Scorecard

The average performance of the Lido protocol validator set is higher than the average Network performance based on the RAVER methodology available at the moment of assessment (June 2024).

The Lido protocol has a subsystem which can self-execute withdrawals with no human participation, apart from requiring Node Operators to maintain tooling (their own or open-source alternatives ) to process requests (semi-)automatically. This subsystem ensures withdrawal requests can’t be cancelled (within a bounded period of time) and is designed to work even during chaotic tail-risk scenarios. The total volume of withdrawals processed since May (withdrawals implementation) can be found on the dedicated Dune dashboard .

As of Q1/2024, all operators have less than 1% of the total stake. Quarterly updates on the details and ratio of amount of stake that is over the soft-ceiling can be found in the Lido Validator and Node Operator Metrics (VaNOM) web-app .

Ethereum community potentially could change the protocol with an emergent hard-fork (if there is a consensus to do it) that changes a few bits in the governance contract to revoke the DAO’s oversight permissions.

Open-source development enables Lido protocol clone deployment and running without any DAO votes or third-party permissions.

All Lido on Ethereum participating validators use 0x01 (smart contract) withdrawal credentials.

The currently deployed protocol version (Lido V2) is audited by four independent top-tier audit providers: Statemind , Certora , Hexens , Oxorio .

There is a formal verification executed by Certora (see the report above). All protocol levers are documented and reviewed by Statemind, see .

Last but not least, every protocol upgrade and voting is a subject of running full-blown regression test suite .

Reliance on public cloud services has decreased significantly from 45%-50% in Q4/2023 to 38%-40% in Q1/2024. The majority of Node Operators now utilize some form of Bare Metal (Colocated, On-Premises or Dedicated hardware). Details can be found in the Lido VaNOM web-app .

As at Q4/2023, Node Operators using the Lido protocol continue to utilize a well-balanced suite of Consensus Layer clients in aggregate. Execution Layer diversity significantly improved as a result of Node Operator commitments to reduce their reliance on Geth as a supermajority client . Geth usage is currently at 46% over the curated set.

The delegation is enabled on both voting platforms the Lido DAO uses: Snapshot and Aragon

As at Q1/2024, less than 22% of validators are currently with North-America (US+Canada) based Node Operators, but there remains an over-reliance on European based entities. Improvements have been noted in not only the addition of Asian and South American-based operators, but also the distribution of validators across under-represented geographies. However, the DAO can continue to promote geographical diversity latest stats can be found here .

In the Curated Operator module, keys are managed by professional node operators. As of the Q1/24, 25.2% of validators in the module utilize Attestant’s Vouch CL client. While Vouch utilization does not directly correlate to usage of Attestants Dirk key manager that includes threshold signing, it is roughly indicative. In the Simple DVT Module, participants utilize Obol and SSV Network based DVT. All validator keys are created through a Distributed Key Generation process, with no single Node Operator controlling a full private key at any point of their existence.

Currently, if Node Operators don’t process exits on time (in other words, try to block users from obtaining their withdrawn ETH), they suffer penalties (automatically enforced by the protocol, as well as reputational). There have been 0 incidents of non-exit, and one case of delay . Triggerable execution layer exits , expected in late 2024/early 2025, will make it possible to exit validators based on a DAO vote.

As it stands, LDO holders cannot force Node operators to exit. Even if triggerable exits were live today, it would still take the DAO half a year, at a minimum, to rotate all validators (due to the mechanics of how the staking queue works). In order to create additional checks and balances on Lido governance, dual governance proposed . It gives stakers ability to withdraw their Eth in the event of a proposal that would change the validator set, while also enabling them to express concerns about it. Onchain vote to deploy expected in Q4 2024.

The Delegate platform is set up with 36 applications listed for the first round of Delegate Incentivization Program. The delegates applied show different viewpoints and expertize. The potential improvements account for the more voting power getting delegated to the public delegates.

The governance process includes 3 steps: discussion, off-chain vote, and on-chain execution which make all changes publicly socialized before implementation.
A two-step Aragon voting is used with objection periods, where only 'against' votes are possible in the second phase.
Currently, operators act as a check on LDO power since they cannot be forced to exit.
Dual governance allows stakers to withdraw their Eth in the event of a contentious proposal, while also enabling them to express concerns about its contentiousness. Onchain vote to deploy expected in Q4 2024.

Lido on Ethereum, governed by LDO token voting, manages various aspects including the treasury, withdrawal keys, and lists of nodes or oracles, effectively granting root access to the voting app. Dual governance allows stakers to withdraw their Eth in the event of a contentious proposal, while also enabling them to express concerns about its contentiousness. When a specified amount of stETH accumulates in the DG veto vault, execution of LDO governance motions is paused unless the stETH in the vault is withdrawn. The design includes multiple safeguards and potential de-escalation mechanisms. A Snapshot vote on this proposal passed , with on-chain deployment slated for Q4 2024.

Lido V2’s Staking Router is a controller contract which paves the way for permissionless operators to join Lido’s validator set. The first permissionless module called CSM is now deployed on the testnet and planned to be proposed to on-chain vote by the end of 2024.