Hi Langers, thank you for the review and detailed response.
We recognize that delegation doesn’t remove all friction and that this could impact growth. However, RPIP-49 eliminates the collateral requirement and introduces a very real risk of centralised takeover of the validator set.
Although the rework might accelerate TVL growth, if 90% of this growth comes from centralized entities, Rocket Pool will no longer be a decentralized liquid staking protocol. The flaws in UARS only exacerbate this risk, as I will describe below.
As such we believe our approach, while not removing 100% of the friction, ultimately leads to better outcomes for all members of the Rocket Pool ecosystem.
Token buys
I do have some concern that the protocol will end up buying a lot of its own token due to under collaterised nodes. If RPL earns decent yield within the protocol without running a node we may exacerbate the liquidity issues that currently exist.
I recognise the concern, but this also applies to using surplus_share for buy+burn or buy+lp. Both proposals include mechanisms to mitigate this - our proposal through changing the target collateralization ratio, and RPIP-49 through adjusting surplus_share.
Regarding “without running a node”, there might be a misconception here: the only way for RPL to earn yield is if it is delegated to an NO, meaning there is no yield without a node being run. Here it is the same as a polygamous whale marriage - one party providing the ETH, multiple parties providing the RPL.
Additionally, there is a further benefit: One NO reported on Discord that they would be interested in delegating to other NOs if their node was collateralized to the max cap. Delegation allows NOs to earn yield on RPL that would otherwise be idle capital.
Voting
I am also not sure how RPL works as a governance token with delegation by default.
Rewards delegation would be separate from voting delegation. A delegator could earn rewards from the NO offering the highest returns while delegating their vote to the NO who aligns most closely with their philosophical views. This separation is crucial, as the answers to “who will pay me more” and “who best represents my views on the long-term health of RP” may differ. This distinction helps protect against centralized governance takeover, ensuring that the NO offering the highest rewards doesn’t necessarily accumulate the most voting power.
We have seen in our own delegate voting system that delegations are attracted to known entities only
Delegated RPL stake would end up centralising stake on known / probably doxed entities
I do think the distinction between “known entity” and “doxxed” is important. Looking at the existing delegates, many are anon but known entities.
While voting delegation tends to favor those popular in the community, the market dynamics of delegation for rewards are different. Rewards are shared among all delegators to a NO. If everyone delegates to the most popular NO, their rewards are diluted. Therefore, there is a direct financial incentive to delegate to NOs with less delegation, an incentive which does not exist with voting delegation.
I wouldn’t say that it is a robust mechanism though, because it would still be very possible
In fact, if you do not decouple RPL as a collateral it ends up being worse. A centralised entity could capture the validator set and by default governance.
Delegating one’s RPL to a NO does not delegate one’s vote to that NO. Thus, even capturing the entire validator set would not grant them governance powers.
The mechanism remains the same as it is today and under RPIP-49: Someone seeking to control governance would need to buy or borrow enough RPL, or convince enough people to delegate their votes to them (which is separate from “reward delegation”), to push through proposals.
A centralized entity that controls 90% of the validator set can make viable threats against the protocol. The same issue was raised by NodeSet in March. We do not believe adequate consideration has been given to this risk.
We believe that removing the collateral requirement will result in significant amounts of RPL being unstaked (please see steel man doc for our model). If this unstaked RPL is sold on the market and leads to a price reduction, the cost of governance attacks is reduced.
We believe that retaining the collateral requirement, combined with automatic RPL purchases as a result of recollateraliasation and delegate_share rewards, provides increased buy pressure for RPL, which could lead to an increased RPL/ETH price. If this belief is correct, then our proposal would actually make the protocol far more resistant to governance attacks:
- The attack would cost more if RPL/ETH price is higher
- Protocol-owned RPL removes RPL from the market, reducing the available supply, further increasing the cost of governance attacks
- Staked RPL is also not available to the market, further reducing the available supply, further increasing the cost of attacks
Also, please note that the worst case scenario here - 100% of delegation goes to centralised entities, allowing them to capture as much of the validator set as they can afford - is the default scenario under RPIP-49, which provides no mechanism to disincentivise centralised entities without also disincentivising home stakers.
The only defence offered in this regard appears to be “start reducing no_share and hope the centralised entities leave before the home stakers”, which we do not consider to be a viable protection mechanism.
