Lido co-founder Vasiliy Shapovalov and Lighthouse developer Dapplion recently presented a new EIP, EIP-7684, to strengthen the security guarantees of smart contract-based staking pools. 🔗 github.com/ethereum/EIPs/blob/master/EIPS/eip-7684.md This proposal aims to secure staking pool users and may impact our ETH staking solution, which is built as a pool. We're excited to share more about it and our thoughts! The key idea of EIP-7684 is to automatically withdraw deposits for existing validator records, but where the deposit includes a distinct execution withdrawal credential. The main motivation for this code change is to prevent front-running attacks against smart contract-based staking pools. https://preview.redd.it/s5t0uaf29l1d1.png?width=1284&format=png&auto=webp&s=1fcd37edbc15c84ff1e4114c39dca6aa80cadd85 While such an attack is theoretically possible, it would require a significant ETH amount and would be akin to a scam node operator, damaging reputation more severely than slashing. This type of attack is equivalent to a scam exit by the node operator because it is not an attack from an external party but an attack from one of the participants in the transaction, and it is equivalent to zeroing reputation. Plus, such an attack requires a large amount of ETH for front-run, at least 1 ETH per validator. To carry out such an attack, access to the private keys of validators that have not yet deposited is necessary. This means knowing which validators will deposit, having their keys, and timing the deposit to front-run it. Essentially, this is an attack on the validator deposit, not on staking pools. Currently, the authors are seeking feedback and reviews on the proposal. Dapplion mentioned that while the EIP is not 'trivial,' it represents the simplest code change to address front-running attacks against staking pools. In general, this proposal is necessary but not critical. It’s good to have, though the probability of such a scenario is small. While this proposal is not implemented we recommend using only verified node operators like Everstake. Everstake's smart contracts have undergone several security audits by the industry's leading auditor companies, including ChainSecurity and Ackee, ensuring our staking solution meets industry standards for safety and reliability. It is worth noting that we also ensure top-notch security precautions for validators' key storage using different methods and security levels. We also partner with the best and most secure wallets. Our 0.1+ ETH staking solution is 100% non-custodial, so users retain full control of their funds, including staking, unstaking, withdrawals, and reward management 🔗 everstake.one/link/stake-ethereum-pc https://preview.redd.it/1b1kbf399l1d1.png?width=1943&format=png&auto=webp&s=d1ce42f206b15fcc21e5cb352ca218ab4768cc6f submitted by /u/irina_everstake |