Restaking Collateral Health

Key Takeaways

• An AVS’s economic security is tied to the market value and liquidity profile of the collateral by which the AVS is secured (“value at stake”).
• ETH-backed collateral (native ETH & LSTs) provides economic security that strongly correlates to the Beacon Chain, but the risk of price deviation exists, especially for smaller-cap LSTs.
• Non-ETH-backed collateral poses higher risks to the economic security of an AVS. A well-designed dual-staking framework can help mitigate some of the security issues.

In this research post, we suggest a comprehensive framework for evaluating collateral health in the context of restaking protocols and Actively Validated Services (AVSs). We explore how the market value of collateral ties into the economic security of an AVS network, focusing on ETH/ETH-backed collateral and non-ETH-backed collateral. By measuring collateral risk for a given AVS-collateral pair, we assess which collateral assets pose higher risks for AVSs in the current market.

We cover:

1. Mechanism design behind POS collateral
2. Modeling collateral risk
3. ETH-backed collateral
4. Non-ETH-backed collateral & dual staking

Mechanism design behind POS collateral

The security of POS networks depends on the collateral’s market price and price stability.

In a POS network, slashing is the fundamental mechanism preventing operators from performing dishonest validation. The lower the collateral’s price, the lower the economic incentive for an operator to validate the network truthfully, and the more vulnerable the restaking network becomes. This is the case as potential attackers now need less capital to obtain enough collateral to corrupt the network (e.g. 51% of all collateral).

The negative impact cannot be offset by high operator rewards, however. In fact, if the gain from rewards is high, relative to the value of slashable collateral, then the network will attract more operators in the short run. Large-scale minting of reward tokens then adds sell pressure in secondary markets, accelerating a downward spiral in price.

With these risks in mind, most restaking networks start with collaterals that are (or are backed by) the respective L1’s native token (ETH or LSTs), allowing them to rely on the value of ETH for economic security. However, in the the latest restaking implementations, we have seen a broader set of collaterals being used, including native tokens like EIGEN on Eigenlayer and integrated tokens like ENA on Symbiotic. Below, we discuss the risks associated with each set of collaterals.

Modeling collateral risk

For an attack on a network to occur, two conditions must hold:

• Profitability: profit from attacking the network (in USD) > cost of attacking the network i.e. USD value of attacker’s stake slashable by the network.
• Feasibility: stake held by the attacker > percentage threshold of total stake in the network (e.g. 51%).

Assuming all stake is slashable, then an attacking cartel \( B \) attacking a network \( s \) must satisfy:

\[
\begin{align}
\pi_s(p) &> p\Sigma_B \\
\Sigma_B &\geq \alpha_s \left(\Sigma_V + \Sigma_B\right)
\end{align}
\]

• \( \pi_s \) represents the profit from attacking the network, in numeraire terms
• \(\Sigma_B = \sum_{v \in B} \sigma_v\) is the total amount of collateral held by the attacker
• \(\Sigma_V = \sum_{v \in V_s \backslash B} \sigma_v\) is the total amount of collateral held by good faith operators in the network
• \( \alpha_s \) is the network’s security threshold (e.g. 50%)
• \( p \) is the market price ($) for the collateral

Notations are borrowed from the paper “How much should you pay for restaking security?” (Tarun Chitra and Mallesh Pai, 2024).

Suppose the attacking cartel would purchase just enough collateral at price \( p \) to take over the network i.e. \(\Sigma_B = \alpha_s \left(\Sigma_V + \Sigma_B\right)\), we can rewrite the attacking condition as

\[\frac{\pi_s(p)}{p} > \frac{\alpha_s}{1-\alpha_s} \sum_{v \in V_s \backslash B} \sigma_v\]

i.e. a profitable attack exists if the attacker’s profit, normalized by collateral price, exceeds \(\frac{\alpha_s}{1-\alpha_s}\) fraction of the total amount of collateral in the network. We can denote the probability of this event by \( P(\text{corrupt}) \), which depends on the variance of the price process \( p \).

\[ P(\text{corrupt}) = P\left(\frac{\pi_s(p)}{p} > \frac{\alpha_s}{1-\alpha_s} \sum_{v \in V_s \backslash B} \sigma_v\right) \]

A key takeaway from this model is that network security depends on the price volatility of the collateral. Since POS chains often secure more assets than its collateral token, the profit function \( \pi(p) \) is inelastic in \( p \). Therefore, a lower price p increases the attacker’s profit ratio. In a tail-risk scenario, the price would drop to a level where the profit outweighs the costs of attacking. The size of this tail risk can be approximated by the collateral’s drawdown risk, which increases with its volatility.

To illustrate this, let’s consider a network with a TVL of 500 ETH and 1,000,000 USDC, with its operators staking a total of 250 ETH. Let’s assume, for example, that the attacker can obtain 20% of all tokens on the network as profit to sell at zero slippage, and the network’s security threshold is 50%. At an exchange rate of 2,000 USDC = 1 ETH, the attacker’s profit ratio is 20%*(500*2,000+1,000,000) / 2,000 = 200 whereas the right-hand side (RHS) is 0.5/0.5*250 = 250. Therefore the network is economically secure.

Then let’s consider what happens when the ETH/USDC exchange rate drops to 1,000 USDC = 1 ETH. Now the attacker’s profit ratio is 20%*(500*1,000+1,000,000) / 1000 = 300 while RHS is still 0.5/0.5*250 = 250. The balance flips and now the attack is profitable.

