Lido on Ethereum
Scorecard
Keep track of the latest updates on how Lido is performing against its goal of being decentralized, trustless, governance-minimized and ethos-aligned with the Ethereum community.
Lido DAO’s purpose is to keep Ethereum decentralized, accessible to all, and resistant to censorship.
Lido DAO’s mission is to make staking simple, secure, and decentralized.
And the endgame is a world in which Ethereum is the co-ordination and value layer of the internet.
As the Protocol specification and related technologies evolve, the commitment to achieving a vision of trustless, governance-minimized, and ethos-aligned liquid staking remains steadfast.
The scorecard below shows how the Lido ecosystem is doing. Feedback from everyone is welcome on the research forum.
Already succeeded
Scorecard Attribute | Category | Self-Assessment | Comments |
---|---|---|---|
Operators run their own nodes (no white-labeling) | Validator set | Good | |
Good performance | Validator set | Good | The average performance of the Lido protocol validator set is higher than the average Network performance based on the RAVER methodology available at the moment of assessment (October 2024). |
Operators should receive enough network rewards to build a sustainable, dependable staking business | Validator set | Good | |
Withdrawal requests are automatically fulfilled | Validator set | Good | The Lido protocol has a subsystem which can self-execute withdrawals with no human participation, apart from requiring Node Operators to maintain tooling (their own or open-source alternatives) to process requests (semi-)automatically. This subsystem ensures withdrawal requests can’t be cancelled (within a bounded period of time) and is designed to work even during chaotic tail-risk scenarios. The total volume of withdrawals processed since May 2023(withdrawals implementation) can be found on the dedicated Dune dashboard. |
No operator has more than 1% of the total stake | Validator set | Good | As of Q3/2024, all operators have less than 1% of the total stake. Quarterly updates on the details and ratio of amount of stake that is over the soft-ceiling can be found in the Lido Validator and Node Operator Metrics (VaNOM) web-app. Additionally, through the Simple DVT Module and the Community Staking Module, hundreds of net new operators have already started using the Lido protocol in 2024, further reducing concentration of stake share amongst large entities. |
Lido Protocol governance lives on Ethereum | Security | Good | Ethereum community potentially could change the protocol with an emergent hard-fork (if there is a consensus to do it) that changes a few bits in the governance contract to revoke the DAO’s oversight permissions. |
Lido Protocol is easy to fork | Security | Good | Open-source development enables Lido protocol clone deployment and running without any DAO votes or third-party permissions. |
Withdrawal credentials are non-custodial being managed by a smart-contact maintained by LDO tokenholders | Security | Good | All Lido on Ethereum participating validators use 0x01 (smart contract) withdrawal credentials. |
Smart contracts are shielded using best-in-class security standards | Security | Good | The currently deployed protocol version (Lido V2) is audited by four independent top-tier audit providers: Statemind, Certora, Hexens, Oxorio. There is a formal verification executed by Certora (see the report above). All protocol levers are documented and reviewed by Statemind, see. Last but not least, every protocol upgrade and voting is a subject of running full-blown regression test suite. |
Client Diversity | Validator set | Good | As of Q3/2024, Node Operators using the Lido protocol continue to utilize a well-balanced suite of Consensus Layer clients in aggregate. Execution Layer diversity significantly improved as a result of Node Operator commitments to reduce their reliance on Geth as a supermajority client. Geth is no longer the supermajority Execution Layer client, seeing a usage of 38%, just above Nethermind at 37%. |
Delegation is enabled in on-chain governance | Governance | Good | The on-chain delegation was enabled in August 2024. Now LDO holders can delegate on Aragon& Snapshot. The delegated LDO amounts and delegates' activity can be viewed on the Lido Delegation Public Dashboard. |
The average performance of the Lido protocol validator set is higher than the average Network performance based on the RAVER methodology available at the moment of assessment (October 2024).
The Lido protocol has a subsystem which can self-execute withdrawals with no human participation, apart from requiring Node Operators to maintain tooling (their own or open-source alternatives) to process requests (semi-)automatically. This subsystem ensures withdrawal requests can’t be cancelled (within a bounded period of time) and is designed to work even during chaotic tail-risk scenarios. The total volume of withdrawals processed since May 2023(withdrawals implementation) can be found on the dedicated Dune dashboard.
As of Q3/2024, all operators have less than 1% of the total stake. Quarterly updates on the details and ratio of amount of stake that is over the soft-ceiling can be found in the Lido Validator and Node Operator Metrics (VaNOM) web-app. Additionally, through the Simple DVT Module and the Community Staking Module, hundreds of net new operators have already started using the Lido protocol in 2024, further reducing concentration of stake share amongst large entities.
