A Hitchhiker's Guide to Restaking and Its Risks

...Pandora's box has been opened, and there's no going back...

Restaking is here. It's new, it's complex, and it's changing Ethereum.

Sriram Kannan and his team at Eigen Layer created restaking. It lets Ethereum stakers secure other networks too. Jessy Cheng calls it "inevitably coming true" [5].

Restaking makes Ethereum staking more interesting. It could change the whole system. It offers benefits but also brings risks.

This guide explains restaking. We'll cover how it works, what it might do, and what could go wrong. If you care about a decentralized internet, you need to understand this.

But first, let's talk about staking. It's the foundation of restaking, and it's key to networks like Ethereum.

Staking

Staking secures blockchain networks without mining. In proof-of-stake (PoS), validators put up cryptocurrency as collateral. The more they stake, the more likely they are to validate transactions and earn rewards.

Staking does two things:

• It makes people behave honestly.
• It keeps the network secure.

To be a validator, you "bond" some cryptocurrency. This shows you're committed. In return, you earn rewards.

If validators misbehave, they get "slashed." They lose some of their stake. This keeps everyone in line.

Some systems, like Ethereum, let you delegate your staking rights. You pick a staking service provider (SSP) to do the work for you. This is called Delegated Proof of Stake (DPoS) [6].

In short, staking keeps PoS networks running. It rewards good behavior and punishes bad. DPoS makes it easier for more people to join in.

Now that we understand staking, let's look at restaking.

Restaking

Restaking expands the power of ETH stakers. It allows them to secure Ethereum and other protocols simultaneously, essentially "renting out" their staked ETH. Stakers agree to additional slashing conditions in exchange for rewards from securing oracles, layer 2 chains, bridges, and more.

The process works like this: Instead of setting a regular withdrawal address for staked ETH, you direct it to an Eigen Layer smart contract called an "eigenpod." This pod is jointly controlled by you and Eigen Layer.

Restaking adds complexity to the staking model. In the EigenLayer system, a delegator (or restaker) chooses a Strategy, which includes an Operator and the Actively Validated Services (AVSs) that the Operator supports. Operators must perform duties set by AVS protocols or face penalties like slashing (losing part of their stake) or jailing (being banned from operations) [7].

If you validate honestly across all opted-in protocols, you can withdraw freely. However, violating conditions on any protocol risks slashing a portion of your staked ETH. There's also an off-chain component: running node software for each additional protocol you're securing. Restaking's potential impact rivals that of MEV (maximal extractable value). It opens up a vast design space, akin to modding a video game, but with far higher stakes—we're dealing with global economic infrastructure.

This innovation could fundamentally alter ETH's properties as an asset, much like EIP-1559 did. It maximizes opportunities for positive-sum games and allows academic research to transition into real-world applications.

Cryptoeconomic Security and Its Challenges

Cryptoeconomic security is vital in decentralized systems. It measures the economic cost of corrupting a network. In Proof of Stake (PoS) networks, security stems from the total value of staked tokens [8].

Building strong cryptoeconomic security is a challenge for decentralized applications (dapps). Each new dapp often requires its own staking network, leading to fragmentation and limited security for individual services.

Restaking addresses these issues with a novel approach. By enabling ETH stakers to "restake" their assets across multiple services, it creates pooled security and a free market for trust. This allows dapps to leverage Ethereum's robust security without building their own staking networks from scratch [8].

EigenLayer's documentation describes 'pooled security' as a way to reuse economic security by allowing different AVSs to share a common base. In theory, this significantly increases the cost of compromising any individual AVS, as the shared security pool far exceeds what a single AVS could achieve alone [9].

The platform also offers 'attributable security', which is specific to each AVS and only slashable by that AVS. This is intended to provide additional guarantees for AVS customers, though its practical effectiveness remains to be seen [9].

EigenLayer aims to achieve economies of scale by allowing AVSs to share the same underlying smart contract infrastructure. While this could make collective security purchasing more efficient, it also introduces potential risks, such as increased complexity and interdependence between AVSs [9].

The combination of pooled and attributable security is EigenLayer's approach to flexibly and efficiently scaling economic security. While promising, this innovation comes with its own set of challenges and uncertainties that will need to be carefully monitored and addressed as the system develops.

Concerns and Open Questions

Restaking isn't without its critics. Vitalik Buterin, for one, worries about stakers becoming "polyamorous." He sees potential dangers in this, particularly for Ethereum's economic security.

Several key questions remain unanswered:

• How will restaking alter Ethereum's security model?
• What new vulnerabilities might it create?
• How will it affect ETH's supply and demand?
• How will stakers use their new capabilities?

These aren't small concerns. They touch on the core of how Ethereum functions and how it might evolve.

