EigenLayer
Protocol Analysis #12
Introduction 👋
This is the twelfth article in our Protocol Analysis series. In this series, we use our investment template outlined in How to Analyse a Web3 Protocol to fundamentally and critically analyse a variety of crypto protocols, aiming to separate the ‘real’ from the hype.
Protocol: EigenLayer, a protocol that enables ETH to be staked across multiple protocols at once, allowing ETH to be used as cryptoeconomic security for protocols other than Ethereum, in exchange for protocol fees and rewards.
Glossary 🔖
As with our piece on Zero-Knowledge Proofs, this article is slightly technical, and it’ll be helpful to level-set on terminology and concepts first:
Staking
Staking is at the core of blockchain networks where the consensus mechanism used is Proof of Stake (PoS). Ethereum is the largest and most prominent blockchain using PoS.
Staking is a process in which you hold and lock up a certain amount of a particular token (ETH) as collateral to support the operations of a blockchain network (Ethereum). By staking your tokens, you help validate transactions, secure the network, and maintain its overall functionality. In return, you get rewards in the form of additional tokens.
At the moment, any time a new module is built on Ethereum that processes inputs derived from outside Ethereum, its processing cannot be validated inside Ethereum (essentially, staked ETH cannot be used to validate that module’s transactions, and the module cannot leverage Ethereum’s security). As a result, the module needs to create and bootstrap an entirely new network to validate its transactions, which is difficult to implement and scale. This also causes security to be fragmented across multiple networks, negatively impacting all the networks.
Slashing
The risk taken on by a staker is of getting ‘slashed’, i.e., if the staker behaves maliciously or violates the rules of the network, their stake gets cut and they face an economic penalty. Some actions that may get a staker slashed are attempting to manipulate the system or going offline for an extended period.
Actively Validated Service (AVS)
EigenLayer refers to modules that require validation as ‘Actively Validated Services’ (AVS).
Overview of EigenLayer 🗒️
EigenLayer is a new paradigm that promises to shake up the staking landscape. The EigenLayer protocol enables ETH to be staked across multiple AVS’ at once. Validators can both validate the Ethereum network and other AVS’ built on top of Ethereum, such as consensus protocols, data availability layers, oracle networks, keeper networks, and bridges, among others. EigenLayer accepts natively staked ETH and liquid staked tokens (LSTs) like Lido’s stETH, RocketPool’s rETH, Coinbase’s cbETH, and the Liquid Collective’s LsETH.
Stakers opt in by granting the EigenLayer smart contracts the ability to impose additional slashing conditions on their staked ETH. If a staker performs a malicious action on another AVS they are validating with their stake, their staked ETH can get commensurately slashed. This helps increase the security of the underlying dApps utilising the AVS, since they inherit the security of Ethereum which is much higher than the security of any individual AVS. This also enables the value of ETH itself to increase, since stakers can earn fees for validating transactions across AVS’ and therefore earn a higher overall yield.
EigenLayer is meant to operate on a flywheel model (as is, seemingly, every tech company out there today). In EigenLayer’s feedback loop, the more value generated by an AVS using EigenLayer -> higher return for ETH stakeholders -> higher value of ETH -> higher security for each AVS -> increased incentives for new AVS’ to build on EigenLayer. It is important to note that if there is a slashing event across protocols that impacts a large number of ETH restakers at the same time, this dampens the yield for those restakers and can lead to the flywheel unravelling in the opposite direction while simultaneously compromising the security of the Ethereum network.
The EigenLayer team plans to release the protocol in a phased manner. The first step was the testnet launch, which took place in April 2023, followed by the mainnet launch expected in Q3 2023. Then, the testnet and mainnet for stakers will launch, after which the testnet and mainnet for AVS’ will go live by end-2023.
How Does EigenLayer Work? 🤷
To enable AVS’ to be secured by restaked ETH rather than their own tokens, Ethereum validators must set their withdrawal credentials on Ethereum to the EigenLayer smart contracts and opt into validating AVS’ utilising EigenLayer. The validators then download and run any additional software required to validate these AVS’. The modules can impose additional slashing conditions on the validators’ staked ETH, and in exchange for their validation services, receive additional revenue from the AVS’.
