Dynamic vs. Static Security in Staking Designs
This blog post is the last of our Crypto-Staking Blog Series. You can find the first post on the economics of crypto staking here and the second post, with an economic comparison of staking across blockchains, here.
15.12.2023, von Nicolas Oderbolz, Beatrix Marosvölgyi, Matthias Hafner
Expertisefelder Blockchain und Kryptoassets, Data ScienceIn our third blog post in this series, we summarize and comment on our previous findings. We discuss the economic trade-offs of different staking policy choices. Of course, the various dimensions of a staking policy can be combined in a variety of ways. Our goal is not to identify a single best approach, but rather to provide an intuition for how individual parameters of staking programs may affect the incentives faced by participants in a proof-of-stake protocol.
Minimum staking amount and minimum staking period
First, we turn to minimum staking amounts.
In general, the minimum staking amount influences the blockchain along two dimensions: (1) static security and (2) dynamic security.
- Static security: Higher minimum staking requirements prevent validators with low levels of financial interest in the functioning of the protocol from participating in the consensus mechanism. As a result, higher staking requirements increase the share of honest and active validators. Thus, a high minimum staking amount improves the quality of the active validator set.
- Dynamic security: Lower minimum staking requirements for validators lower the financial barriers for participation in the consensus mechanism. This can benefit validator adoption and result in a larger and a more decentralized validator base.
The minimum staking amount increases static security, but decreases dynamic security. The overall effect is therefore not straightforward, and the protocols must strike a balance between the two. Depending on the priorities of the protocol, different choices of minimum staking requirement may be reasonable. For example, newly established protocols may want to institute lower minimum staking requirements to foster validator adoption. On the other hand, established protocols may want to improve the quality of individual validators after having reached a critical network size. In this case, increasing minimum staking requirements may be preferable.
Minimum staking periods act in a similar manner. They determine the minimum duration for which validators must stake their tokens when participating in the consensus mechanism. We can again identify a trade-off between (1) static security and (2) dynamic security:
- Static security: Longer lock-up periods tend to increase the level of commitment to the protocol. With assets being committed for extended periods, potential reputation damages become more costly for individual validators. Further, longer staking periods limit the ability to withdraw staked assets in response to short-term fluctuations in token value, aligning validators’ financial interests with the medium-term success of the token and platform. Additionally, extended staking periods can help alleviate the risk of substantial withdrawals from the staking pool occurring within a short period of time, akin to a “bank run”. Such events can potentially occur during valuation bubbles and can destabilize the consensus mechanism [1]. Therefore, given a static set of validators, extending the minimum staking period can help improve platform security.
- Dynamic security: As already mentioned, longer staking periods reduce the degree of flexibility with which stakers can reallocate their funds. This increases validators’ exposure to token price risk. Additionally, tokens are typically used as currency within the blockchain platform and as a result, higher minimum staking periods can reduce transaction and consumption convenience on the network. Minimum staking periods thus make the staking investment more prohibitive and increase the entry barriers to the staking program. Thus, by limiting validator adoption, longer staking periods decrease the security of the platform.
As with the minimum staking amount, the minimum staking period increases static security but reduces dynamic security, and protocols must strike a balance between the two.
Figure 1 shows that, in practice, the trade-offs underlying the choice of minimum staking amount and minimum staking period are handled in a variety of ways. For example, Cosmos and Polkadot offer low minimum staking amounts but require at least some commitment in terms of staking duration. In comparison, Avalanche and Ethereum impose shorter lock-up periods but simultaneously expect substantial minimum staking amounts. Furthermore, a subset of blockchains, including Cardano and Solana, require both modest minimum staking periods and low minimum staking amounts.
Figure 1: Minimum staking period compared to the minimum staking amount
Source: Center for Cryptoeconomics, data source: Staking Rewards
At present, blockchains handle the trade-off between minimum staking period and minimum staking amount differently. It may also be worth noting that until the Shapella update, validators on Ethereum could not unstake at all. This example shows that demand for staking can be sustained even with long minimum staking periods. The increased demand for staking after the Shapella update indicates, however, that the staking duration does play a crucial role in staking adoption. It is also worth noting that some blockchains, including Solana and Ethereum, mitigate the risk of bank runs by limiting the number of withdrawals that can be made in a given period of time.[2] Such policies are able to ensure the stability of the active validator set during periods of high demand for withdrawals while allowing for flexibility in withdrawals when demand is stable.
Staking Rewards
We turn next to the rewards validators and delegators earn for staking and participating in the consensus mechanism.
The staking reward policies we examine in this series of posts vary from blockchain to blockchain. However, it is important to note that, in general, staking rewards can be funded either through the issuance of new tokens or through platform transaction fees, which can have important implications for the incentives faced by participants in the consensus mechanism.