Yet, for all the risks and unknowns, restaking's potential is hard to ignore. If it works, it could dramatically boost crypto's ability to create win-win economic scenarios. It might even push the technology into the mainstream.

Sriram Kannan frames it in evolutionary terms. He argues that humans' big advantage is our ability to "cooperate flexibly in large numbers." Restaking could take this to a new level. By reducing trust barriers, it might let us coordinate in ways we've never seen before.

We're watching a new economic model take shape. It's uncharted territory, full of both promise and peril. But one thing's for sure: it's an exciting time to be involved in this space.

Restaking Architecture: A Symbiotic Relationship

The restaking ecosystem thrives on the symbiotic relationship between three key players: Actively Validated Services (AVSs), Operators, and Restakers.

Actively Validated Services (AVSs): Leveraging Ethereum's Security

AVSs are blockchain applications that could potentially use a restaking protocol to secure their transactions with Ethereum's validation mechanism. This approach would allow AVSs to bootstrap their security more efficiently and cost-effectively than setting up their own consensus mechanisms.

AVSs come in various forms, each serving a unique purpose:

• Layer-2 chains
• Data availability layers
• Sequencers
• dApps
• Cross-chain bridges
• Virtual machines

Traditionally, AVSs had to create their own consensus mechanisms, such as Proof-of-Stake (PoS) or Proof-of-Work (PoW), to validate transactions. This approach has several drawbacks:

1. New AVSs may be vulnerable to attacks due to smaller validator sets and lower total stake.
2. AVSs could be isolated from Ethereum's security despite storing data on its blockchain.
3. Attracting validators might be costly, potentially requiring competitive staking rewards and infrastructure investments.

Restaking integrations could potentially solve these issues. AVSs would be able to access Ethereum's robust validation mechanism, ensuring high security without managing their own validator networks. This could reduce operational costs and allow AVSs to focus on their core functions.

Some potential examples of AVSs include:

• @eigen_da (DA Layer)
• yperspaceAI (Decentralized AI)
• @aethosnetwork (Contract Policy Engine)
• @Hyperlane_xyz (Interoperability)
• @EspressoSys (Shared Sequencing & DA)

For more AVSs, check out this tweet from the Eigen Collective.

It's important to note that these concepts are still theoretical and have not been proven in practice. The actual implementation and effectiveness of EigenLayer and AVSs remain to be seen.

Operators: Securing Transactions for AVSs

In the proposed restaking ecosystem, operators stake their ETH and provide computational resources to validate transactions for Actively Validated Services (AVSs). They ensure security and reliability, acting as the guardians of the network.

Operators can participate in two ways:

1. Ethereum validators can restack their ETH and validate AVS transactions for additional rewards.
2. Dedicated AVS operators can validate transactions for fees without being Ethereum validators. ETH holders can delegate their assets to these operators and share the rewards.

Operators must follow slashing conditions set by the AVSs. Violating these conditions can result in a portion of their staked ETH being slashed, affecting both the operator and their delegators.

Restaking aims to create a free market where operators choose AVSs based on incentives, risks, and expertise, while AVSs select operators based on experience and reputation.

The relationship between AVSs and operators is symbiotic. AVSs provide opportunities for operators to earn rewards while operators contribute to AVS security and decentralization. This mutually beneficial arrangement is the foundation of the restaking ecosystem.

However, it's important to note that these concepts are still theoretical and have not been proven in practice. The actual implementation and effectiveness of the operator's role in the restaking ecosystem remain to be seen.

Restakers: Pledging Staked ETH to the Ecosystem

Restakers are users who pledge their staked ETH or ETH liquid staking tokens (LSTs) to the ecosystem, expecting rewards for their commitment.

There are two main ways for users to participate as restakers:

1. Native ETH restaking: Users with ETH staked directly on the Ethereum beacon chain can create an EigenPod, a contract that enables native restaking by configuring the beacon chain withdrawal credentials to the EigenPod addresses.

2. ETH LST restaking: Users with ETH staked on liquid staking platforms can restake their ETH LSTs either directly via the restaking platform or through a liquid restaking protocol. Liquid restaking protocols allow users to restake their LSTs while remaining liquid by minting a wrapped token that encompasses both yield layers and the underlying asset.

   
   

Restakers must conduct thorough research when selecting operators to delegate their stakes, as malicious behavior by operators could result in the slashing of the restakers' assets.

The Relationship Between Restakers, Operators, and AVSs

In the proposed restaking ecosystem, restakers pledge their staked ETH or ETH LSTs to operators, who use these assets to validate transactions for AVSs. Operators are motivated to perform optimally to attract restakers, while AVSs set the fee rates for their services.

This dynamic relationship underscores the importance of each stakeholder in maintaining the ecosystem's stability and security. However, it also suggests that risks could increase as the ecosystem becomes more complex and interconnected.

