Exiting CSM validators
Last updated
Last updated
There are 3 reasons why CSM operators can receive exit requests from the Lido Protocol:
The node operator's bond amounts fall below the minimum threshold for the number of validator keys deposited by the CSM
To cover withdrawal requests from stETH holders
By DAO decision in some exceptional cases. This will require an on-chain vote and public discussion on the Lido Research forum.
Exit requests can be observed in the number Unbonded keys on the operator dashboard of the CSM Web App.
When this happens, CSM operators must initiate an exit on the requested number of validator keys as soon as possible (within 96 hours) to avoid penalty measures from having Stuck Keys.
Stuck Keys accrue when CSM operators do not perform timely (within 96 hours) exits on the required number of CSM-deposited validator keys when requested by the Lido Protocol.
Penalties of having Stuck Keys include:
New validator keys of the CSM operator will not be deposited
New staking rewards stop accruing for the CSM operator
Penalties are lifted when there are no more Stuck Keys. More details here.
Exiting CSM-deposited validator keys works the same way as exiting solo staking validator keys.
Refer to this dedicated guide for exiting validators put together by Remy Roy.
You can also follow the steps extracted from Remy's guide below (Linux only).
The whole process can feel daunting so we will break it down into 3 phases.
Ensure that you have either your 24-word mnemonic or your validator keystores + the password to decrypt it.
If you have neither, you will likely never be able to exit your validators, so keep both items secure!
Download the latest version of ethdo
Print the sha256 checksum
Verify the checksum of the downloaded zipped file using the output of the previous command.
Expected output:
Do not proceed if the checksum verification fails, and reach out for help on the Lido or Ethstaker discord.
Generate the offline-preparation.json file using ethdo
Expected output:
Recall the steps in the Install and prepare the OS section, but instead of installing Ubuntu as the OS, we will install TailsOS for extra security.
Prepare 2 brand new USB drives
Plug the first USB drive into your validator node machine and identify the USB drive on your terminal
After you find it, you can proceed to mount this first USB drive onto the /media folder
Load your validator keystores, the downloaded ethdo zipped file, the sha256 checksum, and the offline-preparation.json file into the first USB drive
Download the latest version of TailsOS into your laptop from the website and follow the instructions to upload the downloaded file for checksum verification
This step creates the airgapped machine: Unplug any wired connections from your laptop. Then, follow the steps in the Install and prepare the OS section to flash the second USB drive with TailsOS and boot up TailsOS on your laptop. Stop just before "Install the SSH server"
Plug the first USB drive into your laptop that is now running TailsOS and transfer all the files into the home folder
Loading the files onto TailsOS
Open up the terminal on TailsOS
Print the sha256 checksum
Verify the checksum of the downloaded zipped file using the output of the previous command.
Expected output:
Do not proceed if the checksum verification fails, and seek help on the Lido or Ethstaker discord.
Extract the ethdo file
Generate the exit message (Choose your method)
Method 1: Using the validator keystores + password
Method 2: Using the 24-word mnemonic
Copy the resulting file (e.g., 459921-exit.json) into your first USB (currently plugged into your TailsOS laptop). This is the exit message.
WARNING: Do not enter your 24-word mnemonic into any machine that is not air-gapped (i.e., never was and never will be online)
Broadcasting the exit message
Restart your TailsOS laptop and unplug the second USB flashed with TailsOS to revert to your normal operating system
All files that were previously copied onto TailsOS will be wiped automatically upon restart or shut down
Browse to https://beaconcha.in/tools/broadcast, upload your exit message into the widget and broadcast it
Your validator will now enter the exit queue. You must keep your validator node running until it is fully exited, or you will suffer offline penalties.
