Building a Marketplace for Decentralised Trust
A detailed overview of EigenLayer and its value proposition to the wider Ethereum ecosystem
Decentralised Trust Networks
Bitcoin pioneered decentralised trust. The idea of not needing to know the other participants or trust a centralised entity was appealing, and still is. However, Bitcoin bundled that trust with the application, leading to limited functionality (P2P value transfers). Today we would refer to it as an application-specific blockchain.
As a result, new applications were unable to share the Bitcoin trust network. Instead, developers had to start from scratch with building a new blockchain, including bootstrapping a new trust network. This is difficult to do as you need enough nodes for the system to be decentralised and large economic incentives to attract miners/stakers. There were some attempts (Namecoin, Colored Coins…), but none of them took off.
Ethereum addressed this problem by decoupling trust and innovation for applications. With general purpose programmability, anyone could build dApps on top of Ethereum and leverage its existing trust network. This led to an explosion in innovation, and created an abundance of dApps and entirely new industries such as DeFi.
However, the shared trust doesn’t translate all the way down the stack. Innovation deeper than the smart contract-level still has to bootstrap its own trust network. This includes the core layer (creating a new virtual machine or consensus protocol), as well as the middleware and infrastructure layer (oracle networks or data availability). Because of this, we’ve had to compromise. Chainlink for example is the largest oracle network and dominates the market, but only has ~300 nodes securing it. Given its importance to many dApps, it’s slightly concerning that there is no competitor.
A big reason why innovation on the infrastructure level has been slower relative to the application layer are high start-up costs. Having to bootstrap a new trust network leads to huge barriers of entry. Even if you have a great idea or technical solution, it might not see the day of light. Innovation is primarily a technical problem, while trust is a social one.
EigenLayer is a new middleware-protocol on Ethereum that sets out to solve this problem.
EigenLayer - Marketplace for Decentralised Trust
EigenLayer is built on the premise that the core value of blockchain is decentralised trust. However, until now there hasn’t been an efficient market for it. EigenLayer aims to change this by commoditising the Ethereum trust network and making it more general-purpose. This allows the trust to extend beyond dApps and enables the core- and infrastructure-layer to also leverage it.
The central concept of EigenLayer is restaking, which means putting the same capital at additional risk. Stakers who opt-in agree to additional slashing conditions i.e. reasons to be penalised and lose their ETH. In return, they receive an extra yield paid by the protocol that rents the security.
Restaking works both for liquid and native stakers:
Liquid restaking occurs through locking a liquid staking derivative token (stETH, rETH…) into the EigenLayer smart contract. This essentially gives EigenLayer explicit permission to slash it (or redirect and burn it) if the node-operator misbehaves.
Native restaking is designed for Ethereum homestakers who run their own node. The withdrawal credential, which specifies who has the power to withdraw the staking position, would normally be set to the staker’s own address. By instead setting the withdrawal credential to the EigenLayer smart contract, stakers give EigenLayer the power to withdraw their stake directly from Ethereum.
Native restaking is more powerful than liquid. Native allows the protocol to directly interact with the Ethereum core protocol, whereas liquid introduces a layer of abstraction through the LSD-provider. Independent nodes also add to the decentralisation of the protocol that’s being secured (more nodes, harder to collude).
A chain is only as strong as its weakest link
EigenLayer believes that they can increase both permissionless innovation at the infrastructure layer as well as the security of that infrastructure. By “renting” trust from Ethereum, developers can fully focus on the technical solutions. This reduces the barriers of entry, which in turn should induce innovation and more competition across the infrastructure-layer.
Security comes in two flavours - economic security (the cost of a majority attack) and decentralisation (number of nodes securing the network). Today, each middleware has its own trust network, which is neither as high in economic security nor decentralisation as Ethereum. If attacking a system, it makes sense to target the weakest part of it. We saw this play out during 2022, with several large hacks and a total of ~$2.5bn lost through bridges (Wormhole, Nomad...).
EigenLayer proposes a new way of securing the middleware called “pooled security”. Rather than having separate security budgets for each middleware, pooled security combines them into one (Ethereum’s security) and rents it out. The maximum safety of a specific sub-network is achieved if all ETH-stakers opt-in to secure it, which is what the graph below aims to show. That’s not a realistic assumption however, as only a subset of stakers will find the yield enticing enough to put their precious ETH at additional risk. In addition, different reward preferences means that stakers might opt-in to secure different networks. If the fees are paid in the protocol’s native token, stakers can take a passive bet on which token will perform better (without having to actively buy the token).