Friction and Competitiveness
I believe that seeking RPL delegation would add considerable friction that Lido does not have.
“Seeking RPL delegation” just means setting a competitive rate in the smartnode interface, and does not have to be a labor-intensive process.
If we do this to compete with other more centralized players, we risk becoming an extension of the same players
I acknowledge there is some friction compared to Lido, but this is the cost we pay to protect decentralization.
a considerable amount of our TVL comes from individual node operators that have a large amount of ETH. This maybe a consequence of trade off, but we would be uncompetitive in this space; these node operators would favour Lido and contribute considerably to increasing their TVL.
This is true under either proposal: RP’s competitiveness for ETH-only NOs depends on the prevailing no_share. In both cases, the NO is giving up some share of their rewards (delegate_share/extra_reth_share in our proposal, voter_share/surplus_share in RPIP-49). If RP offers a competitive no_share, RP will attract NOs over Lido. If no_share is unattractive compared to Lido, we can expect NOs to migrate.
Additionally, we can allow existing NOs to migrate without meeting the minimum collateralization ratio, ensuring there is no friction for this group.
For the free-collateral node operators, it looks like the recollaterisation amount comes out of their node commission, is that right?
Yes, that’s right, similar to taking voter_share/surplus_share under UARS.
Node operators may have more ETH to stake but unable to attract delegation, causing a TVL stall.
If an NO cannot attract delegation, it is likely because their no_share is too high or the protocol parameters controlling the split between delegate_share and extra_reth_share are balanced too far towards extra_reth_share.
Mercenary capital is a flight risk that can make our ability to scale less predictable.
This issue is at least partially mitigated by the fact that mercenary capital exiting does not affect existing validators—there is no need to exit validators in response. When mercenary capital enters, it facilitates a growth in validator count, increasing both TVL and rETH yield. When it exits, the increases to TVL and rETH yield remain. The only difference is that after they leave, recollateralization_share might result in increased RPL purchases, potentially benefitting RPL price.
Low RPL prices push many people under the 10% ratio so they cannot deploy more ETH
This is a risk. However, they have multiple options: wait for automatic recollateralization, wait for more delegates, or provide their own RPL.
Moreover, lower RPL/ETH prices would result in recollateralization_share purchasing more RPL, removing more supply from the market. This could accelerate the recovery of RPL/ETH, which in turn would speed up recollateralization. Please also note that RPL rewards are automatically restaked - that is, the recollateralization rate is (recollateralization_share+delegate_share).
As you mentioned, the free-collateral mechanism is gamable so it would depend on the trade off between holding 10% borrowed ETH collateral in RPL and the bond curve returns. It would be good to see analysis on this. My intuition says that a significant number of node operators would rather game the system and have marginally less yield.
Sure, we can provide some analysis here, we would need this to identify optimal recollateralization_share rates too.
The trade-off would be between a) holding 10% of borrowed capital as RPL, b) giving up some no_share to attract delegation, and c) bond curve returns. The middle option adds flexibility and moves us away from the binary “hold 10% RPL or sacrifice rewards” issue we see today. Economically it is similar to RPIP-49 from the NO’s perspective, but it does not abandon the collateral requirement.
We’ve considered gaming scenarios, similar to the “borrow RPL from Aave, stake, scale up, unstake” strategy. While possible, this is financially suboptimal, so rational actors are likely to choose the highest yield approach. Even if they don’t, TVL, rETH APY, and protocol-owned yield all increase.
The sock puppet NO pays more in gas, is less profitable, and some of that sacrificed profit benefits the protocol. Preventing this would require a permissioned process, which is obviously out of the question.
In practice they will have to compete with other node operators to attract RPL delegation. The design intentionally minimises node commission, which is great for rETH but means our node commission may be noncompetitive compared to Lido.
Sure, but it is possible for no_share to be noncompetitive compared to Lido under either proposal. If the RPIP-49 total commission were too low it would be great for rETH but node commission would be noncompetitive compared to Lido.
If UARS ends up at a point where no_share is noncompetitive with Lido, this rate is imposed on the entire validator set. If it is noncompetitive to Lido we can expect NOs will leave. If the delegation market results in a prevailing no_share that is noncompetitive with Lido, we can expect NOs will leave. So in both cases it is about finding the values that keep both demand and supply side of RP’s market competitive.
