Eth2 Economic Review

Ethereum 2.
0 Economic Review
An Analysis of Ethereum’s Proof of Stake Incentive Model
Tanner Hoban1
and
Thomas Borgers1
July 16, 2020
1
About the Authors: Tanner Hoban and Thomas Borgers both work in Corporate Development at
ConsenSys.
Please refer to disclosures at the end of this document.

Ethereum 2.0 Economic Review
Table of Contents
1. Executive Summary 5
2. Introduction 8
3. Background 9
Ethereum 2.0 Roadmap 10
4. A Framework for Evaluating Economic Security in Eth2.0 13
5. Economics of Eth2.0 15
Participation 15
Rewards 15
Penalties 17
Slashing 17
Costs 18
Takeaways 19
6. Model Walk Through 20

Overview 20
General Inputs and Assumptions 22
Validator Cost Assumptions 24
Control Panel Assumptions 26
7. Network Yields 29
Illustrating Network Outputs Using Base Assumptions 29
Network Average Net Yield 30
Comparing Net Yields 31
Revenue Yield Sources 33
WWIII Model 35
Using Narrower Parameters 36
Low ETH Price Analysis 39
Takeaways 40
8. A Model for Measuring Required Yield 44

Background 44
Defining the Types of Validators 45
Potential Motivations of the Capital Efficient Validator 47
The Required Serenity Active Validator Yield Model 49
2
Applying the RSAVY Model to Phase 0 51

Takeaways 55
9. Economic Attack Vectors 56

Supermajority Attacks 56
Finality Attacks 61
Takeaways 66
10. Scenario Analysis 66

Scenario 1: Reaching Genesis 67
Scenario 2: Reaching Target ETH Staked (13.8% of Network Supply) 69
Scenario 3: Reaching Target ETH Staked - Increasing Base Reward Factor 71
Scenario 4: Reaching Target ETH Staked - Larger Adoption for StaaS 73
Scenario 5: Reaching Target ETH Staked - EIP1559: 10x Current Gas Usage Levels 77
11. Conclusion & Recommendations 81

Design & Objectives 81
Economic Positives 83
Economic Concerns 85
Recommendations 85
Bibliography 87
Appendix A - Ethereum Resources 89
Appendix B - Stakeholder Interviews Summary 90

Summary of Themes 90
Appendix C - Detailed Charts & Figures 94

Cost Assumptions 94
Net Yields and Spreads of Validator Environments Using Base Assumptions 95
DIY - Hardware 95
DIY - Cloud 95
Pool - StaaS 96
Pool - Hardware 97
Pool - Cloud 97
StaaS - Full 98
StaaS - Self-Custodied 99
Appendix D - Other Economic Evaluation Tools 100

Validator Duration 100
3
Disclosures 101
4
1. Executive Summary
The Ethereum 2.0 network upgrade is an ambitious and gradual shift towards a Proof-of-Stake
consensus algorithm and incentive system, which has far-reaching implications on the economic
properties of the network. The design of the system is complex — the incentive mechanism
rewards honest network participants for validating transactions and finalizing historical states of
the network, while penalizing offline and malicious validators. In this paper, we define, measure,
and analyze Eth2’s cryptoeconomic security using a detailed economic model of the network
and new economic evaluation tools.
First, to support an economic review, we constructed an economic model, built in Excel, for
interpreting outputs of the system under current specifications and for select scenarios. Over the
course of this project, we incrementally developed and leveraged this model to articulate
expectations and form data-driven conclusions on validator revenues, costs, yields, and network
issuance. The Eth2 system is reliant on nearly 100 variables that have a material impact on
these outputs. With this model, we dynamically illustrate validator profitability at varying ETH
prices and total ETH staked, underscoring the variability of impact on network security.
We define a required and sufficient level of economic security in Eth2.0 Phase 0 using a set of
assumptions around the cost to attack the network. The objective is to make attacks costlier
than the potential benefits of an attack and to achieve a similar level of security to the current
Ethereum blockchain (Eth1). We identify two main categories of economic attack vectors, each
with variants and differing levels of risk: Supermajority Attacks and Finality Attacks. In Phase 0,
we are primarily concerned with attacks that aim to sabotage the network; we find the network is
at risk of sustaining such attacks, but are more concerned about further phases. We estimate an
ETH stake rate target of 13.8%, which provides adequate security from potential attacks under
historical ETH price and hashrate conditions.
Security in Eth2 is highly dependent on ETH staked, which itself will be a function of yields. We
form a model to understand the motivation of capital efficient investors, which we term the
Required Serenity Active Validator Yield (RSAVY) model, addressing the risks and costs of
staking and the corresponding required rate of return (RRR). Based on our results, we expect a
required revenue yield (which we use as a proxy for a minimum yield) from validators under an
optimized network (endogenous and exogenous) of 3.3% for validators to consider participation.
Under a more bearish yet stable scenario, this revenue yield requirement increases to 11.6%.
The RSAVY model is leveraged not only to calculate required rate of returns, but also to form a
picture of the network under select scenarios. We apply different parameters in these scenarios
to support our conclusions and recommendations, which are summarized below.
5
Conclusions:
● Ethereum 2.0’s Proof of Stake is highly complex relative to Proof of Work. Eth2 is a
highly complex and elaborate system. It is elegantly constructed and thoughtfully
designed, but from a validator’s perspective can be difficult to grasp, contributing to a
sense of uncertainty and unpredictability, presenting a practical and narrative barrier for
potential capital efficient validators.
● Security of the network in Eth2 is dependent upon three key variables: ETH
staked, the price of ETH, and volatility. Each of these variables has a direct or indirect
impact on the cost of attacking the network. Total ETH staked is the most controllable
variable, while the price of ETH has a direct and potentially large impact on network
security but is outside the control of the system. Volatility can come from different
sources and impacts both ETH stake and price of ETH indirectly.
● Attacks on Eth2 are easier to scale than on Eth1. In Eth2, the physical and
hardware-driven burdens of network participation recede to essentially minimal hardware
and power consumption. Moreover, the flourishing of DeFi and eventual connectivity to
Eth2 can vastly accelerate and magnify this trend.
● Capital efficient validators are more predictable. While participation from Ethereum
enthusiasts is important for a successful Beacon Chain launch, it is ultimately inadequate
to reach sufficient levels of security. Attracting capital efficient validators will lead to
higher fidelity in targeting a sufficient level of ETH staked.
● Targeting 13.8% ETH staked will match security levels of Eth1 at historical prices.
We calculate that the target ETH stake rate for adequate security under historical price
fluctuations is 13.8%.
● Economies of Scale for validating exist but are reduced at higher ETH prices.
Unlike Proof of Work environments where profitability can only be accomplished by
increasingly large-scale operations, Eth2 validating becomes progressively less
expensive as the price of ETH increases. We generally find the network economics
highly favorable for more decentralized network participation, meeting Eth2’s design
objectives.
● 77.7% of the current ETH supply is in validator ‘qualified’ wallets (holding over 32
ETH). Approximately 86.6mm ETH (77.7% of total supply) is being held by
non-exchange wallets with over 32 ETH. An additional 18.7mm ETH is managed by
exchanges subject to staking services. This is a compelling serviceable addressable
market, and a key objective of the incentive program to maximize network participation
should be to convert these wallets into active validators.
● Eth2 is paying significantly less for security than Eth1. Using current beacon chain
specs and 15.5mm ETH staked (13.8%), we estimate network inflation of 0.55% per
year, far less than the current 4-4.5% from Ethereum’s Proof of Work network.
● Network security is heavily reliant on the price stability of ETH. Our primary concern
with regards to the economic stability and security of Eth2 is the resilience of the network
6
at low ETH prices. Combined with the ability for an adversary to rapidly scale attacks, we
consider this a cause for concern.
● The lack of liquidity in Phase 0 and 1 might cause unpredictability and
centralization. Given the lack of a two-way bridge between Eth1 and Eth2, and the lack
of transaction capabilities in Phases 0 and 1, we expect a secondary market to form
facilitated through derivatives and centralized exchanges. A high concentration of
validators leveraging these platforms creates centralization risk and unpredictability.
● Beware of Derivative attacks. The Ethereum ecosystem is rapidly evolving and so is
Ether as an asset class, with options volume increasing and unique financial instruments
like “flash loans” being used in malicious exploits. With this momentum, derivatives could
become the favored avenue of attack for adversaries.
Recommendations:
● Increase the Base Reward Factor to at least 128: We acknowledge the implications of
increasing the network’s payment for security, but at a Base Reward Factor of 64, we
believe the network is underpaying for security - and it would be prudent for the network
to err on the side of caution during its phased migration to proof of stake.
● Explore a more dynamic method to changing Rewards in the event of a shock,
such as an ETH price collapse (i.e. explore the implementation of a safety net). We
recommend exploring a more dynamic method for scaling rewards or altering the Base
Reward Factor in the case of network shocks. This could include using threshold
triggers, step functions, or functions related directly to ETH price.
7
2. Introduction
The Ethereum 2.02 network upgrade, also termed Serenity, represents an ambitious shift to new
technological and crypto-economic foundations for the Ethereum blockchain. Serenity not only
introduces Sharding and a new virtual machine in eWASM, but also marks the gradual shift
towards a Proof-of-Stake consensus algorithm and incentive system, which has far-reaching
implications on the economic properties of the network.
There exists a substantial body of work on Eth2.0’s technological changes and associated
impacts, from research on new primitives and components to the exploration of new attack
vectors and security risks in the system. This is not the focus of this report, and we assume
basic knowledge of Ethereum and its roadmap throughout.
This report is a review of the economic incentive mechanisms underpinning Eth2.0’s Proof of
Stake (PoS) system, and is focused on analyzing Serenity's design from an economic
standpoint, focusing especially on security and stability of the system. The objectives are
two-fold:
1. To describe in plain terms how the system works from an economic point of view, what
behaviors it rewards and penalizes, and the yields validators can expect from
participating in the network.
2. To identify risks derived from the economic parameters of the system under endogenous
permutations and exogenous shocks, and make recommendations to address them.
We find that the Eth2.0 system is highly complex but elegantly constructed and deeply thought
out. In this context, we explore the following key risks:
● Complexity of system design and value proposition
● Uncertainty of Phases 0-1
● Possibility that yields may not incentivize enough ETH staked
● High dependency on the price of ETH
● Frictionless scaling up or down of the number of validators
● Centralization risk in Phase 0 through centralized exchanges and a derivatives
ecosystem
● Finality attacks and extra-protocol attacks
2
Throughout this report, we refer to the blockchain or network Ethereum 2.0 under different names:
Ethereum 2.0, Ethereum 2, Eth2.0, Eth2. When referring to the price of ETH — the cryptocurrency, we
use capitalization. This can also take the form of ETH1 and ETH2 - referring to the ETH generated in the
current Ethereum 1 blockchain vs. the future Ethereum 2.0 chain.
8
All variables and inputs dealing with the construction of Eth2.0 itself are based on the current
specification at time of writing, v0.12.03. Furthermore, the conclusions of this report are derived
largely from three types of sources:
● A substantial body of research, documentation, blog posts, and other material related to
Eth2.0
● A series of stakeholder interviews comprising the following groups:
○ Eth2 Researchers
○ Eth2 Implementers
○ Pool Operators
○ Staking-as-a-Service Infrastructure Providers
○ Retail investors, users, and enthusiasts
○ Institutional Investors
● An economic model representing Eth2.0 Phase 0
The conclusions from stakeholder interviews are synthesized and included in the report
wherever relevant; they can also be found in Appendix B. The economic model is the foundation
of the scenario analyses represented in charts and figures throughout the report; it can be found
here.
Structurally, we start by providing background (Section 3) for the transition of Eth2.0 as well as
the core design goals and properties of Serenity. The purpose of this report is not to describe in
detail the functionings of the system; as such, we only provide context where directly relevant to
the objectives of the report. Moreover, we focus primarily on Eth2 Phase 0, given its immediacy
and the uncertainty inherent in the following phases. We follow this section by defining a
framework for evaluating security, which serves as the foundation for our analyses. Section 5
then gives an overview of the economics of Eth2.0 Phase 0, covering rewards and penalties,
slashing, and costs of network participation. Section 6 articulates the construction of the
economic model, outlining key assumptions. Section 7 outlines measurements and expectations
for network inflation and yields. Section 8 introduces a required rate of return model to analyze
yields, while Section 9 covers economic attack vectors. Section 10 covers our scenario analyses
around the key economic parameters of the system. We then conclude with recommendations
and potential next steps.
3. Background
From the release of the Ethereum White Paper in late 2013, there have been references and
research efforts aimed at shifting Ethereum’s security model from Proof of Work (PoW) to Proof
3
See Github page.
9
of Stake,4 motivated by a desire to improve the scalability, throughput, and security of the
system.5
Eth2.0 or Serenity is the network upgrade that activates this shift. Its design goals are
articulated clearly in the Eth2.0 specification:6
● to minimize complexity, even at the cost of some losses in efficiency
● to remain live through major network partitions and when very large portions of nodes go
offline
● to select all components such that they are either quantum secure or can be easily
swapped out for quantum secure counterparts when available
● to utilize crypto and design techniques that allow for a large participation of validators in
total and per unit time
● to allow for a typical consumer laptop with O(C) resources to process/validate O(1)
shards (including any system level validation such as the beacon chain)
We extrapolate from the above three driving objectives that set the frame for our analyses of the
system: security, long-term stability, and decentralization. It should also be noted that the shift to
Ethereum 2 is intended to bring orders of magnitude improvements in performance and
scalability.
Ethereum 2.0 Roadmap

