Lido on Ethereum Scorecard
Keep track of the latest updates on how Lido is performing against its goal of being decentralized, trustless, governance-minimized and ethos-aligned with the Ethereum community.
Lido on Ethereum Scorecard
Lido DAO’s purpose is to keep Ethereum decentralized, accessible to all, and resistant to censorship.
Lido DAO’s mission is to make staking simple, secure, and decentralized.
And the endgame is a world in which Ethereum is the co-ordination and value layer of the internet.
As the Protocol specification and related technologies evolve, the commitment to achieving a vision of trustless, governance-minimized, and ethos-aligned liquid staking remains steadfast.
The scorecard below shows how the Lido ecosystem is doing. Feedback from everyone is welcome on the research forum.
Already succeeded
Scorecard Attribute
Category
Self-Assessment
Comments
Operators run their own nodes (no white-labeling)
Validator set
Good
Good performance
Validator set
Good
The average performance of the Lido protocol validator set is higher than the average Network performance based on the RAVER methodology available at the moment of assessment (March 2024).
Operators should receive enough network rewards to build a sustainable, dependable staking business
Validator set
Good
Withdrawal requests are automatically fulfilled
Validator set
Good
The Lido protocol has a subsystem which can self-execute withdrawals with no human participation, apart from requiring Node Operators to maintain tooling (their own or open-source alternatives) to process requests (semi-)automatically. This subsystem ensures withdrawal requests can’t be cancelled (within a bounded period of time) and is designed to work even during chaotic tail-risk scenarios. The total volume of withdrawals processed since May (withdrawals implementation) can be found on the dedicated Dune dashboard.
No operator has more than 1% of the total stake
Validator set
Good
As at Q4/2023, most operators have less than 1% of the total ETH staked. No operator has more than 1.1% of the total ETH staked. Quarterly updates on the details and ratio of amount of stake that is over the soft-ceiling can be found in the Lido Validator and Node Operator Metrics (VaNOM) web-app.
Lido Protocol governance lives on Ethereum
Security
Good
Ethereum community potentially could change the protocol with an emergent hard-fork (if there is a consensus to do it) that changes a few bits in the governance contract to revoke the DAO’s oversight permissions.
Lido Protocol is easy to fork
Security
Good
Open-source development enables Lido protocol clone deployment and running without any DAO votes or third-party permissions.
Withdrawal credentials are non-custodial being managed by a smart-contact maintained by LDO tokenholders
Security
Good
All Lido on Ethereum participating validators use 0x01 (smart contract) withdrawal credentials.
Smart contracts are shielded using best-in-class security standards
Security
Good
The currently deployed protocol version (Lido V2) is audited by four independent top-tier audit providers:
• Statemind
• Certora
• Hexens
• Oxorio There is a formal verification executed by Certora (see the report above). All protocol levers are documented and reviewed by Statemind, see. Last but not least, every protocol upgrade and voting is a subject of running full-blown regression test suite.
• Statemind
• Certora
• Hexens
• Oxorio There is a formal verification executed by Certora (see the report above). All protocol levers are documented and reviewed by Statemind, see. Last but not least, every protocol upgrade and voting is a subject of running full-blown regression test suite.
Doing well, but can improve
Scorecard Attribute
Category
Self-Assessment
Comments
Distributed geographically
Validator set
Okay
As at Q4/2023, less than 22% of validators are currently with North-America (US+Canada) based Node Operators, but there remains an over-reliance on European based entities. Improvements have been noted in not only the addition of Asian and South American-based operators, but also the distribution of validators across under-represented geographies. However, the DAO can continue to promote geographical diversity latest stats can be found here.
Distributed variation of on-premise infra and cloud providers
Validator set
Okay
The largest sub-set of Node Operators utilize public cloud servers (45-50% of stake) for their validators, but On-Premises usage has significantly grown in the last few quarters. Details can be found in the Lido VaNOM web-app.
