Lido CSM

PreviousSSV Staker NextGenerating CSM keystores

Last updated 3 months ago

Lido CSM

The Community Staking Module (CSM) is the Lido protocol’s first module with permissionless entry, allowing any node operator to operate validators by providing an ETH-based bond as security collateral

Workflow breakdown

Recall that running bonded validators via the Lido CSM does not require setting up a separate service on your hardware.

Instead, you simply tweak the parameters of the following steps of the native solo staking setup.

Generate new validator keys while setting the withdrawal_address to the Lido withdrawal vault.
- Mainnet: 0xB9D7934878B5FB9610B3fE8A5e441e8fad7E293f
- Holesky: 0xF0179dEC45a37423EAD4FaD5fCb136197872EAd9
For the validator client, set the fee_recipient flag to the Lido Execution Layer Rewards Vault either on the validator key level or configuring a separate validator client.
- Mainnet: 0x388C818CA8B9251b393131C08a736A67ccB19297
- Holesky : 0xE73a3602b99f1f913e72F8bdcBC235e206794Ac8
Import the newly generated CSM keystores
For the MEV-Boost service,
1. the-min-bid flag may be configured either at MEV-Boost level or at the CL client, the current acceptable maximum value for min-bid is 0.07 based on community consensus and may change.
2. On the consensus layer client, set the builder-boost-factor (or equivalent flags) to 100%. i.e., local and builder payloads should be treated with equal weights.
3. The -relay flags should be set to a list of values only using relays from the the list of Vetted MEV-Boost Relays for Lido CSM (refer to "Key settings to note" section).
  1. Mainnet: Select "Mainnet Active + Vetted" tab. You can choose only from relays tagged with (must use some) and (may use), and must choose at least one tagged with (must use some).
  2. Holesky : Select "Holesky Only" tab
Upload the newly generated deposit data file pertaining to your CSM keystores onto the Lido CSM Widget and provide the required bond amount in ETH/stETH/wstETH
- Mainnet: https://csm.lido.fi/
- Holesky : https://csm.testnet.fi/
Wait for your CSM validator keys to be deposited by Lido and make sure your node remains online in the meantime!

DO NOT DEPOSIT 32 ETH using the deposit data file generated this way as the Lido CSM will make the deposit for you. Doing so will result in a loss of funds.

Follow this guide from Setup Overview until you have your execution and consensus client set up
Generate new validator keys while setting the withdrawal_address to the Lido withdrawal vault.
- Mainnet: 0xB9D7934878B5FB9610B3fE8A5e441e8fad7E293f
- Holesky: 0xF0179dEC45a37423EAD4FaD5fCb136197872EAd9
For the validator client,
1. Set the fee_recipient flag to the Lido Execution Layer Rewards Vault either on the validator key level or configuring a separate validator client.
  - Mainnet: 0x388C818CA8B9251b393131C08a736A67ccB19297
  - Holesky : 0xE73a3602b99f1f913e72F8bdcBC235e206794Ac8
Import the newly generated CSM keystores
For the MEV-Boost service,
1. the-min-bid flag may be configured either at MEV-Boost level or at the CL client, the current acceptable maximum value for min-bid is 0.07 based on community consensus and may change.
2. On the consensus layer client, set the builder-boost-factor (or equivalent flags) to 100%. i.e., local and builder payloads should be treated with equal weights.
3. The -relay flags should be set to a list of values only using relays from the the list of Vetted MEV-Boost Relays for Lido CSM (refer to "Key settings to note" section).
  1. Mainnet: Select "Mainnet Active + Vetted" tab. You can choose only from relays tagged with (must use some) and (may use), and must choose at least one tagged with (must use some).
  2. Holesky : Select "Holesky Only" tab
Upload the newly generated deposit data file pertaining to your CSM keystores onto the Lido CSM Widget and provide the required bond amount in ETH/stETH/wstETH
- Mainnet: https://csm.lido.fi/
- Holesky : https://csm.testnet.fi/
Wait for your CSM validator keys to be deposited by Lido and make sure your node remains online in the meantime!

DO NOT DEPOSIT 32 ETH using the deposit data file generated this way as the Lido CSM will make the deposit for you. Doing so will result in a loss of funds.

*Step-by-step guide in the following sub-sections

Get Support

Join here: https://discord.com/invite/lido

Instructions

Select the Rules channel and react

Select the cs-get-started channel and react with both emojis

Drop your questions in the csm-testnet or csm-mainnet channel

How CSM works

As an overview, the Lido CSM deposits valid validator keys uploaded by node operators if the minimum bond required has also been provided.