The rollout of Eth2.0 is scheduled to happen in three phases, starting with Phase 0 in H2 2020.
4
In the Ethereum white paper, Vitalik Buterin notes that “in the future, it is likely that Ethereum will switch
to a proof-of-stake model for security”. For an insightful and revealing look into the early thinking around
Proof of Stake development, we recommend Vlad Zamfir’s 5-part “The History of Casper” series, starting
with Part 1.
5
Eth2.0 aims to provide an optimal solution to the “Scalability Trilemma”. See “Sharding FAQ” on Github.
Also note there are other reasons for shifting to Proof of Stake, such as accessibility and reduced
environmental impact.
6
See Eth2.0 spec on Github.
10
Exhibit 1: Phased Rollout of Serenity
Phase 0 introduces the Beacon Chain, which serves as the root chain for all Eth2.0
shards (starting in Phase 1). In Phase 0, the Beacon chain acts as the heartbeat of the
entire system, setting the cadence for the blockchain on a rhythm of slots (the equivalent
of present-day blocks, roughly every 12 seconds) and epochs (a set of 32 consecutive
slots, roughly every 6.4 minutes). It is responsible for “managing validators and their
stakes; nominating the chosen block proposer for each shard at each step; organising
validators into committees to vote on the proposed blocks; applying the consensus rules;
applying rewards and penalties to validators; and being an anchor point on which the
shards register their states to facilitate cross-shard transactions.”7
Phase 1 introduces sharding, with an initial set of 64 shards that operate in parallel to
the Beacon chain through a system of crosslinks. “Phase 1 is primarily concerned with
the construction, validity, and consensus on the data of these shard chains. Phase 1
does not specify shard chain state execution or account balances.”8 In short, Phase 1
adds a data layer that acts as a test of the system’s full sharding infrastructure.
Phase 2 adds execution to the data layer with execution environments in every shard.
As such, “Shard chains transition from simple data containers to a structured chain state
and Smart Contracts will be reintroduced. Each shard will manage a virtual machine
based on eWASM.”9
As mentioned previously, we will focus primarily on Phase 0 for the remainder of this report.
What is important to note is that this first phase introduces several new paradigms from an
economic standpoint:
7
See “State of Ethereum Protocol #2: The Beacon Chain” by Ben Edgington for more details on the
Beacon chain.
8
See Eric Conor’s “Ethereum 2.0 Phases” on Ethhub.io.
9
Ibid. We also note that it is possible that shards could contain execution environments based on different
types of VMs, such as the EVM.
11
Proof of Stake - As stated in the Ethereum PoS FAQ, “Proof of Stake (PoS) is a category of
consensus algorithms for public blockchains that depend on a validator's economic stake in the
network.”10 PoS changes the cost profile of validation; it lowers the barrier to entry for direct
participation in Ethereum’s consensus (block proposing and voting) to a minimum of 32 ETH11
plus a relatively inexpensive setup for validation (through hardware, cloud, or a third-party
service); this should have the effect of reducing centralization through economies of scale. It
makes it far more costly to execute 51%-style attacks by introducing slashing, where attackers
get their stakes slashed for malicious behavior. PoS also requires validators to lock up their
stake for a minimum period of time, which has an impact on how validators think of opportunity
cost of participation. In Phase 0, this is particularly severe, as the stake and the generated
rewards are locked up until Phase 2.12
Economic Finality - Whereas Ethereum today, like Bitcoin, relies on probabilistic finality, Eth2.0
aims for stronger economic guarantees around block finalization. “Economic finality is the idea
that once a block is finalized… then the only way that at any point in the future the canonical
history will contain a conflicting block is if a large number of people are willing to burn very large
amounts of money.”13 In other words, once blocks are final (which typically happens at epoch
N+2 in Eth2.0), they are prohibitively expensive to revert from an attacker’s standpoint. This has
the effect of reducing the risk profile for most well-known attacks in a PoW context; it also
introduces attack vectors centered around preventing or delaying finality, which we discuss in
Section 9.
New ETH - In Phase 0, validators are required to lock up their ETH stakes until the merging of
Eth2.0 with the current Ethereum chain; all rewards generated are also locked until Phase 2,
when accounts are introduced and the current Ethereum chain is merged in. As a result, this
has the effect of segregating the ETH created on Eth2 from the ETH on the PoW chain. The
new ETH is thus non-transferrable and not usable until Phase 2. This dynamic creates strong
incentives for a derivatives market around ETH2 (which we expect will be dominated by
exchanges), which can introduce new extra-protocol attack vectors (explored in Section 9).
Lastly, it is important to note that Phase 0 is introduced in parallel to the current Ethereum PoW
chain, commonly referred to as the Eth1 chain. This means that any issuance on Eth2 is
incremental to the Eth1 Ether generated through PoW mining.
10
See Ethereum “Proof of Stake FAQ” on Github.
11
Lower if a validator stakes indirectly, e.g. via staking pools or exchanges.
12
We explore this further in Section 8.
13
Ibid.
12
4. A Framework for Evaluating Economic Security in Eth2.0

Given the design goals of Eth2.0 outlined in the previous section, and with these new economic
paradigms in mind, it is helpful to define a framework for evaluating economic security and risks
in Eth2.0, as well as tradeoffs against ETH1.
Assumptions
Eth2.0 is a highly complex and dynamic system; it is thus necessary and important to make
certain assumptions around the behavior of actors in the system and the exogenous forces that
can impact its security model. We assume:
● that the majority of actors are economically rational; that is, that actors, particularly
malicious actors, are motivated by personal economic gain.14
● that the price of ETH is highly volatile.
● that the security model of Eth2.0 must be at least as secure in aggregate as that of Eth1,
given that Serenity is a network upgrade to Eth1.
● that an “attack” refers to an attempt by a malicious attacker to corrupt, manipulate, or
censor the Beacon chain (in Phase 0) or one shard (in Phase 1 and beyond) for the
purpose of personal financial gain.
With that in mind, we define a required and sufficient level of economic security in Eth2.0 Phase
0 as meeting the following two criteria:15
1. The cost of attack of the Beacon chain must be equal to or greater than the economic
gain derived from the attack.
2. The cost of attack of the Beacon chain must be equal to or greater than the cost of an
equal or corresponding attack on the Eth1 chain.16
Visualized formulaically, we obtain the following conditions:

1. C ET H2 ≥ P
2. C ET H2 ≥ C ET H1
Where :
● C ET H2 is the cost of attack in Eth2
● C ET H1 is the cost of an equivalent or corresponding attack in Eth1.
14
We recognize that a large number of participants, particularly in phase 0, are not necessarily
economically motivated; in Section 8 we refer to these participants as yield-apathetic.
15
Note we do not consider this framework as a formal definition or mathematical proof of security; rather,
we consider this a useful, albeit simplified, model for security, allowing us to form broad conclusions about
the system.
16
As indicated in Section 9, it is difficult to always find equivalent or corresponding attacks across Eth1
and Eth2, as some attacks are original to PoS systems.
13
● P is the economic gain derived from the attack
The definition above suggests security is dependent on C ET H2 being high. This cost is itself
primarily dependent on two factors: the price, multiplied by the quantity of ETH staked.
Price is dependent on money supply, velocity of money, and market speculation. While a highly
inflationary system could have a serious impact on the price, this is not a primary concern in this
case, as network inflation (including ETH1 inflation) is roughly 4%-5%17 and is only set to
decrease with time. Velocity of money is difficult to extrapolate; however, as explored further in
Section 8, we expect velocity to be lower when long-term holders18 hold large quantities of ETH;
in other words, the more long-term holders hold ETH, the less that ETH changes hands, which
creates upward pressure on ETH price (assuming demand remains high). Lastly, we can
assume the price will depend significantly on speculation and perceived future demand of the
system19. Both of these forces are difficult to influence directly through Eth2.0’s economic
parameters.
The quantity of ETH staked is more directly influenced by the system’s parameters, and
depends primarily on net validator yield and the opportunity cost of that yield, as we measure
later in this paper. The net validator yield is based on the gross yield, or ‘revenue yield,’
determined primarily by the system’s Base Reward Factor (see following section); as well as the
cost of validating. The opportunity cost captures the notion that capital efficient (i.e.
economically incentivized) validators choosing to validate on Eth2.0 are making a risk/reward
decision between Eth2.0 staking and other ways to allocate their capital (they could, for
example, choose to place their ETH in Defi products). In Section 8, we go into more detail
around yield expectations and required rate of return.20
In Section 10, we use the security framework above and run scenario analyses to determine
how changes in key parameters, as well as external shocks, impact the security of the system.
To understand the impact of these parameters, it is important to have an understanding of
Eth2.0’s incentive system.
17
Supply inflation of approximately 3.8% on ETH1 plus approximately 0.1-1.0% on ETH2.
18
This includes and primarily refers to institutional investors, as well as “whales”.
19
Usage of the system requires paying gas fees in ETH, meaning increased usage increases demand for
ETH to pay for that usage.
20
We note that there is a prevalent assumption that the Eth2.0 staking yield should be treated as the
risk-free rate for the Ethereum (or even cryptocurrency) ecosystem. We do not ascribe to this view, as
there is too much uncertainty around the economics of the system at present, and in any case, we would
need to factor in a technical risk premium for validation (including faulty setups, slashing, etc.) and an
illiquidity premium from the lockup period from Phase 0.
14
5. Economics of Eth2.0
Eth2.0’s Proof of Stake system relies on an incentive mechanism that encourages honest
behavior and high uptime while penalizing malicious behavior. We will not spend substantial
time detailing the mechanisms given the existing body of work.21 We will, however, extract the
key factors and insights as they relate to our economic analysis.
Participation
Becoming a validator in Eth2.0 requires locking up at least 32 ETH. A validator represents one
discrete chunk of 32 ETH, and every additional validator requires another discrete 32 ETH. To
lock up their stake, the validator must send ETH to the deposit contract on the ETH1 chain.
Importantly, this transaction is a one-way transfer; the “ETH consumed by the deposit contract is
no longer usable on Ethereum 1.0”.22 As we will explore in a later Section, this represents a
significant impediment to investment from institutional investors, along with the Phase 0 lockup
requirement.
Once the ETH is sent to the deposit contract, the validator is entered into a queue in the Eth2.0
Beacon Chain and eventually begins validating blocks at designated slots in every epoch. As a
refresher, the PoS blockchain is divided into epochs, which themselves are made up of 32 slots,
during which validators vote on new blocks. In simple terms, validators are shuffled randomly
into committees of equal size (with a minimum of 128 validators) at every epoch in such a way
that each validator is in exactly one committee and votes exactly once per epoch (effectively
they are allocated to one committee in one slot every epoch).
Validators are then incentivized to honestly participate in the validating process through a
system of three major incentives: rewards, penalties, and slashing. The system is designed to
incentivize honest behavior and consistent uptime, without enforcing draconian penalties for
minor offenses (sometimes out of the user’s control), such as going offline a few days.
Rewards
Validators are rewarded for honest and consistent validation at every epoch. Before diving into
the types of rewards, a short aside on the finalization process of the chain: epochs are
processed and finalized according to a combination of the LMD GHOST and Casper FFG fork
choice rules, as described in the Gasper paper.23 As such, epochs are first justified and then
finalized on a timeline of checkpoints, which refer to the blocks at the first slot of an epoch. A
validator at a certain epoch has a few responsibilities to ensure this process runs smoothly.
21
See Appendix A for resources that provide a more detailed look.
22
See “Ethereum 2.0 Phase 0 -- Deposit Contract” on Github.
23
See “Combining Ghost and Casper” paper.
15
Namely, the validator, during their assigned slot in an epoch, must attest to (ie. vote for) the last
justified checkpoint (called the source), the latest epoch checkpoint (called the target), and the
current head of the chain (the block that has just been proposed). The former two votes are part
of the FFG finality rules, while the head vote stems from the LMD GHOST rule. If a justified
checkpoint receives a ⅔ supermajority vote, it becomes finalized; similarly, “when an epoch
ends, if its [latest] checkpoint has garnered a ⅔ supermajority, the checkpoint gets justified.”24
Lastly, while validators must attest once per epoch, they are also occasionally pseudorandomly
selected to propose blocks; when this happens, they must propose a block at their designated
slot and provide an attestation as well.
With this context in mind, there are six types of rewards available per epoch, including
whistleblower rewards, based on the order of operations of epoch processing:
● The source vote: An FFG vote on the last justified epoch block
● The target vote: An FFG vote on the latest epoch checkpoint block
● The head vote: LMD GHOST vote on chain head (ie. current block)
● The Proposer incentive: an incentive that is given to the proposer of a new block once
that block is finalized
● The Attester incentive: an incentive rewarding the timely inclusion of an attestation in
the chain (this incentive depreciates for every slot it has not been included in the chain)
● The whistleblower reward: “a reward for providing a proof that a proposer or attester
has violated a slashing condition.”25 While this reward is typically split between the
reporter and the proposer who includes the proof in a newly proposed block, in Phase 0
the reward is entirely awarded to the proposer.
Aside from the whistleblower reward, all other rewards are based on a concept called the “base
reward,” which is derived from the following formula:26
BASE_REW ARD_F ACT OR