There is a feedback loop in which the more value a service provided using EigenLayer has, the better the return for ETH stakeholders, resulting in a higher value for ETH and ETH security, and the security for each EigenLayer project. This gives new projects an incentive to build on EigenLayer.
Let’s now dive into a few central features of EigenLayer.
Flexibility for Validators
Validators can choose which AVS’ to stake their ETH against based on their individual risk/reward preferences. The Risk/Reward scale below illustrates this. Here, the risk of securing AVS’ A and C and the rewards from doing so are within the staker’s Risk/Reward preferences, while the Risk/Reward of securing AVS B is outside their preferences. The staker can choose to secure only A and C and not B.
Optionality for AVS’
Every AVS also has optionality in choosing which tokens to accept as stake for their AVS. For example, AVS A may accept all types of ETH, AVS B may only accept natively restaked ETH, and AVS C may only accept natively restaked ETH and RocketPool’s rETH.
The optionality for AVS’ extends to their choice of restakers. Based on their on-chain (and in some cases, even off-chain) activity, every restaker may have its own distinguishing traits, defined by their Verifiable Credentials (VCs), soulbound tokens, and their interactions with various dApps and protocols. AVS’ can incorporate this data into their acceptance criteria for restakers, allowing them to recruit restakers based on a combination of various traits. For example, an AVS may specify that only Ethereum home validators who have a particular soulbound token may restake with on their network, increasing the decentralisation of the AVS.
AVS’ also have optionality in defining the quorum required for transactions to be validated. They can:
Choose to use two quorums: Here, one quorum needs to restake ETH and another needs to stake the AVS’ native token (say $ABC). A transaction is only valid if a majority of both quorums votes in favour. In this case, the AVS can combine the majority response from both quorums. For example, the AVS defines a quorum of 100k ETH and 1 million $ABC. The ETH quorum needs to be >60%, and the $ABC quorum needs to be >40%. To validate a transaction, at least 60k ETH and 400k $ABC needs to vote in favour. The AVS can define several other conditions as well; for example, they can say that the transaction is only valid if both quorums are met, or they can say that the transaction is only valid if either quorum is met. This gives a lot of flexibility to AVS’ and allows them to granularly tune the security of their networks.
Choose to use only one quorum: Here, the only relevant quorum is that of restaked ETH – if a majority of validators vote in favour, the transaction is valid.
Slashing
Slashing is a critical component of EigenLayer’s model. Each AVS has an on-chain slashing contract; if a restaker has behaved maliciously on the AVS, the slashing contract receives this information and slashes the restaker’s ETH. As an example, assume that a subset of ETH validators is restaking on and securing AVS A. They then decide to collude and maliciously steal and bridge out some of the AVS’ assets by signing an incorrect transaction on the AVS. Other validators observing the activity (e.g., other validators on the AVS) could submit a fraud proof on Ethereum, resulting in the malicious validators’ stake being slashed.
Delegation
Restakers who have ETH delegated to them can opt in to EigenLayer using this delegated stake. The restakers receive fees from both Ethereum and the AVS’ they are also securing using EigenLayer. They keep a fraction of the fees as compensation and pass the rest along to delegators. This brings a new dimension to the role of delegates, and delegators must consider the specific AVS’ that delegates are also validating when they choose who to delegate their ETH to.
Solo stakers (i.e., independent stakers who operate on their own and run and manage their staking activities individually) also have optionality: they can either directly select AVS’ to provide validation services to or delegate their EigenLayer operations to another entity while continuing to validate for ETH on their own. While there are no incentives built into EigenLayer that make it the economically sound decision for delegates to be trustworthy, there is the potential for a module to be built on top of EigenLayer that enables this.
What Problems Does EigenLayer Solve? 🎯
There are two core problems with the Ethereum ecosystem that EigenLayer aims to solve.
