Maximum Viable Security: A New Framing for Ethereum Issuance
by @artofkot, @damcnuta, @sonyasunkim, @adcv_
Appreciate feedback from @ppclunghe, @ks_kulk, @lazyleger, Juan Beccuti, @entigdd, @stakesaurus, @hasufl, @lex_node, @_vshapolapov, @brettpalatiello
Table of Contents
- TLDR: Embrace security
- 1. The foundations of the Maximum Viable Security (“MVS”) framework
- 2. Analysis of Ethereum Issuance reduction proposal within the MVS framework
- 3. Putting it all together
TLDR: Embrace security
Given Ethereum’s goal of building a secure and sovereign distributed system, we believe viewing Ethereum’s monetary policy through the lens of Minimum Viable Issuance (MVI) is not appropriate. Instead, we propose Maximum Viable Security (MVS) as a new framework for the community to consider in the Ethereum issuance debate. That is,
From: Minimum Viable Issuance (MVI) – minimize issuance, without compromising security.
→
To: Maximum Viable Security (MVS) – maximize security, without compromising scarcity.
After covering the motivation and foundations behind MVS, we evaluate Ethereum issuance reduction proposals through the MVS lens. We show that issuance reduction can compromise security and neutrality in a direct way, through staked ETH concentration with Centralized Exchanges – and this effect, on balance, far outweighs the advantages of cutting the issuance.
1. The foundations of the Maximum Viable Security (“MVS”) framework
1.1. Ethereum has a clear goal: build a secure and sovereign distributed system for everyone
There are many goals of this project; one key goal is to facilitate transactions between consenting individuals who would otherwise have no means to trust one another.
Source: Ethereum Yellow Paper (link)
The growth of Ethereum’s market capitalization from 0 to $400bn today underscores the market’s confidence in its current and future potential. This value hinges on Ethereum’s ability to validate state changes transparently, securely, and sovereignly.
Security is a crucial part of the value proposition. Without sybil resistance and slashing defense (programmable or social) against 34% double-signing attacks, a settlement layer would not be trusted by participants. A secure validation layer is the most scalable (link) foundation for providing transaction settlement with incorruptible finality.
Sovereignty is equally important – Ethereum should be able to defend against more subtle 51% attacks such as short-range reorgs and censoring (link), and should be able to resist coercion by state actors. If Ethereum loses sovereignty (aka autonomy), it loses its value as a neutral settlement mechanism:
"Decentralization" is the broad distribution of a system's intrinsic/accepted forms of power, protecting users against arbitrary exercises of power from the recognized legitimate 'authorities' within the system's logic (e.g., validators). "Autonomy" is the system's resistance against extrinsic/unaccepted forms of power, protecting users against all exercises of power from authorities outside the system's logic (e.g., government authorities).
Source: lex_node (link)
While 34% attacks are costly and 51% attacks are to some extent bounded by reputation and social slashing, a gradual coercion by state actors on independent validators is more feasible, and can even be unintentional. For instance, the European Securities and Markets Authority (ESMA) recently suggested (link) viewing MEV as a form of market manipulation subject to notification requirements from validators. Such regulations could make it impracticable for node operators to continue to function in Europe. In a worst-case outcome, these regulations could propagate to the rest of the world and impose artificial restrictions on how the consensus algorithm works.
High autonomy is therefore maintained through robust decentralization among validators, which includes:
- Client software diversity: running different types of validator software to avoid concentration risk from bugs.
- Node operator diversity: different, independent entities running validator software to prevent individual node operators reaching higher levels of control.
- Geographic and jurisdictional diversity: different levels of base-level infrastructure — such as connectivity to the internet, power supply, law authorities and jurisdictions — that are capable of influencing node operators.
1.2. A diverse staking economy is key
1.2.1. Stakers
Stakers fall into three main categories:
- Retail and Institutions: These participants delegate their staking to Centralized Exchanges (CEXs)
- On-chain Actors: They delegate their staking to Decentralized Staking Middleware (DSM), such as Liquid Staking Tokens (LSTs) or decentralized pools, as well as Liquid Restaking Token protocols (LRTs) and Centralized Staking Providers (CSPs).