It's important to remember that these relationships are still hypothetical and untested in the real world. The actual interactions between restakers, operators, and AVSs may differ from what is currently envisioned, and unforeseen challenges or risks could emerge as the ecosystem develops.

As with any new system, all participants must carefully consider the potential risks and uncertainties before engaging in the restaking ecosystem. Its success and stability will depend on careful design, implementation, and ongoing management of these relationships, as well as the ability of all stakeholders to adapt and respond to evolving circumstances.

Restaking Risk Assessment Framework

Restaking, including Restakers, Operators, and Actively Validated Services (AVSs), encounters several risks through their integration within Ethereum's validation processes. This framework categorizes these risks, enhancing risk management, and underpins the monitoring dashboard, rstbeat, inspired by l2beat.com's effective ecosystem management.

1. Operational Risks

These risks concern the operations of Operators and AVSs and include:

• Concentration of Power and Centralization: A single operator managing multiple AVSs could centralize control, creating systemic vulnerabilities.
• Interdependence and Complexity: Dependence on specific operators can cause cascading failures if one operator experiences problems, increasing ecosystem fragility.
• Infrastructure and Management Challenges: Includes potential hardware failures or software bugs that can result in operational downtime or security breaches. Minor connectivity issues might trigger backup nodes to double-sign, leading to slashing [7].
• Operator Misconduct and Slashing Risks: The possibility of dishonest behavior by operators motivated by profit. Strategies to mitigate these risks include diversifying or specializing in AVS validation tasks to effectively manage and reduce potential slashing incidents.
• Reward Management Risks: Managing rewards from various AVSs, which might pay in different tokens, requires significant resources and careful planning to prevent missed rewards, address tax liabilities, and maintain yield. This involves tracking liquidity on trading venues and optimizing the execution of transactions to preserve yield.

2. Stakeholder Risks

These risks directly impact Restakers and other stakeholders:

• Access and Transparency Issues: Ensuring clear and fair processes for withdrawals and rewards is crucial for maintaining trust [7].
• Financial Risks: The risk of funds loss due to operator errors or AVS failures necessitates robust control mechanisms and clear guidelines on the restaking process [7].
• Additional Unbonding Period: The restaking process increases the duration of ETH withdrawals due to unbonding times from AVSs, introducing additional opportunity costs and potential future changes to unbonding periods.
• Staking Derivatives Contagion: The dominance of liquid restaking and staking derivatives like LRTs and LSTs in AVSs' stake poses risks in scenarios of de-pegging, potentially compromising AVS security and stability [7].

3. Systemic Risks

These risks could lead to broad disruptions:

• Protocol and Design Vulnerabilities: Flaws in the design could expose the system to risks, requiring continuous audits and updates.

• Governance and Compliance: Changes in governance or regulations could impact operational compliance and stability. This includes potential centralization risks due to governance failures or regulatory scrutiny.

• Upgrade Governance Risks: The current governance structure allows 9 out of 13 community EOAs (externally owned accounts) to potentially compromise the system if they coordinate or are hacked, presenting a significant centralization risk [7].

• Infrastructure Dependencies: Reliance on Ethereum infrastructure and third-party services introduces risks, requiring careful management and contingency planning [7].

• Legal Risks: Stakeholders must ensure that their interactions with AVS and the tokens involved do not violate the legislation of their residence countries.

• Centralization-led Risks: Large stake centralizations, where a few operators control much of the network's stake, can lead to network-wide disruptions or mass slashing if these operators experience failures. This is different from the concentration of power, which refers to a single operator managing multiple AVSs, while centralization-led risks refer to a few operators controlling a significant portion of the network's stake [7].

  
  

Critical smart contracts requiring thorough review and auditing in the EigenLayer ecosystem include [7]:

• EigenPod: Verifies ETH Beacon deposits via Beacon chain oracle.
• EigenPodManager: Deploys pods and tracks pod shares.
• DelegationManager: Registers operators.
• StrategyManager: Primary entry and exit point for funds in EigenLayer.
• Slasher: Attached to StrategyManager (currently inactive)

4. External Risks

External factors that could impact the ecosystem include:

• Market Dynamics and Technological Evolution: Changes in the broader market and technology sectors could affect adoption and functionality, requiring a proactive approach to technology adoption and market risk management.
• Regulatory Developments: New regulations could introduce compliance requirements or operational restrictions.
• Future-Proofing Strategies: Long-term viability depends on adopting emerging technologies and improving user experience and system usability to stay competitive and secure.

Implementation and Monitoring: rstbeat

Rstbeat will serve as a comprehensive monitoring dashboard, providing real-time insights and alerts for proactive risk management. It will involve regular stakeholder engagement, periodic reassessment of risks, and proactive communication to maintain transparency and trust within the ecosystem.