Fractured Trust and Security Networks
One of the prime benefits of Ethereum is the economic security it provides to dApps building on the network. ETH stakers validate transactions taking place on dApps built on them – for example, a transaction that takes place on Uniswap is validated by ETH stakers. This allows for all dApps built on Ethereum to benefit from the pooled security of the network. The blockchain supplies trust and security to a dApp and is compensated in exchange with fees. Figure 4 below explains this:
The same courtesy is not afforded to AVS’ building on Ethereum, as we explored above. These AVS’ must bootstrap their own validator networks, which is difficult and time-consuming, and serves to reduce the AVS’ security and trust. It divides the total capital of the ecosystem into smaller and smaller chunks, providing insufficient levels of security and trust for each network.
The same courtesy is not afforded to AVS’ building on Ethereum, as we explored above. These AVS’ must bootstrap their own validator networks, which is difficult and time-consuming, and serves to reduce the AVS’ security and trust. It divides the total capital of the ecosystem into smaller and smaller chunks, providing insufficient levels of security and trust for each network.
Currently, validators wishing to secure an AVS incur significant capital costs equivalent to the opportunity cost and price risk associated with staking in a new system. Consider a new AVS with native token $ABC. The token’s liquidity and usage is likely to be low (and will definitely be lower than that of ETH), and its price is likely to be volatile. The success of that token is nowhere close to guaranteed and stakers on the new AVS take a huge risk in holding $ABC and validating on the AVS. This risk must be compensated with high enough staking returns, which creates an inflationary token system and significantly increases the complexity and cost of running the AVS. Moreover, users also need to pay fees to the AVS on top of the fees they pay to Ethereum. This results in higher costs for users and causes value to leak from Ethereum.
The Weakest Link
A major disadvantage of having to bootstrap multiple AVS’ and fracture trust across networks is reduced security for dApps utilising the AVS’. Take the example of a newly launched oracle network being used to provide price feeds for assets by a lending and borrowing dApp built on Ethereum. When a user deposits a token (say BTC) as collateral and borrows stablecoins, if the price of the collateral drops below a certain level, the collateral will get liquidated. If the oracle network has a small amount of stake securing it, the economic cost of manipulating the network is relatively low. If the liquidity and market cap of the oracle network’s tokens is low, the value of the staked tokens will be volatile. If the tokens dump in price a lot, the cost of attacking the network decreases. This can be seen in the rising number of oracle manipulation attacks across DeFi.
As Figure 5 above shows, even if the dApp is built on Ethereum, its security undermined by the security of the weakest components – in this case, the oracle and identity components. Therefore, even if Ethereum itself provides strong security guarantees, the security of the dApp is still undermined by the component with the lowest level of security. The AVS’ in the infrastructure layer must ensure that the price of their tokens remains stable. If the token value cannot be maintained, the AVS may be forced to run its own validators, resulting in centralisation.
EigenLayer’s Mission
EigenLayer aims to solve the above two problems. A new AVS can bootstrap security from Ethereum’s large, decentralised validator set, which serves to significantly reduce the capital cost and increase capital efficiency for ETH validators since their capital is utilised across multiple networks. The cost to attack and manipulate infrastructure components like oracle networks significantly increases, making the entire stack more secure.
Use Cases 💼
EigenDA: Data Availability
To bootstrap adoption and incentivise stakers to use the protocol, EigenLayer has created a product called EigenDA, a data availability layer, to solve the ‘data availability problem’.
Data availability refers to the ability of validator nodes to download the transaction data contained within all blocks processed on the blockchain. How quickly the data is made available determines the transactions per second (TPS) processed by the blockchain. To increase TPS, the hardware requirements of running a full node need to increase – but if the requirements increase, there would be fewer full nodes and the level of centralisation of the network would increase. Forcing a large number of nodes to download, verify, and store the data massively reduces throughput.
