Maximum Viable Security: A New Framing for Ethereum Issuance

Maximum Viable Security: A New Framing for Ethereum Issuance

by @artofkot, @damcnuta, @sonyasunkim, @adcv_

Appreciate feedback from @ppclunghe, @ks_kulk, @lazyleger, Juan Beccuti, @entigdd, @stakesaurus, @hasufl, @lex_node, @_vshapolapov, @brettpalatiello


Table of Contents


TLDR: Embrace security

Given Ethereum’s goal of building a secure and sovereign distributed system, we believe viewing Ethereum’s monetary policy through the lens of Minimum Viable Issuance (MVI) is not appropriate. Instead, we propose Maximum Viable Security (MVS) as a new framework for the community to consider in the Ethereum issuance debate. That is,

From: Minimum Viable Issuance (MVI) – minimize issuance, without compromising security.

To: Maximum Viable Security (MVS) – maximize security, without compromising scarcity.

After covering the motivation and foundations behind MVS, we evaluate Ethereum issuance reduction proposals through the MVS lens. We show that issuance reduction can compromise security and neutrality in a direct way, through staked ETH concentration with Centralized Exchanges – and this effect, on balance, far outweighs the advantages of cutting the issuance.

1. The foundations of the Maximum Viable Security (“MVS”) framework

1.1. Ethereum has a clear goal: build a secure and sovereign distributed system for everyone

There are many goals of this project; one key goal is to facilitate transactions between consenting individuals who would otherwise have no means to trust one another.
Source: Ethereum Yellow Paper (link)

The growth of Ethereum’s market capitalization from 0 to $400bn today underscores the market’s confidence in its current and future potential. This value hinges on Ethereum’s ability to validate state changes transparently, securely, and sovereignly.

Security is a crucial part of the value proposition. Without sybil resistance and slashing defense (programmable or social) against 34% double-signing attacks, a settlement layer would not be trusted by participants. A secure validation layer is the most scalable (link) foundation for providing transaction settlement with incorruptible finality.

Sovereignty is equally important – Ethereum should be able to defend against more subtle 51% attacks such as short-range reorgs and censoring (link), and should be able to resist coercion by state actors. If Ethereum loses sovereignty (aka autonomy), it loses its value as a neutral settlement mechanism:

"Decentralization" is the broad distribution of a system's intrinsic/accepted forms of power, protecting users against arbitrary exercises of power from the recognized legitimate 'authorities' within the system's logic (e.g., validators). "Autonomy" is the system's resistance against extrinsic/unaccepted forms of power, protecting users against all exercises of power from authorities outside the system's logic (e.g., government authorities).
Source: lex_node (link)

While 34% attacks are costly and 51% attacks are to some extent bounded by reputation and social slashing, a gradual coercion by state actors on independent validators is more feasible, and can even be unintentional. For instance, the European Securities and Markets Authority (ESMA) recently suggested (link) viewing MEV as a form of market manipulation subject to notification requirements from validators. Such regulations could make it impracticable for node operators to continue to function in Europe. In a worst-case outcome, these regulations could propagate to the rest of the world and impose artificial restrictions on how the consensus algorithm works.

High autonomy is therefore maintained through robust decentralization among validators, which includes:

  • Client software diversity: running different types of validator software to avoid concentration risk from bugs.
  • Node operator diversity: different, independent entities running validator software to prevent individual node operators reaching higher levels of control.
  • Geographic and jurisdictional diversity: different levels of base-level infrastructure — such as connectivity to the internet, power supply, law authorities and jurisdictions — that are capable of influencing node operators.

1.2. A diverse staking economy is key

1.2.1. Stakers

Stakers fall into three main categories:

  1. Retail and Institutions: These participants delegate their staking to Centralized Exchanges (CEXs)
  2. On-chain Actors: They delegate their staking to Decentralized Staking Middleware (DSM), such as Liquid Staking Tokens (LSTs) or decentralized pools, as well as Liquid Restaking Token protocols (LRTs) and Centralized Staking Providers (CSPs).
  3. Solo Stakers: These users choose not to delegate and run validators independently

1.2.2. Validating entities


Note: CSP numbers do not include capital delegated from DSM/LRTs. The above numbers are approximate and for illustration purposes; they are our best estimates from Dune (1, 2), as of June 30th 2024.

