The economics of staking has been a hot topic lately. @econoar has done a good job putting the incentives in concrete terms for everyone to digest. See his post on Economic Incentives for Validators and @vbuterin’s post on Average-case improvements to reduce validator costs for some background. In this thread, I want to encourage people to explore the improbable worst case scenarios that could cause the protocol to fail.

Validator Withdrawal Delay Period

I’ll go out on a limb and kick-off the discussion by focusing on the withdrawal delay that validators will be subjected to when they want to exit from their validator role. The crux of the issue concerns the tradeoff between the value of a short withdrawal period to the validator vs the security benefits the network enjoys with a longer withdrawal period.

@vbuterin and others have explored the idea of a fixed withdrawal period, a withdrawal period that is proportional to the perceived risk of an attack, etc. My concern lies in the fact that I haven’t seen many public discussions that explore pathological scenarios that could break the protocol. Here is my attempt at fabricating one.

A plausible scenario

We all want to believe that Ethereum 2 will be wildly successful. One certainty that comes with success is mainstream adoption, institutional investors, new financial products, etc. This is great, but with it comes the very real possibility that entities that hold (or have access to) large sums of ETH will want to earn interest off of it. We know that Coinbase, Binance, etc hold large sums of ETH in their dungeons. It is logical that they will decide that they want to dedicate some percent of the ETH that they are holding to staking. In fact, I am sure they are already talking about it.

That virtually guarantees that we will have a healthy amount of ETH to secure the chain. This sounds great, right?

Not so fast.

The problem

Given the issues that exchanges have had in the past, it isn’t difficult to imagine a scenario that causes a Mt. Gox event to happen. The difference this time is that the network is secured by stakers. If enough people panic and decide to remove their funds from the exchange, then this could cause one of these worst case scenarios where validators begin to exit en masse.

Wait. Why is this an issue?

This demonstrates a plausible scenario that could compromise the security of the network.

How does compromise the network?

With more validators exiting the network than entering the network…this could lead to a situation where more than 1/3 of the validators have an uptime less than the weak subjectivity period (the time it takes for a block to finalize).

Is there any hope?

Of course.

The point I am trying to make is that we should talk through these scenarios and simulate different ingress and egress distributions to see how the protocol is affected.

I’ve read discussions, but I haven’t seen a finalized plan for throttling the validator exit rate.

If there is one, then what is it?

How safe are the edge cases?

Are we certain that it isn’t possible to have 1/3 of the validators with an uptime less than the weak subjectivity period?

Final Thoughts

There are a lot of brilliant people working on different aspects of these problems, but I am disturbed at people’s hesitation to share (even on this forum) until they have had their ideas peer reviewed and formally written up. We need to get over this fear of being wrong and be more willing to receive constructive criticism.

On that note…if anyone has already worked out a solution, ( or if I am just flat out wrong ), then please let me know. I am curious to hear the explanation.