Rather than using full nodes, Ethereum Layer 2 solutions (L2s) use powerful computers called ‘sequencers’ for transaction computation and execution. Sequencers process transactions off-chain before sending them on-chain to be finalised. Obtaining the sequencer’s transaction data in a timely manner is critical for scalability and trust, and without these, there would be no way of keeping the sequencers honest. Moreover, when the sequencer ‘dumps’ its data onto the data availability layer of the parent blockchain (like Ethereum), the full nodes on Ethereum need to keep up with the sequencer to ensure that it does not withhold any data and save us from having to trust that the sequencer is behaving honestly.
EigenLayer has developed a solution to the data availability problem called EigenDA which enables much cheaper and higher throughput – Ethereum’s current data bandwidth is 80 kbps, while EigenDA promises a bandwidth of 15 mbps. After the L2 receives the data from its sequencer, it publishes a cryptographic proof that it has received the data to the EigenDA smart contract. The proof is also distributed to the EigenDA nodes, who compare it with the proof published on the EigenDA smart contract and signs an attestation confirming that both proofs are the same. The L2 then collects these signatures, generates one ‘aggregated’ signature, and publishes them to the EigenDA smart contract which verifies the signatures. To ensure that the EigenDA nodes really store the data, a fraud proof can be submitted by anyone to the EigenDA smart contract that a node does not hold the data. If this proves to be true, the node gets slashed. Mantle, a L2 solution, is one of the first blockchains that is currently building to integrate EigenDA.
Decentralised Sequencers
One of the main problems with L2s today is that the sequencers they used are centralised. Sequencers face the same network bootstrapping problem we spoke about above, making it very difficult to find a set of diverse validators who can enable decentralisation. Using EigenLayer, L2s can utilise the large validator set already serving Ethereum to decentralise their sequencers.
Scaling Zero-Knowledge Proving for ZK Rollups
As we explored in our last article on Zero-Knowledge Proofs, it is still expensive for ZK rollups to verify proofs on Ethereum mainnet. This leads them to post proofs infrequently to Ethereum, which delays the settlement of the transactions on the L2. Restakers on EigenLayer with a large amount of ETH staked can participate in proof verification off-chain and certify that the proofs are legitimate on-chain, reducing proof verification time. Again, to ensure that the proof has been verified correctly, anyone can submit a fraud proof to the EigenLayer smart contract.
Rapid Development of Infrastructure
EigenLayer makes it trivial for any type of infrastructure to be spun up by significantly reducing the time and cost of bootstrapping the security of that infrastructure component. This allows for quick innovation at all levels of the stack shown in Figure 5 above.
Verification of Event-Driven Actions
In smart contracts, actions can be triggered based on certain events occurring. An example is the BTC lending and borrowing use case outlined in the ‘What Problems Does EigenLayer Solve?’ section above, where the ‘event’ is the price of the BTC collateral falling below a certain threshold, and the ‘action’ is the liquidation of the BTC collateral. In EigenLayer’s context, ETH that is staked both on Ethereum mainnet / a L2 solution and another chain / dApp can be used to verify events that impact both entities, providing stronger guarantees at the risk of being slashed.
Risks ⛔️
Systemic Risk
Given that it shakes up the Ethereum staking landscape, EigenLayer has a few substantial risks. The first and most important one is the systemic risk emanating from the interconnectedness of AVS’ that build on EigenLayer. As an example, assume that a large proportion of restakers are validating AVS’ A, B, C, and D. If there is a slashing event that impacts all these AVS’ at once, maybe if the restakers maliciously collude to corrupt all the AVS’ and steal funds, there could be a significant impact on the security of Ethereum itself while simultaneously lowering the security of all those AVS’. This will then cascade into more AVS’ being susceptible to attacks, which breaks the entire system and could be a cataclysmic contagion event for the entire Ethereum ecosystem. This negative flywheel must be avoided at all costs.