In particular, the choice of a staking rewards policy necessitates a careful consideration of the trade-offs among three key factors: (1) static security, (2) dynamic security, and (3) token success:
- Static security: High staking rewards and particularly staking rewards that depend on active participation in the consensus mechanism may improve the quality of the validator set. In addition, high staking rewards increase the financial costs for an adversary seeking to execute a bribery attack, since validators require higher compensation to forego their regular staking rewards.
- Dynamic security: All else equal, higher staking rewards serve as an incentive for participation in the consensus mechanism, resulting in a larger validator set and staking pool, thereby improving the security of the consensus mechanism. It is worth noting that improved protocol security can also have second-order effects on platform adoption and token price, as a secure platform is a more compelling proposition to potential users.
- Token success: All else being equal, higher staking rewards increase the demand for staking. The result is an increased staking ratio and reduced liquidity in the market, which pushes token prices up [3]. However, if staking rewards are funded by inflation and there is no additional deflationary mechanism in place, the supply of tokens may increase in the long run, putting downward pressure on the token price.
To effectively manage the trade-offs outlined above, many blockchains allow staking reward rates to adjust dynamically. Such policies recognize that as staking rates increase, marginal gains in security decrease. In addition, the reduced market liquidity implied by higher staking ratios may hinder platform activity. A simple approach is to set an aggregate reward amount, which is then distributed to validators within a specified time frame. This allows the reward per staked token to decrease with the amount of tokens staked. While the intricacies of the policies employed vary, all of the blockchains in our sample employ staking reward policies that result in a negative correlation between the staking ratio and individual-level staking returns.
An important additional aspect of any staking reward policy is managing the associated monetary policy. If high staking reward rates are funded through an inflationary monetary policy, token holdings are diluted and negative pressure is placed on the token price. Alternatively, high individual rewards may be financed with high transaction fees, which in turn increase entry barriers for potential users. For many Proof-of-Stake blockchains in the early stages of adoption, high inflation rates may be necessary to achieve staking rewards large enough to incentivize staking. As the platform grows and revenues from transaction fees increase, it may become possible to reduce inflation in favour of funding rewards through transaction fees. In the long run, such a transition may be necessary for token success [4].
Figure 2 shows how average staking reward rates compare to inflation rates in recent months across our sample of blockchains and is thereby illustrative of where the various blockchains stand regarding the transition to a sustainable and non-inflationary staking reward policy. First, one can observe a large variation in average nominal staking reward rates. Interestingly, protocols with longer minimum staking periods tend to also offer higher returns to staking, suggesting that stakers require a premium for the elevated price risk and losses in transaction convenience that come with longer minimum staking periods. Also, inflation and nominal staking rewards tend to be correlated, suggesting that real staking returns turn out to be much more similar and overall less attractive across blockchains.
However, it should also be noted that, except for Cosmos, these blockchains all have mechanisms in place to reduce inflation as they mature. For example, Avalanche burns all transaction fees, resulting in a deflationary effect that may be able to reduce inflation as the platform grows. While not burning transaction fee revenues, Cardano has committed to an inflation rate schedule that promises declining inflation rates over time. Solana employs a mixture of these two strategies, committing to a declining inflation rate schedule as well as burning 50% of transaction fee revenues. Ethereum also follows this combined approach and already now burns enough transaction fees to allow for positive staking reward rates without inflation.
Figure 2: Inflation rate compared to the nominal staking reward rate
Source: Center for Cryptoeconomics, data source: Staking Rewards
In sum, mechanisms to reduce inflationary staking reward policies are in place on most blockchains. However, whether the platforms will mature enough to allow for platform revenues to replace inflation remains to be seen. In the meantime, holders of the respective native tokens should be aware that their token holdings are at risk of substantial dilution over time.
Slashing
In most consensus mechanisms we examine, various types of misbehaviour by validators can result in slashing penalties, whereby either staking rewards are reduced or the staked collateral is confiscated. Malicious behaviour can take many forms, and pinpointing individual validator actions as unambiguously malicious is not always possible.
Certain forms of liveness attacks, for example, involve validators conspiring to cease participation in the consensus mechanism [5]. Given that mere downtime does not inherently imply malicious intent, it can be difficult to identify the validators directly involved in such an attack. This can complicate the design of an effective slashing policy and present a risk for honest validators.
Slashing policies can again be evaluated in terms of the trade-off between (1) static security and (2) dynamic security:
- Static security: Since it makes efforts to manipulate the consensus mechanism more costly, slashing can create powerful incentives for protocol-concordant behaviour. Direct financial losses may be incurred when an individual validator behaves maliciously and is found out. As a result, given a static set of validators, slashing increases the security of the protocol.
- Dynamic security: As noted above, certain validator activities, while not inherently malicious, may still be susceptible to slashing in some cases. Consequently, slashing poses a potential risk even to honest validators, and stricter slashing policies may thus act as a barrier to entry for validators wishing to join the platform. Thus, all else being equal, slashing reduces the number of validators and thus reduces security.