In fact, in this example, we can explicitly calculate the probability of corruption if we make further assumptions on the price movements of ETH. Those assumptions, though, would be beyond the scope of this article. Instead, let’s dive into an evaluation of collateral risks in real-world restaking protocols.

ETH-backed collateral

Native ETH

Using natively restaked ETH as collateral for a network means its security is strongly correlated with Ethereum’s economic security (and market price). For AVSs secured by ETH-backed collateral, a drop in ETH/USD price means a reduction in the attackers’ cost to obtain a higher percentage stake, relaxing the feasibility condition. In this case, it’s most helpful to compare the network’s economic security relative to that of Ethereum L1, which relies on the ~$90B worth of ETH staked on the Beacon Chain. The economic security of Ethereum L1 can be quantified using theoretical frameworks such as those outlined in the EigenLabs' STAKESURE paper.

LSTs

If ETH is analogous to cash on Ethereum L1, then LSTs can be thought of as “certificates of deposits” issued by financial intermediaries (e.g., Lido, Rocket Pool). Users deposit into liquid staking (LS) protocols in exchange for a long-term interest yield from Beacon Chain validators. The main risk resulting from this extra intermediary is deviation from par i.e., the value of LST significantly deviates from the value of its net asset value (typically equals its ETH deposits + rewards - slashing penalty).

Two factors contributing to the risk of price deviation are:

• Withdrawal mechanisms
• Market liquidity

Deposit and withdrawal (redemption) mechanisms are the primary markets for LSTs. Many liquid staking protocols implement a delay period to facilitate safe withdrawals. On the other hand, having deep liquidity in DEX pools supports the stability of an LST’s secondary market price. Based on our data analysis, the tracking error associated with the two major LSTs (stETH and rETH) are currently low. Tracking error for stETH's and rETH’s secondary market (DEX) exchange rates have remained below 1% consistently over the past months.

We can also clearly see the drawdown risks from DEX slippage curves, where lower values can be interpreted as higher drawdown risk. In the chart below, the trade size required for high slippage (>5%) is much higher for stETH and rETH (closer to the level of WETH) than cbETH and osETH.

Conversely, smaller LSTs typically experience larger tracking errors and volatility,  therefore increasing the network’s security risk. Due diligence on small-cap LSTs is highly recommended for networks using LSTs as a main source of collateral.

Non-ETH-backed collateral & dual staking

Aside from native ETH and LSTs, we recently saw an increase in the number of non-ETH-backed assets being introduced to the restaking ecosystem. An early example of this is the EIGEN token by Eigenlayer, used alongside ETH and LSTs in a dual staking model to jointly secure an AVS. The latest developments include Eigenlayer’s Permissionless Token Support and Symbiotic’s integration with ERC-20 tokens such as WBTC, FXS, and ENA.

For many protocols, restaking can be a way to add value to their utility or governance token in the form of restaking yields. However, there are nuances to using tokens with no underlying backed asset to provide security for an AVS. In this section, we explore collateral risk associated with alternative collaterals and dual staking models with enhanced economic security.

Modular dual staking

Modular dual staking is a framework where operators are categorized into two groups: one staking ETH/LST and the other staking alt collaterals. Network-level consensus is reached when every group reaches internal consensus.

For example, EigenDA relies on two operator quorums: quorum 0 for ETH/LST-collateralized operators and quorum 1 for EIGEN-collateralized operators. For an EigenDA batch to be successfully signed, each quorum must collect a certain percentage of stakeSigned independently. The two quorums are essentially redundant as they do not rely on the other quorum.

Under this model, the overall security depends on the weakest operator group. An attack on an alt collateral group can invalidate aggregate attestations to the network, which can be quite risky given that alt collaterals (AVS tokens or other ERC-20s) are typically more volatile compared to ETH/LSTs. This weakest-link argument can be generalized to any AVS secured by more than one type of ERC-20 collateral.

Price-weighted staking

Price-weighted staking (i.e. native dual staking, mesh staking) is an expanded security model that takes collateral price into consideration. At a high level, all operators’ stake are converted to their common denomination using a real-time price oracle. The network is able to choose the denomination between ETH and USD.

This approach provides a unifying evaluation for all operator stake, avoiding the weakest-link problem. However, the dependency on external oracles does add costs and oracle risk to the network.

Conclusion

An AVS’s economic security is associated with the price stability of its collateral, since a drop in the collateral’s market value can create profitable attacks to corrupt the AVS. Using native ETH collateral ties the AVS’s security to Ethereum’s security and value. LSTs, on the other hand, have varying risk associated with price deviation depending on their primary and secondary market liquidity.

For AVSs considering using non ETH-backed assets (e.g. an AVS-native token) to secure their network alongside ETH/LST collaterals, it’s important to consider the cost vs. security trade-offs associated with each dual staking framework.

As rewards and slashing mechanisms are expected to roll out in the coming months, we will continue to share our latest research on restaking collateral in the context of specific slashing implementations. Stay tuned!

References:

Tarun Chitra and Mallesh Pai (2024), “How Much Should You Pay for Restaking Security?” https://arxiv.org/abs/2408.00928

Naveen Durvasula and Tim Roughgarden (2024), “Robust Restaking Networks,”  https://arxiv.org/pdf/2407.21785

EigenLayer Research (2024), “Dual Staking: secure a PoS network with two tokens,” https://www.blog.eigenlayer.xyz/dual-staking/

EigenDA repository - Overview, https://github.com/Layr-Labs/eigenda/blob/master/docs/spec/overview.md

EigenLayer (2024), “Coming Soon: Permissionless Token Support on EigenLayer,” https://www.blog.eigenlayer.xyz/permissionless-token-support/