EigenLayer is attempting to tackle this problem head-on by creating a dashboard that will enable AVS’ to monitor whether the restakers operating on their networks are also validating across many other AVS’. The AVS then has the flexibility to put a specification that they will only accept restakers who are operating across ‘X’ networks, according to their risk preferences. However, this is not built into EigenLayer and is just an option chosen by AVS’. It may still lead to a high level of systemic risk and a form of ‘risk reduction algorithm’ needs to be built into EigenLayer and enforced at a protocol level to mitigate systemic risk.
In a very timely manner, Vitalik just published a brilliant article that goes to the root of the systemic risk issue of appropriating Ethereum’s consensus mechanism to dApps built on Ethereum. The article outlines a number of ways in which a solution like EigenLayer needs to be very carefully managed in order to not mis-utilise Ethereum’s consensus and expose it to a variety of risks that could end up hobbling the entire system. It is crucial to read this article to understand the dimensions of risk that EigenLayer could bring to Ethereum, why we as a community need to be very aware of this from the very beginning, and how EigenLayer can be built in a manner as to first and foremost mitigate these risks.
Issues with the EigenLayer Smart Contracts
Since the ability to slash ETH is given entirely to EigenLayer, if EigenLayer itself gets compromised or exploited in some manner, honest nodes could get slashed. This would compromise security across Ethereum and other AVS’, hugely reduce confidence in EigenLayer itself, and again cause a negative feedback loop.
Lower Slashing Conditions
If AVS’ have lower slashing conditions, i.e., they decrease the number of events for which a restaker could be slashed in order to attract more restakers with higher yield and relatively lower downside risk, it will be difficult to catch malicious nodes. This would negatively impact security across the AVS and could even lead to the AVS going down, which would drastically lower the incentive to use EigenLayer and result in another negative feedback loop. This can potentially be mitigated by EigenLayer mandating a certain consistency in slashing conditions across AVS’.
Selling Pressure on AVS’ Native Tokens
AVS’ would have to pay out yield to restakers, either in ETH, their native token, or both. This could lead to constant selling pressure on their native token as restakers cash out of the native token for ETH or any other asset, which may reduce the incentives for AVS’ to build on EigenLayer.
Team and Investors🤵♂️🤵♀️
To date, EigenLayer has raised $54.4 million in its Series A round from a large number of reputable investors including the likes of Blockchain Capital, Polychain, Ethereal Ventures, Coinbase Ventures, Electric Capital, Figment Capital, and Robot Ventures, among others.
EigenLayer’s founder is Sreeram Kannan, an Associate Professor at the University of Washington who is a ‘researcher in information sciences and its applications in blockchains, AI, wireless and computational biology.’ This, along with the fact that he has been involved in the blockchain space since 2014, indicates that he has the knowledge, depth, and granular understanding of the Ethereum and staking ecosystem needed to build such a complex system as EigenLayer.
To ensure that EigenLayer’s execution succeeds, Sreeram’s technical chops are complemented by the business and strategy chops of Calvin Liu, EigenLayer’s Chief Strategy Officer, and Chris Dury, EigenLayer’s COO. Calvin has significant experience in building DeFi protocols, evinced by his previous role as the Strategy Lead at Compound Labs and his current role as an investor at Divergence Ventures. Chris, on the other hand, has been a CEO in a past life, and was also a GM and Director at AWS and the SVP of Product at Domino Data Lab, a machine learning platform.
The rest of EigenLayer’s team is similarly strong, with the VP of Engineering, Sid Sanyal, having extensive experience at Facebook and AWS, and a previous stint at Protocol Labs, the team building Filecoin and IPFS, showcasing his expertise in the blockchain space as well. Other roles in the team are as expected (and needed): PMs, smart contract engineers, etc.
All in all, the team seems well-positioned to execute on EigenLayer’s vision but must take care in making the product as simple and intuitive to use for both stakers and AVS’ while very carefully managing and mitigating the systemic risk brought about by EigenLayer.