base reward = ef f ective balance * √total balance * BASE_REW ARDS_P ER_EP OCH
Where:
● Effective balance is an individual validator’s current effective balance27
● BASE_REWARD_FACTOR is a constant that effectively determines the magnitude of
rewards for validators
● Total balance is the sum of the effective balances of all validators
24
See “The Beacon Chain Ethereum 2.0 Explainer You Need to Read First” by Joseph Chow.
25
See “Eth2 Annotated Spec” by Ben Edgington.
26
See “Rewards and Penalties on Ethereum 2.0 [Phase 0]” by ConsenSys Codefi for a more detailed
explainer around the base reward and how it contributes to each type of incentive. For an understanding
of the rationale behind the base reward model and its distribution, see Vitalik Buterin’s “Serenity Design
Rationale”.
27
For an explainer of effective balance vs. active balance, see “Understanding Validator Effective
Balance” by Jim McDonald.
16
● BASE_REWARDS_PER_EPOCH is another constant reflective of the number of ways

the base reward is rewarded per epoch28
Importantly, the constant that has the largest impact on the rewards, and thus on expected
yields and network influence, is the BASE_REWARD_FACTOR. Shifting this variable up or
down will have effects on the amount of ETH staked, as explored in Section 10.
Penalties
When validators run their validator clients according to specification on machines that meet the
suggested requirements, while maintaining high uptime, they should only worry about the
rewards outlined above and see a steady stream of ETH rewards accumulating over time.
However, if a validator fails to meet their responsibilities (as described above), they will incur
penalties that are proportional to the rewards they would have obtained for executing on those
responsibilities. Given this penalization model, the penalties are largely aimed at validators who
are active but are offline (as opposed to slashing, which penalizes malicious behavior). In short,
validators receive penalties equivalent to the base reward w hen they fail to attest to the source,
target, and head in each of the first three votes described above.
Inactivity Leak
There is one special condition to mention with regards to penalties: if the chain is unable to
finalize for a period of 4 epochs, it enters an “inactivity leak” mode. In this mode, validators that
are offline and/or not voting are hit with an inactivity penalty that increases quadratically for
every checkpoint that is not finalized. The intention of this mechanism is to address a scenario
where a large number of validators (e.g. 1/3 of validators) go offline - the dreaded “WWIII”
scenario. The leak mode then increases the ratio of online to total validators above 2/3, so the
chain can start finalizing again.
Slashing
Whereas penalties are mainly intended to incentivize honest validators to stay online and
maintain their clients, slashing is primarily designed to make it prohibitively expensive to attack
the Eth2.0 chain. There are three ways to get slashed:
1. Double proposal: a proposer proposes two separate blocks
2. Surround voting: an attester makes an FFG vote that surrounds or is surrounded by a
previous FFG vote they made, making it unclear which version of reality they are
attesting to.29
3. Double target vote: an attester casts a vote for two separate target blocks at the same
epoch.
28
Once for the source vote, once for the target vote, once for the head vote, and once split between the
proposer and attester incentives.
29
See “The Beacon Chain Ethereum 2.0 Explainer You Need to Read First” by Joseph Chow.
17
When a validator gets slashed, a few things happen: first, the validator is forced to exit the
chain, ensuring any attack cannot be repeated; and second, the validator’s stake is penalized,
ranging from 0.5 ETH to the total value of the stake, depending on how many other validators
have been slashed. Hence, the magnitude of each individual slashing is proportional to the
correlation of all slashed stakes, making it extremely expensive for validators to coordinate
large-scale attacks. For example, “if ⅓ of all validators commit a slashable offence in a similar
period of time, they lose their entire balance.”30
It is worth noting that “in all these cases, the offender needs to be caught in order for the
slashing process to be triggered.”31 This is where whistleblowers are rewarded, as described
above.
Costs
The rewards, penalties, and slashings described represent the system’s mechanisms for
incentivizing proper validator behavior and regulating ETH issuance in the network. This is one
side of the yield equation from the user or validator perspective. The other side corresponds to
the costs to interact with Eth2.0. Becoming a validator for Eth2.0 requires running a client, which
can be done by the validator or can be delegated to a third party service, typically for a fee.
Structurally, the client software is split into two components: the beacon node and the validator
client. The beacon node is responsible for talking to the network of nodes and maintains a view
of the Beacon Chain. Validator clients, on the other hand, handle the logic of the validation —
proposing and attesting to blocks, and can support one or more “validators,” ie. stakes of 32
ETH. Based on interviews with Ethereum Foundation researchers and client teams, we estimate
that each beacon node could potentially handle up to one thousand validator clients. This is an
important consideration, as it broadens access to validation; but it also means economies of
scale are possible for large validators.
Deployment Types
Costs of participation in validation will depend on the type of deployment selected by the
validator, with certain deployment types suiting some validator profiles more than others. There
are broadly three categories of ways to participate in Eth2 validation, with several hybrid
possibilities at the intersections:
Do it Yourself (DIY): Compared to Eth1 mining, validation in Eth2 is far less resource-intensive
and does not require specialized equipment (such as ASICS and highly optimized mining
30
Ibid.
31
See “Rewards and Penalties on Ethereum 2.0 [Phase 0]” by Herman Junge and Tim Lowe.
18
facilities), reflecting the stated design goal of maximizing decentralization. As a result, individual
validators can choose to run the software themselves, either on hardware or a cloud setup.
● Hardware: validating on Eth2.0 requires running the Eth2.0 client as well as an Eth1
client, given that the Eth1 chain runs in parallel. While an often-touted goal of Eth2.0 is
to enable validation on devices as inexpensive as a Raspberry Pi, it is still unclear, given
the lack of multi-client testnets, that such a setup would meet requirements.32 Other,
more suitable options include a dedicated desktop computer, a server, or a dedicated
node service (e.g. DappNode or Avado). Importantly, the systems should be dedicated
for the purpose of validation to minimize risk of interruption, and precautions should be
taken for electricity and internet disruptions.
● Cloud: validation can also be performed through cloud deployments on any major cloud
provider (e.g. AWS, Azure, etc.). We estimate requirements in the following Section.
Staking-as-a-Service (StaaS): On the other end of the spectrum, validators may prefer to
delegate staking responsibilities to a StaaS provider. We expect this option to come in several
flavors. On one hand, a validator may want to be fully serviced; others may prefer custodying
their stake with a custodian while connecting in via API to run their own validator client. We
anticipate two prominent trends for StaaS: popular exchanges offering StaaS for their retail
clients, accepting stakes of all sizes (this will likely represent a significant gateway to staking for
many retail users); and institutional investors and large ETH holders opting for StaaS to reduce
technical and balance sheet risk. While fees for retail clients via exchanges might be quickly
commoditized and trend lower, based on interviews with infrastructure providers, we expect fees
for institutional solutions to range between 10% and 15% of earnings.
Staking Pools: A common model for Eth1 mining for individuals who do not run large-scale
mining operations is to participate in a mining pool. Similarly, staking pools will exist for Eth2.0
participation. While the DIY models above are all reserved for validators who have 32 ETH or
more, Staking Pools can accommodate validators who have less than 32 ETH and want to
participate in a decentralized way (as opposed to relying on centralized exchanges). We expect
several forms of staking pools and different methods of participation here as well. For example,
Rocket Pool, one of the more prominent near-fully decentralized pools built for Eth2, will
function as a marketplace for staking, with demand-side users enabled to pool their stakes, and
supply-side node operators performing validation on behalf of those stakes. We expect pools to
charge similar, although slightly lower rates than StaaS providers.
Takeaways
In sum, from a validator perspective, there are a few key endogenous parameters and
exogenous forces that have substantial impact on the economics of the network. In terms of
32
At the time of writing, we are seeing several validators use Raspberry Pis in testnets such as Witti and
Altona.
19
endogenous variables, the BASE_REWARD_FACTOR is the most significant parameter; from

an extra-protocol perspective, the percentage of online validators and the price of ETH have a
large impact on rewards and penalties; while correlated malicious behavior has a large impact
on slashing. Lastly, validators should pay close attention to their validating setup, as optimizing
costs will have a direct impact on their net yields.
6. Model Walk Through
Overview
We constructed a detailed economic model, built in Excel, for the purpose of analyzing the
mechanics of the incentive system of Eth2 more rigorously. Over the course of this project, we
developed and leveraged this model to articulate expectations and form data-driven conclusions
on validator revenues, costs, yields, and network issuance. The Eth2 system is complex —
reliant on nearly 100 variables that have a material impact on these outputs — and the system
is pre-launch, leading to the inevitability of estimation in the model. However, nearly all of the
assumptions made in this analysis are supported by ecosystem user surveys, Eth2 forums (e.g.
Github), stakeholder interviews, and/or conversations with the Ethereum Foundation. In this
section, we walk through how the model was architected and lay out the default assumptions, or
“Base Assumptions,” and its outputs, used in formation of our scenario analyses in Section 10.
Below, we briefly outline and explain each tab in the model:
Control Panel: A panel of input cells for core network assumptions alongside dynamic charts
and tables for quick analysis of underlying network variables.
Eth2 Models: Models that replicate the algorithm of the Eth2 network incentivization system to
calculate validator yields for different deployments under two different economic environments.
● Annualized Model: An Eth2 Model designed to simulate annualized economic
conditions of Eth2 under steady state33; forms the basis of inputs into dynamic data
tables based on total ETH staked into the network and the price of ETH. The Annualized
Model is not chronological, meaning the engine of the model is driven by variables that
are analyzed on a (such as validator rewards and costs) per-epoch basis and then
annualized, multiplying outputs by 82,180 (epochs per year).
● WWIII Model: An Eth2 Model built to replicate the inactivity penalties resulting from a
delay in finality caused by more than 1/3rd of validators being offline, such as in a
“WWIII” event. The WWIII model is chronological, with each row representing a new
33
We consider “steady state” to be one where normal, non-malicious conditions apply to key variables,
such as the % of online validators (sufficient to avoid leak mode), the number slashings per epoch (low
enough not to have a significant impact on total rewards), and the price of ETH (stable enough not to
cause market panics that could have effects on ETH staked).
20
epoch. This model can be used for more than analyzing the scenario of a WWIII event,
such as a simplified attack simulation.
Data & Analysis: Assumptions and conclusions from the Eth2 models as well as other analyses
formed for the purpose of this project.
● Data Tables: Detailed X and Y variable data tables extracted from the Annualized Model
to simplify charting and data analysis in Control Panel tab.
● Issuance Inflation Analysis: Breaks down total annualized issuance based on type of
rewards, penalties, and slashings.
● Total Supply Analysis: Calculates and illustrates total supply issuance and total dollars
spent on security for Ethereum, including both Eth1 and Eth2.
● Variables & Model Assumptions: A list of endogenous and exogenous variables
referenced in the Eth2 models that form the basis of the majority of inputs throughout the
model; these are currently set to the latest Eth2 specification at time of writing but can be
easily changed to modify the specs of the system.
● ETH1 Transaction & Gas Analysis: An analysis supporting the underlying assumptions
of ‘Avg. Number of Tx per Day’ and ‘Avg. Amount of Gas per Tx’ for EIP 1559.
● Required Rate of Return: Input and output breakdown of the assumptions driving the
Required Serenity Active Validator Yield (RSAVY) model (described in detail in Section
8).
● BTC ETH Analysis: Compares the relationship between the price of ETH and BTC for
calculating beta in the RSAVY model.
● Cost of Attack Analysis: Calculates the cost to execute an attack on Eth2’s Proof of
Stake network versus the cost to execute a 51% attack on the Eth1 Proof of Work
network, with X-axis reflecting different levels of ETH price.
Cost Analysis: We deeply researched the anticipated costs of validating across each type of
validator environment. Inferring the revenue-net yield spread is imperative to grasp the efficacy
and resilience of an incentive system that is highly dependent upon price to remain stable.
● Costs of Validating: Calculated inputs and outputs of the validator costs which drive the
assumptions in the Eth2 models.
● Infra Costs: Global analysis of infrastructure costs, including average internet service
provider costs and electricity prices weighted by Eth1 nodes.
● Survey Results: Summary of survey data from ConsenSys34 and Lighthouse35 used to
make assumptions for weights of validator environments used in the models.
● Eth1 Cost of Attack Assumptions: cost data and assumptions around Ethereum
mining hardware.
34
See “Ethereum 2.0 Ecosystem Staking Report” by ConsenSys Insights
35
See “Ethereum Lighthouse: Chasing Serenity” survey report by Empire Ventures.
21
General Inputs and Assumptions

Our model is based on the Eth2 Beacon Chain Phase 0 spec v0.12, which is mapped out in the
Variables & Model Assumptions tab. We assume for the Annualized Model that validators
average a total effective balance of 32 ETH.
Exhibit 2: Eth2 Beacon Chain Phase 0 Spec v0.12 Variables
To complete a full economic analysis, more assumptions were required to illustrate the behavior
of validators and capture network usage for burned ETH in EIP1559. Importantly, validator
uptime can impact the inclusion delays, which in turn has an impact on yields. We separate
validator uptime based on three primary factors: internet uptime, power uptime, and technical
uptime. These assumptions are key to validator yields, but also unknown until monitoring of a
post-launch network is possible, which is why these variables are adjustable factors in the
Control Panel. For most of these assumptions, inputs are based on our research and
stakeholder interviews. EIP1559 - Avg. Gas per Transaction (average of Eth1 network over past
six months per ‘ETH1 Transactions & Gas Analysis’ tab) and EIP1559 - Avg. Transactions per
Day (average of Eth1 network over past six months) leverage historical network assumptions.
For the purpose of defining our base assumption set, we turned off EIP1559; however, we
22
analyze the economic impact of EIP1559 in Section 10 in a scenario analysis. For this paper,
we use these metrics as the base assumptions unless stated otherwise.
Exhibit 3: Base Assumptions
Last, we make assumptions on costs to validate. Depending on the amount of ETH staked and
the price of ETH, cost of validating can subtract multiple points off of net yields (we label the
delta between revenue yields and net yields as the revenue-net yield spread). As shown in
Exhibit 4, the lower the price of ETH and the less ETH staked, the higher the revenue-net yield
spread.
23
Exhibit 4: Revenue-Net Yield Spreads Considering Above Assumptions
Determining these costs requires a separate set of assumptions.
Validator Cost Assumptions