A hypothetical scenario where most ETF Ether is staked with custodial services, like Coinbase, suggests that this is where most of future inflows will likely originate. Recent Bitcoin ETFs have seen ~$15b of inflows. Proportionally applied to Ethereum, this could mean about 4m ETH. Notably, 8 out of 11 Bitcoin ETFs use Coinbase as their custodian, a pattern that may repeat with ETH.

1.2.3. Entities’ decentralization

Contributions to decentralization and thus censorship resistance and neutrality can be approximated as follows: Solo Stakers > Decentralized Staking Middleware > Liquid Restaking Protocols > Centralized Staking Providers > CEXs.

  • Solo Stakers: Contribute the most to decentralization because each adds an additional validator
  • DSM: Efficiently distribute delegated stake among many parties, bonded via reputation (Lido) or collateral (Rocket Pool, Lido’s Community Staking Module). Their impact on Ethereum’s decentralization is measurable and significant, with data on operational diversity publicly available and regularly updated (link). The Herfindahl-Hirschmann Index (HHI) can also provide a useful proxy on the effect on validation concentration (link)

  • Restaking Infrastructure: While not cost-optimized for native staking, these protocols distribute stake among fewer node operators without aggregating it under one entity
  • Centralized Staking Providers: Risk aggregating large amounts of stake, but competition among them can bolster decentralization if many can sustain independent businesses
  • CEXs: Benefit the most from the power law distribution of AUM, often driving staked ETH concentration. Coinbase, for instance, is the largest node operator with nearly 15% market share.

1.3. There is no future-proof safe level of Security

Anders Lowsson suggests (link) that Ethereum should reduce its issuance, arguing that “excessive incentives for staking, beyond what is necessary for security, can unfortunately over time turn into perverse subsidies, with many downsides.” However, this raises the question of what constitutes “adequate incentives for staking” and what level of security is truly necessary.

What exactly is "neutrality"? I see that term being used in handwavy fashion, especially when scaling comes up, and it's hard to know what we mean by "preserving credible neutrality" at the moment. Would be nice to get some info there. :)
Source: eawosikaa (link)

Today’s global capital markets are valued in the hundreds of trillions of dollars, while Ethereum represents only a tiny fraction of that. For Ethereum to become a neutral settlement layer for the world, its cost of corruption would need to be in the hundreds of billions, if not trillions, of dollars, to capture the value that could be extracted in a possible attack. For context, large value payment systems (excluding retail payments) cleared quadrillions of dollars in value in 2022 (link). In comparison, over the past 12mos, stablecoin transfer value on Ethereum just about cleared $8tn, or 0.5% (link). This is consistent with the proportion of market capitalization of Ethereum relative to global capital markets (well under 1% as well).

The slightest risk of insufficient security would stagnate Ethereum’s growth – decentralization and the resulting neutrality is Ethereum’s #1 competitive advantage. No risk should be taken to erode that, and instead, we should seek to strengthen it even further. To answer Emmanuel’s question, in our framing, we would use “neutrality” interchangeably with “sovereignty” and “autonomy”: ability to defend against censorship and coercion attacks (link). Such that the cost of “coercion” is always higher than the benefit from manipulating the state.

Anders’ argument assumes that a 34% double-singing attack is so costly and 51% censorship attack is so unlikely today, that the network can afford to focus on strengthening other layers. If Ethereum were already a major part of the world’s capital markets, this argument might hold more weight, as incremental risks would be smaller. However, reducing today the network’s most crucial features—security and sovereignty—would compromise the network’s ability to grow.

Currently, Ethereum’s social layer serves as the final defense (link) against norm violations that threaten its credible neutrality. However, this social layer is structurally fragile. It requires constant vigilance from the community so that enforcement can occur on a daily basis. Yet, as Ethereum grows, massive new inflows might bypass today’s social layer altogether. If a large bank, say, staked $1tn worth of Ether with a CEX, what chance does a community of open source developers have to enforce social norms? The key question, as Emmanuel points out, is: What is the threshold for security that Ethereum needs today and in the future? The MVI proposal, in our view, fails to address this critical question, focusing instead on the other effects of reducing the security budget.