That’s fine though, not all stakers need to opt-in. The goal is to improve the current level of security and remove the friction for new developers. This can be achieved even with a smaller subset of stakers
Why Ethereum?
Of all the decentralised trust networks out there, the two largest ones are Ethereum and Bitcoin. EigenLayer chose to build on Ethereum because it’s PoS rather than PoW. PoS is more flexible thanks to slashing, which allows for programmable negative incentives.
Trying to leverage an existing trust network is not a new concept. Merged mining was an attempt to share the trust of PoW networks, by mining two or more cryptocurrencies at the same time without sacrificing overall mining performance.
However, because the work happens in the physical world (mining using computing power), it’s very hard (impossible) to punish bad behaviour (unless you locate the miner and destroy their mining equipment). The misaligned incentives hence make it easier for miners to collude and exploit a protocol.
PoS trust is more flexible and introduces negative economic incentive in the form of slashing as well as positive incentive through yield (both the carrot and the stick). Only having the positive incentive can work in a utopian world where everyone is honest, but we live in the real world where bad actors exist. Whatever can happen, will happen.
While EigenLayer is built on Ethereum because of its status today, the core idea could be extended to other PoS-networks that have slashing and general purpose programmability.
The Carrot, the Stick and the Flywheel
Why would stakers opt-in for restaking? The short answer is that all stakers are not the same. Some stakers will be tempted by the carrot of a higher yield, and EigenLayer makes it easier to accommodate these varying risk- and reward-preferences. The basic ETH-staking yield will be enough for some stakers, while others are willing to risk their capital for an additional X% yield.
The stick in this case is slashing, which is used to punish malicious behaviour in PoS networks (economic sanction). EigenLayer only slashes for clearly malicious behaviour, not light things such as off-time (the node is just removed in these cases). What counts as malicious behaviour is service dependent, but the conditions are stated in the smart-contract and stakers approve of these when opting in.
To attract developers to build on top of EigenLayer, they need to get some initial stakers onboard to ensure security of the protocols. The team behind EigenLayer is bootstrapping activity by building EigenDA, which is a data-availability layer (more below). Once there are a few protocols up-and-running, the fees from these will start flowing to stakers. If the incremental yield is attractive enough, it will in turn drive more stakers to opt-in, which increases the security budget and attracts more developers. This describes the flywheel mechanism for EigenLayer.
The business model is still being worked out by the team. Given its two-sided marketplace structure, it’s likely that the protocol/DAO will end up taking a cut for facilitating the trade between the stakers and the protocols.
What can EigenLayer be used for?
EigenDA is a data-availability layer built that is ran by ETH stakers. It’s the first service being built on top of EigenLayer and developed by the team. This helps bootstrap the network and gives some incentive for the first stakers to opt-in.
EigenDA utilises a combination of erasure codes and validity proofs to achieve scaling. The erasure code breaks down data into small chunks and distributes them in a specific way so that any half of the nodes can reconstruct the data. The validity proofs are used to prove that the data was encoded correctly.
With this, EigenDA has achieved a systemwide performance of 15 mb/s (almost 200x higher than Ethereum’s 80kb/s). The gold standard of scalability for data layers is N (number of nodes), where each node holds different data and contributes fully. EigenDA relies on majority honesty (N/2), meaning that the data can be recovered if at least half of the nodes are honest. With this, the theoretical limit of performance is much higher than 15 mb/s and should scale with the number of nodes participating in the network.
EigenDA can be leveraged by for example L2s to increase scalability and help reduce the data availability problem. Mantle (optimistic L2) is one example of a protocol that’s currently building to integrate EigenDA.
More broadly speaking, EigenLayer can be thought of as a meta-staking or a programmable staking protocol. Slashing makes it easier to achieve credible commitments more generally. The idea is that if you don’t keep your promise, you will get punished (slashed). This opens up the door to a whole new set of possibilities. Some examples include:
MEV management through MEV-Boost +. Essentially, it allows both the block builder and proposer to agree to some rules. These rules are enforceable if they have staked through EigenLayer (ability to slash if misbehave). For example, the block builder could commit to first fill liquidations from Uniswap and if there is more space, fill the block with other transactions.