As mentioned in Section 5, we assume validators will consider different validator models
according to their preferences, requirements, and the scale of their stake. In the model, we
simplify the realm of possible deployment types to 7 different deployment models, falling within
the categories described in Section 5.
● DIY: DIY - Hardware, DIY - Cloud
● StaaS: StaaS - Full, StaaS - Self-Custodied
● Pool: Pool - StaaS, Pool - Hardware, Pool - Cloud
The breakdown of validator environments reflects the results of user surveys and stakeholder
interviews, which in turn reaffirm our intuition that in Phase 0, the validator base will be made up
primarily of ETH enthusiasts and long-term holders - these will be largely divided into retail
users and “whales”. The former are more likely to stake with their own hardware or low-fee
mechanisms via their primary exchange; the latter are more likely to use staking services or, in
some cases, set up their own hardware or cloud setups, depending on the individual’s tolerance
for centralized solutions.
For two of the above models (StaaS - Full, StaaS - Pool), costs are directly incurred by the
StaaS provider, who in turn are expected to charge a fee to the validators. Based on
stakeholder interviews and ConsenSys Insights survey results, we estimate fees for StaaS
providers around 15% and fees for Pools around 12%. A third model, StaaS - Self-Custodied,
refers to a setup where validators participate in validation themselves without running a beacon
node, instead connecting to a beacon node provider via API. In this case, we expect a lower fee
(around 5%) and a minimal hardware or cloud setup, given the reduced hardware requirements
for pure validation.
24
The other models described require setting up hardware or a cloud environment. We make a
number of assumptions around each environment. For both, we use Prysmatic Labs’
Recommended Specifications for guidance — although we expect these to be higher than
required:36
● Processor: Intel Core i7–4770 or AMD FX-8310 or better
● Memory: 8GB RAM
● Storage: 100GB available space SSD
● Internet: Broadband connection
We expect these hardware requirements to be higher than needed and to be competed

downward over time. The storage requirement in particular is higher than we’d expect given
alternate benchmarks.37 These expectations are reflected in the hardware prices we base our
cost assumptions on.
Hardware
There are three major cost components for running nodes on hardware: the cost of the machine
itself (depreciated over time), electricity costs, and bandwidth costs.
The machine hardware represents by far the largest portion of hardware costs. There are
several options that conform to the recommended specifications; however, through interviews
with the three Ethereum client teams and survey results, we focus on four hardware types: a
Raspberry Pi 4b, a desktop computer, a server, and a dedicated node service (e.g. Dappnode).
38
Each of the four machines chosen meet the recommended specifications except the
Raspberry Pi, which meets minimum specifications. We expect distribution of these machines to
quickly adapt to performance. Each machine’s average price is then weighted by its expected
distribution and depreciated over a period of 36 months. Finally, we discount this number
according to our assumption of who will require new hardware; we expect this number to be
relatively high given the benefits of operating nodes on dedicated hardware.
Electricity costs depend on local electricity provider costs and wattage of the hardware used.
We estimate global electricity costs by weighting average country-level costs by the current
geographical distribution of ethereum nodes (an imperfect but indicative measure). Average
wattage per machine running at full load is weighted by the distribution of machines.
36
See “Installing Prysm on macOS” for more details. Note these recommendations refer to the Topaz
testnet, and may change by the time of the Phase 0 launch. Prysmatic also outlines a minimum set of
requirements, but we err on the conservative side. Sigma Prime also provides a useful set of benchmarks
here.
37
See Sigma Prime “Database Configuration”.
38
Note we do not include laptop computers, as we received feedback in several interviews suggesting the
unsuitability of laptops for staying on at full load constantly, including issues handling heat.
25
Bandwidth costs are dependent on local ISP costs, and are only relevant for validators requiring
new or dedicated routers.39 We estimate bandwidth costs according to geographic distribution of
ethereum nodes, similarly to electricity costs.
The average cost per machine assuming only one validator averages out to $18.94 per month.
This is effectively the cost floor. Based on our estimates of validators per individual running
hardware deployments, we estimate an average cost per validator of $9.47 per month.
Cloud
Cloud providers such as AWS and Azure can be used to run validator client software. We use
AWS calculator estimates to derive an average monthly cost per server of $37.38. We use this
number for our analyses, though we suspect - based on interviews - that we could lower this
number to around $20-$30 over time. We expect cloud deployment users to run many
validators, and this brings the global average cloud cost per validator down to $1.87 per month
(assuming 20 validators).
Importantly, it should be noted that the yields we calculate in the model based on the above cost
profiles are weighted averages across all validator types. As a result, the yields do not
necessarily correspond to what an individual validator should expect for a particular number of
validator clients. For example, the fewer validators one runs, the higher the cost per validator
and the lower the net yield one can expect.
Control Panel Assumptions

The network economics of the model are impacted by nearly 100 variables, but we boil down
the key assumptions in the Control Panel for simplifying adjustments and corresponding
analysis. The assumptions used in the Control Panel are as follows in Exhibits 5-6:
39
We assume the vast majority of validators already have internet access.
26
Exhibit 5: Base Assumptions in Control Panel - Variables for All Economic Models
The number of validators per individual is based on an extrapolation of user survey data from
ConsenSys Insights and Lighthouse. The distribution of validators is also extrapolated from
these user surveys and reflects our best estimate for Phase 0. We do expect the distribution to
change fairly quickly as staking derivatives (covered later) become more prevalent and users
shift to StaaS-style services. Distribution parameters can be tweaked within the accompanying
economic model.
27
Exhibit 6: Base Assumptions in Control Panel - Variables for Annualized Model
Total ETH staked numbers are percentages (1%, 2.5%, 5%, 7.5%, 10%, 13.8%, 20%, 25%, 30%)
of total ETH supply of 112mm with the exception of Tier 1, which represents the level of ETH
staked required for genesis. While total ETH staked can certainly exceed these levels, we use
this range for understanding the sensitivity of gross and net yields within the scope we see
reasonable and achievable. We provide more context on achievability of ETH staked levels
throughout this paper.
Exhibit 7: Base Assumptions in Control panel - Variables for WWIII Model
In our base assumptions, as well as over the course of this paper, we use an ETH price of $200,
representing the median price of Ether since March 2020 when we began this project. For
context, over the last 18 months, the price of ETH has fluctuated approximately between
$100-$300.
28
7. Network Yields
Illustrating Network Outputs Using Base Assumptions

Using the above base assumptions, we illustrate a few key outputs of the model on a network
average basis:40
Exhibit 8: Network Average Yields and Network Inflation
40
We include more detailed net yields and revenue-net yield spreads in Appendix C.
29
Exhibit 9: Revenue Yield Data Table (USD)
Network Average41 Net Yield
Exhibit 10: Average Net Yields (USD)
41
Refers to the network average across all deployment types. For deployment type-level averages, see
Appendix C.
30
Comparing Net Yields

Exhibit 11: Yields of Validator Environments at 0.524mm Total ETH Staked (Genesis
Requirement)
31
Exhibit 12: Yields of Validator Environments at 33.6mm (30%) Total ETH Staked
The reader will notice a substantial change in revenue yields as ETH staked increases as well
as clear yield differences in deployment types, which become particularly important as the price
of ETH decreases.
32
Revenue Yield Sources

Exhibit 13: The (Minimal) Shift in Rewards as Total ETH Staked Scales
Exhibit 14: The (Minimal) Shift in Rewards as Total ETH Staked Scales
33
Exhibit 15: Annual Issuance at 0.524mm Total ETH Staked (Genesis Requirement)
Exhibit 16: Annual Issuance at 33.6mm (30%) Total ETH Staked
34
WWIII Model
The exhibits below illustrate the network issuance conditions under scenarios with low levels of
online validators. The shape of the curves reflects an accelerating inactivity penalty, which is
then progressively negated by lower active balances of the validators which the inactivity
penalty impacts. After 30 days, the offline validators are completely exited from the chain. The
below charts illustrate the design of the inactivity penalty, which reduces ETH from inactive
validators, thus increasing the percentage of ETH staked from online validators. Assuming
stability in the number of online/offline validators, eventually the ETH staked from online
validators exceeds ⅔ again, reaching finality. This event occurs after 22 days if 50% are online,
and 30 days if only ⅓ of validators are online.
Exhibit 17: Network Inflation vs. Network Inactivity Leak at 50% of Validators Online
35
Exhibit 18: Network Inflation vs. Network Inactivity Leak at 33.3% of Validators Online
Using Narrower Parameters

The following exhibits illustrate network conditions using ETH prices within a more narrow,
historical range and up to 5mm total ETH staked.
36
Exhibit 20: Revenue Yield Data Table - Network Average (USD)
37
Exhibit 21: Net Yields - Network Average (USD)
Exhibit 22: Revenue-Net Yield Spreads - Network Average (USD)
38
Low ETH Price Analysis

Exhibit 24: Revenue Yield Data Table - Network Average (USD)
39
Exhibit 25: Net Yields - Network Average (USD)
Exhibit 26: Revenue-Net Yield Spreads - Network Average (USD)
Takeaways
From these outputs, we conclude:
● High Yields at the Minimum ETH Staked for Genesis: The revenue yield at the
minimum ETH staked requirement for genesis (524,288 ETH staked) equates to
approximately 21.8%. At this amount, network average net yields range from 14.4% to
20.5% between ETH prices of $25 to $1,500 and total network issuance of 0.10%.
These are very attractive yields when compared to traditional yield-bearing instruments,
ranging near yields of high yield bonds (Triple-C Rated Corporate Debt yielding 14.7% at
the time of this writing42), but the lack of liquidity and volatility of the underlying asset
might make capital efficient validators hesitate to hold the underlying asset (ETH locked
up in Eth2) directly. (We address the genesis level of ETH staked in our scenario
analysis.)
● Significant Reliance on Stable ETH Price: As indicated by the revenue-net yield
spreads, net yields tumble when the price of ETH falls below roughly $100,
42
See High Yield Bond ICE Data Services on WSJ
40
demonstrating the level of resilience of the network on ETH price. In contrast, yields
begin to show little movement above a price point of $500, with costs plateauing as a
percentage of total rewards. The lack of ETH price resilience is a major concern and
potential attack vector for adversaries (e.g. forcing a flash crash of the network
destabilizing validator yields).
● StaaS Providers Offer Stability to End Validators by Taking on Fixed Costs of
Validating: StaaS could significantly derisk the impact on validators’ yields if fees are
represented as a percentage of validator rewards (which, as mentioned prior, is how cost
assumptions account for StaaS business models). StaaS providers make more profit as
the price of ETH increases because costs remain fixed while collected revenues (in
USD) would increase. On the other hand, StaaS providers would also bear the brunt of
the low ETH yield ‘cliff’ (see below for definition). Sustained levels of low ETH (less than
$100, depending on what the StaaS charges) could cost StaaS providers millions of
dollars in infrastructure and production engineering expenses, forcing the exit of their
clients (i.e. the validators) and/or their business. Reviewing StaaS policies when StaaS
products are launched with regards to discretion over funds or floors may shed light on a
potential sudden exit of validators once a certain price threshold is met.
● The Network is Cost Effective but Economies of Scale (May) Still Apply: Relative to
PoW networks, where margins are stretched thin and only large scale, capital-intensive
infrastructure (e.g. bulk order ASICs or GPUs and complex power systems) can make
mining profitable, economies of scale in the Eth2 PoS network decrease in magnitude as
ETH price increases. For illustrative purposes, we categorize ETH prices into three
gradated regions: Cliff, Economies of Scale, and Stability. The “Cliff” region represents
extreme volatility in yields due to falling ETH prices. The “Economies of Scale” region is
where larger scale environments have a clear cost advantage. This is because validators
can run several thousand validators on the same deployment setup as a validator
running only one validator; and, at this ETH price range, the difference between gross
and net yields is still relatively important (vs. the “stability” range). At “Stability” levels,
gross yields (regardless of scale) fall closely in-line with net yields. There is a price
threshold at the Stability level where there is an economic advantage to running one’s
own validator environment - supporting an incentive for greater decentralization.
41
Exhibit 27: Network Average Net Yield at 0.524mm ETH Staked (Genesis), Charting the Three
Region Yield Analysis
The revenue-net yield spread stabilizes at approximately 1% for the network average validator
toward the higher end of ETH prices, primarily due to the fixed % fee for StaaS validators.
Self-managed environments, such as DIY environments, approach a near-0% spread.
42
Exhibit 28: Network Average Yield at 10mm ETH Staked, Charting Three Region Yield Analysis
At a higher amount of ETH staked, the revenue-net yield spread stabilizes at approximately 0.3%.
In this section, we have shown the impact of the network’s parameters on network issuance,
gross yields, and net yields under various conditions. In particular, we have shown how
sensitive the yields are to price and ETH staked. However, given the importance of yields in
attracting ETH staked, it is useful to understand how Eth2 yields compare; in other words, we
need an objective method of evaluating Eth2 yields to understand their expected impact on
validators’ decision making when allocating capital, and the resulting impact on network
security.
43
8. A Model for Measuring Required Yield