- Solo Stakers: These users choose not to delegate and run validators independently
1.2.2. Validating entities
Note: CSP numbers do not include capital delegated from DSM/LRTs. The above numbers are approximate and for illustration purposes; they are our best estimates from Dune (1, 2), as of June 30th 2024.
A hypothetical scenario where most ETF Ether is staked with custodial services, like Coinbase, suggests that this is where most of future inflows will likely originate. Recent Bitcoin ETFs have seen ~$15b of inflows. Proportionally applied to Ethereum, this could mean about 4m ETH. Notably, 8 out of 11 Bitcoin ETFs use Coinbase as their custodian, a pattern that may repeat with ETH.
1.2.3. Entities’ decentralization
Contributions to decentralization and thus censorship resistance and neutrality can be approximated as follows: Solo Stakers > Decentralized Staking Middleware > Liquid Restaking Protocols > Centralized Staking Providers > CEXs.
- Solo Stakers: Contribute the most to decentralization because each adds an additional validator
- DSM: Efficiently distribute delegated stake among many parties, bonded via reputation (Lido) or collateral (Rocket Pool, Lido’s Community Staking Module). Their impact on Ethereum’s decentralization is measurable and significant, with data on operational diversity publicly available and regularly updated (link). The Herfindahl-Hirschmann Index (HHI) can also provide a useful proxy on the effect on validation concentration (link)
- Restaking Infrastructure: While not cost-optimized for native staking, these protocols distribute stake among fewer node operators without aggregating it under one entity
- Centralized Staking Providers: Risk aggregating large amounts of stake, but competition among them can bolster decentralization if many can sustain independent businesses
- CEXs: Benefit the most from the power law distribution of AUM, often driving staked ETH concentration. Coinbase, for instance, is the largest node operator with nearly 15% market share.
1.3. There is no future-proof safe level of Security
Anders Lowsson suggests (link) that Ethereum should reduce its issuance, arguing that “excessive incentives for staking, beyond what is necessary for security, can unfortunately over time turn into perverse subsidies, with many downsides.” However, this raises the question of what constitutes “adequate incentives for staking” and what level of security is truly necessary.
What exactly is "neutrality"? I see that term being used in handwavy fashion, especially when scaling comes up, and it's hard to know what we mean by "preserving credible neutrality" at the moment. Would be nice to get some info there. :)
Source: eawosikaa (link)
Today’s global capital markets are valued in the hundreds of trillions of dollars, while Ethereum represents only a tiny fraction of that. For Ethereum to become a neutral settlement layer for the world, its cost of corruption would need to be in the hundreds of billions, if not trillions, of dollars, to capture the value that could be extracted in a possible attack. For context, large value payment systems (excluding retail payments) cleared quadrillions of dollars in value in 2022 (link). In comparison, over the past 12mos, stablecoin transfer value on Ethereum just about cleared $8tn, or 0.5% (link). This is consistent with the proportion of market capitalization of Ethereum relative to global capital markets (well under 1% as well).
The slightest risk of insufficient security would stagnate Ethereum’s growth – decentralization and the resulting neutrality is Ethereum’s #1 competitive advantage. No risk should be taken to erode that, and instead, we should seek to strengthen it even further. To answer Emmanuel’s question, in our framing, we would use “neutrality” interchangeably with “sovereignty” and “autonomy”: ability to defend against censorship and coercion attacks (link). Such that the cost of “coercion” is always higher than the benefit from manipulating the state.
Anders’ argument assumes that a 34% double-singing attack is so costly and 51% censorship attack is so unlikely today, that the network can afford to focus on strengthening other layers. If Ethereum were already a major part of the world’s capital markets, this argument might hold more weight, as incremental risks would be smaller. However, reducing today the network’s most crucial features—security and sovereignty—would compromise the network’s ability to grow.