The worst case is that we end up in a race to the bottom and we price out node operator supply, particularly individual home stakers. I like the idea that market dynamics can find an equilibrium but practically we have to compete on both sides of our market.
This is another concern that applies to both proposals, albeit with different market dynamics. We believe this race to the bottom is more likely with RPIP-49. Under UARS, if RP is popular with NOs, no_share will be reduced in response to increased NO supply. It’s possible that it could be reduced to a point where it’s unprofitable for home stakers but still profitable for large entities. The equilibrium found by UARS might result in home stakers leaving the protocol due to unprofitability, leading to the gradual centralization of the validator set.
- Assumption 1: On average, centralized entities have lower costs than home stakers and will therefore be profitable at a lower no_share.
- Assumption 2: Home stakers making a loss will eventually leave the protocol.
- Assumption 3: New stakers will only join if they expect a positive ROI.
If we accept Assumption 1, it implies a “danger zone” for no_share where it is unprofitable for home stakers but profitable for centralized entities.
Consider a scenario where RP is popular with NOs and the NO queue is >1000 deposits for four weeks. The pDAO follows one of the example guidelines in RPIP-46 and reduces no_share to manage NO supply.
- As no_share is reduced, it enters the danger zone. While in this zone, the protocol is (on average) only profitable for centralized entities.
- Home stakers will be the first to leave, increasing the centralization of the validator set.
- Home stakers will be less likely to join because it would be unprofitable for them. Most or all new stakers will be centralized entities, further increasing the centralization of the validator set.
If no_share remains in this danger zone for too long, centralized entities could become the majority of the validator set.
We view this as a fundamental and unaddressed flaw in UARS, and highlighted it here.
the pDAO was the delegate of last resort we would not be able to tell the difference between a small operator and a large operator
pDAO as “delegate of last resort” is part of recollateralisation_share, which would be available to all NOs (it is automatic and there is no automated way to differentiate between these groups).
Separate from that is pDAO delegation, which allows pDAO to give small operators a boost compared to centralised entities. We believe there are ways which pDAO could differentiate between small operators and large operators. None of these are 100% effective, but they do not need to be in order to provide an improvement over RPIP-49. Please see my response to Samus (“Swiss cheese model”) for more thoughts on this.
I think it is better that the base layer stay as permissionless as possible and delegation is achieved higher in the stack (Nodeset, RocketLend, etc).
This proposal is a well thought out solution but frankly the core delegation system I don’t see helping us compete or stay permissionless.
The issue with delegation is that it ends up relying on identity. […] This is extremely important to ensure the protocol is permissionless and open.
I completely agree with the importance of keeping the protocol permissionless and open, and our proposal does not change these attributes. Under our proposal nobody would need permission to become a NO.
I fully acknowledge that Waq would find it easier to get delegation than NewDiscordUser1234, but this is separate from being permissioned or permissionless. The “first n validators” mechanism addresses this issue for new or anonymous NOs. The fact that this mechanism is gamable, and we cannot prevent it, demonstrates that permissionlessness remains intact.
Our proposal would keep the base layer just as permissionless as it is today:
- Small NOs can join with no delegation (and large NOs can game this, at the cost of efficiency)
- There is no requirement to doxx oneself, register personal info, undergo KYC, etc. in order to receive delegation. Just register your node as normal, and you are ready to receive delegation. The only identity required is an Ethereum address.
- Anyone can borrow/purchase RPL and completely avoid the delegation system
There is no need to get permission from anyone before becoming a NO, therefore it remains just as permissionless and open as under the current system.
Removing RPL as a collateral is a calculated risk
I agree it is a risk, but have yet to see any evidence that it is calculated 
Happy to be proven wrong if there is some data to support this belief, but to me it seems like RPIP-49’s approach to preventing centralisation is just “open up the tent doors and hope for the best”.
By doing this we attract the long tail of node operators that will ensure Ethereum is permissionless, open, and credibly neutral.
The permissionless/open issue came up a few times in your response. I hope I have demonstrated that our proposal would not impact permissionlessness, but if you have any remaining concerns here please let me know.
Thanks again for your review and feedback.