Reimagining large block theft

Node Operator Experience
1

This will be a controversial post about LEB4 and MEV. It may even be wrong, so enjoy picking it apart.

Conceptual basis:

You and 9 coworkers have a pool for lottery tickets. Your plan has been to benefit from your coworkers’ wins, but if you win you are just going to keep all the money, You, ser, are a cheat. Amazingly, you win the lottery and take off running with a million dollars. Your coworkers are pissed because you stole 100,000$ from each of them.

Nope.

They never had a 100,000$ portion. If your lottery number came up, the possibilities were either 1) you were not in their pool, so the pool didn’t win or 2) you were going to steal their money. There is no scenario where that money would belong to them. They just didn’t know until you won.

Your real theft is from taking a share of the money if anyone else won. You decreased their expected returns by 10% as soon as you entered the pool. And in 9 wins out of 10, your theft would never have been discovered.

How this applies:

Assuming maximum penalties, a NO that wins a large block and doesn’t share with rETH is still strongly net positive for rETH. This is fairly easy to prove:

An 8E minipool operator gets a 100 ETH block and keeps it rather than sending to their fee distributor address. They are penalized 8 ETH plus 2.4 ETH worth of RPL; so rETH benefits from 10.4 E of MEV- expected rewards from decades of honest validating. If that minipool was never created, or the minipool had missed the proposal/been offline, rETH would have gotten 0 from the block. More specifically, there would have been about a 3% chance that block would have gone to a rocket pool validator; 65% would have gone to rETH. so about 2ETH expected returns instead of 10.4 ETH (if that validator was honest). Not to mention the high likelihood it would have gone to Lido or a centralized competitor. So to summarize, 10.4 ETH > 2 ETH. I wish we all had thieves like that.

So where is the actual theft? The thieves bringing down expected value are all the others who are planning to steal, but are benefiting from honest operators while waiting for their lottery block.

Why this matters for Rocket pool MEV theft:

Both lottery block and continuous theft scenarios can be quantified as ongoing drags, one hidden and the other in the open. Specifically, properly categorizing who is actually stealing execution block value (ie, the numerous minipools that would steal blocks, but haven’t yet) lays the moral groundwork for the solution below for why ‘innocent’ NOs should pay for stealing blocks.

The numbers for LEB4 (these are not set in stone):

RPL bond 2.8 ETH

Commission: 14%

rETH share of rewards: ~75%

Penalty maximum (6 ETH- leave 0.8 ETH for exit bribe, see below)

Lottery block threshold (8 ETH=6/0.75)

MEV persistent theft: ~0.48 ETH per year per validator (32E x 2% x 75%)

MEV large block theft: ~0.0336 ETH/year/validator (0.07 x 0.64 x 75% - ~7% of execution rewards above 8ETH (valdorf calc) * 75%)

N.B. I separately calculated about 0.00996 ETH per block from october until july for all flashbot blocks (886471 blocks, 815 lottery blocks, 8834 ETH at risk above 8ETH cutoff); at 3.46 blocker per year that’s about 0.0345 eth per validator per year; remarkably close.

Penalties:

Obviously penalties need reworking. 2 strikes, and 1 ETH maximum doesn’t make sense, particularly as oDAO can then award as many strikes as possible for a single infraction, or no infraction. Plus this is RPL’s better use as collateral than as a last resort. Plus we should formalize un-penalizable bribe money to encourage malicious NOs to exit (i used 0.8 ETH).

Persistent theft:

To me, the easiest way to deal with this is penalizing the offending minipool’s commission. This requires a smart contract change (but has no conceivable effect on honest NOs), but if every minipool with a penalty drops commission to such that all skimmed rewards go to rETH (negative commission ~1.78%), this will direct ~.32E/year to rETH, resulting in a net 0.16 ETH/year average profit, or a breakeven time of 4/0.16 = 25 years, assuming no changes in reward structure (the scourge) or decrease in rewards. In reality, the median minipool will essentially have a nearly infinite breakeven timeframe. I think this is sufficient to discourage any theft of this kind.

Large block theft:

Here, again I make the point that the actual theft is perpetrated by silent actors, and not the ones we see. So we just have to make up 0.0336 ETH/year/validator by assuming every possible cheater is cheating. If commission is 14%, rETH is paying ~0.2352 ETH/year to a 4E validator; at 12%, rETH is paying ~0.2016. The difference is ~0.0336. So a drop of 2% will make up large block theft to rETH. Increase by 50% to 3% commission decrease for good measure.

Would a NO form LEB4 for a reduced commission?

Yes.
Numbers for 11% commssion:

  1. The return in ETH is greater, 77% rather than 42% more than solo staking

  2. If tokenomic changes occur, the increased rETH produced and the decreased ratio of RPL to borrowed ETH would synergistically increase RPL rewards- doubling or more.

  3. With a minimum RPL collateral of 70% of bonded ETH, anyone forming LEB4s will be, almost by definition, much more concerned about RPL rewards and much more bullish on RPL than LEB16s

  4. If you already have the RPL, this is ‘free money’ to bond reduce. There are probably not many RPL naive individuals as seeing a 70% collateral as the time to jump on board.