Ethereum community potentially could change the protocol with an emergent hard-fork (if there is a consensus to do it) that changes a few bits in the governance contract to revoke the DAO’s oversight permissions.
Open-source development enables Lido protocol clone deployment and running without any DAO votes or third-party permissions.
All Lido on Ethereum participating validators use 0x01 (smart contract) withdrawal credentials.
The currently deployed protocol version (Lido V2) is audited by four independent top-tier audit providers: Statemind, Certora, Hexens, Oxorio.
There is a formal verification executed by Certora (see the report above). All protocol levers are documented and reviewed by Statemind, see.
Last but not least, every protocol upgrade and voting is a subject of running full-blown regression test suite.
As of Q3/2024, Node Operators using the Lido protocol continue to utilize a well-balanced suite of Consensus Layer clients in aggregate. Execution Layer diversity significantly improved as a result of Node Operator commitments to reduce their reliance on Geth as a supermajority client. Geth is no longer the supermajority Execution Layer client, seeing a usage of 38%, just above Nethermind at 37%.
The on-chain delegation was enabled in August 2024. Now LDO holders can delegate on Aragon& Snapshot. The delegated LDO amounts and delegates' activity can be viewed on the Lido Delegation Public Dashboard.
Doing well, but can improve
Scorecard Attribute | Category | Self-Assessment | Comments |
---|---|---|---|
Distributed geographically | Validator set | Okay | As of Q3/2024, around 22% of validators are operated by North-America (US+Canada) based Node Operators, but there remains an over-reliance on European based entities. Improvements have been noted in not only the addition of Asian and South American-based operators, but also the distribution of validators across under-represented geographies. However, the community can continue to promote geographical diversity. Latest stats can be found here. |
Best practices in security and key management | Validator set | Okay | In the Curated Operator module, keys are managed by professional node operators. As of the Q3/24, 23.2% of validators in the module utilize Attestant’s Vouch CL client. While Vouch utilization does not directly correlate to usage of Attestants Dirk key manager that includes threshold signing, it is roughly indicative. In the Simple DVT Module, participants utilize Obol and SSV Network based DVT. All validator keys are created through a Distributed Key Generation process, with no single Node Operator (or other party) controlling a full private key at any point of their existence. |
Node operators are disincentivized from acting maliciously | Validator set | Okay | Currently, if Node Operators don’t process exits on time (in other words, try to block users from obtaining their withdrawn ETH), they suffer penalties (automatically enforced by the protocol, as well as reputational). There have been 0 incidents of non-exit, and one case of delay. Triggerable Execution Layer exits, expected in early 2025 via the Pectra hardfork, will make it possible to exit validators based on a DAO vote. |
Lido DAO can’t suddenly change the validator set | Validator set | Okay | As it stands, LDO holders cannot force Node operators to exit. Even if triggerable exits were live today, it would still take the DAO half a year, at a minimum, to rotate all validators (due to the mechanics of how the staking queue works). In order to create additional checks and balances on Lido governance, dual governance has been proposed. It gives stakers the ability to withdraw their ETH in the event of a proposal that would change the validator set, while also enabling them to express concerns about it. The onchain vote to deploy Dual Governance is estimated to occur in early 2025. |
There’s a robust set of governance delegates | Governance | Okay | Public Delegate Platform and Delegate Incentivization Program were established in August 2024. In Q4, 2024 Lido DAO has 7 delegates with more than 2M LDO delegated to each on-chain, which makes them eligible for incentives. You can see all the public delegates here and check delegates' voting participation here. |
DAO goals are easily accessible | Governance | Okay | The GOOSE framework is utilized to set one-year and three-year goals. The goals for 2025 were adopted in November 2024, marking a new focus for the upcoming year. |
Distributed variation of on-premises infra and cloud providers | Validator set | Okay | Reliance on public cloud has stabilized from around 50% in Q3/2024. The usage is balanced against forms of Bare Metal (Colocated, On-Premises or Dedicated Hardware). Details can be found in the Lido VaNOM web-app. |
There’s a way for operators to permissionlessly enter the set and prove themselves | Validator set | Okay | The first permissionless module called CSM is now live on Ethereum mainnet in the Early Adoption (perrmissioned) mode to onboard a sub-set of identified likely solo stakers to CSM on mainnet prior to the module opening up to everyone. This mechanism safeguards against the potential crowding out of CSM’s capacity by large operators during the initial phase. Once Early Adoption mode is deactivated (expected to happen early 2025), the module will become fully permissionless. |
As of Q3/2024, around 22% of validators are operated by North-America (US+Canada) based Node Operators, but there remains an over-reliance on European based entities. Improvements have been noted in not only the addition of Asian and South American-based operators, but also the distribution of validators across under-represented geographies. However, the community can continue to promote geographical diversity. Latest stats can be found here.
