This article provides a detailed analysis of the definition of restaking, a comparison with existing staking models, an analogy with traditional financial models, and the inherent risks and distinctions from other staking models. The article is sourced from the author Tarun Chitra, compiled by LXDAO, and organized by PANews.
The article delves into the Restaking Summit held in Istanbul on November 13, 2023, where Gauntlet founder Tarun Chitra provided an in-depth explanation of the definition of restaking, elucidating the inherent risks of restaking and the specific distinctions of risks compared to other staking models.
The goal is to help readers better understand the principles of restaking and the detailed risks involved, as understanding the risks is essential in making risk-taking less intimidating.
What is Restaking?
Restaking may seem interesting but confusing when first heard, as the additional risks involved may not be clear. This article attempts to explain what these risks are and different mitigation methods, making risks less daunting overall. The discussions related to restaking in various scenarios have been informative and insightful.
Taking a macro view, I will briefly discuss some aspects similar to traditional finance, while also addressing risks without delving into mathematical equations. We will look at some charts and discuss ways to mitigate these risks.
This is Vitalik’s definition, noting his use of hyphens, which is different from other uses. In reality, this idea refers to someone having a way to reuse their stake while including additional slashing rules, with this stake being unrelated to network activity, used solely for security purposes.
As a high-level illustration, you can imagine yourself as an ETH holder, participating in the network either through Liquid Staking (LST) or directly as a validator, generating a feedback loop between fees and slashing. This is the situation without restaking.
By introducing restaking, new elements like MEV auctions and FHE (Fully Homomorphic Encryption) have been brought into the picture while introducing new slashing aspects in processing fees.
These aspects are triggered by a restaking delegation contract, where funds are deposited into a staking contract. During restaking, an ETH holder’s earnings include principal plus L1 fees and restaking fees, minus any violations of L1 and restaking.
Assume an ETH holder owns 100 ETH and aims to earn a 10% return through staking. They deposit ETH into a staking contract like Lido, agreeing to Ethereum’s slashing rules, such as sending conflicting messages (equivocation) and double-signing. By supporting the Lido validator, they earn a 10% return but also face potential slashing.
Upon withdrawal, they receive 107 ETH. If they restake 100 ETH, they not only earn a 10% return from staking ETH but also an additional 5% return from restaking applications. However, they also face new risks. The slashing events now present a tree-like structure with three possibilities.
For instance, individuals could be slashed on Layer 1, rollup, Layer 1, and rollup, indicating users and validators are choosing different risk paths. Unlike the past with a fixed set of L1 slashing events, the current state space is expanded, requiring users to have a new understanding of risks.
Restaking vs. Traditional Finance
This might sound like a less interesting concept: connecting restaking to traditional finance. But why not?
Restaking applications and Actively Validated Services (AVS) are somewhat similar to verifiable corporate bonds. Emerging networks seek security on Layer1, akin to enterprises using another company’s national financial system to issue bonds to protect their assets. Corporations and sovereign states issue bonds based on the highest security and liquidity.
For example, Argentina still chooses to issue USD-denominated bonds as the USD market offers the highest liquidity and the widest range of collateral purchase opportunities. From this perspective, if we consider ETH Layer1 as such sovereign currency, then restaking applications are akin to borrowing from this sovereignty and repaying principal and interest.
So, not everyone issues bonds everywhere. Looking at the history of the corporate bond market, you’ll find it heavily concentrated in a few jurisdictions. People are willing to cross their legal jurisdictions to issue bonds somewhere else because of better liquidity and exit opportunities.
In the repo market, individuals can borrow against government bonds or corporate bonds. By pledging the bonds, someone lends you money; over time, you gradually repay the loan (through profits earned by operating companies). For instance, Airbus or Boeing hold most of their cash in sovereign bonds, using them as collaterals for loans to build factories or other projects.