Who loses in this situation?

  1. non-rocket pool validators- this is the smoothing effect, those juicy MEV blocks that would go mostly to lido/coinbase/centralized services instead go to either rocket pool protocol or node operator (For example, with current market share RP has about ~75% chance of missing ALL 10 of the biggest block rewards from the last year). Unfortunately, I don’t care about these losses, nor should the pDAO based on our charter. I guess i do care that they don’t go to solo validators- but there aren’t that many :cry:

  2. Honest NOs - although non-stealers will still do far better with LEB4s under this scenario than under LEB8s due to capital efficiencies, they do worse than LEB4 at 14% commissoin. But please see next section

Normalizing lottery block MEV theft:

Two years ago, MEV was seen as unfair practices by a few assholes leeching off ethereum. Now MEV boost is a mark of responsible citizenship in rocket pool, and failing to collect MEV will result in heavy penalties. This is how practices get normalized.

Currently, we rely on ethical entreaties and small penalties to prevent large block theft. These only serve to prevent small blocks and ethical/lazy/unsophisticated people from stealing (whether we are talking about LEB4, LEB8, or LEB16). About more than 1/3 of all the possible lottery block theft is in just 10 blocks; for these mega blocks (200+ ETH), there is no reasonable way to retroactively punish thieves.

What if we enabled and encouraged people to keep their large blocks? If everyone kept their large blocks, it would have no net effect on folks outside the smoothing pool, and within the smoothing pool it would make some proportion (on the order of 10%?) of your execution layer rewards unsmoothed.

How would it work? Something along the lines of: smart node directs all MEV blocks greater than some level (let’s say 8 ETH) to a different fee distributor, one per node. From there, calling distribute would send the first 6 ETH to rETH, and the remainder to the node’s withdrawal address. The minipool is not penalized and can continue validating because it is now doing what we want; there is no significant benefit to cheating- no benefit to sybiling- no specific need for high collateral per megapool to allow lower LEBs.

Benefits and risks:

The expected value of rETH and honest NOs increases

The expected value of MEV stealers decreases

The volatility of rETH value decreases somewhat

The volatility of NO rewards increases somewhat

Effectively removes an important oDAO duty in all but weird edge cases

No inefficiencies with penalizing/liquidating RPL/exiting/pariah status for block stealing

Low minimum bond requirement is needed (haven’t calculated, but suspect still be quite attractive to roll out 2ETH minipools, particularly with RPL tokenomic changes)

Doesn’t rely or even benefit from ‘forced’ exits

Possible variations:

  1. As a NO bond increases (in megapools), the payment needed per validator could decrease

  2. Alternatively, a dual system could exist, where minipools could either be ‘pay as you go’ or have high bonded megapools

  3. The 2% or 3% haircut goes to an earnest money account; if each time a large block goes to a NO, the appropriate amount comes out to rETH; after a year, any remaining money gets shared amongst node operators (this ensures NOs aren’t overpaying for security)

  4. The amount of “stolen” MEV gets charged to NOs on a monthly basis with a variable commission

tl;dr

You don’t have to strive for a system with no corruption. You can make a system where some corruption is present but red tape is minimized, and everyone is still better off. Better yet, you can take what we call corruption, regulate it with proper incentives, and call it something uplifting or even heroic; now all parties can participate in the benefits, rather than just the unethical.

2 Likes
2

rETH benefits from 10.4 E of MEV- expected rewards from decades of honest validating. If that minipool was never created, or the minipool had missed the proposal/been offline, rETH would have gotten 0 from the block.

rETH doesn’t just have to be profitable, it has to be competitive. We can’t discount large block theft and compete with centralized alternatives on the marketing front. I’m mostly opposed to this from an optics standpoint, though I understand that game theory and market conditions will make the decision for us eventually- but I would rather deal with it when the time comes instead of making concessions before we know we have to, as Ethereum is still evolving and may present new solutions in the future.

Currently, we rely on ethical entreaties and small penalties to prevent large block theft.

No, we rely on the threat of large penalties. As you observed, the oDAO is capable of penalizing your full bond. That is a minimum of 8 eth, but potentially quite a lot more- there is nothing stopping the oDAO from assigning penalties to every minipool on a node if one of them is seen stealing a large block

… which actually creates an incentive to sybil the protocol, which I dislike. Hopefully megapools make this vector financially unsound.

for these mega blocks (200+ ETH), there is no reasonable way to retroactively punish thieves.

For many of them, sure, they sac 10.4 eth to steal 200+. Megapools will change this formulation substantially. The goal is not to be able to claw back 100% of theft, but to make it unprofitable a very high percentage of the time.

I do believe this inevitably engenders and disseminates malicious code (which acts honestly until it’s very profitable to act dishonestly), but if we are protected from, say, 99% of theft value through financial disincentives, I am happy to leave the remaining 1% up in the air.

If it is profitable to steal, people will steal. That doesn’t mean we should make it more profitable (by relinquishing bonds). On a long enough time frame, everyone who wants to steal will run malicious code anyway and the protocol will claw back the bonds, and on the whole, less eth will leave the system than if we jump-start that process now and forgive the theft. I don’t see why we would want to fast forward to the steady state.

it would have no net effect on folks outside the smoothing pool, and within the smoothing pool it would make some proportion (on the order of 10%?) of your execution layer rewards unsmoothed.

