Summary
Chaos Labs has been researching an approach to effectively measure and manage AVS risk on ether.fi given what is currently known about slashing and other factors. The approach proposed here focuses on optimizing the protocol microstructure in terms of AVS and node operator distribution, while incorporating the duration element introduced by long-term security commitments.
Two measures are developed that measure the diversification of AVS and node operator exposure. We propose onboarding AVSs in a way that allows for sufficient diversification by capping allowable exposures with a view to improving this over time as the industry develops.
Introduction
In the previous post, we discussed several risks associated with AVSs and their impact on ether.fi. Given the rapidly evolving nature of this field and the numerous uncertainties, the best way to mitigate potential pitfalls is by minimizing dependencies on specific AVSs or Network Operators (NOs) through strategic distribution. Additionally, it is crucial to ensure sufficient liquidity in eETH to absorb market volatility. As mentioned in the previous post, eETH liquidity on ether.fi is managed at four levels: weETH liquidity in DEXs satisfy regular flows in and out of the token, the eETH liquidity pool for rapid conversions and to provide an arbitrage backbone for the peg, normally restaked ETH with a one-week unstaking period, and eETH reserved for long-term contracts. To manage this effectively, we propose a two-step optimization process.
- Ring fence a defined liquidity pool in ETH to satisfy eETH redemptions. A methodology for optimizing the size of this pool is being worked on currently using the Chaos Labs simulation engine.
- Distribute the remaining available eETH among various AVSs. It’s crucial to consider the characteristics of the reward tokens and opportunity costs involved. Not all the rest eETH should be locked in long-term commitments.
In the future, as more information becomes available about the characteristics of native token inflationary returns and associated slashing risks, this process will be improved to include these critical risk-return factors. However, we believe it is crucial to prioritize maintaining sufficient liquidity, even if it potentially results in a slight decrease in returns.
In this work, we will focus specifically on AVS onboarding and allocation, and leaving rightsizing the liquidity pool for the next research piece. While it may be challenging to explicitly define the exact dependence on each AVS and NO, we will introduce new metrics designed to closely quantify the potential impact on ether.fi from the failure of any third-party.
While, the primary issue we aim to address is the onboarding of new AVSs, it’s essential to recognize that with the introduction of pooled security, every decision to onboard a new AVS also alters the distribution of ether.fi’s NOs. Therefore, it is necessary to analyze these issues in parallel. To facilitate this analysis, we will introduce two different measures, AVS weight (AVSw) and Node Operator weight (NOw).
The objective of AVSw and NOw metrics is to represent, as clearly and simply as possible, the dependence of ether.fi on third-party services. In other words, the metrics should assign a higher value if an issue with a particular entity would significantly impact eETH holders or if the entity would be difficult to replace.
Definitions:
AVS weight (AVSw) definition
The simplest version of this measure could simply be the total value restaked to each AVS, TVRi, however, as we highlighted in the previous post there are other risks to consider. The measure developed here incorporates the reliance on specific node operators (should that exist), and the duration the restake is committed for.
The same eETH can be used to secure more than one AVS, reducing its security value since it will be subject to more slashing conditions. To address this, Eigenlayer introduced the concept of “unique security” in their most recent blog post. In the future, each NO will be able to specify the amount of stake subject to slashing by each AVS, allowing the total unique security for each AVS to better represent its dependence on them. We are monitoring developments around this, and will implement in our methodology this as soon as more details are available.
As there are no detailed specifics on how this will be implemented, we attempt to replicate this value with what we define as effective TVL (ETVL). In simple terms, ETVL simulates distributing the unique liquidity equally across all AVSs secured by an NO. For instance, if an NO is securing 5 AVSs with 100k eETH, it effectively contributes only 20k eETH as ETVL to each AVS:
On the other hand, we should consider that the involvement of more operators in securing an AVS indicates higher resource allocation, and a potential slash or bug, would impact more NOs, potentially affecting a greater number of ether.fi commitments.
Finally, it is also crucial to factor in the locking period, weighted by the size of each commitment, as follows:
NO weight (NOw) definition
Again, we could initially define the measure simply by the amount of eETH delegated to each operator (TVDi), but this approach doesn’t capture the full complexity. It is reasonable to argue that the more AVSs a NO supports, the more critical they become to ether.fi, and consequently, the risk of them being slashed in the future increases. Furthermore, if an AVS relies heavily on a particular NO, then ether.fi’s dependence on that NO also increases. For instance, if there is an AVS secured solely by one ether.fi NO, it creates a potential single point of failure, which must be taken into consideration:
Current state of ether.fi
For a clearer understanding of these formulas, let’s use an example with the current weight values, with TLi = 2 weeks. Additionally, considering that only 1120k out of the 2000k eETH are currently delegated, it’s important to factor this into our calculations when determining the weight share of each entity.