As we outline in Section 4, security in Eth2 is highly dependent on ETH staked, which itself will
be a function of yields (this is particularly important to attract long-term holders, which positively
affects velocity of money). In this section, we explore a model for evaluating necessary yields to
incentivize validator participation.
Background
The objective of any incentive program or mechanism is to reward a participant or a group of
participants for behavior that is beneficial to a network or organization (in the case of Eth2, the
network’s security). Incentive program productivity is typically driven by a monetary incentive,
but validator motivations in Eth2 are likely to be more nuanced. For instance, yield insensitive
enthusiasts or long-time crypto holders might spin up a validator environment as a hobby or out
of a sense of duty (for other incentive programs like sales commission structures, it's not often
someone sells products/services as a hobby). For this reason, we segment the profiles of
validators into two types: capital efficient participants that desire a return on investment net of
risk; and partakers that are apathetic to yields. For the latter, there could be non-monetary
motivational factors driving participation, such as the health and decentralization of the network,
but attempting to measure these motivating factors into a desired yield would be arbitrary.
Importantly, yield apathetic validators are also limited in number.
The most stringent and yield-sensitive participants in the validator pool are capital efficient
investors who weigh risk-reward ratios, and serve as a more predictable foundation of
contributors to network security. The incentive mechanism will need to support yield-sensitive
validators when yield-apathetic validators hit their capacity. In this section, we formulate a
model, called the Required Serenity Active Validator Yield (RSAVY) model, to assess the
required rate of return for yield-sensitive validators. We note, given the nuances above, this
model only applies when the calculated required rate of return falls below the resulting yield
derived by the full participation of yield insensitive validators (see Exhibit 29).
44
Exhibit 29: Applying the Model Measuring the Network’s Required Yield
Defining the Types of Validators

Validators can come in all shapes and sizes, but for the purpose of structuring a required return
model, we define validators as either Capital Efficient or Yield Apathetic.
Exhibit 30: Types of Validators

Validator Profiles Yield Apathetic Capital Efficient
Who Enthusiasts/crypto holders Asset managers/institutional investors
Motivation Maximizing Maximizing return on investment net

decentralization/experimentation of risk
The total investment from yield-apathetic validators is limited in size, but measuring this
threshold is difficult. For context, there are currently approximately 118,700 Ethereum wallets
that hold more than 32 ETH (see Exhibit 31), with an average of 886.8 ETH per wallet.43
Subtracting 18.7mm ETH from exchange wallets,44 86.6mm ETH, or 77.7% of total ETH supply,
is in a ‘staking qualified’ wallet. For example, if we assume a 10% share of staking qualified
wallets stake their ETH, the total amounts to 8.7mm ETH staked on the network, or 7.8% of the
network. In addition, validator pools or fractionalized validator environments could expand this
43
Analysis by Nansen.ai
44
See GlassNode
45
‘addressable market’ (and potentially yield apathetic participants); however, in any case, the
arbitrary motivations of this group of validators and their resulting unpredictability on total ETH
staked should not be relied upon for the security of the network. In other words, for the most
secure and stable network, the incentive program should be designed for an objective and
predictable group of validators, for which forecasting can be more easily quantified. The size of
the pool of qualified wallets (holding over 32 ETH) is certainly (and compellingly) sufficient, but
focus should be on growing the validator share of this qualified pool.
Exhibit 31: Number of Ethereum Wallets with More than 32 ETH
Source: Arcane Research with data from Nansen.ai
We envision individual interest in validating to grow if the economics are lucrative — supporting
the design goal of network decentralization. We aim to further understand the motivations
behind this profile of validator.
46
Potential Motivations of the Capital Efficient Validator

As noted previously, we do not believe that “capital efficient validator” is a substitute definition of
institutional validator; however, the motivations of institutional investors will undoubtedly reflect
similar motivations to most capital efficient individuals. Understanding the investment
characteristics of staking from the purview of institutional investors will provide a useful proxy for
the investment characteristics of capital efficient validators.
We interviewed four stakeholders in the crypto and blockchain industry who are institutional
investors or serve institutional stakeholders with custody, trading, and/or digital asset research.
A digital asset analyst from a leading financial institution indicated that their clients’ interest in
digital assets is driven by the following:
● Crypto is an asset that has historically been uncorrelated with any other asset class (see
Exhibit 32). According to Fidelity Digital Assets,45 80% of their survey of institutional
investors find something appealing about digital assets, with the most significant reason
(36% of respondents) being their property as an uncorrelated asset. According to
Modern Portfolio Theory,46 an uncorrelated asset lowers portfolio risk. This would in turn
increase portfolios’ Sharpe Ratios,47 or risk-adjusted returns.
● An investment in digital assets will be viewed and managed similarly to a venture capital
investment where high usage of the network and/or its narrative will support a higher
asset price. They either see the investment going to zero or having an asymmetrical
upside.
45
See Fidelity Digital Assets Institutional Survey Report
46
Theory pioneered by Harry Markowitz in the 1952 Journal of Finance publication, “Portfolio Selection,”
on the optimization of expected return given a level of market risk; adopted globally by portfolio and asset
managers
47
A formula of expected return over standard deviation, or risk, measuring the risk-reward ratio.
47
Exhibit 32: Correlation Matrix of Crypto, S&P 500, VIX, Gold, and 10yr Treasuries
Source: https://chart-studio.plotly.com/~ggiv/5/#/. Represents the correlation over the previous

year from June 11th, 2020.
As confirmed by our stakeholder interviews, we assume it is easier for the average institutional
investor (and we believe it is noncontroversial to assume the same for retail investors) to
familiarize themselves with the narrative of Bitcoin than that of Ethereum. Bitcoin serves as the
gateway asset to the crypto landscape and has become the benchmark digital asset. Despite
the different narratives, Bitcoin and Ether are still highly correlated (see Exhibit 32).
Why is interest in Bitcoin important with regards to the potential motivations for staking of capital
efficient validators? This group of potential validators will always compare the alternative and
explore opportunity costs. According to the Fidelity Digital Assets survey, 91% of institutional
investors surveyed are interested in exposure to digital assets and expect to allocate on
average 0.5% of their portfolios to digital assets over the next five years. Reverting back to
Modern Portfolio Theory and Exhibit 32, digital assets are correlated with each other, but
uncorrelated with any other traditional asset class. When assessing allocating some of their
0.5% digital asset portfolio designation, capital efficient investors are likely to default to the
easy-to-grasp Bitcoin narrative as the benchmark when comparing opportunity costs. The
investment narrative then shifts from Ether versus Bitcoin to Ether plus staking versus Bitcoin.
This might make the return on investment more compelling, but it depends on the risks (i.e.
48
standard deviations according to Sharpe Ratio) of Ether versus Bitcoin as well as the risks and
costs of staking. We quantify these risks in the Required Serenity Active Validator Yield model.
The Required Serenity Active Validator Yield Model

Based on the variables that impact efficient validators’ yield expectations, we introduce the
Required Serenity Active Validator Yield model (RSAVY), a multivariable capital asset pricing
model for determining the required rate of return for capital efficient validators. The RSAVY
model is a risk-weighted pricing formula that takes into account the following return
requirements and risk factors:
● The opportunity cost of allocating capital to a risk free rate

● The cost of illiquidity of ETH2
● The opportunity cost of investing in the underlying asset’s benchmark
● The opportunity cost of lending the asset
● The discount/premium of the derivative asset
● The cost of validating
● The cost of penalties
● The cost of being slashed
Expressed mathematically, we obtain:

CiT Np Ns
Rv = Rf + max(1, T −t) + (β b − 1) (Rbm − C bmi − Rf ) + D a + β d (Rdm ) + C y + P p ( S ) + P s ( S ) + αv
Where:
● Rv = revenue yield of validator
● Rf = risk free rate
Pa − Pb
● C iT = cost of illiquidity at time T (i.e. the spread at end of investment), or (P a + P b)/2 where
P a = price of ask and P b = price of bid at time T, which is divided by the maximum of 1
or the expected holding period (in years)
Covar (Rb, Re)
● β b = beta, or V ar (Rb) , of the returns of the staked asset and its benchmark (e.g.
Bitcoin and Ether, respectively), minus one to account for the difference in volatility risk
between the assets
● Rbm = expected return of underlying asset benchmark, e.g. Bitcoin
● C bmi = cost of illiquidity of underlying asset benchmark at time T
● Da = discount (negative value) / premium (positive value) of the derivative, if applicable
● β d = yield beta of returns of lending opportunity cost, such as a DeFi benchmark,
against average network validator net returns; yield beta is the slope of a plot of the
benchmark’s yields and the underlying asset’s yields
● Rdm = expected return on DeFi benchmark
● C y = the cost of validating
49
● P p = the weight of expected penalties of a validator environment over the expected

penalties of the network per validator during time T-t
Np
● S = the penalty spread, or total network penalties as a percentage of total ETH staked
● P s = the weight of expected slashing amount of a validator environment divided by the
expected slashing amount of the network per validator during time T-t
Ns
● S = the slashing spread, or total network slashing penalties as a percentage of total
ETH staked
● αv = alpha of validator
We note this structure is driven by several assumptions. The RSAVY model assumes risk of the
platform from an ongoing concern basis is factored into the beta of the underlying asset’s
required return, or the opportunity cost of investing in the benchmark. For example, consistently
higher levels of volatility relative to the underlying asset’s benchmark would indicate
idiosyncratic risk of the asset. The model also assumes the asset purchased to stake and
validate is only one asset (for now, Ether), which given the rate of innovation in the
decentralized finance industry, could be subject to change. Furthermore, the model assumes
the underlying asset’s benchmark has a stable level of correlation with the asset itself. If the
benchmark and the underlying asset become negatively correlated due to a decoupling
narrative and beta approaches zero or below, the model indicates a new benchmark with
relatively higher correlation should be applied instead.
Lastly, we note that the required rate of return is from the investor’s perspective. An investor
might access the yield through an intermediary, such as a centralized exchange product or a
tokenized ETH2 instrument. The discount / premium of a derivative is a variable of the RSAVY
model applicable only if the capital provider’s method of gaining access to validating yields is
through a derivative instrument.
The RSAVY model does, however, account for many shifting variables of the network, including
a change to the underlying asset’s benchmark and its lending return benchmark. An alternative
to the process of validating is lending the asset on a protocol-driven finance platform for variable
yield. It is important to note if there is more demand in these networks, which there likely will be
if the arbitrage opportunity of DeFi/staking is considerable, DeFi yields would increase,
indicating a potential shift in capital to the highest risk-adjusted yield, as has been investigated
previously by Tarun Chitra.48 In this case, as well as in the case of the other benchmarking
variables, beta captures the relevance of this event in the future. Given the network has not
launched yet and we do not have data to support a statistically significant conclusion, the model
is structured to support future hypotheses.
48
See “Competitive equilibria between staking and on-chain lending” by Tarun Chitra.
50
Beta is a measure of volatility and price movement relative to a benchmark. If the average daily
returns of DeFi yields are significantly more volatile than the daily returns of validating, then beta
will be less than one, making the DeFi yields variable less relevant and impactful to expected
return. Beta can only apply to the variables with returns. For comparing penalties or slashes
against a benchmark (i.e. the network), we calculate the amount of stake impacted by expected
events against the network average. If a Staking-as-a-Service provider’s penalty rate is greater
than the network average (i.e. the benchmark), the expected variability of the validator
environment should be greater than one multiplied by the network’s average cost of penalties,
reflecting the appropriate benchmark-driven risk adjustment of penalties in the validator’s
expected return.
Applying the RSAVY Model to Phase 0

Applying the RSAVY model will illustrate the sensitivities of each variable driving the required
rate of return for validators. As mentioned, we do not have historical data to accurately measure
the degree of significance of each variable, but we can make calculated assumptions. To
effectively measure sensitivities, we make both a bear (implies fewer validators and lower
security) and a bull (implies more validators and higher security) case for each variable.
Exhibit 33: RSAVY in Phase 0
Risk Free Rate

At the time of this writing, 10-year treasuries are yielding all-time lows of 0.685%. Over the past
five years, the 10-year has averaged at around 2 ¼%. Making an assumption below 2% would
indicate we do not see inflation of the US economy reaching prior levels. Hence, we use a
non-controversial assumption of a 2% risk free rate for both cases.
51
The Cost of Illiquidity of Eth2

This variable is dependent upon innovation and adoption in the market. As noted, in Phase 0,
assets on the beacon chain cannot be withdrawn. The protocol has a required ‘lockup period’
until Phase 2, resulting in zero liquidity for an undefined period of time. However, centralized
exchanges with Staking-as-a-Service offerings as well as fund managers may offer trading of
ETH2 as either a tokenized Eth1 asset or centrally within their platforms. While this is
anti-productive for decentralization, it does drastically reduce the risk associated with the time
until the lockup period ends. In assessing the liquidity of such an asset, we consider ETH, which
is currently a generally liquid asset with, on average, a total trading volume of $16.4 billion per
day49 YTD, and trades with a de minimis bid-ask spread. For beacon chain ETH (ie. ETH2) in
Phase 0, we will assume a similar de minimis spread in the bull case, indicating a successful
production of beacon chain ETH derivative markets. We assume a 1% spread in the bear case,
indicating some success in liquidity markets but lighter adoption.
Opportunity Cost of Investing in Benchmark

As stated above, investors are primarily interested in the crypto asset class for its attribute of
being uncorrelated with any traditional asset class. This investment narrative is comprehensible
for institutional investment committees because it supports a reduction in portfolio risk. Bitcoin is
the largest and most comprehensible asset in the digital asset industry. If institutional investors
are interested in diversifying their crypto asset allocation, they will logically use Bitcoin as the
benchmark asset for this purpose. We analyzed the historical pricing data of ETH and BTC, and
calculated a median beta of 1.00 (see Exhibit 34). The asset returns of beacon chain ETH may
be more volatile given potentially higher illiquidity and infancy of the product in general. We
assume a 1.00 beta in the bull case and a 1.2 beta in the bear case. Bitcoin, with $38.3 billion in
average trading volume per day50, also has a de minimis cost of illiquidity. We use a venture
capital's minimum required rate of return of 20%51 for Bitcoin’s expected return.
49
See Coinmarketcap ETH
50
See Coinmarketcap BTCUSD
51
See Fred Wilson - The Hit Rate
52
Exhibit 34: Time Plot of Last Twelve Months Beta of ETH and BTC
The median Beta is calculated to be 1.00.
Premium/Discount of the Derivative Asset