Currently, Ethereum’s social layer serves as the final defense (link) against norm violations that threaten its credible neutrality. However, this social layer is structurally fragile. It requires constant vigilance from the community so that enforcement can occur on a daily basis. Yet, as Ethereum grows, massive new inflows might bypass today’s social layer altogether. If a large bank, say, staked $1tn worth of Ether with a CEX, what chance does a community of open source developers have to enforce social norms? The key question, as Emmanuel points out, is: What is the threshold for security that Ethereum needs today and in the future? The MVI proposal, in our view, fails to address this critical question, focusing instead on the other effects of reducing the security budget.
1.4. Reframing the discourse: expansion over efficiency
Ethereum should balance incentives for all stakeholders to ensure the highest level of security. This balance involves weighing long-term sustainability and expansion vs short-term efficiency to create enduring security value.
MVS suggests that instead of asking “how much could we reduce issuance for staking efficiency”, we should be asking “how much network incentivisation do we need to perpetuate decentralization to maintain and expand security”.
Strategically, MVI and MVS represent two different paths for Ethereum’s growth. MVI focuses on minimizing costs, benefiting ETH holders in the short term. MVS, on the other hand, emphasizes building a long-lasting moat around the network, optimizing long-term value creation for all stakeholders, including ETH holders.
Ethereum’s unique appeal lies in its secure, credibly neutral blockspace. Unlike commodity blockspace, which competes on price, secure blockspace competes on features. Similar to the advanced chip industry, where success depends on computational ability rather than price, Ethereum should compete on the magnitude of security it offers. This security creates an enduring competitive advantage, accelerating value creation across the ecosystem.
There is a subtlety in that the market cap of Ethereum is a variable that contributes to security, and so minimizing issuance can be seen as bolstering security. Superficially, there is a reflexive effect, where Ethereum’s security both causes and is driven by its market cap. However, we believe that Ethereum’s security making ETH valuable is the primary causation, and therefore security needs to be prioritized. Below we illustrate diagrammatically the alternative value creation paths for Ethereum contributors deciding between MVS and MVI.
2. Analysis of Ethereum Issuance reduction proposal within the MVS framework
We posit that, under the MVS framework, Ethereum issuance reduction proposals risk creating downstream effects that would compromise Ethereum’s security value. Overall, we believe that ETH’s moneyness stands to increase with greater security and autonomy, to a degree that far outweighs the downsides of issuance or externalities such as capital gains taxes.
2.1. The assumption that Ethereum overpays for security is wrong: less issuance may lead to centralization of the validator set
2.1.1 ETF inflows would exacerbate centralization in the context of a 33% stake cap
Lowering the target stake ratio (link) could lead to a concentration of staked ETH with Centralized Exchanges (CEXs), driving capital away from decentralized alternatives.
Consider a scenario where a 33% cap (equivalent to 40.6 million staked ETH) is implemented, and the curve enacts a sharp drop of yield to zero as stake ratio increases from 30% (36.6 million ETH) to 33% (40.6 million ETH). Suppose Ether ETFs are launched in the US, attracting significant capital inflows. If these ETFs use Coinbase as their custodian (as 8 out of 11 BTC ETF issuers do), this could lead to $15 billion in inflows, adding approximately 4.5 million ETH to Coinbase’s custody. The simulated impact on the validation market might look like this; the 40.1m max staked ETH being slightly lower then 40.6 represents the fact that when yield becomes extremely low there is no marginal staker at all on the market.
| Illustrative impact on validation market with a 33% MVI limit | Current composition | Effect in 4 years | Future composition |
|---|---|---|---|
| ETH staked | 33.1m | +7m | 40.1m |
| ETH held with Coinbase | 17.5m | +4.5m (ETFs) | 22m |
| ETH held & staked with Coinbase | 4.3m | +10m | 14.3m |
| ETH staked on-chain via LSTs/LRTs | 13.7m | -2m | 11.7 |
| ETH staked by other entities | 15.1 | -1m | 14.1 |
- Market forces and fiduciary duties ensure that CEXs like Coinbase squeeze the maximum amount of profit from staking-as-a-service (for their customers and ETF issuers), and long-term the majority of their holdings are staked.