"Valid validator keys" in this case refers to validator keystores generated while setting the withdrawalAddress field to the Lido CSM contract.

Rewards

Solo stakers receive rewards from 2 sources:

Bond rebase: staking rewards generated from the bonded tokens ((w)stETH)--e.g., 90% * ETH PoS staking yield * total ETH bond provided
Node Operator rewards: 6% share of rewards from the active validator keys deposited by the Lido Protocol with possible reductions for bad performance--e.g., 6% * ETH PoS staking yield * total validator keys deposited (32 ETH each) - poor performance penalties

Note: The share of rewards % above apply only on CSM Holesky testnet. The values for mainnet may differ and will be set upon the mainnet launch by DAO vote

Further, CSM operators will enjoy 2 additional rewards features described in more detail here:

Rewards smoothing across all Lido modules (e.g., block proposer rewards, sync committee rewards)
Rewards socialisation among validators whose performance exceeds a certain threshold and underperforming validators will receive no node operator rewards for the given frame

Bond mechanics

Providing the CSM bond

The required bond amounts can be provided by anyone, although it will most likely come from the node operator using the CSM (CSM operator) themselves.

Bond decrease

The bond provided serves as a deterrence against dishonest behaviours and poor performance by the node operator. e.g.,

MEV theft: If detected, a fine will be imposed by burning part of the node operator's bond and an amount of bond equivalent to the stolen amount will be locked until it is made whole.
Slashing events: Slashing penalties will be deducted from the bond amount and burnt
Sustained poor performance: If the effective balance of any validators fall below 32 ETH, the shortfall will be deducted from the bond amount and burnt

These events will cause the net bond balance of the CSM operator to fall below the required threshold.

In this scenario, the CSM node operator will cease to accrue rewards on their validator keys deposited by Lido CSM until:

The CSM node operator tops up the shortage
New rewards generated by the CSM node operator fills up the shortage--e.g., All new rewards will be used to replenish the bond shortage until it is back to the required level

Bond increase

On the other hand, because the bond is provided in stETH (which rebases in quantity), the bond balance of CSM operators will increase over time, above the required threshold.

Excess bond balance, together with accrued rewards, will be claimable by CSM operators from the CSM Web App.

More details on bond mechanics here.

Rewards Address & Manager Address

There are 2 main addresses used by CSM operators.

Rewards Address: This is the address that all accrued rewards and excess bond amounts will go to when claimed. Rewards Addresses can change Manager Addresses but Rewards Addresses can only be changed by itself.
Manager Address: This is the address that can trigger the claiming of all accrued rewards and excess bond amounts to the Rewards Address. The Manager Address can also upload/remove new/existing deposit data files. The Manager Address cannot change the Rewards Address.

Upon creation of a Node Operator these addresses are set equal, but they can be changed afterwards.

It is recommended to use different addresses for security reasons. A hot wallet may be used for the Manager address to simplify daily operations, while a cold wallet is preferable for the Rewards address to enhance security. Node Operators are solely responsible for the security of the private keys related to these addresses.

For example, CSM operators with their hot wallet addresses included in the Early Adoption list can change their Rewards Address to a more secure address

More details on Rewards vs Manager addresses here.

Key settings to note

These settings are part of the expectations for all node operators participating in the CSM. Read more here.

Keystore generation--Withdrawal address

During the validator key generation step, generate a number of validator keystores along with the deposit data file while setting the withdrawalAddress field to the Lido Withdrawal Vault.

Mainnet: 0xB9D7934878B5FB9610B3fE8A5e441e8fad7E293f
Holesky: 0xF0179dEC45a37423EAD4FaD5fCb136197872EAd9

DO NOT DEPOSIT 32 ETH using the deposit data file generated this way as the Lido CSM will make the deposit for you. Doing so will result in a loss of funds.

You will then upload your deposit data file in the next section. Make sure you complete the remaining steps on this page before that.

Validator Client Setup--Fee Recipient Address

During the validator client setup step, set the fee_recipient flag to the Lido Execution Layer Rewards Vault.

Mainnet: 0x388C818CA8B9251b393131C08a736A67ccB19297
Holesky : 0xE73a3602b99f1f913e72F8bdcBC235e206794Ac8

For existing solo stakers, you can set the fee_recipient address in one of 2 ways in this sub-page:

Method 1: Set the fee_recipient address per validator key
Method 2: Spin up a new validator client service specifically for your CSM validator keys so that you can retain your own fee_recipient address for your solo staking keys.