Best practices in security and key management
Validator set
Okay
In the Curated Operator module, keys are managed by professional node operators. As of the Q4/23, 23.8% of validators in the module utilize Attestant’s Vouch CL client. While Vouch utilization does not directly correlate to usage of Attestants Dirk key manager that includes threshold signing, it is roughly indicative. In the Simple DVT Module, participants utilize Obol and SSV Network based DVT. All validator keys are created through a Distributed Key Generation process, with no single Node Operator controlling a full private key at any point of their existence.
Client Diversity
Validator set
Okay
As at Q4/2023, Node Operators using the Lido protocol utilize a well-balanced suite of Consensus Layer clients in aggregate. Although Execution Layer diversity steadily improved as a result of Node Operator and Onboarding waves, and remarkably improved in 2023, there is still progress to be made to make the network resilient to potential supermajority EL client bugs. Node Operators have committed to further reducing majority EL client usage within 2024.
Node operators are disincentivized from acting maliciously
Validator set
Okay
Currently, if Node Operators don’t process exits on time (in other words, try to block users from obtaining their withdrawn ETH), they suffer penalties (automatically enforced by the protocol, as well as reputational). Triggerable execution layer exits, expected in Q4 2024, will make it possible to exit validators based on a DAO vote.
Lido DAO can’t suddenly change the validator set
Validator set
Okay
As it stands, LDO holders cannot force Node operators to exit. Even if triggerable exits were live today, it would still take the DAO half a year, at a minimum, to rotate all validators (due to the mechanics of how the staking queue works). In order to create additional checks and balances on Lido governance, dual governance proposed. It gives stakers ability to withdraw their Eth in the event of a proposal that would change the validator set, while also enabling them to express concerns about it. Onchain vote to deploy expected in Q3/Q4 2024.
Needs Improvement
These attributes need work, and below is information about what contributors are already doing as solutions and improvements.
Improvement proposals and comments are welcome from anyone.
Scorecard Attribute
Category
Self-Assessment
Comments
Governance has significant safeguards
Governance
Needs improvement
A two-step Aragon voting is used with objection periods, where only 'against' votes are possible in the second phase. The governance process includes 3 steps: discussion, off-chain vote, and on-chain execution which make all changes publicly socialized before implementation.
Currently, operators act as a check on LDO power since they cannot be forced to exit.
Dual governance allows stakers to withdraw their Eth in the event of a contentious proposal, while also enabling them to express concerns about its contentiousness. Onchain vote to deploy expected in Q3/Q4 2024.
Currently, operators act as a check on LDO power since they cannot be forced to exit.
Dual governance allows stakers to withdraw their Eth in the event of a contentious proposal, while also enabling them to express concerns about its contentiousness. Onchain vote to deploy expected in Q3/Q4 2024.
There’s a robust set of governance delegates
Governance
Needs improvement
Currently, delegation is supported only via Snapshot, with an on-chain feature slated for launch in April-May 2024. After addressing technical challenges, an open delegation framework to diversify governance participation is planned to propose.
Delegation is enabled in on-chain governance
Governance
Needs improvement
Delegation is currently only enabled on Snapshot. However, the proposal for the development and launch of on-chain delegation has reached quorum, and an Aragon vote to activate on-chain delegation is expected in April-May 2024.
There is a way for stakers to resist malicious governance capture
Governance
Needs improvement
Lido on Ethereum, governed by LDO token voting, manages various aspects including the treasury, withdrawal keys, and lists of nodes or oracles, effectively granting root access to the voting app. Dual governance allows stakers to withdraw their Eth in the event of a contentious proposal, while also enabling them to express concerns about its contentiousness. When a specified amount of stETH accumulates in the DG veto vault, execution of LDO governance motions is paused unless the stETH in the vault is withdrawn. The design includes multiple safeguards and potential de-escalation mechanisms. A Snapshot vote on this proposal is expected in Q2, with on-chain deployment slated for Q3-Q4 2024.
There’s a way for operators to permissionlessly enter the set and prove themselves
Validator set
Needs improvement
Lido V2’s Staking Router is a controller contract which paves the way for permissionless operators to join Lido’s validator set. The first permissionless module called CSM is planned to be proposed to on-chain vote by the end of 2024.
