Jason Martin

Tech Evangelist & Software Engineer

Jul 27, 2021

Choosing an Ethereum Staking provider

Cryptocurrency

Why Stake?

Let’s say you happen to have 32 Ethereum sitting around. Nice problem to have, eh?

Or, like me, you have some Ethereum, and also have friends and family who have some as well. Instead of each of us staking our Ethereum on Coinbase and paying them 25% commission, we decided to start our own validator node to stake our Ethereum to earn the maximum market rate.

To do this, simply pool all of your Ethereum together into 1 wallet in order to fund the ETH 2.0 staking contract. Be aware that you won’t be able to withdraw your funds until phase 1.5, which will be months still if not years away.

You can choose to self host, or choose a hosting provider. Since we were only hosting 1 validator node, self hosting made less sense and we decided to investigate which validator hosting provider would be best for our situation.

Profitability

Hosting Options

Self-Hosting vs Hosting Services

💡 Both self hosting on a server at home as well as hosted providers are an option. Hosting at home will require additional hardware purchases that would add up to years of hosting on various providers. Additionally, hosting services promise high uptime (99.9%)

child_database

Staking Services: Custodial vs Non-Custodial

There are 3 different types of services: custodial, semi-custodial and non-custodial services.

RocketPool

• Untitled is another option that only requires 16 ETH to host a single node, rather than the 32 required to host a standard validator.
• The rewards are also greater than hosting a normal node, because Untitled rewards are earned (in the form of a RPL token) in addition to the normal ETH2 validator rewards.
  • These RPL rewards are earned as commission because Untitled works by matching the other 16 ETH from users staking smaller amounts with the 16 ETH from the validator node.
  • The rewards appear to be about 1.5-2% higher than running a standard Ethereum 2 validator node, but also come with more risks
• Other Centralized Pool solutions exist for staking less than 16 ETH, such as StakeWise and Binance, but these require a taxable event by swapping ETH for a token such as rETH or bETH

Downsides & Risks

• If there are any bugs in the smart contract, this could pose a huge risk, which makes sticking with ETH much safer
• RPL is required as slashing protection (at 10%-150%), and needs to remain vested at least 10% to earn RocketPool rewards (ETH validator interest is unaffected by RPL). The more RPL the more rewards earned, but the tokenomics are unproven at this point.
  • There is also a risk that RPL will become devalued against ETH, requiring buying more RPL tokens just to maintain the required 10% minimum stake

Conclusion

Even though Untitled has a higher APR, given that it also comes with more risks (smart contract risk, untested tokenomics, unforseen issues) and the opportunity cost of lost interest waiting for launch due to the fact that Untitled is still in beta, I recommend we don’t use them and just run a standard validator node instead since this is potentially a large amount of money on the line a year down the road.

Out of all the options, I also recommend using AllNodes as a service provider. They provide 99.9% uptime, only cost $10 a month, integrate directly with hardware wallets, and offer insurance in the unlikely event of ETH lost due to slashing. Given the extra hardware requirements and effort maintaining a server here at the house, not to mention less uptime due to unreliable ISP provider, makes outsourcing the hosting to a provider where we still have control over the keys, giving us the option to move to another provider and ensuring that they can’t withdraw the funds.

Q&A

What is Staking?

Staking is the act of depositing 32 ETH to activate validator software. As a validator you’ll be responsible for storing data, processing transactions, and adding new blocks to the blockchain. This will keep Ethereum secure for everyone and earn you new ETH in the process. This process, known as proof-of-stake, is being introduced by the Beacon Chain.

The merge and the post-merge cleanup

Immediately after the merge, some features such as withdrawing staked ETH, will not yet be supported. These are planned for a separate upgrade to follow shortly after the merge. Withdraws won’t be possible until this upgrade goes live.

Withdrawing interest only to keep validator online

You will be able to withdraw excess balances (the amount that is in addition to the 32 ETH needed) without exiting the validator. The exact mechanics of that are not finalized yet.