Decentralised block building: A concept mentioned by Vitalik, where block builders collaborate to build a single block. For example, 5 builders who each contribute only with a share of the block.
Subjective expression of preference: Currently all ETH-stakers are treated the same (no preference for different nodes). However, some protocol that really values decentralisation might want to reward homestakers with additional yield. This would make decentralisation a “commodity”, bought and sold on the free market. If it’s valued by the market, it will gather a premium.
Does EigenLayer increase systemic risk in Ethereum?
The idea of pooled security and sharing Ethereum’s trust network is appealing. By strengthening the security of infrastructure that many dApps rely on, it becomes more difficult/costly for malicious actors to attack the system and extract value. However, it does raise some questions about systemic risk. In particular whether it increases the risk of a black-swan event that could weaken the security of the overall Ethereum network.
There’s two main risk-vectors: Collusion of the nodes that secure a particular protocol and smart-contract risk that leads to incorrect slashing. Incorrect slashing matters more for systemic risk. While smart-contract risk exists in every protocol, the stakes are significantly higher here. If EigenLayer reaches a scale where a large portion of ETH is restaked into the contract, any vulnerability would harm Ethereum as well as the protocol. This is very different from smart-contract risk for traditional dApps, where only the value in that particular protocol is at risk and contagion is limited.
Invalid slashing includes both slashing honest nodes, as well as not punishing a malicious one. Of these, slashing honest nodes is more serious. The worst case scenario is if a protocol built on EigenLayer incorrectly slashes all the ETH that’s been restaked into it. This could be a significant hit to the Ethereum security budget.
In order to reduce this risk, diligent smart contract auditing is required. In addition, the EigenDAO will appoint a slashing committee of reputable Ethereum members. They have the power to veto a slashing if the nodes haven’t actually participated in malicious behaviour. This two-step approach brings an additional layer of security, which is good, but also introduces a human-layer into the system. However, the committee can only veto a slashing, not trigger one themselves.
Current themes that relate to EigenLayer
Liquid Staking Derivatives (LSD): The debate around LSDs has been active over the past weeks as we get closer to the upcoming Shanghai-upgrade. It will open up withdrawals staked ETH, which (counterintuitively) is seen as a catalyst for more people participating in staking as the illiquidity risk is removed. More staking means that the same amount of resources is distributed to a wider range of stakers. Other things equal, this leads to a decrease in the staking yield.
Offering incremental yield through EigenLayer can become a competitive advantage and additional selling point for LSD-providers. However, there’s been limited information from the EigenLayer team on how the liquid restaking will work in practice. I would imagine that the responsibility of running additional node-software is with the node-operator that you delegated staking to, but some questions prevail. For example, does liquid restaking mean that users agree to providing security to all projects or would it allow them to choose which ones they trust?
Agreeing to secure all seems suboptimal from a risk/reward perspective, so it’s likely that the vetting will occur on a LSD-protocol level. For example, Rocketpool node-operators might decide to run additional node software for Oracle Network A and Data Availability layer B. Any person deciding to restake their rETH to EigenLayer would help secure these networks and subsequently get a share of the rewards.
Modular blockchain thesis: A modular blockchain outsources at least one of its key functions (execution, settlement, consensus or data availability) to another blockchain. The modular thesis is built on the idea of specialisation. When things are modular, the pace of innovation accelerates as people are competing with each part of the module, rather than the whole entity.
Flexibility is another argument for modularity, as you can mix and match different components depending on your requirements. For example, you might want to maximise security for a DeFi-specific chain, but throughput on another one for a social application.
To get a working modular blockchain stack, these modules are linked to each other. The problem is that the chain is only as strong as its weakest link. In its current state, we suffer from weak trust-networks on DA-layers, bridges etc. EigenLayer relies on the thesis that once you have a common trust network, you can build the modules.
Concluding thoughts
EigenLayer is still in development and we’ll receive more documentation in the coming months. While some of the technical nuance goes above my head, the idea of generalised trust is interesting. However, due to the potential negative implications of a mis-step, it’s important to think carefully about what could go wrong and test different scenarios. After all, we don’t want EigenLayer to become too big to fail.