During Phase 0 and Phase 1, when withdrawal and transferability of beacon chain ETH is not
yet enabled, as noted above, centralized exchanges and funds may offer derivative assets
which trade separately from actual ETH1. From the individual capital provider’s perspective, the
discount or premium of the derivative asset should be factored into the risk/reward assessment.
Theoretically, because the enablement of transferability (thus liquidity) of ETH2 assets is
anticipated to come at a later (unknown) date, ETH2 assets essentially mirror a futures contract.
The pricing of ETH2 assets is a function of the sum of discounted cash flows (net of expenses)
from the purchase date until the expected ‘liquid date’ offset by the discount of the ETH2 asset
accounting for time and execution risks of the network not going live. For simplicity (because
this is impractical to predict before launch), we assume these factors offset each other — ie. a
decrease in yields likely indicates an increase in network confidence (meaning decrease in risk
of ETH2 going live) and vice versa. For this reason, in both the bear and bull case, we set this
metric to 0. We encourage validators to change this parameter post launch when evaluating
yields.
Opportunity Cost of Lending

The opportunity of lending Ether on a DeFi platform in lieu of staking presents alternatives to
yield-seeking investors. It comes as an additional term in the RSAVY formula to the benchmark
opportunity cost, as investors who decide to invest in ETH must then consider the opportunity
cost between different forms of productively allocating their capital. Currently, Compound (the
most liquid DeFi protocol at the time of writing with $65 million in liquid supply52) has offered a
52
See DeFi Score - Compound
53
yield consistently below 10bps over the past year. In both bull and bear cases, we assume a
yield beta of one, assuming high correlation and similar risk profiles. We envision demand for
borrowing ETH will increase with opportunities to arbitrage validator yields. That said, we
conservatively use a benchmark return in line with the past twelve months high of 10bps for the
bull case and 2% for the bear case.
The Cost of Validating

Leveraging our model in calculating revenue/net yield spreads, we assume network average
cost of validating yield of approximately 1% for the bull case and 2% for the bear case.
The Cost of Penalties

For both base and bull cases, we assume the average validator, indicating a weight of expected
penalties of one. With an assumption of 98% of validators online and working consistent with
network protocol, we estimate network penalties to range from approximately 4bps to 34bps of
total ETH staked. This level of network penalties assumes validator clients will be functioning
properly without delay concerns and validators are online attesting and proposing blocks. We
consider 0.19% (midpoint) the bull case. With 90% of validators assumed online, network
penalties as a percentage of total ETH staked increase to a range of 0.2% to 1.8%, with a
midpoint of 1.0%, which we use as the assumption for the bear case.
The Cost of Being Slashed

A capital efficient validator would want to weigh the risk of being slashed, which can occur for
both dishonest validators and intentionally honest validators — either through key
mismanagement, client bug risk, or relying fully upon third parties clients (such as fully
delegated Staking-as-a-Service infrastructure). We assume the expected weight of slashing to
be zero for both the bull and bear case, implying a validator’s full trust in its end-to-end
architecture. To estimate total network slashings in ETH as a percentage of total network
rewards, anecdotally assuming one slashing event per 1000 epochs would result in a 0.8bps
slashing spread.
54
Exhibit 35: Summary of Assumptions for Bull and Bear Case

Assumption Bear Bull
Liquidity Semi-liquid secondary markets Very liquid secondary markets
Volatility An increase in volatility (akin to No change to volatility

3Q18-2Q19 levels)
Opportunity Cost of Lending High demand for borrowing No change in demand for
ETH for arbitrage borrowing ETH
Cost of Validating 1mm ETH staked at current 5mm ETH staked at current
prices (network avg. cost) prices (network avg. cost)
Risk of Penalties/Slashing 90% of validators online with 98% of validators online with
few inclusion delays; minimal inclusion delays;
clients/nodes interoperate clients/nodes interoperate
flawlessly flawlessly
Conclusion of RSAVY Application to Phase 0

We derive an expected return (revenue yield) using the RSAVY model of 11.6% for the bear
case and a 3.3% for the bull case using an alpha of 0. The difference of these results is
significant, despite the small differences in input assumptions across cases. Comparatively, the
bull case results exhibit similar yields to lending a mortgage to a low risk borrower, while the
bear case matches up to a high yield/high risk corporate debt instrument. In both cases, a
semi-liquid secondary market supported by a highly functional client and a consistently online
network are assumed. Higher network costs, an increase in underlying asset variability, and a
reinvigoration of ETH borrowing (driving higher DeFi yields) for arbitrage will call for a higher
required return.
Takeaways
In summary, we expect the total pool of yield-apathetic validators to be limited in size;
concurrently, capital efficient validators are motivated primarily by economic factors. In other
words, capital efficient investors require a certain rate of return to invest their capital in staking
vs. allocating capital in other ways. Based on our results, we expect an optimized network yield
(which we use as a proxy for a minimum yield) of 3.3% for these validators to invest. Under a
more bearish yet stable scenario, this yield requirement goes up to 11.6%. This required rate of
return takes into account several parameters in addition to the usual RRR formula, including the
55
cost of illiquidity, the cost of validating, the cost of penalties and slashings, as well as the
opportunity cost of validating.
Given a RRR range of between 3.3%-11.6%, this suggests that once a threshold of ETH staked
is reached and yields decrease, the return on staking will no longer be attractive for
yield-sensitive investors. The question this leads to is whether that threshold is at a high enough
rate of ETH staked to provide sufficient guarantees around the security of the system. To
understand this, we look at different economic attack vectors, which enable us to find a required
ETH staked rate.
9. Economic Attack Vectors

We identify two main categories of economic attack vectors, each with variants and differing
levels of risk: Supermajority Attacks and Finality Attacks. For the purposes of this paper, we do
not cover all known attacks exhaustively; we also do not spend time on attack vectors that stem
from technological sources, such as networking-based attacks, random number generator
(RNG) manipulation, rogue key attacks, software bug-driven blackmail attacks, etc.53 Lastly, our
intention is not to mathematically define the conditions of these attacks, but rather to provide an
overview for further exploration. Ultimately, in this section we attempt to find a minimally viable
level of ETH staked (the ETH Stake rate) to ensure network security.
Supermajority Attacks
The first attack is what we consider the closest counterpart to a 51% attack in PoW blockchains
like Eth1. As opposed to PoW security models, finalization of the PoS chain in Eth2 requires a
⅔ majority of validators to vote on checkpoints. Because Eth2 relies on pseudorandom shuffling
of validators into committees for security, there are strong security guarantees against
supermajority control by individuals with less than ⅔ of the validating ETH stake. For example,
we can show with a binomial distribution that, sampling from a large enough validator set (at
least the 16,384 validators required for the beacon chain launch) where a validator controls ⅓ of
the validating stake, there is a one in one trillion chance that the validator obtains a
supermajority.54 This property holds even at larger stakes of ETH, effectively making it
near-impossible to corrupt the consensus mechanism up to ⅔ of all validating stake.
As a result, the naive form of the Supermajority Attack is to simply acquire and stake ⅔ of the
total ETH staked, or to collude with other validators to accomplish the same result. By obtaining
control of a supermajority of the stake, a validator could hypothetically execute a double-spend
53
For resources on these types of attacks, refer to Appendix A.
54
For a more detailed explanation, see the “Sharding FAQ” Github Page as well as Chih-Chieng Liang’s
“Minimum Committee Size Explained”. The latter is helpful in that the binomial distribution formula is
adapted for the ⅔ supermajority requirement.
56
in later phases of Eth2 by censoring whistleblowers. In Phase 0, however, given the lack of
transactions between addresses and the lack of withdrawals, this attack is likely not profitable.
A more sophisticated version of this attack would involve bribery, where validators are
incentivized to vote for blocks proposed by the attacker through a smart contract mechanism
that distributes rewards that are slightly higher than the system’s rewards. In Phase 0, this could
not happen on Eth2, but an attacker could leverage Eth1 to disburse payments to validators
who post signed receipts of their attestations on the Eth2 blockchain. For example, if a validator
wants to gain 10% more control of the ETH staked on Eth2, they could offer 10x the amount of
rewards issued on Eth2 to validators who attest to their blocks, up to 10% of validators. Doing
this for one whole day, at an average ETH price of $200, would only cost the validator between
$90,000 (assuming only 1mm ETH already staked) and $500,000 (assuming 33.6mm ETH
already staked), which is far less expensive than the cost of acquiring the additional 10% of
ETH at that price. There are, of course, several challenges to this approach - from the
dependency on a central actor in Eth1 to the emotional motivations of many Eth2 Phase 0
participants, who are not expected to be as easily swayed by bribes. In later phases, however, it
may be feasible to offer higher bribes (on the order of 100x rewards) with smart contract
mechanisms for disbursement inside of Eth2 for shorter periods of time. At $200, 33.6mm ETH
already staked, and 100x rewards over three hours, the cost would be around $630,000.
Security Framework Application