MEV-Boost Setup

Relay endpoints

Set the -min-bid flag or set it to 0.07
During the MEV-Boost setup step, set the -relay flags only to the list of designated MEV relays for Lido CSM
- Mainnet: Select "Mainnet Active + Vetted" tab. You can choose only from relays tagged with “must use some” and “may use”, and must choose at least one tagged with “must use some”.
- Holesky : Select "Holesky Only" tab

Verifying your MEV Boost setup

To verify that your validator pubkeys have been successfully registered onto the builder network, look out for the following lines in your logs.

Validator client logs: Validator *** 1 out of 1 validator registration(s) were successfully sent to the builder network via the Beacon Node.
Mev-boost logs: level=info msg="http: POST /eth/v1/builder/validators 200" duration=0.076901 method=POST

Make sure you are seeing method=POST instead of method=GET in the Mev-boost logs.

Verifying the MEV Relay List

You can verify the latest MEV Relay List for the Lido CSM below.

Steps to verify list of approved MEV Relays:

Go to the Etherscan link above and it will bring you to the MEV Relay Inclusion List used by the Lido CSM
Under Contract>>Read Contract>>4. get_relays>>Query
A list of relay endpoints will appear under this section 4. get_relays. Verify that you are only using relay endpoints from this list.

Other MEV Boost Settings

How to configure Builder/Local Boost settings per CL/VC client ❓

Teku

Teku CL (action: set to 100), Source

--builder-bid-compare-factor

(Default: 90) For example, a builder bid comparison factor of 90 means the builder's payload is chosen when its value is at least 10% greater than what can be built locally.

Prysm

Prysm CL (action: set to 0), Source

--local-block-value-boost

(Default: 10) Use builder block if: builder_bid_value * 100 > local_block_value * (local-block-value-boost + 100)

Lighthouse

Lighthouse VC (action: set to 100), Source

--builder-boost-factor

(Default: 100)

Nimbus

For Nimbus, which setting has the priority:

depends where the validators live (which component owns the private keys). If they're in the VC, then the VC determines it. if in the BN, then the BN does

Nimbus CL (action: set to 0), Source, Source 2

--local-block-value-boost

(Default =10) Increase execution layer block values for builder bid comparison by a percentage.

Nimbus VC (no action)

--builder-boost-factor

(Default: 100) Percentage multiplier to apply to the builder's payload value when choosing between a builder payload header and payload from the paired execution node.

Lodestar

Lodestar VC (action: --builder.selection = ‘maxprofit’), Source

--builder.selection

(Default: "executiononly"). maxprofit: An alias of--builder.boostFactor=100, which will always choose the more profitable block.

PreviousSSV Staker NextGenerating CSM keystores

Last updated 3 months ago

Workflow breakdown

Recall that running bonded validators via the Lido CSM does not require setting up a separate service on your hardware.

Instead, you simply tweak the parameters of the following steps of the native solo staking setup.

Generate new validator keys while setting the withdrawal_address to the Lido withdrawal vault.
- Mainnet: 0xB9D7934878B5FB9610B3fE8A5e441e8fad7E293f
- Holesky: 0xF0179dEC45a37423EAD4FaD5fCb136197872EAd9
For the validator client, set the fee_recipient flag to the Lido Execution Layer Rewards Vault either on the validator key level or configuring a separate validator client.
- Mainnet: 0x388C818CA8B9251b393131C08a736A67ccB19297
- Holesky : 0xE73a3602b99f1f913e72F8bdcBC235e206794Ac8
Import the newly generated CSM keystores
For the MEV-Boost service,
1. the-min-bid flag may be configured either at MEV-Boost level or at the CL client, the current acceptable maximum value for min-bid is 0.07 based on community consensus and may change.
2. On the consensus layer client, set the builder-boost-factor (or equivalent flags) to 100%. i.e., local and builder payloads should be treated with equal weights.
3. The -relay flags should be set to a list of values only using relays from the the list of Vetted MEV-Boost Relays for Lido CSM (refer to "Key settings to note" section).
  1. Mainnet: Select "Mainnet Active + Vetted" tab. You can choose only from relays tagged with (must use some) and (may use), and must choose at least one tagged with (must use some).
  2. Holesky : Select "Holesky Only" tab
Upload the newly generated deposit data file pertaining to your CSM keystores onto the Lido CSM Widget and provide the required bond amount in ETH/stETH/wstETH
- Mainnet: https://csm.lido.fi/
- Holesky : https://csm.testnet.fi/
Wait for your CSM validator keys to be deposited by Lido and make sure your node remains online in the meantime!

DO NOT DEPOSIT 32 ETH using the deposit data file generated this way as the Lido CSM will make the deposit for you. Doing so will result in a loss of funds.