1.4. Reframing the discourse: expansion over efficiency

Ethereum should balance incentives for all stakeholders to ensure the highest level of security. This balance involves weighing long-term sustainability and expansion vs short-term efficiency to create enduring security value.

MVS suggests that instead of asking “how much could we reduce issuance for staking efficiency”, we should be asking “how much network incentivisation do we need to perpetuate decentralization to maintain and expand security”.

Strategically, MVI and MVS represent two different paths for Ethereum’s growth. MVI focuses on minimizing costs, benefiting ETH holders in the short term. MVS, on the other hand, emphasizes building a long-lasting moat around the network, optimizing long-term value creation for all stakeholders, including ETH holders.

Ethereum’s unique appeal lies in its secure, credibly neutral blockspace. Unlike commodity blockspace, which competes on price, secure blockspace competes on features. Similar to the advanced chip industry, where success depends on computational ability rather than price, Ethereum should compete on the magnitude of security it offers. This security creates an enduring competitive advantage, accelerating value creation across the ecosystem.

There is a subtlety in that the market cap of Ethereum is a variable that contributes to security, and so minimizing issuance can be seen as bolstering security. Superficially, there is a reflexive effect, where Ethereum’s security both causes and is driven by its market cap. However, we believe that Ethereum’s security making ETH valuable is the primary causation, and therefore security needs to be prioritized. Below we illustrate diagrammatically the alternative value creation paths for Ethereum contributors deciding between MVS and MVI.

2. Analysis of Ethereum Issuance reduction proposal within the MVS framework

We posit that, under the MVS framework, Ethereum issuance reduction proposals risk creating downstream effects that would compromise Ethereum’s security value. Overall, we believe that ETH’s moneyness stands to increase with greater security and autonomy, to a degree that far outweighs the downsides of issuance or externalities such as capital gains taxes.

2.1. The assumption that Ethereum overpays for security is wrong: less issuance may lead to centralization of the validator set

2.1.1 ETF inflows would exacerbate centralization in the context of a 33% stake cap

Lowering the target stake ratio (link) could lead to a concentration of staked ETH with Centralized Exchanges (CEXs), driving capital away from decentralized alternatives.

Consider a scenario where a 33% cap (equivalent to 40.6 million staked ETH) is implemented, and the curve enacts a sharp drop of yield to zero as stake ratio increases from 30% (36.6 million ETH) to 33% (40.6 million ETH). Suppose Ether ETFs are launched in the US, attracting significant capital inflows. If these ETFs use Coinbase as their custodian (as 8 out of 11 BTC ETF issuers do), this could lead to $15 billion in inflows, adding approximately 4.5 million ETH to Coinbase’s custody. The simulated impact on the validation market might look like this; the 40.1m max staked ETH being slightly lower then 40.6 represents the fact that when yield becomes extremely low there is no marginal staker at all on the market.

Illustrative impact on validation market with a 33% MVI limit Current composition Effect in 4 years Future composition
ETH staked 33.1m +7m 40.1m
ETH held with Coinbase 17.5m +4.5m (ETFs) 22m
ETH held & staked with Coinbase 4.3m +10m 14.3m
ETH staked on-chain via LSTs/LRTs 13.7m -2m 11.7
ETH staked by other entities 15.1 -1m 14.1
  1. Market forces and fiduciary duties ensure that CEXs like Coinbase squeeze the maximum amount of profit from staking-as-a-service (for their customers and ETF issuers), and long-term the majority of their holdings are staked.

We model the above impact by assigning a 10m staked ETH inflow to Coinbase. When Coinbase’s stake reaches 7.8 million, total staked ETH will be about 36.6 million, causing rewards to drop sharply. Consequently:

  1. Lido stETH and other LST/LRT users, being sophisticated on-chain actors, will seek higher rewards elsewhere. The switching cost of moving capital on-chain is extremely low, so there is no incentive for capital to stay – the capital will leave for higher yields in DeFi.
  2. CSPs will exit these protocols since the 5% fee from middleware won’t cover their costs.

We model the above two impacts by assigning a 2 million ETH outflow to LSTs/LRTs and a 1 million ETH outflow to other entities.