To evaluate the validity and feasibility of this attack, we assess it against our security
framework, defined in Section 4. As a refresher, the requirements for security we defined were
as follows:
1. The cost of attack of the Beacon chain must be equal or greater to the economic gain
derived from the attack.
2. The cost of attack of the Beacon chain must be equal or greater to the cost of an equal
or corresponding attack on the ETH1 chain.
In Phase 0, we can say with confidence that a supermajority attack does not satisfy condition 1,
as there is no way to successfully execute a double spend attack (or, for that matter, any kind of
transaction). Moreover, by simply accumulating 2/3 of the rewards and censoring
whistleblowers, it would take several years to make up the amount of money spent to acquire
the supermajority stake - assuming the price of ETH stays constant. Not only is it unlikely that
the price of ETH stays constant given the attack (we would expect it to crash), but by all
accounts, validators would fork the Eth2 chain to freeze out the attacker.
57
Once transactions and smart contracts are enabled in Eth2, this attack could feasibly become
more of a concern, as a double spend could potentially be quickly executed.55 To gauge the
relative difficulty of such an attack at that stage, we consider the second clause.
Exhibit 36: Cost of ⅔ Supermajority Attack on Eth2
Exhibit 37: Cost of 51% Attack in Eth1
55
As noted by Danny Ryan of the Ethereum Foundation, even in cases where double spends are
finalized, fully executing a double spend attack is still a network coordination problem, and is arguably
more difficult to pull off in PoS systems than PoW chains.
58
In Exhibit 37, we show the cost of attack of a 51% attack in Eth1, which we compare to the cost
of a supermajority attack in Eth2 in Exhibit 36. We model the Eth1 attack cost against network
hash rate;56 we estimate the relevant range to be 100,000 GH/s to 250,000 GH/s, as the
Ethereum hash rate over the last 2.5 years has oscillated between those endpoints.57 Because
of the close relationship between price and security in Eth2’s PoS model, the reader will notice
that at low prices of ETH, it is typically much cheaper to execute a supermajority attack on Eth2
than to execute a 51% attack on Eth1.58 At $200 ETH, nearly 4mm ETH (~3.5% of ETH supply)
is required to achieve the same security as Eth1 with 100,000 GH/s hash rate. At $50, that
number is about 15mm (~13.4% of ETH supply).
Exhibit 38: Cost of Supermajority Attack in Eth2 Contrasted with 51% Attack in Eth1
56
To model cost of attack, we make certain assumptions around the cost of setting up and operating
mining hardware, which can be found in the accompanying Excel model. These assumptions can be
modified by the reader. Importantly, we make a naive base assumption that the attacker purchases GPU
hardware from the open market (rather than from existing miners) and the necessary surrounding
infrastructure to execute the attack. We considered schemes where an attacker would rent hashpower,
but conclude that there is not enough rentable hashpower to depend on this approach. We do, however,
believe that an attacker could find cheaper ways to purchase hardware (e.g. at a discount from
unprofitable miners) or combine purchasing and renting to execute an attack. We leave this optimization
problem for further research.
57
See CoinMetrics Network Data Charts for Ethereum.
58
We should note that in this discussion we do not consider the upward pressure on ETH that is likely
from the purchase of a large amount of ETH. It is possible that attacks become harder as more ETH is
purchased and ETH price increases. On the other hand, according to Messari, the liquid market cap of
ETH is nearly $26B and the “24hr Real Vol” is close to $1B, while it would only take a fraction of this
amount to accumulate enough ETH to cause an attack.
59
Red cells represent conditions where Eth2 Supermajority attacks are cheaper to execute
compared to 51% attacks in Eth1.
Once again, in Phase 0 this is not expected to be a major concern. However, starting in Phase
2, assuming the presence of a DeFi ecosystem on Eth2 or some level of cross-chain linkages
with the existing DeFi ecosystem on Eth1, we can envision large-scale borrowing contributing to
launch supermajority attacks on Eth2. As opposed to Eth1’s PoW system, where mounting
enough hash power to perform a 51% attack may take many months — and would thus likely be
easier to detect — amassing stake through borrowing and becoming a validator can be
accomplished in a much shorter amount of time.
Exhibit 39: Cost of Attack of Eth1 Networks (assumes 200k GH/s rate) vs. Eth2 Networks at an
ETH price of $200
60
Exhibit 40: Cost of Attack on Eth1 vs. Eth2
In summary, in Phase 0, condition 1 of the framework is not satisfied while condition 2 can be
satisfied at certain prices of ETH and total ETH staked. In later phases, we expect both
conditions could be satisfied, although we expect both price and ETH staked to increase in later
phases, when there is more certainty around the security properties of the network and an
ability to extract gains from the system.
As a result, we emphasize the need for a sufficient amount of ETH staked in the system to
ensure high difficulty of successful attacks. This, in turn, we expect will be a function of the
expected yields for stakers, as noted in the previous section. According to Exhibit 38 and the
underlying data tables in our model, if we assume the minimum ETH price since 2018 ($82.83)59
and the average hash rate since the Constantinople hard fork (172,486 GH/s)60, we obtain a
cost of attack that suggests a minimum requirement of 13.8% ETH stake rate, which we term
our ETH stake rate target.
Finality Attacks
This second category of attacks is original to PoS systems, and is directly tied to their finality
properties. Whereas PoW systems are probabilistically deterministic, PoS can offer economic
finality; however, with that property comes new attacks that are possible in Eth2. The Eth2 PoS
59
See Coinmarketcap.
60
See Coin Metrics. We choose the Constantinople hard fork as the relevant time frame given the
reduction in ETH mining rewards from 3 ETH to 2 ETH, which we expect has a long-term impact on hash
rate. The hard fork occurred on February 28, 2019.
61
consensus algorithm is designed with a strong ⅔ honest majority assumption in mind. This does
not mean that the system cannot operate without an honest supermajority, but that is the
threshold where finality is challenged. We already know that a supermajority attack requires a ⅔
malicious validator stake (under naive conditions); yet in the space between ⅓ and ⅔ of stake, a
validator can execute a finality attack. We look at a few variants of this attack.
In the most naive and least destructive form of this attack, an attacker controls just over ⅓ of the
validating stake and decides to keep the validators offline or effectively not to participate in the
consensus. By doing so, the chain can no longer finalize, as it relies on a ⅔ supermajority for
finality. As mentioned previously, after 4 epochs in this state, the chain enters leak mode, where
inactivity penalties are dealt to the offline validators. These penalties increase quadratically until
offline validators hit an effective balance of 16 ETH and are forced to exit the chain. Once the
offline validators are hit with a penalty, they immediately lose their ⅓ share of total stake, and
the chain can resume finalizing. For our purposes, we will assume the attacker has 41.67% of
the ETH staked under control, which should allow for about one week of non-finality.
From this behavior we expect the attacker can gain in two ways. First, by preventing finalization,
attestations cannot reach supermajority and blocks cannot be finalized, which means that block
rewards tied to finalization are not allocated. Second, we expect the inactivity leak to create
downward pressure on the ETH price. Both of these factors, particularly at already low prices of
ETH, could lead to unprofitable conditions for validators and discourage them from participating
in validation,61 forcing them to exit their own stakes.62 This outcome has two results: first, by
reducing the price and ETH staked, the attacker can now execute a supermajority attack at a
lower cost of attack. In Exhibit 41, we take a starting price assumption of $200 ETH at 2mm
ETH staked. One can see that if there is enough downward pressure on price and staked ETH,
the cost of executing a finality attack followed by a supermajority attack is lower than just
executing a supermajority attack.
61
See “Discouragement Attacks” by Vitalik Buterin.
62
We note that exiting stakes is complicated by the queue mechanics embedded in Eth2 PoS. If a large
number of validators decided to exit at the same time, it could take several months for all validators to
fully exit.
62
Exhibit 41: Cost of Attack Differential
The second result brings us to a variant of the finality attack; in this case, the attacker uses
extra-protocol mechanisms to gain from the attack. More specifically, we refer back to our
expectation that Phase 0, given the lack of a two-way bridge between Eth2 and Eth1 and the
inability to extract staking rewards, will engender a burgeoning derivatives ecosystem. Not only
do we expect new ETH generated by Eth2 to be tokenized and traded (at a discount), we also
expect an options ecosystem to develop. In this case, an attacker could purchase put options on
Eth2 ETH - assuming a certain option price - and use a finality attack to cause downward
pressure on the price of ETH, gaining from the spread. This attack makes at least two
substantial assumptions: a large enough options trading ecosystem to purchase several
hundreds of thousands of options contracts; and options prices that make sense from a
profitability standpoint. Today, this first assumption would be challenging, given global daily ETH
options volumes mostly hover around the high single digit millions USD.63 The second
assumption is extremely difficult to price, given the unpredictability and volatility of the
underlying asset.
Security Framework Application

Similarly to Supermajority attacks, we are not overly concerned with naive Finality attacks in
Phase 0. In this first phase, a finality attack is more likely to come from a non-economically
motivated actor trying to sabotage the system rather than an actor motivated by profit. In phase
0, we expect condition 1 to hold, as there is no effective way to gain from an attack ( P = 0 );
condition 2 is thus irrelevant. In later phases, where supermajority attacks become profitable,
scenarios exist where condition 1 no longer holds. Moreover, condition 2 would not hold under
some scenarios where ETH price and ETH staked decreases sufficiently.
63
See Skew market data.
63
Exhibit 42: Cost of Finality Attack Only vs. Cost of Attack on ETH1
Assumes attacker controls 41.67% of ETH stake; at $200 ETH, the system is susceptible to
finality attacks at ETH staked under 7.5mm.
Extra-protocol attacks, as noted above, depend primarily on the existing options environment.
As noted in Exhibit 43 below, under certain put option prices and ETH price reductions, it is
possible to make a profit, breaking condition 1, and this is even possible in Phase 0. Moreover,
while condition 2 is less directly relevant, it also breaks in this scenario if compared to a 51%
attack.
64
Exhibit 43: Analysis of Amount of Capital Required to Break Even in Purchasing Out of the
Money Puts and Subsequently Selling After Finality Attack
65
Note: At the time of this writing, and according to Deribit, $100S Puts at T = 49 days trading at vega of 1.0464
We should note that, like supermajority attacks, finality attacks can also be enhanced through
bribery. Finally, we expect several variants of the above attacks to be possible, and we
encourage further exploration along these lines, particularly in terms of formally defining the
parameters under which security breaks in non-naive scenarios.
Takeaways
● In Phase 0, we are primarily concerned with attacks that aim to sabotage the network;
we find the network is at risk of sustaining such attacks, but are less concerned about
their long-term impact. One key attack to look out for in Phase 0 is an extra-protocol
finality attack.
● In later phases, economically rational attackers can pull off brute-force economic attacks
less expensively than in Eth1 under low ETH price and ETH staked scenarios.
● We believe the system should be architected to sustain the most destructive economic
attacks; as a result, it should be able to bear supermajority attacks at low prices of ETH.
We calculate that the target ETH stake rate to sustain such attacks is 13.8%. We should
note that for further security under drastic conditions - such as an extreme drop in price,
higher levels of ETH staked should be targeted.
10. Scenario Analysis

In this Section, we apply the various frameworks articulated so far to assess risk in five different
network scenarios, where we make adjustments to the base model assumptions — informed by
the takeaways in this report and our stakeholder interviews — and try to understand the network
impact of said adjustments. Our primary objective is to paint a more comprehensive and useful
picture of the network’s conditions under various parameter changes. Below, we recap these
frameworks and how they will be used in this analysis:
64
See options pricing on Deribit exchange.
66
Framework for Evaluating Network Security

● Where:
○ The cost of attack of the Beacon chain must be equal to or greater than the
economic gain derived from the attack.
○ The cost of attack of the Beacon chain must be equal to or greater than the cost
of an equal or corresponding attack on the Eth1 chain.
● Using the Target ETH stake rate from the prior section, which we determine to be 13.8%
of total ETH supply or approximately 15.5mm total ETH staked, we calculate the implied
yields and set of assumptions around the network state.
Framework for Evaluating Required Validator Yield

● Where:
○ The required rate of return for capital efficient validators is determined by
considering the economic risks of becoming a validator
● Using the RSAVY model, the set of assumptions used to calculate a bull and bear case
yield, and the output of those assumptions, we can compare and contrast expectations
around liquidity, volatility, revenue-net yield spreads, opportunity costs, and network
health.
In the proceeding scenario analyses, we follow the following structure to assess each scenario:
Scenario Background: The rationale for analyzing this scenario

Adjustments: The adjustment(s) being made to the model’s base assumptions
Network Assumptions: “What you need to believe” about the network conditions, and their
comparison to the RSAVY bull or base cases.
Network Analysis & Takeaways: Three region analysis based on price to determine areas of
risk, and key takeaways from the scenario.
We analyze the following five scenarios:

1. Reaching Genesis
2. Reaching Target ETH Staked (13.8% of supply)
3. Reaching Target ETH Staked - Increasing Base Reward Factor
4. Reaching Target ETH Staked - Larger Adoption for StaaS
5. Reaching Target ETH Staked - EIP1559: 10x Current Gas Levels
Scenario 1: Reaching Genesis

Scenario Background
This first scenario reflects the absolute minimum network requirements for the beacon chain to
launch. The genesis of the chain requires 524,288 total ETH staked, or 16,384 validators. It is
67
instructive to obtain a view of the network at its most elementary state and form a bookend for
our scenarios.
Adjustments
There are no adjustments to the base assumptions in this scenario.
Network Assumptions
Assumption Comp - Bear Case Scenario 1
ETH Staked Relatively low levels (but above 524,288

524,288)
Revenue Yield 11.6% 21.8%
Liquidity Semi-liquid secondary markets Illiquid Secondary Market (e.g.

5-10% spreads)65
Volatility An increase in volatility (akin to High Volatility

3Q18-2Q19 levels)
Opportunity Cost of Lending High demand for borrowing High demand for borrowing
ETH for arbitrage ETH for arbitrage
Cost of Validating 2% 2% @ $200 ETH
Risk of Penalties/Slashing 90% of validators online with Similar to Bear Case

few inclusion delays;
clients/nodes interoperate
flawlessly
Network Analysis & Takeaways

The revenue yield at 524,288 ETH staked is approximately 21.8%, with network average net
yields stabilizing (based on ETH price) near 20.5% and a 0.10% annualized inflation rate. We
also expect a high level of volatility given the proximity to launch and the low level of ETH
staked (this part of the curve, the “Cliff,” shows wide fluctuations in yield).
65
Assumption based on small size of asset pool (ETH staked).
68
Exhibit 44: Three Region Yield Analysis
Given the low level of ETH staked implied in this scenario, there is a concern around security of
the network, from supermajority and finality attacks. However, we expect the high yield to attract
capital efficient validators.
Scenario 2: Reaching Target ETH Staked (13.8% of Network Supply)
Scenario Background
In Section 9, we derived an ETH Stake Rate Target for the network’s ETH stake rate of 13.8%.
In this scenario, we obtain a view of the network under this ETH stake rate without making any
other adjustments.
69
Adjustments
There are no adjustments to the base assumptions in this scenario.
Network Assumptions
Assumption Comp - Bull Case Scenario 2
ETH Staked Relatively high levels 15.5mm (13.8%)
Liquidity Very liquid secondary markets Same as Bull Case
Volatility No change to volatility Same as Bull Case
Opportunity Cost of Lending No change in demand for Increase in demand for

borrowing ETH borrowing ETH for arbitrage
Cost of Validating 1% Same as Bull Case
Risk of Penalties/Slashing 98% of validators online with Same as Bull Case

minimal inclusion delays;
flawlessly

Revenue yield is approximately 4.0%, with network average net yields stabilizing near 3.7%,
with a 0.55% annualized inflation rate.
We see the RSAVY model’s Bull Case as a highly optimized state of the network; this scenario
falls very close to in-line with this Case and is centered around achieving adequate security. To
achieve it, we believe it will require the participation of capital efficient validators, most likely
taking the form of institutional investors. With that, we expect a few requirements to apply,
including full liquidity, low volatility, and low opportunity costs.
70
Scenario 3: Reaching Target ETH Staked - Increasing Base Reward Factor

Scenario Background
As with the prior scenario, we target our ETH stake rate in this scenario, but we also increase
the base reward factor from 64 to 128. We explore this change based on our own conclusions
from analyzing attack vectors, as well as in response to feedback from a material number of
stakeholder interviews. We expect this change to result in stronger security guarantees without
leading to overpaying for network security.
Adjustments
We increase the base reward factor from 64 to 128.
71
Network Assumptions
ETH Staked Relatively High Levels 15.5mm (13.8%)
Liquidity Very liquid secondary markets Slightly less liquidity than Bull
Case
Volatility No change to volatility Slightly more volatility than Bull

Case
Opportunity Cost of Lending No change in demand for High demand for borrowing
borrowing ETH ETH for arbitrage

flawlessly

Revenue yield is approximately 8.0%, with network average net yields stabilizing near 7.5%,
with a 1.11% annualized inflation rate.
At the expense of 56 basis points of network inflation per year, or roughly 627,000 ETH
(~$125mm at $200 ETH), we believe the higher yield levels make our ETH stake rate target of
15.5mm ETH more achievable than under the current specs. At a base reward factor of 128,
there is far more leeway for abrupt and large changes to occur to the network, such as an
increase in volatility due to a protocol change, less liquidity given the amount in circulation, and
the likelihood of competitive yield alternatives to arise. Given the low downside of this scenario,
we find this adjustment particularly compelling.
72
Scenario 4: Reaching Target ETH Staked - Larger Adoption for StaaS