This framework organizes risks into clear, manageable categories, enhancing the clarity and effectiveness of the strategies deployed to mitigate these risks, ensuring a resilient and robust platform.

Conclusion

Restaking opens a new chapter in the blockchain. It promises better security and efficiency but brings fresh risks. We're stepping into unknown territory. Will it change crypto forever? Or will it stumble on hidden obstacles? We can't know yet.

Rstbeat aims to be our guide in this new landscape. It watches, it warns, and it tries to keep things stable. As we move forward, we're both excited and cautious. The road ahead is unclear, but it's sure to be quite a ride.

References

[1] Kannan, Sriram. Interview by Ryan Sean Adams and David Hoffman. "EigenLayer Will Change Ethereum Forever." Bankless, 5 June 2023, https://www.bankless.com/podcast/eigenlayer-will-change-ethereum-forever. [2] Jobs, Steve. "Think Different." Apple, 1997. [3] McCain, Chunda. Interview by David Hoffman. "The LRT Episode." Bankless, 22 February 2024, https://www.youtube.com/watch?v=80PO-2yG6Q0 [4] Buterin, Vitalik. "Don't overload Ethereum's consensus." Vitalik.ca, 21 May 2023, https://vitalik.ca/general/2023/05/21/dont_overload_consensus.html. [5] Bankless Podcast. "Restaking Alignment with Vitalik, Sreeram, Tim Beiko, Justin Drake, Dankrad & Jessy." Jun 29, 2023. [6] Davos Protocol. "How EigenLayer Works? A Deep Dive Analysis of the Protocol." 2023, https://medium.com/@Davos_Protocol/how-eigenlayer-works-a-deep-dive-analysis-of-the-restaking-protocol-575bb5e94334 [7] P2P. "Introduction to Restaking Risk Framework." P2P.org, 29 May 2024, https://p2p.org/economy/restaking-risk-surface/?s=09. [8] Pai, Mallesh. "EigenLayer: Decentralized Ethereum Restaking Protocol Explained." ConsenSys, 22 May 2023, https://consensys.io/blog/eigenlayer-decentralized-ethereum-restaking-protocol-explained. [9] "Risk FAQ." EigenLayer Documentation, 4 June 2024, https://docs.eigenlayer.xyz/eigenlayer/risk/risk-faq.

Appendix: Overloading Ethereum Consensus

Vitalik Buterin has raised concerns about the risks of restaking, particularly the potential for restaked networks to assume they have the backing of Ethereum's social consensus in the event of a failure or attack [1, 4]. He argues that using the Ethereum validator set and social consensus for purposes beyond the core protocol brings high systemic risks and should be resisted.

Buterin suggests a case-by-case approach, recommending decentralized oracles for price feeds and gradual enshrinement of complex functionalities in layer 2 protocols. He calls for preserving Ethereum's minimalism, supporting restaking uses that don't extend the role of consensus, and helping developers find alternate security strategies.

Kannan, the founder of EigenLayer, interprets Buterin's concerns as a warning against overburdening Ethereum's social consensus. He emphasizes that EigenLayer is designed with this principle in mind, encouraging restaked networks to use objective slashing conditions, rely on decentralization, and never assume Ethereum will bail them out.

To address these concerns, Kannan proposes several potential solutions:

1. Dual staking: Restaked networks have their own token in addition to ETH. The network's native token is used for social consensus and subjective slashing, while ETH staking provides a base layer of crypto-economic security [1]. This allows restaked chains to have their own "nuclear option" without involving Ethereum's social layer.
2. Clear permissioning and risk tiers: Services that have been thoroughly vetted and only rely on objective slashing could be part of a "grade A" tier, while more experimental or risky services would be labeled as such. This helps stakers make informed decisions about which services to opt into and creates a natural risk gradient within the ecosystem.
3. Native integration: EigenLayer or similar restaking protocols could become a native part of Ethereum itself in the long run, once the techniques have been battle-tested and the risks are well-understood. However, this would require extensive research, testing, and consensus-building within the Ethereum community.

There are still many open questions about restaking and its implications for Ethereum's security model. As the ecosystem evolves, it will be important to strike a balance between the benefits of restaking and the need to preserve the integrity and minimalism of Ethereum's core protocol. Key areas for further exploration include developing clear guidelines for responsible restaking, exploring alternative security strategies, studying systemic risks, and engaging with the broader Ethereum community to build consensus around best practices.

By addressing these concerns head-on and working collaboratively with the Ethereum community, projects like EigenLayer can help pave the way for responsible and secure restaking practices that enhance the capabilities of the Ethereum ecosystem without compromising its core principles.