We model the above impact by assigning a 10m staked ETH inflow to Coinbase. When Coinbase’s stake reaches 7.8 million, total staked ETH will be about 36.6 million, causing rewards to drop sharply. Consequently:
- Lido stETH and other LST/LRT users, being sophisticated on-chain actors, will seek higher rewards elsewhere. The switching cost of moving capital on-chain is extremely low, so there is no incentive for capital to stay – the capital will leave for higher yields in DeFi.
- CSPs will exit these protocols since the 5% fee from middleware won’t cover their costs.
We model the above two impacts by assigning a 2 million ETH outflow to LSTs/LRTs and a 1 million ETH outflow to other entities.
- Meanwhile, CEXs like Coinbase can continue offering staking products because their marginal costs are extremely low, and can even be offset by other business segments. Their customers may remain loyal or lack alternatives due to regulations or unsophisticated nature of the user base. This can happen despite Coinbase having higher fees (25%) compared to better-performing alternatives (5-15%).
In this scenario, Coinbase could control 14.3 million ETH, surpassing the 33% network control threshold independently, while Lido and other DSMs lose market share.
2.1.2 Staked ETH concentration with CEXs doesn’t necessarily have to happen with a higher stake cap
Without the cap, both CEXs and on-chain market segments could coexist without putting pressure on each other due to sufficient demand for staking. LSTs, LRTs and CSPs wouldn’t face the dramatic yield decrease that would occur when Coinbase’s stake reaches 7.8 million ETH. Some might argue that Coinbase would undercut other staking providers by lowering its 25% fee. However, this is uncertain. Coinbase’s customer base seems inelastic, meaning the most profitable strategy might be to maintain or even increase their fees. In addition, even if Coinbase goes after the on-chain market and lowers their fees, the market may not be fully efficient – some people might prefer to stick with LSTs due to their decentralization preference.
In a highly segmented market, margins don’t need to uniformly compress, leaving space for both CEXs/CSPs and LSTs/restaking segments to thrive. LSTs and CEXs serve distinct market segments. For CEXs, the most profitable approach is to charge high fees from retail and institutional clients (e.g., Coinbase’s 25%) without directly competing with LSTs. Targeting stake ratios could stifle the market for on-chain actors but not significantly affect the market for retail and institutional clients.
Thus, in the absence of a stake cap, the coexistence of various staking actors could lead to a more balanced distribution of staked ETH across different market segments.
2.1.3 MVI effect on the ratio of solo stakers
The importance of this effect is overrated
Approximately 30 million ETH is delegated, while only 3 million is solo staked. It is evident that delegation dominates as a modality of staking. The key issue is ETH concentration with CEXs, rather than the interaction between solo stakers and LSTs.
| Grouping | Approximate stake | Type |
|---|---|---|
| CEXs | 10m | Delegated |
| LSTs, LRTs, CSPs | 20m | Delegated |
| Solo stakers | 3m | Solo staked |
LSTs and CSPs can also contribute to overall network quality
While solo stakers are often seen as the backbone of Ethereum’s network security, the contributions of LSTs and centralized staking providers are undervalued.
There is a lot of nuance to the emergent risks of malicious actors emerging from LSTs such as Lido. There certainly are risks (cf. Mike Neuder’s extensive post on the subject, link). However, there are also many benefits to deterministic stake allocation to professional or larger node operators. It’s possible for solo stakers to have different motivations than an LST whose main objective is to decentralize Ethereum validation (link). Some of the most noteworthy examples of malicious proposers, for example, have come from solo validators, such as those involved in the April 3rd, 2023 MEV Boost exploit (link).
Centralized staking providers and LSTs are quantifiably more performant validators than solo stakers. There is significant existing data (link) today to quantify proposer effectiveness and attester effectiveness, which drive fewer missed slots and attestations, faster block propagation and chain finalization. Overall the network is much more stable and responsive with professional validators than it would otherwise be, but also more decentralized.
Issuance reductions would likely decrease the share of solo stakers
Some argue that solo stakers are less elastic with respect to yield, because they are as a cohort more heterogeneous than other validating entities, and hence have a steeper supply curve.