  1. Meanwhile, CEXs like Coinbase can continue offering staking products because their marginal costs are extremely low, and can even be offset by other business segments. Their customers may remain loyal or lack alternatives due to regulations or unsophisticated nature of the user base. This can happen despite Coinbase having higher fees (25%) compared to better-performing alternatives (5-15%).

In this scenario, Coinbase could control 14.3 million ETH, surpassing the 33% network control threshold independently, while Lido and other DSMs lose market share.

2.1.2 Staked ETH concentration with CEXs doesn’t necessarily have to happen with a higher stake cap

Without the cap, both CEXs and on-chain market segments could coexist without putting pressure on each other due to sufficient demand for staking. LSTs, LRTs and CSPs wouldn’t face the dramatic yield decrease that would occur when Coinbase’s stake reaches 7.8 million ETH. Some might argue that Coinbase would undercut other staking providers by lowering its 25% fee. However, this is uncertain. Coinbase’s customer base seems inelastic, meaning the most profitable strategy might be to maintain or even increase their fees. In addition, even if Coinbase goes after the on-chain market and lowers their fees, the market may not be fully efficient – some people might prefer to stick with LSTs due to their decentralization preference.

In a highly segmented market, margins don’t need to uniformly compress, leaving space for both CEXs/CSPs and LSTs/restaking segments to thrive. LSTs and CEXs serve distinct market segments. For CEXs, the most profitable approach is to charge high fees from retail and institutional clients (e.g., Coinbase’s 25%) without directly competing with LSTs. Targeting stake ratios could stifle the market for on-chain actors but not significantly affect the market for retail and institutional clients.

Thus, in the absence of a stake cap, the coexistence of various staking actors could lead to a more balanced distribution of staked ETH across different market segments.

2.1.3 MVI effect on the ratio of solo stakers

The importance of this effect is overrated

Approximately 30 million ETH is delegated, while only 3 million is solo staked. It is evident that delegation dominates as a modality of staking. The key issue is ETH concentration with CEXs, rather than the interaction between solo stakers and LSTs.

Grouping Approximate stake Type
CEXs 10m Delegated
LSTs, LRTs, CSPs 20m Delegated
Solo stakers 3m Solo staked
LSTs and CSPs can also contribute to overall network quality

While solo stakers are often seen as the backbone of Ethereum’s network security, the contributions of LSTs and centralized staking providers are undervalued.

There is a lot of nuance to the emergent risks of malicious actors emerging from LSTs such as Lido. There certainly are risks (cf. Mike Neuder’s extensive post on the subject, link). However, there are also many benefits to deterministic stake allocation to professional or larger node operators. It’s possible for solo stakers to have different motivations than an LST whose main objective is to decentralize Ethereum validation (link). Some of the most noteworthy examples of malicious proposers, for example, have come from solo validators, such as those involved in the April 3rd, 2023 MEV Boost exploit (link).

Centralized staking providers and LSTs are quantifiably more performant validators than solo stakers. There is significant existing data (link) today to quantify proposer effectiveness and attester effectiveness, which drive fewer missed slots and attestations, faster block propagation and chain finalization. Overall the network is much more stable and responsive with professional validators than it would otherwise be, but also more decentralized.

Issuance reductions would likely decrease the share of solo stakers

Some argue that solo stakers are less elastic with respect to yield, because they are as a cohort more heterogeneous than other validating entities, and hence have a steeper supply curve.

However, our simplified analysis of Ethereum validator economics shows this argument is flawed. Solo stakers in fact have much higher fixed costs, making them much less adaptable to a low issuance rates compared to larger node operators. Specifically,

For solo stakers:

  • Staking APR is lower and closer to the Median staking APR (i.e. 2.4% per Rated, link) than scale node operators due to the unpredictability of proposer rewards, tips and MEV
  • The costs of running a single validator include hardware (32 GB RAM, 4 TB SSD) and electricity. Home internet plans are sufficient for solo stakers, so broadband cost is assumed to be 0 (no incremental cost).
  • In this set up, 100% of solo staker’s total costs are fixed costs. Assuming hardware depreciation of 5 years, profit margins are >90% to solo stakers
  • We exclude the need to reserve 32 ETH in capital as collateral, which brings the capital outlay (though not outright investment) significantly higher

Then consider, on the opposite end of the spectrum, a large centralized node operator with 100,000 validators:

  • Staking APR is higher and closer to the Average staking APR (i.e. 3.3% per Rated, link) as stake pooling smoothes the unpredictable components of both CL (proposer rewards) and EL (tips + MEV) rewards
  • Costs include hardware but also significant operational costs including technical and marketing staff
  • Hardware and internet are fixed costs, electricity is a variable cost and staff costs can be seen as a semi-variable cost
    • Employment footprint can be eventually adjusted should the top line be negatively impacted
  • Counting half of the maintenance & growth spend as fixed and the other half as variable, we arrive at fixed costs representing 64% of the large node operators’ total costs (i.e. much less than solo stakers). Profit margins are also lower than those of solo stakers
Assumptions
ETH ($) 3,500
Average staking APR 3.3%
Median staking APR 2.4%
MVI reduction assumed 2.0%
Illustrative Annual P/L Current
Solo Staker Large Node Operator
Quantity $ Quantity $
# of validators 1 112,000 100,000 11,200,000,000
Staking APR 2.4% 3.3%
Staking income 2,677 367,360,000
Commission 10% 36,736,000
Hardware cost 800 7,750,000
Computer/servers 1 800 350 7,000,000
Backup servers 100 750,000
Operational cost 74 19,794,780
Electricity 70Wh, $0.12/kWh 74 750Wh/server, $0.12/kWh 354,780
Internet connection No incremental cost 0 540GB/month/val @ $0.03/GB 19,440,000
Maintenance & growth 0 11,400,000
Technical staff 0 70 8,400,000
Marketing/admin staff 0 30 3,000,000
Cybersecurity/miscellaneous 0 1,000,000
Total cost (assume 5Y hardware depreciation) 234 32,744,780
o/w fixed cost 100% 64%
o/w variable cost 0% 36%
Payback period on capex (months) 3.9 23.3
Annual income/loss 2,443 3,991,220
Profit margin (excl. ETH at stake) 91.3% 10.9%

In the event that MVI reduces staking APR for all stakers (e.g. -200bps), the below scenario analysis helps visualize how different stakers may be impacted differently. High level:

  • Solo stakers have very limited, if no, way of adjusting their underlying costs. 100% of the reduced staking rewards will fall through to the bottom line, resulting in a dramatic reduction in profit margin. As a result, the payback period on capex (i.e. hardware) multiplies from 3.9 months to 47.2 months in our example, without considering the need to raise 32 ETH to activate a validator to begin with. This raises the question of whether incremental demand from new solo stakers could be sustained in the post-MVI world
  • Meanwhile, large node operators have more levers to pull to protect their profits and capex payback periods
    • As in Scenario 1, node operators can raise their commission
    • As in Scenario 2, node operators can raise their commission and reduce variable costs, notably staff costs
    • With very minor changes to their structure they can come back to prior levels of profit
Illustrative Annual P/L If staking APR reduces by 200bps
Solo Staker Large Node Operator - Scenario 1 Large Node Operator - Scenario 2
Quantity $ Quantity $ Quantity $
# of validators 1 112,000 100,000 11,200,000,000 100,000 11,200,000,000
Staking APR 0.4% 1.3% 1.3%
Staking income 437 143,360,000 143,360,000
Commission 25% 35,840,000 25% 35,840,000
Hardware cost 800 7,750,000 7,750,000
Computer/servers 1 800 350 7,000,000 350 7,000,000
Backup servers 100 750,000 100 750,000
Operational cost 74 19,794,780 19,794,780
Electricity 70Wh, $0.12/kWh 74 354,780 354,780
Internet connection No incremental cost 0 19,440,000 19,440,000
Maintenance & growth 0 11,400,000 10,504,000
Technical staff 0 70 8,400,000 64 7,739,789
Marketing/admin staff 0 30 3,000,000 28 2,764,211
Cybersecurity/miscellaneous 0 1,000,000 1,000,000
Total cost (assume 5Y hardware depreciation) 234 32,744,780 31,848,780
o/w fixed cost 100% 64% 66%
o/w variable cost 0% 36% 34%
Payback period on capex (months) 47.2 30.0 23.3
Annual income/loss 203 3,095,220 3,991,220
Profit margin (excl. ETH at stake) 46.5% 8.6% 11.1%

Illustrative figures can be found here

Due to the presence of a higher proportion of fixed costs, solo stakers (and smaller node operators alike) will show higher sensitivity to changes in staking rewards compared to larger node operators. The corollary is that as MVI reduces staking reward APR, the marginal players may be priced out, leading to a greater centralization of stake. This would exacerbate the already decreasing trend of solo stakers alongside Ethereum’s issuance compression over time.