Ethereum 2 Keys

Compared to Ethereum 1.0, where users only have a single private key to access their funds, Ethereum 2.0 offers two different keys. The validator private key and the withdrawal private key.

The validator key

As seen in the cutout below the validator signing key consists of two elements:

• Validator private key
• Validator public key

The purpose of the validator private key is to actively sign on-chain (ETH2) operations such as block proposals and attestations. Therefore these keys have to be held in a hot wallet.

This flexibility has the advantage to move validator signing keys very quickly from one device to another, however, if they have gotten lost or stolen, the thief has the ability to act maliciously in two ways:

• Get the validator slashed by:
  • Being a proposer and sign two different beacon blocks for the same slot
  • Being an attester and sign an attestation that “surrounds” another one.
  • Being an attester and sign two different attestations having the same target.
• Force a voluntary exit, which stops the validator from “staking”, and grants access to its ETH balance to the withdrawal key owner.

The validator public key is included in the deposit data which allows ETH2 to identify the validator.

The withdrawal key

The withdrawal key is required to move the validator balance once it is possible in Phase1/2. Just like the validator keys, the withdrawal keys also consist of two components:

• Withdrawal private key
• Withdrawal public key

Losing this key means losing access to the validator balance. However, the validator can still sign attestations and blocks since these actions require the validator private key, but there is little to no incentive to do so if the keys are lost.

To withdraw, the validator status needs to be “exited”.

Risks

Staking Risks

There are two main risks involved with Staking: being offline, and slashing. Being offline is a small penalty, and penalized earnings can be made back at the rate they were lost while being offline.

However, slashing is a worse penalty and occurs when the Ethereum network detects potentially fraudulent activity; this can happen for example if more than 1 Ethereum validator is ran at the same time with the same keys. Slashing causes ETH to be burned, and if enough ETH is slashed (16 total), it will kick the validator off the network until ETH 2 launches and the remainder can be withdrawn.

Attack Vectors

I can think of three basic attack vectors:

• System access - assuming you’re using a Linux box, just secure your ssh port, remove or disable ssh if you don’t know how to secure it. Make sure unused ports on your router are closed. Using a simple firewall like ufw goes a long way. If someone has access to your validator machine they can turn off your validator causing you to leak ether, or duplicate the validator key and cause you to get slashed and exited.
• Lost withdrawal keys - Your withdrawal keys shouldn’t be stored on your staking machine, these are the most important keys and should be safely stored offline until you are ready for withdrawal. Withdrawal keys can be used to exit your validator and claim the funds but this isn’t a problem as long as you don’t keep them on a live machine.
• Lost validator keys - As I mentioned above, losing control of your validator keys can allow an attacker to cause you to be slashed and exited, they can’t claim your funds unless you left your withdrawal key accessible as well.

Protection and management of keys

The very different functions of the validator and withdrawal keys result in very different security recommendations.

Validator keys must be available for signing at all times, which limits their protection via the traditional means of taking them offline. Validators currently have their own key management systems, however over time it is expected that the development and use of remote signers and standardized wallets will allow the keys to be stored more securely, along with the possibility of using hardware wallets that never disclose private keys. Backups of validator keys should also be available for recovery in relatively short order, to counteract the fact that an offline validator will lose funds all the time it is not attesting.

Withdrawal keys should be stored in a secure location, preferably offline and if not then behind multiple layers of encryption. There is no immediate requirement for withdrawal keys to be available as they have no use until transfer operations are added to Ethereum 2.

Self Hosting Risks

• https://docs.rocketpool.net/guides/node/securing-your-node.html#enable-automatic-security-updates-essential
• https://technicallynottechnical.medium.com/guide-to-securing-an-ethereum-2-0-validator-wallet-from-getting-slashed-due-to-theft-ubuntu-linux-89ad9233a67e