In the Curated Operator module, keys are managed by professional node operators. As of the Q3/24, 23.2% of validators in the module utilize Attestant’s Vouch CL client. While Vouch utilization does not directly correlate to usage of Attestants Dirk key manager that includes threshold signing, it is roughly indicative. In the Simple DVT Module, participants utilize Obol and SSV Network based DVT. All validator keys are created through a Distributed Key Generation process, with no single Node Operator (or other party) controlling a full private key at any point of their existence.
Currently, if Node Operators don’t process exits on time (in other words, try to block users from obtaining their withdrawn ETH), they suffer penalties (automatically enforced by the protocol, as well as reputational). There have been 0 incidents of non-exit, and one case of delay. Triggerable Execution Layer exits, expected in early 2025 via the Pectra hardfork, will make it possible to exit validators based on a DAO vote.
As it stands, LDO holders cannot force Node operators to exit. Even if triggerable exits were live today, it would still take the DAO half a year, at a minimum, to rotate all validators (due to the mechanics of how the staking queue works). In order to create additional checks and balances on Lido governance, dual governance has been proposed. It gives stakers the ability to withdraw their ETH in the event of a proposal that would change the validator set, while also enabling them to express concerns about it. The onchain vote to deploy Dual Governance is estimated to occur in early 2025.
Public Delegate Platform and Delegate Incentivization Program were established in August 2024. In Q4, 2024 Lido DAO has 7 delegates with more than 2M LDO delegated to each on-chain, which makes them eligible for incentives. You can see all the public delegates here and check delegates' voting participation here.
The GOOSE framework is utilized to set one-year and three-year goals. The goals for 2025 were adopted in November 2024, marking a new focus for the upcoming year.
Meanwhile, the current goals, adopted in November 2023, were adjusted in May 2024 (reGOOSE), remain active and relevant.
Reliance on public cloud has stabilized from around 50% in Q3/2024. The usage is balanced against forms of Bare Metal (Colocated, On-Premises or Dedicated Hardware). Details can be found in the Lido VaNOM web-app.
The first permissionless module called CSM is now live on Ethereum mainnet in the Early Adoption (perrmissioned) mode to onboard a sub-set of identified likely solo stakers to CSM on mainnet prior to the module opening up to everyone. This mechanism safeguards against the potential crowding out of CSM’s capacity by large operators during the initial phase. Once Early Adoption mode is deactivated (expected to happen early 2025), the module will become fully permissionless.
Needs Improvement
These attributes need work, and below is information about what contributors are already doing as solutions and improvements.
Improvement proposals and comments are welcome from anyone.
Scorecard Attribute | Category | Self-Assessment | Comments |
---|---|---|---|
Governance has significant safeguards | Governance | Needs improvement | The governance process includes 3 steps: discussion, off-chain vote, and on-chain execution which make all changes publicly socialized before implementation. |
There is a way for stakers to resist malicious governance capture | Governance | Needs improvement | Lido on Ethereum, governed by LDO token voting, manages various aspects including the treasury, withdrawal keys, and lists of nodes or oracles, effectively granting root access to the voting app. Dual governance allows stakers to withdraw their ETH in the event of a contentious proposal, while also enabling them to express concerns about its contentiousness. When a specified amount of stETH accumulates in the DG veto vault, execution of LDO governance motions is paused unless the stETH in the vault is withdrawn. The design includes multiple safeguards and potential de-escalation mechanisms. A Snapshot vote on this proposal passed, with on-chain deployment slated for Q1 2025. |
The governance process includes 3 steps: discussion, off-chain vote, and on-chain execution which make all changes publicly socialized before implementation.
A two-step Aragon voting is used with objection periods, where only 'against' votes are possible in the second phase.
Currently, operators act as a check on LDO power since they cannot be forced to exit.
Dual governance allows stakers to withdraw their ETH in the event of a contentious proposal, while also enabling them to express concerns about its contentiousness. Onchain vote to deploy expected in Q1 2025.
Lido on Ethereum, governed by LDO token voting, manages various aspects including the treasury, withdrawal keys, and lists of nodes or oracles, effectively granting root access to the voting app. Dual governance allows stakers to withdraw their ETH in the event of a contentious proposal, while also enabling them to express concerns about its contentiousness. When a specified amount of stETH accumulates in the DG veto vault, execution of LDO governance motions is paused unless the stETH in the vault is withdrawn. The design includes multiple safeguards and potential de-escalation mechanisms. A Snapshot vote on this proposal passed, with on-chain deployment slated for Q1 2025.