Source: Dune (link)

2.2. LST dominance and cost-modeling are inadequate arguments for issuance reduction

2.2.1. Issuance as a cost is a reductive framing

“Issuance as a cost” concerns the dilution effect on native ETH holders and the potential welfare loss due to externalities like taxes.

The first component focuses on the direct impact of issuance. It redistributes network ownership from unstaked ETH holders to staked ETH holders. High issuance rates force ETH holders to stake to avoid dilution. This increases Ethereum’s security and neutrality but comes with inconvenience and some risk for native ETH holders – which, under MVS, doesn’t qualify as strongly undesirable. Moreover, the cumulative effect could even be seen as beneficial, to the extent that more stake landing with a distributed set of validators justifies investors’ inconvenience.

The second component addresses additional costs for stakers due to taxes. ETH holders who earn staking rewards may face tax obligations, creating additional sell pressure. However, this concern is specific to certain jurisdictions and points in time. Furthermore, the impact of this sell pressure on Ethereum’s overall functionality is questionable. Assuming 3.5% staking rewards, a $400bn ETH market cap, and 30% average taxes paid by all stakers, we get $4.2bn in annual sell pressure. Given Ethereum’s daily trading volume is in billions, absorbing 1% sell pressure over a year seems immaterial. Furthermore, LSTs such as wstETH may even provide an efficient way to postpone the tax payments, since the tax event might be triggered only when wstETH is sold.

Even though ETH market cap is significant in determining attack costs, the relatively minor effect of sell pressure does not provide enough security benefits to justify reducing issuance. The trade-offs include potential staked ETH concentration, loss of sovereignty, and a more substantial decrease in market cap as a result.

2.2.2. Stakers getting higher real vs nominal yield is not significant

This argument, while mathematically beautiful (link), is not significant in magnitude. It does not affect security and neutrality in any way; in fact, it is not at all clear if there is any benefit to Ethereum in fewer stakers getting higher real yield compared to more stakers getting less real yield. In addition, this analysis assumes concave supply curves with respect to nominal yield, while it is possible that at a higher staking ratio we should adjust our analysis to concave supply curves with respect to real yield.

2.2.3. Reducing LST dominance shouldn’t be a primary objective of Ethereum’s monetary policy

This argument is directly related to security and neutrality, and thus can be analyzed under a security-maximizing framework.

In his article (link) Mike Neuder analyzed various directions and magnitudes of possible Lido attacks on Ethereum in the future. While there are several potential attacks, all of them have a corresponding mitigation plan. Dual governance is at the heart of many of those mitigations. DG is a mechanism that allows stETH holders to slow down Lido’s governance and exit from the protocol before any decision is made. This mechanism is in active and final stages of development (link).

Another argument for issuance reduction is that stETH risks substituting ETH as the de-facto money and collateral. While there is certainly a possibility that LSTs wind up replacing a lot of ETH functionality in DeFi, it does not diminish the moneyness of ETH – all LSTs are underscored by ETH, and thus derive their value from ETH. In order to execute any of these transactions, users will still need ETH to pay for gas, at the very least. Furthermore, ETH will continue to be bridged to various L2s either way, so at a baseline ETH velocity will already decline with broader adoption of L2s, without compromising its moneyness.

Finally, there are unintended consequences to targeting individual applications in an opinionated manner in order to manipulate the viability of ETH as collateral or as commodity money. The long-term roadmap of Ethereum should not be hostage to short-term tactical considerations, least of all on the application layer. The growth of LSTs has allowed the growth of user activity on Ethereum and has also increased the velocity and usage of Ether itself.

3. Putting it all together

MVI, as a framework, ultimately suggests to squeeze as much as possible out of staking, so that stakers’ cost and revenue are more or less at the same low rate. The major problem of this approach is that market forces structurally do not reward decentralization, and ultimately drive stake concentration to CEXs, which are entities with the lowest cost validators and the most inelastic customer base. Thus the downside of MVI is undermining the security and neutrality of Ethereum. In our view, the benefits of MVI, such as decreasing the selling pressure from taxes, do not justify taking this risk on balance.