Follow this guide from Setup Overview until you have your execution and consensus client set up
Generate new validator keys while setting the withdrawal_address to the Lido withdrawal vault.
- Mainnet: 0xB9D7934878B5FB9610B3fE8A5e441e8fad7E293f
- Holesky: 0xF0179dEC45a37423EAD4FaD5fCb136197872EAd9
For the validator client,
1. Set the fee_recipient flag to the Lido Execution Layer Rewards Vault either on the validator key level or configuring a separate validator client.
  - Mainnet: 0x388C818CA8B9251b393131C08a736A67ccB19297
  - Holesky : 0xE73a3602b99f1f913e72F8bdcBC235e206794Ac8
Import the newly generated CSM keystores
For the MEV-Boost service,
1. the-min-bid flag may be configured either at MEV-Boost level or at the CL client, the current acceptable maximum value for min-bid is 0.07 based on community consensus and may change.
2. On the consensus layer client, set the builder-boost-factor (or equivalent flags) to 100%. i.e., local and builder payloads should be treated with equal weights.
3. The -relay flags should be set to a list of values only using relays from the the list of Vetted MEV-Boost Relays for Lido CSM (refer to "Key settings to note" section).
  1. Mainnet: Select "Mainnet Active + Vetted" tab. You can choose only from relays tagged with (must use some) and (may use), and must choose at least one tagged with (must use some).
  2. Holesky : Select "Holesky Only" tab
Upload the newly generated deposit data file pertaining to your CSM keystores onto the Lido CSM Widget and provide the required bond amount in ETH/stETH/wstETH
- Mainnet: https://csm.lido.fi/
- Holesky : https://csm.testnet.fi/
Wait for your CSM validator keys to be deposited by Lido and make sure your node remains online in the meantime!

DO NOT DEPOSIT 32 ETH using the deposit data file generated this way as the Lido CSM will make the deposit for you. Doing so will result in a loss of funds.

*Step-by-step guide in the following sub-sections

Get Support

Join here: https://discord.com/invite/lido

Instructions

Select the Rules channel and react

Select the cs-get-started channel and react with both emojis

Drop your questions in the csm-testnet or csm-mainnet channel

How CSM works

As an overview, the Lido CSM deposits valid validator keys uploaded by node operators if the minimum bond required has also been provided.

"Valid validator keys" in this case refers to validator keystores generated while setting the withdrawalAddress field to the Lido CSM contract.

Rewards

Solo stakers receive rewards from 2 sources:

Bond rebase: staking rewards generated from the bonded tokens ((w)stETH)--e.g., 90% * ETH PoS staking yield * total ETH bond provided
Node Operator rewards: 6% share of rewards from the active validator keys deposited by the Lido Protocol with possible reductions for bad performance--e.g., 6% * ETH PoS staking yield * total validator keys deposited (32 ETH each) - poor performance penalties

Note: The share of rewards % above apply only on CSM Holesky testnet. The values for mainnet may differ and will be set upon the mainnet launch by DAO vote

Further, CSM operators will enjoy 2 additional rewards features described in more detail here:

Rewards smoothing across all Lido modules (e.g., block proposer rewards, sync committee rewards)
Rewards socialisation among validators whose performance exceeds a certain threshold and underperforming validators will receive no node operator rewards for the given frame

Bond mechanics

Providing the CSM bond

The required bond amounts can be provided by anyone, although it will most likely come from the node operator using the CSM (CSM operator) themselves.

Bond decrease

The bond provided serves as a deterrence against dishonest behaviours and poor performance by the node operator. e.g.,

MEV theft: If detected, a fine will be imposed by burning part of the node operator's bond and an amount of bond equivalent to the stolen amount will be locked until it is made whole.
Slashing events: Slashing penalties will be deducted from the bond amount and burnt
Sustained poor performance: If the effective balance of any validators fall below 32 ETH, the shortfall will be deducted from the bond amount and burnt

These events will cause the net bond balance of the CSM operator to fall below the required threshold.

In this scenario, the CSM node operator will cease to accrue rewards on their validator keys deposited by Lido CSM until:

The CSM node operator tops up the shortage
New rewards generated by the CSM node operator fills up the shortage--e.g., All new rewards will be used to replenish the bond shortage until it is back to the required level

Bond increase

On the other hand, because the bond is provided in stETH (which rebases in quantity), the bond balance of CSM operators will increase over time, above the required threshold.

Excess bond balance, together with accrued rewards, will be claimable by CSM operators from the CSM Web App.

More details on bond mechanics here.

Rewards Address & Manager Address

There are 2 main addresses used by CSM operators.