Thoughts from Using the Protocol 🖱️
Given that EigenLayer has only launched its testnet to date, it is obviously slightly difficult and non-intuitive to use the protocol. For example, look at the interface below:
There is no information about what ‘Restaked Points’ are or any easy user flow to understand how to restake and which protocols can be secured using rETH or stETH, which are the two options presented. There is also no information about what an ‘EigenPod’ is, and for example, no guides on how to change the validator withdrawal address to EigenLayer’s smart contract, the first step in restaking with EigenLayer. Moreover, there is also no easy way to buy the ETH to be used on the Goerli testnet, not even through MetaMask, which severely inhibits users in trying the protocol out.
The UI is directed completely towards people who know exactly how to use EigenLayer, which is not how it should be. It needs to be made obvious how to use it, even in the testnet phase, so that potential users get comfortable with the platform and explore how it would be to use it. The UX needs to be overhauled and it should be easy for users to try the protocol out and understand what it is all about.
Tokenomics and Governance 💸 ⚖️
The tokenomics story is very simple: there is none. Sreeram Kannan has mentioned that services will not be secured by a token, which is a good idea given the complexity of the protocol, the amount of development and integrations needed to enable wide-scale adoption, and the various complications that a token can bring that can distract the team from the original mission. Not releasing a token now also does not mean that one cannot be released in the future.
EigenLayer’s governance functions are also not well-developed yet. The governance committee today has one function: to protect against unintended slashing. The first mitigation against any bugs is smart contract audits, which each AVS will have to do before opting into EigenLayer. The second is a reputation-based governance committee, which is comprised of prominent members of the Ethereum and EigenLayer community and can veto slashing decisions via a multisig. The committee has 3 roles:
Enabling upgrades to the EigenLayer contracts;
Reviewing and vetoing slashing events;
Admitting new AVSs into the slashing review process.
This brings some centralisation to governance, but it is necessary that the early stage of EigenLayer’s development is guided by an informed and committed group of stakeholders. The centralisation is slightly mitigated by the committee having no ability to trigger slashing itself. The committee is also necessary because it gives AVS’ confidence that they will not be subject to incorrect slashing due to bugs.
Over time, it is important (even critical) for EigenLayer to develop a robust governance framework that gets ossified and ensures sufficient decentralisation in the running of the protocol, both from a censorship-resistant and regulatory perspective.
Traction 📉
Given that EigenLayer has only released its testnet, its traction is obviously limited. However, there are signs of (a lot of) life. Firstly, as mentioned above, Mantle, a L2 solution, is currently building to integrate EigenDA. Secondly, there has been significant usage of EigenLayer’s testnet, as can be seen below:
Lastly, there is constant activity on EigenLayer’s GitHub. The EigenLayer contracts have had 308 commits since March 27, indicating a lot of development and interest in the protocol.
Closing Thoughts ⌛
EigenLayer is an extremely innovative protocol that has the potential to transform the dynamics and economics of Ethereum. Wide usage of EigenLayer can make it much simpler for infrastructure to be built on top of Ethereum and therefore increase the pace of innovation and broader adoption. However, it is crucial to understand the risks that EigenLayer could present to Ethereum, especially in terms of the systemic risks it could surface that may hobble the entire Ethereum ecosystem. Therefore, it is critical for this protocol to be developed, deployed, and adopted methodically and conservatively, and for any systemic risk to be managed proactively. All in all, EigenLayer heralds a new era in the age of Ethereum and it will be fascinating to see how this protocol grows over time.
Bibliography 📖
https://medium.com/iosg-ventures/eigenlayer-bringing-ethereum-level-trust-to-middleware-c5c426bc8c33
https://www.blog.eigenlayer.xyz/eigenlayer-mainnet-launch-benefits-of-early-restaking-2/
Disclaimer
This is a personal blog. Any views or opinions represented in this blog are personal and belong solely to the article authors and do not represent those of people, institutions or organizations that those authors may or may not be associated with in professional or personal capacity, unless explicitly stated. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. Any views or opinions are not intended to malign any religion, ethnic group, club, organization, company, or individual.
👇🏽 please hit the ♥️ button below if you enjoyed this post.