MVS, on the other hand, suggests evaluating monetary policies primarily through the lens of how it affects security and neutrality, the core value propositions of Ethereum. One of the arguments for issuance reduction, namely to tackle LST dominance, indeed falls into MVS focus. However, the security and neutrality concerns of LST dominance are of second order in nature (“if dual governance doesn’t work”, “LST becomes an additional risk layer for all users”, etc). Meanwhile, stake accumulating in CEXs rather than in LSTs, LRTs or even CSPs creates a very real risk of staked ETH concentration with one single entity. As such, we do not see the case where LST dominance risk outweighs the risk of stake concentration with CEXs.

While we presented the MVS framework, and accordingly evaluated the issuance reduction proposal, the natural question stands: what would be the right issuance policy under the MVS approach? This is an incredibly complex and deep question that we would like to explore in future. Some of the directions that we have in mind include:

  • How do we quantifiably measure security? Is there a way for a protocol to see its security? Credit to the contributions from the StakeSure (link) paper in this direction.
  • Guided by MVS, rather than focusing on value creation through cost reductions, we should instead consider the value creation by improving security and neutrality. There is a heuristic argument that increasing issuance can improve security through making the network more complex via a more diverse validator set. Is there a way to make this precise? How do we make sure that the extra issued ETH strictly improves security and neutrality?
  • Is there a case for a marginal improvement analysis: the more diverse the validator set is, the more complex the network becomes, and improvements to security could have increasing marginal contributions. (Similar to how complexity contributes to entropy and layered security, link)


Disclosure: authors are variously affiliated with cyber.fund, Lido DAO, Steakhouse Financial, Progrmd Capital

4 Likes

Thank you for your contribution to the issuance debate. I will offer some brief remarks on your post, often including links to the issuance reduction FAQ.

Section 2

The modeling in Section 2.1.3 is very problematic. It is not correct to base a solo staker’s yield on the short-term median and a delegating staker’s yield on the average. The expected staking yield that solo stakers and staking service providers (SSPs) take home is essentially the same. If the idea is to account for variability in staking rewards for solo stakers, a review of the post on properties of issuance level would be fruitful. Figure 9 in Section 4.2 illustrates how variability in rewards varies with pooling over a year when 29M ETH is staked (based on data of MEV over the preceding year). I reproduce it here and highlight the tiny vertical line segment of the black line, representing only 5 % of 32-ETH stakers over a year. These are the unlucky solo stakers that the text bases its analysis on (note that the expected yield is the same because there are also lucky solo stakers). Over 2-3 years, this vertical line goes away. It would be better to have the expected yield the same for both parties. Variability can still be woven into the argument.

Another remark concerning the model:

If this is so simple, why don’t they do it right now? In any case, note that if node operators raise their commision, the gap between how much of the staking yield that befalls the delegator and solo staker increases. From the perspective of retaining a higher proportion of solo stakers, this could be considered as beneficial.


Concerning Section 2.1.1:

I would expect some actual model here. How do you explain the assigned 10M staked ETH to Coinbase in light of the steady decline among the CEXes in red in the Dune graph in Section 2.1.3 (Coinbase, Kraken, Binance, Bitcoin Suisse)? This decline has taken place even as the staking yield has gradually fallen.


Section 2.1.2 feels like a restatement of the associated discussion in the FAQ. While my biggest concern is the proportion of solo stakers, I still think we can cap the stake, just not at 25%.


Section 2.2.1 “Issuance as a cost is a reductive framing”: does not fully address issuance as a cost, rather just taxes.

This gives a very incomplete picture of issuance policy. The welfare gain to Ethereum from an issuance reduction is addressed in two parts in the FAQ. The first part that we will focus on here explains how reduced costs raise welfare.

In other words, it is insufficient to only address taxes. Relevant costs include hardware and other resources, upkeep, the acquisition of technical knowledge, illiquidity, trust in third parties and other factors increasing the risk premium, various opportunity costs, taxes, etc. We know the cost that the marginal staker assigns to staking from the equilibrium, and can through assumptions regarding the slope of the supply curve quantify the welfare gain from an issuance reduction using the integral of the inverse supply curve. If we force users to choose between incurring costs as stakers, or to subject themselves to increased dilution under equilibrium, they might in the future simply decide to use another blockchain where the imposed costs are lower.


