What potential centralization risks will Ethereum face after the merger?

The Ethereum merger will bring new centralization problems to Ethereum, which are mainly reflected in three aspects. Although the centralization problem after the Ethereum merger can be solved, if it is not controlled, the centralization in the following three areas has the potential to control and destroy the Ethereum blockchain:

1. Diversity of consensus layer clients

2. Diversity of Execution Layer Clients

3. Dominance of staking pools and centralized exchanges

Ethereum nodes run on clients, which are more easily understood as a software engine. Without the client, the node will not be able to verify blocks and transaction data. There are currently many clients written in different programming languages; however, miners, node operators, and validators tend to choose a few clients with good reputations. After all, a client written in a less than perfect language will affect the hash rate, the uptime of the verification node, proofs, the frequency of block proposals, and in the worst case, the verification node will bring the risk of slashing.

After the Ethereum merger, both Ethereum's consensus layer and execution layer will run on the Beacon Chain. The consensus layer and execution layer will have their own clients, and they will have their own client diversity issues.

Consensus Layer

The following will outline each Ethereum layer in its current and post-merger state, and their unique risks in terms of client diversity. In addition, we will analyze the current distribution of stake on the beacon chain and how this concentration is exacerbated by the monopolistic liquid stake derivatives.

Ethereum has chosen a multi-client approach to block validation from the beginning. Ethereum clients are built by different teams, using different programming languages, with the primary purpose of increasing immunity to potential problems. Specifically, this is done to prevent unwanted and otherwise incorrect block proposals. All things being equal, this is better than a single-client approach.

Of course, a multi-client approach that lacks sufficient diversity is worse than a blockchain running on a single client.

In a scenario where a single consensus layer client retains a supermajority, and that client incorrectly proposes a block, everything starts to break down badly. Not only will the incorrect block be validated as "correct", but all opposing minority clients will be slashed for violating consensus, even though they proposed the correct block.

However, when a blockchain running on a single client incorrectly proposes a block, the same incorrect record will be validated, but it does not slash the minority clients because they do not exist. In either case, the incorrect block is validated. But in the case of multiple clients, the client with the super majority will also slash innocent and diligent participants.

Healthy client diversity is fundamental to Ethereum's transition to proof-of-stake, and in the first half of 2022, the community focused on efforts to diversify the client share of Ethereum's emerging consensus layer. The community has made some progress in reducing Prysm's usage share, and its dominance has indeed dropped from a super majority (>66% of the share) to just a majority in use.

Client Distribution

It is technically infeasible to know the exact client distribution on the Ethereum beacon chain, but there have been some reputable attempts to estimate it.

The two data sources we’re going to look at tell a similar story, though the severity of Prysm’s dominance varies depending on the sampling methodology. As described by Ether Alpha at Clientdiversity.org, Sigma Prime and Miga Labs developed two different methods to determine the severity of the problem:

Miga Labs uses a crawler to count beacon nodes and their self-reported identities. However, this means that validators that share a node are only counted once, and nodes with fewer validators have a larger impact on the estimate. ( Miga Labs ‌)
Another approach developed by Michael Sproul of Sigma Prime analyzes each client’s block proposal style, as described in this tweet .

Below I summarize the two sampling approaches and give lower and upper bounds on the estimates used.

Data as of June 13

While Prysm’s dominance remains a clear threat to Ethereum’s overall health, the problem was far more severe just a few months ago. In fact, Prysm’s usage for the entirety of 2021 is estimated to be close to 70%.

In March of this year, the Kiln testnet merged the execution and consensus layers, simulating the much-anticipated merge of the Ethereum mainnet. During this period, Prysm had a small episode, while other clients merged without problems. Client diversity on Kiln is not equivalent to client diversity on the beacon chain. In fact, Prysm only accounts for about 20% of validators on Kiln, which is not enough to disrupt the consensus of the testnet merge and prevent the final result. Although client diversity is not important in this test merge, it also rings the alarm bell for the current insecurity of the beacon chain.

The beacon chain does have disincentives to try to prevent a single client from becoming dominant, though these disincentives are overwhelmed by a supermajority of clients. If a client with more than 1/3 of the stake proposes a broken block, all ETH maintained by that client is slowly drained away until all other clients' stakes add up to more than 2/3. This correctly incentivizes validators to stake on clients with less than 1/3 of the stake, as a broken block proposal would be extremely costly.

However, this incentive structure does not work for clients with more than 2/3 of the stake, as their supermajority status would prevent the above slashing measures. In fact, this safety net works the opposite way: once clients reach supermajority status, new validators gain protection by joining the superclient.

Therefore, the possibility of a runaway superclient remains a real concern. A properly decentralized Ethereum consensus layer requires that no client retain more than 1/3 of the shares. Prysm is still far from this threshold, and until Prysm’s use is further minimized, its potential threat will hang over Ethereum’s new security model.