In this example we assume that the total eETH necessary to manage liquidity risk is 10% for simplicity. Currently only 62% of the available stake is delegated. To accommodate this, we will multiply the weight share of each AVS and NO by this multiplier to provide a more accurate measure of the risk:
| AVS | AVSw | AVSw Share |
|---|---|---|
| EigenDA | 22488 | 67.60% |
| eoracle | 733 | 2.20% |
| Lagrange State Committees | 97 | 0.30% |
| Brevis | 12532 | 3.80% |
| Xterio Mach | 155 | 0.47% |
| AltLayer | 155 | 0.47% |
| NO | NOw | NOw Share |
|---|---|---|
| ether.fi-8 - DSRV | 174 | 7.80% |
| ether.fi-1 - Pier Two | 216 | 9.70% |
| ether.fi-2 - P2P.org | 218 | 9.80% |
| ether.fi-4 - Finoa | 165 | 7.40% |
| ether.fi-3 - DSRV | 310 | 14.00% |
| ether.fi-6 - A41 | 148 | 6.70% |
| ether.fi-5 - Cosmostation | 74 | 3.30% |
| ether.fi-9 - Nethermind | 54 | 2.20% |
| ether.fi-7 - Chainnodes | 145 | 6.50% |
| ether.fi-11 - Validation Cloud | 63 | 2.90% |
| ether.fi-10 - Node.Monster | 47 | 2.10% |
| ether.fi-12 | 45 | 2.00% |
At first glance, it is apparent that while the weights of the NOs are fairly distributed, there is a significant imbalance on the AVS side, with a notable concentration towards EigenDA, as expected.
Hypothetically, consider that ether.fi wants to add 600k eETH to an AVS A, which is supported by operators 1,4,9,11, 12. Although there are several possible combinations for allocation, the one that minimizes the max AVSp share involves adding 150k eETH to operator 12 and including AVS A with all five NOs. The proposed final distribution would then be as follows:
| AVS | AVSw Share |
|---|---|
| EigenDA | 63.20% |
| eoracle | 2.40% |
| Lagrange State Committees | 0.30% |
| Brevis | 3.80% |
| Xterio Mach | 0.51% |
| AltLayer | 0.51% |
| AVS A | 16% |
| NO | NOw Share |
|---|---|
| ether.fi-1 - Pier Two | 11.50% |
| ether.fi-4 - Finoa | 8.50% |
| ether.fi-9 - Nethermind | 2.90% |
| ether.fi-11 - Validation Cloud | 3.30% |
| ether.fi-12 | 10.50% |
Although there will still be a significant concentration within the AVSs, we observe that the new AVS A will maintain a manageable weight, as well as all the NOs involved.
Allocation Decision
ether.fi faces certain constraints when allocating AVS restake amongst node operators that are not present in liquid staking tokens. These include:
- AVS allocations amongst Node Operators are all or nothing: A node operator cannot validate an AVS using only a portion of its delegation.
- Rebalancing AVS allocations amongst Node Operators carries significant cost: Any rebalancing on Eigenlayer requires exiting and reentering stake, which costs a week of rewards.
- AVS security commitments should be upheld: There should be sufficient capacity to provide the agreed amount of security to all AVSs for the full term.
The decision whether to onboard and allocate will incorporate these constraints to optimize for risk-adjusted return subject to the constraints above.
With these metrics in mind, it is now possible to make informed decisions on when to accept an AVS.
- Initial Distribution: Based on the amount of security required and the NOs willing to secure this AVS, we can identify the optimal distribution to minimize dependencies, using only the permitted amount of eETH and without any rebalancing.
- NO Share Limits: From the optimal distributions, we recommend setting caps to ensure that no single NO’s share exceeds a specified percentage. We recommend starting at 15%, just above the current most concentrated operator. Over time this cap should reduce to further diversify and decentralize.
- AVS Share Limits: Similarly for AVSs, shares should also be capped. Considering the nascent state of restaking and the dynamics of ether.fi, a lenient cap is advisable initially, especially to accommodate large, promising AVSs. We suggest starting with a 68% cap (reflective of EigenDA’s current share), and aim to reduce this to below 20% as more AVSs are onboarded and ether.fi’s exposure diversifies.
Qualitative Filters:
Besides the previously outlined quantitative methodology, several other factors must be considered when deciding to lock eETH for extended periods:
- Compensation Feasibility: The AVS should be considered reasonably likely to compensate eETH holders with a minimum Annual Percentage Rate (APR) on the security requested. Factors to consider include the compensation token, the AVS’s business model, and the committed APR.
- Opportunity Cost: It is crucial to be mindful of the opportunity cost associated with each AVS allocation. Although difficult to quantify, this is critical in a rapidly evolving industry where rebalancing between NOs incurs significant switching cost. To estimate opportunity cost, we can compare the liquidity available for a new vanilla AVS (i.e., an AVS that any ether.fi operator can secure) before and after the commitment to lock the eETH. The bonus APR from locking the liquidity should reflect the decrease in available liquidity to adequately compensate for the opportunity cost.
- Centralization Risks: It is crucial that the AVS can secure a variety of collateral types beyond eETH. No collateral type or NO should control more than the AVS-specific corruption threshold to avoid creating trust issues. This consideration is essential for long and substantial commitments. While initially challenging, distributing collateral across NOs from different companies can mitigate centralization risks.
- Whether the inactivity of any NO could prevent ether.fi from fulfilling any commitment.
- Whether a malfunction within a specific AVS could cause a slashing event or introduce a bug that makes NOs inactive, potentially causing ether.fi to fail in fulfilling commitments on other AVSs.
Although the first methodology aims to prevent these scenarios, they should be continually reassessed as ether.fi evolves.
Conclusion
This AVS onboarding methodology provides an industry-first AVS onboarding assessment covering as many known and measurable risks as are available today. The objective is to minimize risks to the ether.fi protocol, and eETH holders, setting ether.fi on course for continued sustainable growth.
Without slashing enabled, the approach is to optimize the microstructure of AVSs onboarded to ether.fi to avoid putting the protocol in a difficult future position given the long-term nature of AVS commitments.
Restaking as an industry is still early in its evolution and much is still being developed. Chaos Labs will continue to closely monitor the space and changes will be incorporated into the AVS risk assessment as soon as they are known and measurable.