However, our simplified analysis of Ethereum validator economics shows this argument is flawed. Solo stakers in fact have much higher fixed costs, making them much less adaptable to a low issuance rates compared to larger node operators. Specifically,
For solo stakers:
- Staking APR is lower and closer to the Median staking APR (i.e. 2.4% per Rated, link) than scale node operators due to the unpredictability of proposer rewards, tips and MEV
- The costs of running a single validator include hardware (32 GB RAM, 4 TB SSD) and electricity. Home internet plans are sufficient for solo stakers, so broadband cost is assumed to be 0 (no incremental cost).
- In this set up, 100% of solo staker’s total costs are fixed costs. Assuming hardware depreciation of 5 years, profit margins are >90% to solo stakers
- We exclude the need to reserve 32 ETH in capital as collateral, which brings the capital outlay (though not outright investment) significantly higher
Then consider, on the opposite end of the spectrum, a large centralized node operator with 100,000 validators:
- Staking APR is higher and closer to the Average staking APR (i.e. 3.3% per Rated, link) as stake pooling smoothes the unpredictable components of both CL (proposer rewards) and EL (tips + MEV) rewards
- Costs include hardware but also significant operational costs including technical and marketing staff
- Hardware and internet are fixed costs, electricity is a variable cost and staff costs can be seen as a semi-variable cost
- Employment footprint can be eventually adjusted should the top line be negatively impacted
- Counting half of the maintenance & growth spend as fixed and the other half as variable, we arrive at fixed costs representing 64% of the large node operators’ total costs (i.e. much less than solo stakers). Profit margins are also lower than those of solo stakers
| Assumptions | |
|---|---|
| ETH ($) | 3,500 |
| Average staking APR | 3.3% |
| Median staking APR | 2.4% |
| MVI reduction assumed | 2.0% |
| Illustrative Annual P/L | Current | |||
|---|---|---|---|---|
| Solo Staker | Large Node Operator | |||
| Quantity | $ | Quantity | $ | |
| # of validators | 1 | 112,000 | 100,000 | 11,200,000,000 |
| Staking APR | 2.4% | 3.3% | ||
| Staking income | 2,677 | 367,360,000 | ||
| Commission | 10% | 36,736,000 | ||
| Hardware cost | 800 | 7,750,000 | ||
| Computer/servers | 1 | 800 | 350 | 7,000,000 |
| Backup servers | 100 | 750,000 | ||
| Operational cost | 74 | 19,794,780 | ||
| Electricity | 70Wh, $0.12/kWh | 74 | 750Wh/server, $0.12/kWh | 354,780 |
| Internet connection | No incremental cost | 0 | 540GB/month/val @ $0.03/GB | 19,440,000 |
| Maintenance & growth | 0 | 11,400,000 | ||
| Technical staff | 0 | 70 | 8,400,000 | |
| Marketing/admin staff | 0 | 30 | 3,000,000 | |
| Cybersecurity/miscellaneous | 0 | 1,000,000 | ||
| Total cost (assume 5Y hardware depreciation) | 234 | 32,744,780 | ||
| o/w fixed cost | 100% | 64% | ||
| o/w variable cost | 0% | 36% | ||
| Payback period on capex (months) | 3.9 | 23.3 | ||
| Annual income/loss | 2,443 | 3,991,220 | ||
| Profit margin (excl. ETH at stake) | 91.3% | 10.9% |
In the event that MVI reduces staking APR for all stakers (e.g. -200bps), the below scenario analysis helps visualize how different stakers may be impacted differently. High level:
- Solo stakers have very limited, if no, way of adjusting their underlying costs. 100% of the reduced staking rewards will fall through to the bottom line, resulting in a dramatic reduction in profit margin. As a result, the payback period on capex (i.e. hardware) multiplies from 3.9 months to 47.2 months in our example, without considering the need to raise 32 ETH to activate a validator to begin with. This raises the question of whether incremental demand from new solo stakers could be sustained in the post-MVI world
- Meanwhile, large node operators have more levers to pull to protect their profits and capex payback periods
- As in Scenario 1, node operators can raise their commission