In 2023, Ethereum is the only sovereign entity supporting this repo market. However, one of the distinctions between restaking and traditional financial types is verifiability, i.e., default events, where when someone doesn’t pay, it triggers one of the slashing rules you initiated, incentivized by cryptography and independently verified through Layer1.
If it’s a government transaction (like I buy a bunch of government bonds and then use it as collateral for a loan but later fail to repay), that person is unlikely to complain to the US government. They can try to sue, but they can’t prove I didn’t pay, nor claim my credit should be slashed or penalized instantly. Hence, bond issuers and borrowers are not aligned in economic incentives.
In the case of AVS, it’s different. To some extent, this makes the process less like Defi lending and more like bonds and the bond market.
What Risks does Restaking Bring?
Next, what are the risks associated with restaking itself? Of course, we skip smart contract and operator risks here.
Among the three financial risks in restaking, the most severe is slashing risk, which is the only way to directly lose your principal.
The second is liquidity risk, with many restaking protocols having locked Liquid Staking Tokens (LST). Now, if a large portion of LST is locked in restaking pools, the loss of liquidity means the price of LST is more volatile compared to ETH. The security of AVS is measured in LST, implying higher implied volatility for end-users. When a particular type of LST becomes too concentrated in AVS, liquidity risk arises.
Lastly, there’s centralization risk. Taking the example of a DAO hack, suppose one-third of ETH is in a single AVS, exceeding the traditional BFT security threshold. Now, assume this one-third of ETH can be slashed not according to ETH consensus rules, like by not submitting fraud proofs, but due to other reasons, like I’m slashed because I didn’t double-sign. So, in a way, centralization also means these two systems are coupled.
Visualizing Restaking Risks
These charts show changes in the value of a position over time, with the Y-axis being the value of the position and the X-axis being time. The red line indicates the point of default triggering, where default is the worst-case scenario, i.e., the complete loss of principal. We will compare a series of scenarios for different applications and observe their default situations.
In on-chain lending, default is a pattern of indicative function jumping to zero; you have a position value lower than a certain liquidation threshold, then it jumps to zero. But this jump is singular and at a random time, making it a random stopping time based on the actual process, a one-time default.
Next, let’s consider perpetuity, whether on-chain or off-chain, having recurring funding rate updates. The net payments between long and short, or short to long, cause changes in the holding value, resulting in cyclic jumps. These time nodes are close to default time nodes.
Now, considering regular staking, in a sufficiently decentralized network with adequate isolation, such as many different nodes, various overlay networks, data centers, houses, slashing events should be Independent and Identically Distributed (IID), meaning a collapse at one place in AVS won’t result in everyone being slashed simultaneously. While the theoretical IID may not hold in reality, it’s an empirical issue.
But in this staking model, which is decentralized enough, losses due to slashing are IID events. The idea is that the locked principal value typically rises, as you can see, there’s a slashing event, it drops, so there’s a situation where my principal value jumps to zero but they are independent and random.
The last question is, what does restaking look like?
In restaking, you now have these related jumps, the idea being when considering restaking, you can’t treat it like in an isolated world.
Because in lending, you only care about a fixed threshold and price, like the time point when the purple line crosses the red line; in perpetual options, you’re concerned about the maximum deviation in prices within these periodic intervals.
And in regular staking, if it’s IID, you’re relatively safe only when the time scale is much longer than the value scale, but it’s not that simple here. You need to carefully consider the interaction between these two factors.
So, interestingly, in restaking, you can actually replicate all previous returns, plus some returns you can’t replicate.
How to Mitigate these Risks?
This leads to the natural final question, how should you mitigate these risks, what can you do to ensure these related events are not too correlated, and these jumps are not too significant.
In reality, you have two tools at your disposal. Firstly, parameter optimization, each AVS has parameters governing its security, whether it’s TVL limits or selecting slashing rules.
As you can see in the chart, if you notice that the slashing in AVS is roughly similar in size, but you