Execution Layer

Relative to the consensus layer, the execution layer clients are much less distributed, with most of the load falling on Geth. Currently, supermajority clients at the consensus and execution layers do not pose equal survival risks, as critical failures at the consensus layer guarantee more catastrophic effects. However, this will change after the merger.

Data as of June 13

In contrast to the consensus layer, client diversity at the execution layer has actually been deteriorating, further demonstrating the lack of urgency in improving Geth’s dominance at this point in time.

In June 2020, Geth's dominance was only 75%. At that time, the second largest client, Parity, had a 15% share, followed by OpenEthereum with a 5% share. Since then, Parity has merged with OpenEthereum, and as shown above, their combined share has dropped from 20% to 5%. From this perspective, the merger of the two did not achieve the expected effect.

Currently, the consequences of centralization are unequal for the consensus and execution layers. Concerns about Geth dominance do not extend as it currently only runs on Ethereum’s proof-of-work blockchain. Someone will always execute a block, even if a supermajority client is unable to do so. If Geth fails, for example, users running the client will be unable to interpret instructions and execute blocks, but the blockchain will not stop. Instead, the responsibility will shift to users running Erigon, Besu, etc., who in turn will happily reap more mining rewards. As we noted above, the consensus layer does not have this luxury and requires participation from the entire client community.

For this reason, the centralization issue of Geth has been shelved for now, which is actually shirking responsibility.

Client Distribution

Unlike consensus-layer clients on the beacon chain, which have little variance in uptime performance, execution-layer clients vary widely in quality. Geth’s huge lead has accelerated this gap, but the problem here is fundamental: consensus-layer clients have clear specifications to follow, while execution-layer clients have the freedom to often pursue different strategies. This pioneering nature has led to uncertainty in some clients; Erigon, Besu, and Nethermind are still sorting out the kinks.

However, after the merger, the consensus layer will rely on the execution layer for the authenticity of the blockchain, forcing it to inherit the ultimate responsibility. The two will be intertwined, and the diversity of one side will work best when the diversity of the other side is diverse. In other words, after the Ethereum merger, all consensus layer clients will ultimately make decisions based on the information given to them by their chosen execution layer.

Source: Consensys.net

While the community is currently focused on Prysm’s dominance, Geth may be seen as the next largest centralization vector after the merger. Some competitor clients such as Besu and Nethermind are looking to strengthen their reputations before the final fallout.

Finally, client diversity is further complicated by the issue of versions, which means that not all nodes are running the same version of Geth. A large portion of Geth block producers do not consistently update their nodes to the latest version of the software, while others deliberately customize the version to better maximize their MEV (miner extractable value) strategy (usually some fork of MEV-Geth).

Code Version - Data as of June 13

In this sense, all Geth operators are not strictly running the same code, which is most desirable when all things are equal. Nevertheless, when comparing Geth to another client managed by a different team, written in a different language, and with different logic, the differences between Geth 1.10.19 and Geth 1.10.16 are still negligible.

In addition to client diversity issues, the distribution of Ethereum pools on the beacon chain has also become concentrated in fewer and fewer hands, which brings very real and measurable centralization problems to the future of Ethereum.

Staking Pools and Centralized Exchange Staking

The number of validators for on-chain staking pools like Lido is easy to retrieve because we can see the exact number of liquid staked tokens on-chain. In other words, we know exactly how much stETH has been minted.

When counting centralized exchange validators, we again run into uncertainty. Exchanges like Coinbase don’t stake directly from their known addresses. Instead, they fund a new wallet with ETH, start a validator recharge, and then send the dust to one of their known wallets. Because there is no single recharge address, bots must count all funds they believe are managed by the exchange. This wallet-hopping strategy is used by Coinbase, Kraken, Binance, and others.

Data as of June 13

Still, from a comparative perspective, these numbers are pretty solid. Several active Ethereum community members have attempted similar estimates; the above validator node distribution is provided by Invis, from pools.invis.cloud.

Any analysis of staked ETH must take into account the question of withdrawals. Not only are these funds irreversibly locked prior to the merge, but a second hard fork would have to occur to withdraw the ETH before any returns could be realized. At press time, approximately 13 million of the 121 million ETH in existence is locked in the beacon chain’s deposit contract. We will likely see the distribution of locked ETH impacted and redistributed once withdrawals are enabled, but until then, this number will only increase further.

In the long run, the proportion of ETH staked may increase further; a successful merger and successful withdrawal will greatly reduce the associated risks borne by validators. At least temporarily, the staking yield after the merger will be greatly improved because the fees paid by the blockchain to miners are actually transferred to the stakers. This higher yield will further incentivize staking demand, leading to a dynamic balance of returns.

Centralization Risk

All of this information tells us that the risk of centralization of staked ETH is the least certain of the three vectors we studied, and is likely the stickiest vector due to commoditization and ultimately low switching costs in the form of liquid derivatives. However, we cannot rule out arbitrary lock-ups by centralized entities that prevent withdrawals, redistributions, or otherwise impede the timely exit of staked ETH.