Mostly correct. It is unfortunate that several researchers have pushed this angle without careful consideration, but it is not the fundamental argument for a reduction in issuance policy. The fundamental argument, as previously mentioned, is the cost reduction and macro perspective addressed in the FAQ. In that answer, I outline precisely the topic brought up in Section 2.2.2, highlighting that we must focus on the cost reduction:

Note that to the individual staker, the realization that issuance dilutes them may still be very important. Some stakers may otherwise look only at issuance yield, without considering how the issuance rate increases the inflation rate, ultimately reducing the proportion of all tokens they retain. There is value in highlighting that, even while it is not the reason to reduce issuance. This topic is discussed in a separate answer in the FAQ, also addressing the influence of the slope of the supply curve, as discussed in Section 2.2.2, in the form of an isoproportion map.

In my original thread on minimum viable issuance I captured both the welfare gain (orange area in the figure from the link) and the benefit to the individual staker and non-staker (attainable change in proportion held, which has later been dubbed “real yield” or “proportional yield”) from an issuance reduction in a single graph. This treatment may have led some researchers to not fully appreciate that two separate issues were being simultaneously uncovered.


Section 2.2.3:

It is very hard to understand this statement. Retaining a viable application layer is a key reason for pursuing MVI. A situation where some applications can be “held hostage” by an incumbent LST monopoly is scary. It would only benefit the SSPs at the expense of Ethereum’s users. Quoting from the FAQ:

Francesco’s tweet about retaining a trustless asset within Ethereum is particularly astute here.

I find it surprising that people seem to be ok with a future where eth is replaced by LSTs (possibly one, possibly custodial). What good is decentralization of staking if there is no trustless asset? Imho the staking economics debate should focus on this point first


Section 1

Quote from Section 1.3. “There is no future-proof safe level of Security”:

There is value in having a high cost-of-corruption (CoC). However, security needs to be approached holistically. Excessive issuance can render the native token less valuable in the long run, thus reducing the blockchain’s economic security. This is due to the welfare loss associated with compelling users to incur higher costs than necessary for securing the network, as previously discussed. The perspective on economic security I outline in the FAQ seems reasonable in this context:

I recognize that the post indeed takes a different stand on this topic in Section 1.4 and posits that it is instead increased stake participation that is a key to making ETH valuable. Besides the arguments against this that I have presented in my remarks so far, the argument can also be made that beyond certain levels of stake participation, even short-term security begins to degrade. The social layer may lose its neutrality and credibility as the ultimate arbitrator against attacks from dominant SSPs. This argument can be better understood by first analyzing our different positions on the topic as reflected in this part in the end of Section 1.3:

This paragraph implies that the social layer must impose its will through the validator set. However, what is normally meant by the “final defense” is that the social layer can convene to act one layer above the consensus mechanism, in the event of, for example, a 51% attack. People are the last line of defense. In this regard, a proof-of-stake blockchain run by open source developers is certainly not helpless if a large bank were to degrade the consensus mechanism. There are a range of defensive strategies, whose mere existence would presumably scare off any would-be attacker. This leads us to a discussion of the “macro perspective”. A greater concern is namely what would happen if excessive issuance corrupts the social layer:

Section 3

Finally some notes on the conclusions where I somewhat repeat previous answers.

The marginal staker will always have the same cost as revenue under equilibrium—it derives no surplus. An important point of MVI is indeed to reduce costs for Ethereum’s users, thus providing a welfare gain to token holders. It follows from the notion of identical cost and revenue that this must involve a reduction in the marginal staker’s revenue.

Highlighting again that taxes are merely a small part of the costs, as explained in my answer relating to Section 2.2.1.

I am not sure what you refer to by making the network more complex, but building a complex money-lego based on LSTs is in my view very problematic and can impute structural risks on Ethereum.

You can’t. The extra issued ETH will just compel users to take on more and more costs in aggregate (loss of liquidity, hardware costs, taxes, etc.).

7 Likes

Suggest putting your disclosure at the top of the post.