- As in Scenario 2, node operators can raise their commission and reduce variable costs, notably staff costs
- With very minor changes to their structure they can come back to prior levels of profit
| Illustrative Annual P/L | If staking APR reduces by 200bps | |||||
|---|---|---|---|---|---|---|
| Solo Staker | Large Node Operator - Scenario 1 | Large Node Operator - Scenario 2 | ||||
| Quantity | $ | Quantity | $ | Quantity | $ | |
| # of validators | 1 | 112,000 | 100,000 | 11,200,000,000 | 100,000 | 11,200,000,000 |
| Staking APR | 0.4% | 1.3% | 1.3% | |||
| Staking income | 437 | 143,360,000 | 143,360,000 | |||
| Commission | 25% | 35,840,000 | 25% | 35,840,000 | ||
| Hardware cost | 800 | 7,750,000 | 7,750,000 | |||
| Computer/servers | 1 | 800 | 350 | 7,000,000 | 350 | 7,000,000 |
| Backup servers | 100 | 750,000 | 100 | 750,000 | ||
| Operational cost | 74 | 19,794,780 | 19,794,780 | |||
| Electricity | 70Wh, $0.12/kWh | 74 | 354,780 | 354,780 | ||
| Internet connection | No incremental cost | 0 | 19,440,000 | 19,440,000 | ||
| Maintenance & growth | 0 | 11,400,000 | 10,504,000 | |||
| Technical staff | 0 | 70 | 8,400,000 | 64 | 7,739,789 | |
| Marketing/admin staff | 0 | 30 | 3,000,000 | 28 | 2,764,211 | |
| Cybersecurity/miscellaneous | 0 | 1,000,000 | 1,000,000 | |||
| Total cost (assume 5Y hardware depreciation) | 234 | 32,744,780 | 31,848,780 | |||
| o/w fixed cost | 100% | 64% | 66% | |||
| o/w variable cost | 0% | 36% | 34% | |||
| Payback period on capex (months) | 47.2 | 30.0 | 23.3 | |||
| Annual income/loss | 203 | 3,095,220 | 3,991,220 | |||
| Profit margin (excl. ETH at stake) | 46.5% | 8.6% | 11.1% |
Illustrative figures can be found here
Due to the presence of a higher proportion of fixed costs, solo stakers (and smaller node operators alike) will show higher sensitivity to changes in staking rewards compared to larger node operators. The corollary is that as MVI reduces staking reward APR, the marginal players may be priced out, leading to a greater centralization of stake. This would exacerbate the already decreasing trend of solo stakers alongside Ethereum’s issuance compression over time.
Source: Dune (link)
2.2. LST dominance and cost-modeling are inadequate arguments for issuance reduction
2.2.1. Issuance as a cost is a reductive framing
“Issuance as a cost” concerns the dilution effect on native ETH holders and the potential welfare loss due to externalities like taxes.
The first component focuses on the direct impact of issuance. It redistributes network ownership from unstaked ETH holders to staked ETH holders. High issuance rates force ETH holders to stake to avoid dilution. This increases Ethereum’s security and neutrality but comes with inconvenience and some risk for native ETH holders – which, under MVS, doesn’t qualify as strongly undesirable. Moreover, the cumulative effect could even be seen as beneficial, to the extent that more stake landing with a distributed set of validators justifies investors’ inconvenience.
The second component addresses additional costs for stakers due to taxes. ETH holders who earn staking rewards may face tax obligations, creating additional sell pressure. However, this concern is specific to certain jurisdictions and points in time. Furthermore, the impact of this sell pressure on Ethereum’s overall functionality is questionable. Assuming 3.5% staking rewards, a $400bn ETH market cap, and 30% average taxes paid by all stakers, we get $4.2bn in annual sell pressure. Given Ethereum’s daily trading volume is in billions, absorbing 1% sell pressure over a year seems immaterial. Furthermore, LSTs such as wstETH may even provide an efficient way to postpone the tax payments, since the tax event might be triggered only when wstETH is sold.
Even though ETH market cap is significant in determining attack costs, the relatively minor effect of sell pressure does not provide enough security benefits to justify reducing issuance. The trade-offs include potential staked ETH concentration, loss of sovereignty, and a more substantial decrease in market cap as a result.