As a result, slashing has a positive effect on static security and a negative effect on dynamic security. The slashing policy that maximizes security must therefore again strike a balance between the two. To find the optimal level, protocols must analyze the response of validators to changes in slashing. The lower the response of validators to slashing levels, the less important the static effect, and thus the closer the optimum will be to maximizing static security. In order to set optimal slashing parameters, protocols must therefore evaluate the slashing elasticity of staking demand.
It has been argued that slashing does not affect static security, since the reduction in token value after a protocol security breach is a sufficient deterrent against malicious behavior. However, there are several arguments against this claim. For example, bribery attack strategies can be constructed that make malicious behavior strictly preferable for rational validators and that do not depend on the degree of value depreciation of the token if the attack is successful. However, it can be shown that the financing costs of such strategies increase with the severity of the slashing policy [6]. Integrating slashing into the mechanism design of a proof-of-stake protocol can therefore increase the financial consequences faced by an adversary attempting to compromise the system.
In practice, the severity of slashing punishments and the items subjected to slashing—whether potential rewards or actual collateral—vary among blockchains. On Avalanche, rewards can be reduced if a validator’s uptime is less than 80% of the other validators’ uptime. The protocol does not slash the collateral itself. Similarly, Cardano does not slash the collateral but reduces staking rewards
if validator pools reach a certain size threshold or if a validator does not pledge enough own stakes to their validator pool. This promotes decentralization and makes potential bribery attacks more difficult to coordinate. Finally, Algorand does not slash staked tokens but reduces rewards if token holders do not participate in the governance of the platform.
On the remaining blockchains we evaluate, stakes tend to be slashed more severely, thus making deviations from platform-concordant behaviour more costly. On Ethereum, Solana, Polkadot, and Cosmos, the staked collateral can at least partially be slashed if the validator misbehaves. The share of tokens that are slashed may vary depending on the specific circumstances of the offence and the security risk associated with the offence.
Conclusion
In the past three blog posts, we have developed the key economic concepts needed to analyze staking programs, reported on the design of some of the most popular Proof-of-Stake protocols, and synthesized our findings in a short comparison of Proof-of-Stake protocols and their underlying economic trade-offs.
We conclude by summarizing our findings within the framework developed in the initial blog post. In this framework, staking policies can pursue three mutually exclusive objectives: platform growth, security improvement, and token appreciation. Figure 3 places our sample of blockchains within this framework.
Ethereum seems to be in a somewhat unique position compared to the other blockchains. Ethereum stands alone in its maturity, offering positive staking rewards without simultaneously pursuing an inflationary monetary policy. It does so while prioritizing static security improvements over dynamic security, i.e., maintaining high minimum staking amounts and significant slashing penalties. Overall, Ethereum's staking policy places little emphasis on future platform growth, but focuses on promoting platform security and token appreciation.
In contrast, the remainder of the blockchains we studied, pursue inflationary monetary policies and, as such, prioritize future platform adoption growth over token appreciation, at least to some extent. In particular, Cardano, Solana, and Algorand place less emphasis on security improvement by offering modest staking rewards. Cardano and Solana already have a high staking ratio (>50%) and, from a static point of view, do not need to focus more on it. To compensate somewhat for the modest rewards, the three Blockchains try to incentivize validators by keeping costs low, i.e., by not slashing the collateral, and by implementing low barriers to entry in terms of minimum staking periods and amounts. The exception is the three-month minimum staking period on Algorand.
Polkadot and Cosmos opt for longer lock-up periods, offsetting the additional commitment expected from stakers with higher rewards. In addition, both blockchains allow for the slashing of collateral in the event of malicious validator behavior. Together, these parameter choices are aimed at further improving the quality of the validator set and thus the static security of the platform. As a result, inflation rates are high and future token appreciation is clearly not a priority. Avalanche strikes a balance between encouraging platform growth and ensuring the security of the consensus mechanism.
Figure 3: Blockchains' current focus judged by their platform growth, token appreciation and security improvement efforts
Source: Center for Cryptoeconomics
Resources and Notes
[1] Fanti, G., Kogan, L., & Viswanath, P. (2019). Economics of proof-of-stake payment systems. FTG Working Paper Series (No. 00076-00).
[2] Solana allows no more than 25% of the total active stake on the network to be deactivated in a single epoch. Ethereum implements a similar limit, which can be adjusted depending on the size of the active validator set.
[3] Cong, L.W., He, Z. & Tang, K. (2023). The Tokenomics of Staking. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4059460
[4] John, K., Rivera, T. J., & Saleh, F. (2021). Equilibrium staking levels in a proof-of-stake blockchain.
[5] Deirmentzoglou, E., Papakyriakopoulos, G., & Patsakis, C. (2019). A survey on long-range attacks for proof of stake protocols. IEEE access, 7, 28712-28725.
[6] Kannan, S. & and Deb, S. (2023). The Cryptoeconomics of Slashing, https://a16zcrypto.com/posts/article/the-cryptoeconomics-of-slashing/