Rewards Address: This is the address that all accrued rewards and excess bond amounts will go to when claimed. Rewards Addresses can change Manager Addresses but Rewards Addresses can only be changed by itself.
Manager Address: This is the address that can trigger the claiming of all accrued rewards and excess bond amounts to the Rewards Address. The Manager Address can also upload/remove new/existing deposit data files. The Manager Address cannot change the Rewards Address.

Upon creation of a Node Operator these addresses are set equal, but they can be changed afterwards.

For example, CSM operators with their hot wallet addresses included in the Early Adoption list can change their Rewards Address to a more secure address

More details on Rewards vs Manager addresses here.

Key settings to note

These settings are part of the expectations for all node operators participating in the CSM. Read more here.

Keystore generation--Withdrawal address

During the validator key generation step, generate a number of validator keystores along with the deposit data file while setting the withdrawalAddress field to the Lido Withdrawal Vault.

Mainnet: 0xB9D7934878B5FB9610B3fE8A5e441e8fad7E293f
Holesky: 0xF0179dEC45a37423EAD4FaD5fCb136197872EAd9

DO NOT DEPOSIT 32 ETH using the deposit data file generated this way as the Lido CSM will make the deposit for you. Doing so will result in a loss of funds.

Validator key generation

You will then upload your deposit data file in the next section. Make sure you complete the remaining steps on this page before that.

Validator Client Setup--Fee Recipient Address

During the validator client setup step, set the fee_recipient flag to the Lido Execution Layer Rewards Vault.

Mainnet: 0x388C818CA8B9251b393131C08a736A67ccB19297
Holesky : 0xE73a3602b99f1f913e72F8bdcBC235e206794Ac8

Validator client setup

For existing solo stakers, you can set the fee_recipient address in one of 2 ways in this sub-page:

Method 1: Set the fee_recipient address per validator key
Method 2: Spin up a new validator client service specifically for your CSM validator keys so that you can retain your own fee_recipient address for your solo staking keys.

MEV-Boost Setup

Relay endpoints

Set the -min-bid flag or set it to 0.07
During the MEV-Boost setup step, set the -relay flags only to the list of designated MEV relays for Lido CSM
- Mainnet: Select "Mainnet Active + Vetted" tab. You can choose only from relays tagged with “must use some” and “may use”, and must choose at least one tagged with “must use some”.
- Holesky : Select "Holesky Only" tab

Verifying your MEV Boost setup

To verify that your validator pubkeys have been successfully registered onto the builder network, look out for the following lines in your logs.

Validator client logs: Validator *** 1 out of 1 validator registration(s) were successfully sent to the builder network via the Beacon Node.
Mev-boost logs: level=info msg="http: POST /eth/v1/builder/validators 200" duration=0.076901 method=POST

Make sure you are seeing method=POST instead of method=GET in the Mev-boost logs.

Verifying the MEV Relay List

You can verify the latest MEV Relay List for the Lido CSM below.

Steps to verify list of approved MEV Relays:

Go to the Etherscan link above and it will bring you to the MEV Relay Inclusion List used by the Lido CSM
Under Contract>>Read Contract>>4. get_relays>>Query
A list of relay endpoints will appear under this section 4. get_relays. Verify that you are only using relay endpoints from this list.

Other MEV Boost Settings

How to configure Builder/Local Boost settings per CL/VC client ❓

Teku

Teku CL (action: set to 100), Source

--builder-bid-compare-factor

(Default: 90) For example, a builder bid comparison factor of 90 means the builder's payload is chosen when its value is at least 10% greater than what can be built locally.

Prysm

Prysm CL (action: set to 0), Source

--local-block-value-boost

(Default: 10) Use builder block if: builder_bid_value * 100 > local_block_value * (local-block-value-boost + 100)

Lighthouse

Lighthouse VC (action: set to 100), Source

--builder-boost-factor

(Default: 100)

Nimbus

For Nimbus, which setting has the priority:

depends where the validators live (which component owns the private keys). If they're in the VC, then the VC determines it. if in the BN, then the BN does

Nimbus CL (action: set to 0), Source, Source 2

--local-block-value-boost

(Default =10) Increase execution layer block values for builder bid comparison by a percentage.

Nimbus VC (no action)

--builder-boost-factor

(Default: 100) Percentage multiplier to apply to the builder's payload value when choosing between a builder payload header and payload from the paired execution node.

Lodestar

Lodestar VC (action: --builder.selection = ‘maxprofit’), Source

--builder.selection

(Default: "executiononly"). maxprofit: An alias of--builder.boostFactor=100, which will always choose the more profitable block.