Lido has over 1/3 of all ETH staked, was the first protocol to offer a staking token, and is by far the largest staking entity. Their stETH token was quickly integrated with popular DeFi tools like Aave, Maker, Bancor, etc… This first mover status allowed them to quickly scale and eat up the liquidity staking market. To be frank, this is not necessarily because they are the first team to solve a unique technical problem. Lido’s centralized and permissioned structure allowed them to quickly onboard large amounts of ETH in a short period of time, and of course, their marketing also helped.

Instead of having to onboard both infrastructure providers and liquid suppliers (a cumbersome network balancing act similar to the problems faced by ride-sharing companies), Lido essentially outsources all of the infrastructure to a few carefully selected entities. We can compare Lido to Uber, in that Lido doesn’t need more drivers to carry a large number of passengers; they simply send all the users they can attract to a dozen large taxi companies and take a share of the revenue.

This fast, centralized strategy has some additional drawbacks besides the obvious risk of running away.

The total amount of Lido minting is equal to the amount of ETH staked in their protocol, minus any ETH waiting in line. There is no buffer in between, and no pool for withdrawals or top-ups. Currently, if a user wants to exit their liquid staked position in Lido, their only option is to exchange it on a decentralized exchange. Comparatively, if one wants to buy into Lido’s liquid staked position, they also need to exchange it on the same decentralized exchange, or mint it directly through the protocol. This glaring mismatch is the fundamental driver of the stETH:ETH discount in DeFi right now (although presumably temporary until it’s pulled off the beacon chain).

Lido currently controls about 1/3 of all ether, which is a legitimate concern and definitely worthy of oversight. If Lido controlled more than half of all ether, then the DAO would be seen as a parasitic attack on the consensus of the entire blockchain. If Lido controlled more than 2/3 of all ether, they would effectively own the entire blockchain, and Ethereum, the decentralized internet experiment, would be over.

To address the issue of being ignored, I don’t expect stETH’s reward-adjusted price to enter a death spiral into ETH in a similar way to UST. Although it has centrally held keys and cannot be funded until Q4 or Q1 2023, it is fully backed. Essentially, stETH trades as a zero-coupon bond; because it does not pay interest immediately, it actually trades at a discount. This discount is priced by the time-weighted risk of holders’ ability to redeem their stETH for ETH after withdrawals are enabled.

Of course, there are other liquid staking projects on the market that aim to take market share from Lido. Some, like Rocket Pool, have the added benefit of being trustless and decentralized; that is, even if they become the majority pool, the risk calculation will be fundamentally different.

Compared to the client diversity problem, there is reason to believe that the distribution of staked ETH will look very different in the next few years. The yield outside of ETH staking has fallen sharply, leaving low-risk staking yield as an attractive opportunity. As Ethereum staking rushes to become the treasury of ETH designated investors, the total number of staked ETH may grow significantly from the current 13 million.

Ethereum staking income

Summarize

At first glance, this article can be summarized as three potential threats to Ethereum after the merger, which is partially true. Although it may be shooting itself in the foot, it is better for the health of Ethereum to distribute the dependencies of the core infrastructure to multiple participants in each sub-sector.

Ethereum's current state size presents challenges for client teams, whether they are building a new client, or maintaining an existing one. Clients are heavily maintained by small, frequently rotating teams, and are often underpaid. Developers believe that the state size adds significant complexity to client work, and there is insufficient monetary incentive for client teams.

Future Ethereum upgrades such as statelessness and state expiry that cannot be directly used to help client diversity may provide significant relief to current and future client teams. Reducing Ethereum’s state to a manageable size will primarily help decentralize the validator network by reducing hardware requirements and reducing sync times, but there are many second-order effects as well. While these issues are rarely discussed, it is reasonable to assume that future Ethereum Improvement Proposals (EIPs) targeting Ethereum’s state size will significantly reduce the complexity and effort of client development and maintenance.

The staking pool market is still young and evolving rapidly. Unlike mining, where each pool is highly hardware specific, switching costs for stakers will be minimal once withdrawals are enabled. For most of 2021, stETH was the only liquid staking derivative available within DeFi. It remains to be seen how competing tokens such as Rocket Pool’s rEth will fare, or how distribution will evolve in the long term. Exchanges keeping large caches of staked ether creates other problems and could disappoint those who embraced Ethereum because of its unbanked nature.

Currently, Ethereum is able to get away with client diversity and stake centralization concerns. In the coming months and years, this luxury will disappear and these issues will be mitigated or ignored depending on community response.

This report is not investment or trading advice. Please do your own research before making any investment decisions. An asset's past performance is not indicative of its future results. The author may hold cryptocurrencies or use the strategies mentioned in this report.