2.2.2. Stakers getting higher real vs nominal yield is not significant
This argument, while mathematically beautiful (link), is not significant in magnitude. It does not affect security and neutrality in any way; in fact, it is not at all clear if there is any benefit to Ethereum in fewer stakers getting higher real yield compared to more stakers getting less real yield. In addition, this analysis assumes concave supply curves with respect to nominal yield, while it is possible that at a higher staking ratio we should adjust our analysis to concave supply curves with respect to real yield.
2.2.3. Reducing LST dominance shouldn’t be a primary objective of Ethereum’s monetary policy
This argument is directly related to security and neutrality, and thus can be analyzed under a security-maximizing framework.
In his article (link) Mike Neuder analyzed various directions and magnitudes of possible Lido attacks on Ethereum in the future. While there are several potential attacks, all of them have a corresponding mitigation plan. Dual governance is at the heart of many of those mitigations. DG is a mechanism that allows stETH holders to slow down Lido’s governance and exit from the protocol before any decision is made. This mechanism is in active and final stages of development (link).
Another argument for issuance reduction is that stETH risks substituting ETH as the de-facto money and collateral. While there is certainly a possibility that LSTs wind up replacing a lot of ETH functionality in DeFi, it does not diminish the moneyness of ETH – all LSTs are underscored by ETH, and thus derive their value from ETH. In order to execute any of these transactions, users will still need ETH to pay for gas, at the very least. Furthermore, ETH will continue to be bridged to various L2s either way, so at a baseline ETH velocity will already decline with broader adoption of L2s, without compromising its moneyness.
Finally, there are unintended consequences to targeting individual applications in an opinionated manner in order to manipulate the viability of ETH as collateral or as commodity money. The long-term roadmap of Ethereum should not be hostage to short-term tactical considerations, least of all on the application layer. The growth of LSTs has allowed the growth of user activity on Ethereum and has also increased the velocity and usage of Ether itself.
3. Putting it all together
MVI, as a framework, ultimately suggests to squeeze as much as possible out of staking, so that stakers’ cost and revenue are more or less at the same low rate. The major problem of this approach is that market forces structurally do not reward decentralization, and ultimately drive stake concentration to CEXs, which are entities with the lowest cost validators and the most inelastic customer base. Thus the downside of MVI is undermining the security and neutrality of Ethereum. In our view, the benefits of MVI, such as decreasing the selling pressure from taxes, do not justify taking this risk on balance.
MVS, on the other hand, suggests evaluating monetary policies primarily through the lens of how it affects security and neutrality, the core value propositions of Ethereum. One of the arguments for issuance reduction, namely to tackle LST dominance, indeed falls into MVS focus. However, the security and neutrality concerns of LST dominance are of second order in nature (“if dual governance doesn’t work”, “LST becomes an additional risk layer for all users”, etc). Meanwhile, stake accumulating in CEXs rather than in LSTs, LRTs or even CSPs creates a very real risk of staked ETH concentration with one single entity. As such, we do not see the case where LST dominance risk outweighs the risk of stake concentration with CEXs.
While we presented the MVS framework, and accordingly evaluated the issuance reduction proposal, the natural question stands: what would be the right issuance policy under the MVS approach? This is an incredibly complex and deep question that we would like to explore in future. Some of the directions that we have in mind include:
- How do we quantifiably measure security? Is there a way for a protocol to see its security? Credit to the contributions from the StakeSure (link) paper in this direction.
- Guided by MVS, rather than focusing on value creation through cost reductions, we should instead consider the value creation by improving security and neutrality. There is a heuristic argument that increasing issuance can improve security through making the network more complex via a more diverse validator set. Is there a way to make this precise? How do we make sure that the extra issued ETH strictly improves security and neutrality?
- Is there a case for a marginal improvement analysis: the more diverse the validator set is, the more complex the network becomes, and improvements to security could have increasing marginal contributions. (Similar to how complexity contributes to entropy and layered security, link)
Disclosure: authors are variously affiliated with cyber.fund, Lido DAO, Steakhouse Financial, Progrmd Capital