It would impact rETH holders in both cases. In the SP case it would mean you don’t earn EV unless everyone in the SP ‘keeps’ (see: steals) these blocks.

How would it work? Something along the lines of: smart node directs all MEV blocks greater than some level (let’s say 8 ETH) to a different fee distributor, one per node.

Without going into too much technical detail, MEV-boost (the application that smartnode runs) can’t be used like this. This isn’t a supported use-case. I’m not sure what appetite there is to developing a fork, but even then, using it in this way with existing relays will be non-trivial. There are other solutions, though, that work without trying to hot-swap a fee recipient.

FINALLY:

  • It’s quite a philosophical statement that a thief becomes a thief when they decide in their heart-of-hearts to be a thief, and not when they do the thieving itself. I don’t agree with this point, which seems foundational to the rest of the argument. If you have an employee who you pay hourly to run the till, and after 10 months they start stealing from the till, you don’t accuse them of stealing their hourly wages, you accuse them of embezzlement. Commission is no different. Being paid commission while not actively thieving is not theft, nor does the act of thieving retroactively make it so.
  • There’s over a billion dollars in rETH market cap that was minted under the explicit agreement that MEV would be shared with LST holders. That’s a lot of people to rug.
  • There is a funny new attack vector where a NO enters into a pact with a mev relay to make it appear as if their proposals were always over the threshold, but were not. This isn’t a valid counterargument though because NO-relay collusion is a risk with the current models anyway. I just think it’s cute.
1 Like
3

Received some helpful criticism that I need a true summary instead of a cheeky tl;dr.

MEV theft of large execution layer blocks can occur. The oDAO is roughly able to penalize the entire stake of a node (not by current rules, but they have the ability). LEB4 did not roll out with atlas because of concern that large blocks will be stolen; similarly it will not be in Houston.
The current thinking is to increase the amount of collateral needed, on a node basis. One problem to this approach is that a sizable proportion of MEV is in super blocks (100+ ETH blocks), which we can’t reasonably enforce enough collateral for to protect either rETH or smoothing pool. additionally, the higher the necessary collateral requirements, the less opportunities for smaller stakers to benefit from capital efficiency of lower LEBs.
The idea laid out above is that all NOs pay for rETH security as they go, rather then retroactively after a theft; while we can’t predict which NO will cheat, we do know the total cost which is easy to break down per validator based on the collateral at stake. In return, large blocks go primarily to the NOs that produced them. No ethics needed.
The effect is that in a possible implementation:

  1. there is no longer MEV theft. Producers of the mega blocks above where the oDAO could penalize get to keep most of them. The oDAO penalty duty would only be used in weird edge cases. NOs who take big block rewards stay validating without stigma. No benefit for sybiling to escape penalties. No ‘forced exits’ needed for this.
  2. about 20% of execution rewards become extremely unsmoothed (lottery) for the smallest nodes (like 1 LEB4). For larger nodes (100ETH TVL) this number might be 6% of execution rewards unsmoothed.
  1. rETH is 100% protected from MEV theft, including from LEB4 nodes
1 Like
4

I really like this solution. It’s an elegant way to remove the incentive to steal while also not causing centralization by benefitting large node operators. It also makes the entire protocol more efficient (there’s no loss from theft) without a corresponding efficiency loss as far as I can see.

One thing that I didn’t see (I may have missed it?) is the mechanism for how this changes due to changing MEV rewards. It may be the case that reducing commission by 2% is enough to account for historical MEV rewards, but this isn’t guaranteed to be true in the future. While I don’t want to increase off-chain duties, it may make sense for the oDAO nodes to update a rolling average of >8 reward MEV blocks and the resulting haircut to commission?

The thief analogy doesn’t particularly resonate with me either. I don’t think the analogy is necessary though, and simply making MEV theft no longer “theft” by giving it to the node in return for a lower commission makes sense.

I would argue that giving rETH holders the "smoothe"d MEV rewards is good enough. They don’t benefit from an individual large MEV block, but they do benefit from the average MEV reward (across the chain).

5

This is how the negative adjustment could look in a megapool future:

chart (1)
chart (1)765×473 26.2 KB

For example, a single non-smoothing pool 16 eth minipool would have a maximum penalizable reward of ~41 ETH; a NO with four LEB 4s in the smoothing pool would have a maximum penalizable ~27 ETH (noting that the smoothie pool pot will be fuller due to negative adjustment flows)

Patches is absolutely correct that my initial conception won’t work without a mev-boost fork. There are likely multiple implementations possible to get a similar outcome, although probably somewhat more complicated than i had hoped.

I don’t have a great answer to how to update the negative adjustment to changes in execution rewards without using the oDAO, since one benefit of this idea is to reduce the reliance on the oDAO. I imagine the simplest would be to tally large transactions into the smoothing pool to get a running yearly average, and use that as a rough surrogate for current risk to rETH.

1 Like