that Proof of Stake systems would be dominated by staking pools that are socially scalable and deliver the highest returns by accepting MEV. This argument also supports the thesis that the first mover would benefit from a competitive advantage in the market and would be seen as the most trustworthy solution (Lindy effect)

On the other hand, relevant figures in the Ethereum Foundation such as Danny Ryan argue that “liquid staking derivatives like Lido and similar products are a stratum for cartelization and induce significant risks to the Ethereum protocol and to the associated pooled capital when exceeding critical consensus thresholds”.

Having such a large protocol controlling the market share of staking in Ethereum can create a central point of attack, risk of transaction censorship, collusion for higher rewards…

On June 24, there was a proposal to discuss whether Lido should consider self-limiting. This was the result of concerns raised by the community as well as developers including Vitalik Buterin, Superphiz, and Danny Ryan, who claimed that no single staking protocol should have a majority in staking Ethereum.

The proposal remained open for 7 days and, on July 1st, 2022, almost 99.81% of LDO token holders voted against it. Even though only 0.19% of participants voted in favor of self-limiting, if this proposal had gone through, this would have meant that the protocol would decrease its inbound stake flow to reduce the risks of centralization.

Reasons to self-limit

An ever-increasing market share of Lido means that Lido’s governance becomes more vulnerable to governance attacks that could coerce node operators into operating as a single entity in order to exploit things like multi-block MEV, execute profitable block reorgs, censor transactions…

Besides, Lido still exhibits signs of centralization. For instance, inputs to the validator registry can be changed by centralized parties. This could lead to corruption and opaque situations where operators act in their own self-interest.

Reasons against self-limiting

Among the reasons to reject the proposal are concerns that an entity or a centralized exchange would come to dominate the market with KYC standards if Lido were to self-limit. Other motives include the belief that decentralized competitors like Rocket Pool could quickly grow and meet more demand.

Even if Lido has a big market share relative to its competitors, this same market share is still split between a group of several independent node operators. This would protect the network against attacks where more than ⅓ validators can control the network.

Liquidity Risk

Despite having audited the bridging contracts, cross-chain transfers remain one of the most common attack vectors in DeFi.

The Lido DAO has the power to enable Layer 1 deposits in the bridge as well as admin rights to transfer to the Lido DAO via the Aragon Agent App. When the bridge is enabled and assets are transferred, any actions or changes to the bridging contracts will require an explicit approval from the DAO. For emergency purposes, the DAO has also come up with Emergency Brakes multisigs that can pause deposits and withdrawals on each network.

Investors

Lido has raised multiple rounds of funds with various investors.

Additional Information

Lido Alliance

The Lido Alliance is dedicated to creating a permissionless, decentralized restaking ecosystem that enhances Ethereum’s alignment and security. The focus is on developing Liquid Restaking Tokens (LRTs) and other Ethereum-strengthening protocols. An Alliance Workgroup will assess and onboard potential members, ensuring they align with Lido’s mission and values. Major decisions will involve DAO token holder votes, emphasizing strong security practices and strategic protocol integrations to enhance stETH’s utility and decentralize Ethereum validation. This proposal includes recognizing the Lido Alliance, authorizing necessary contributors, and forming a temporary development committee, all with the aim of aligning with the vision and mission, rather than providing financial advice.

FAQ

Why are LDO transfers more expensive than other ERC20 tokens?

Where can I see my stETH rewards?

Where can I use my stETH?

Will I still retain my staking rewards when LPing on Curve?

Why would I wrap my stETH?

How can I wrap/unwrap my stETH?

Do I need to claim any Ethereum staking rewards when I wrap stETH into wstETH?

Why does the amount of wstETH in my wallet differ from the amount of stETH I wrapped?

Community Links