Scenario Background
The inability to withdraw and/or transfer beacon chain ETH significantly dampens on-chain
liquidity, a major component to our required rate of return model. A multi-year lock-up period
with no definitive end date will be a major blocker for institutional investors in particular — given
more stringent capital allocation requirements, and possibly even enthusiasts. Our
conversations with stakeholders, including the cofounder of a decentralized staking pool,
indicated this is a leading concern for the Eth2 network.
73
On-chain transferability limitations do not expel every possibility of beacon chain asset liquidity,
however. Centralized exchanges as well as asset managers can offer intra-platform tradability
and/or structure derivative instruments. We believe these structured products will be a much
more attractive opportunity to capital efficient ETH holders than running a complex validator
environment, suggesting a much larger allocation of network validators into the ‘StaaS - Full’
environment relative to what was indicated in user surveys we referenced to determine validator
allocation — which impacts yield in our model. In other words, increasing the number of capital
efficient validators, which we see as a requirement to get to the target ETH stake rate, will
require a shift to a larger proportion of fully managed StaaS validators. In this scenario, we
make adjustments to reflect this change.
Adjustments
We adjust the share of validator environments to the following:
Validator Environment % of Total Validators - Base % of Total Validators -

Assumptions Scenario 4
DIY - Hardware 37% 12%
DIY - Cloud 13% 4%
Pool - StaaS 27% 9%
Pool - Hardware 5% 2%
Pool - Cloud 2% 1%
StaaS - Full 8% 70%
StaaS - Self-Custodied 8% 2%
Network Assumptions
74

Cost of Validating 1% Marginally higher than Bull

Case
Risk of Penalties/Slashing 98% of validators online with Slightly lower risk than Bull
minimal inclusion delays; Case
flawlessly

Revenue yield remains the same at approximately 4.0%, but with network average net yields
stabilizing near 3.5%, vs. 3.7% from base assumptions, and with a 0.55% annualized inflation
rate; indicating a low impact to net yield.
Other than a marginal impact to net yields, a dramatic shift to the model’s allocation of validators
to fully managed StaaS environments has very little detrimental effect to the economic outputs
of the network. In fact, even at an ETH price of $25, validator environments are still profitable at
15.5mm total ETH staked in the network, unlike the prior validator allocation. This change in
profitability occurs because the costs are shifted to the infrastructure providers; while costs to
the end-user (the validator) are represented as a percentage of total rewards, infrastructure
providers bear the fixed costs of validating, which could damage StaaS profitability and
longer-term sustainability. Our key takeaway from this scenario is that StaaS providers add
significant benefit and downside protection to the end validator, suggesting the contribution of
more stability and, critically, liquidity. We see centralization risk playing a factor, particularly if
ETH drops into the Cliff region and StaaS providers incur extended losses, forcing them to
shutter and exit their customers’ stakes. Centralization risk also increases the potential impacts
of key mismanagement or hacking exploits (e.g., an attacker could hack an exchange and have
try to obtain access to private keys, causing a large potential threat to the system.
75
76
Exhibit 48: Yields by Total ETH Staked under a StaaS Driven Network
Scenario 5: Reaching Target ETH Staked - EIP1559: 10x Current Gas

Usage Levels
Scenario Background
EIP1559 could have a sizable impact on total ETH issued, depending on how much the network
is used. In EIP1559, a portion of the gas used (the base fee) on the network would be burned
instead of redistributed to the miners/validators. This proposal in turn could reduce inflation or
even deflate total ETH issuance, as a result of proof of stake’s low cost structure for validating
network activity. In this scenario we analyze the impact of EIP1559 in the event gas usage
increases by a factor of 10 with average gas price of 1 gwei.
77
Adjustments
We turn on EIP1559 in the model, enabling gas burned and tips to miners. We set the number
of transactions (tx) per day to 6,880,780 (~80 tx/s), meaning 10x more gas used and around 1.1
ETH per epoch (91,885 ETH per year) in tips to validators (assumed at 0.5 gwei on average per
transaction).
Network Assumptions


flawlessly

Revenue yield increases to 4.6% as a result of increased rewards from tips. Network average
net yields stabilize near 4.2% from base assumptions, with a 0.39% annualized inflation rate
(down from 0.55%), calculated to $36mm in reduction in issuance per year at an ETH price of
$200.
78
79
Exhibit 50: Yields by Total ETH Staked with 10x the Number of Transactions
Scaling the Ethereum network has always been a primary focus for the community. Successfully
achieving scale will unlock many use cases on the network, but could also fundamentally
reshape how the network pays for security with EIP1559. Scaling ETH by 10x to 80 on-chain
transactions per second halves issuance at the Target ETH Staked amount, and slightly
increases yields. The impact at these levels are somewhat material, but the impact of EIP1559
reaches a tipping point in the mid-100s of transactions per second (still assuming 1 gwei, which
is a conservative estimate) when the protocol could operate without any network incentives and
still achieve the security at desired levels (below in Exhibit 51, we illustrate network metrics at
100x current transaction levels, or 800 transactions per second). We are encouraged by the
idea and potential cost savings the network could incur, but adoption would need to drastically
increase to reach this material level of impact on the network economics.
80
Exhibit 51: The Large Shift in Network Metrics at 100x Current Transaction Levels Supported by
EIP1559
11. Conclusion & Recommendations

In this section, based on the analyses conducted throughout this paper, we summarize our
conclusions around the design, objectives, economic positives, and risks of the Eth2 network;
and provide our recommendations for further exploration.
Design & Objectives

Ethereum 2.0’s Proof of Stake is highly complex relative to Proof of Work.
Eth2 is a highly complex and elaborate system. On one hand, we recognize and appreciate the
amount of care and thought that has gone into its design — it is an elegantly constructed
system. On the other hand, from a validator’s perspective it is difficult to wrap one’s head
around the extent of its many functions and variables, contributing to a sense of uncertainty
81
around the system’s risks and a sense of unpredictability around the system’s outcomes and
future development. Moreover, this unpredictability, coupled with the phasing of Eth2 into at
least three phases, presents a narrative problem for Ethereum relative to other crypto-assets,
which cannot be overlooked given the system’s dependence on price — which is market driven
— for security. This sentiment was strongly echoed by institutional stakeholders we interviewed.
In short, the complexity and uncertainty surrounding Eth2 presents a barrier for potential capital
efficient validators.
Security of the network is dependent upon three key variables: ETH staked, the price of
ETH, and volatility.
Each of these variables has a direct or indirect impact on the cost of attacking the network. Total
ETH staked is the most controllable variable, with the main lever being the incentive mechanism
centered around the BASE_REWARD_FACTOR: the higher the incentives, the higher the yield,
and the more attractive it is to stake ETH. The price of ETH, on the other hand, has a direct and
potentially large impact on network security but is outside the control of the system. That being
said, certain forces can create upward price pressure; for example, if ETH is held mostly by
long-term holders, we would expect velocity to decrease. Moreover, high yields from Eth2
staking could push ETH holders to shift their ETH from Eth1 to Eth2, decreasing the circulating
supply of ETH. However, the positive impact to security from this shift could eventually be
balanced by the likely increase in volatility as a result. Volatility, our third key variable, can come
from different sources and impacts both ETH staked (through required rate of return, as
demonstrated in the RSAVY model) and price of ETH. An optimal balance between scarcity and
volatility could theoretically be defined as the maximum marginal security per ETH minted. We
encourage further exploration of this marginal security theory to augment decision making
around network economics, which can be supplemented by tools such as RSAVY and Validator
Duration (Appendix D).
Attacks on Eth2 are easier to scale than on Eth1.

In Eth2, the physical and hardware-driven burdens of network participation recede to essentially
minimal hardware and power consumption. It is likely that even Raspberry Pis eventually meet
the machine requirements of managing validator nodes for hundreds-of-thousands to millions of
dollars worth of ETH. Scaling validation environments shifts from ordering, configuring, and
operating mining rigs to simply purchasing more ETH. Moreover, the flourishing of DeFi and
eventual connectivity to Eth2 can vastly accelerate and magnify this trend. This is a fundamental
shift in how we look at security on Ethereum, and one that will only get more complex as we
advance to further phases of Eth2 and expect more innovative development in Ethereum-based
financial instruments.
82
Capital efficient validators are necessary and more predictable.

We expect many yield-insensitive validators to participate in Eth2 validation, particularly during
Phase 0. This is important for a successful Beacon Chain launch; however, yield apathetic
participation is ultimately inadequate to reach sufficient levels of security and can lead to
unpredictable network security conditions (the reasons these validators stake or exit are less
easily understood). Capital efficient validators, however, are singular in their motivation: return
net of risk. We find tailoring the incentive lever to the capital efficient validator’s motivating factor
leads to higher fidelity in targeting a total ETH staked number.
Targeting 13.8% ETH staked will match security levels of Eth1 at historical price levels.
We believe the system should be architected to sustain the most destructive economic attacks;
as a result, it should be able to bear supermajority attacks at low prices of ETH. We calculate
that the target ETH to sustain such attacks is 13.8%.
Economic Positives
Economies of Scale for validating exist but decrease at higher ETH prices.
Unlike Proof of Work environments where profitability can only be accomplished by increasingly
large-scale operations, Eth2 validating gradates into an inexpensive operation relative to
revenues as the price of ETH increases. The deltas of profitabilities between scaled cloud
environments operating hundreds of validators, staking as a service providers, and the
individual validator using select hardware close in on 0 as ETH exceeds $1,000. Irrespective of
price, there are also minor economies of scale for large scale validators, as potentially
thousands of validators can be run from the same beacon node; however, we view these as too
minor to represent a real competitive edge. In general, we find the network economics highly
favorable for more decentralized network participation, meeting Eth2’s design objectives.
77.7% of the current ETH supply is in validator ‘qualified’ wallets (holding over 32 ETH).
Approximately 86.6mm ETH is being held by non-exchange wallets with over 32 ETH. Another
18.7mm ETH is managed by exchanges, which might offer staking services. This is a
compelling serviceable addressable market. Focus of the incentive mechanism should be
converting this share of qualified ETH into staked ETH.
Eth2 is paying significantly less for security than Eth1.

Using current beacon chain specs and 15.5mm ETH staked, we estimate network inflation of
0.55% per year, far less than the current 4-4.5% from Ethereum’s Proof of Work network. In
terms of dollars spent on security, we estimate at a $200 ETH price that Eth1 will pay $997
million in security versus approximately $125 million (annualized) using 15.5mm ETH staked.
83
Exhibit 52: Inflation Rate of Eth1 and Eth2
Exhibit 53: Amount Ethereum Network Has Spent on Security (Through Supply Inflation
Multiplied by Average ETH Price)
84
Economic Concerns
Network security is heavily reliant on the price stability of ETH.
Our primary concern with regards to the economic stability and security of Eth2 is the resilience
of the network at low ETH prices. Profitability diminishes, which could force validators to exit,
further diminishing security. The cost to attack the network also directly and materially
decreases, impacting the total ETH price and total ETH staked, and causing uncertainty for the
validators that remain. Combining this low ETH price impact with the ability for an adversary to
rapidly scale an attack on Eth2 creates cause for concern.
The lack of liquidity in Phase 0 and 1 might cause unpredictability and centralization.
Given the lack of a two-way bridge between Eth1 and Eth2, and the lack of transaction
capabilities in Phases 0 and 1, we expect staking to appeal to only a subset of the total
addressable market for validators in these first phases. Derivatives and centralized exchanges
could provide a secondary market, which might be more compelling for investors looking to gain
exposure without incurring roadmap risk or other uncertainty. A high concentration of validators
leveraging these platforms creates centralization risk and unpredictability — both from
commercial policies and how Staking-as-a-Service providers might react to uneconomical
conditions (e.g. low ETH price).
Beware of Derivative attacks.

The Ethereum ecosystem is rapidly evolving and so is Ether as an asset class. At the time of
this writing, there is over $2 billion locked up in DeFi protocols66 and the total ETH trading
volume YTD (June) in 2020 has already exceeded 2019’s, is three times 2018’s, and is 9.5
times 2017’s. Options are currently being structured and sold on platforms like Deribit and
OKEx, and unique financial instruments like “flash loans” are being issued and used in malicious
exploits. With this momentum, derivatives could become the avenue for adversaries to structure
under-the-radar and near-instantaneously lucrative attacks, even in Phase 0 (assuming enough
volume). The most effective defensive strategy against the unpredictability implied in these
attacks is to ensure the network’s incentive mechanism accounts for a base level of security
guarantees.
Recommendations
Increase the Base Reward Factor to at least 128.
In spec v0.12, the Base Reward Factor is set to 64. To reach our ETH stake target of 13.8%,
the network would need to be in an optimal state with negligible risk, costs, or opportunity costs
for validators to consider the investment an efficient one. We acknowledge the implications of
increasing the network’s payment for security, but at a Base Reward Factor of 64, we believe
66
See DeFi Pulse
85
the network is underpaying for security - and it would be prudent for the network to err on the
side of caution during its phased migration to proof of stake, particularly as we find the
additional issuance implied well within the bounds of reasonable inflation.
Explore a more dynamic method to changing the Base Reward Factor in the event of a
shock, such as an ETH price collapse (i.e. explore the implementation of a safety net).
As mentioned in the Economic Concerns section, the primary state of economic distress in our
view is when ETH price falters and the network takes a moment to reset and stabilize at a
healthy level of ETH staked. The network is prone to vulnerability during this time. We
recommend exploring a more dynamic method for scaling rewards or altering the Base Reward
Factor in the case of network shocks. For example, one could consider setting threshold triggers
in the case of a mass exit, where the queue for exiting validators is a factor in changing base
rewards. Alternatively, one could consider a step change function (based on levels of ETH
staked) to maximize yields up to the ETH stake target we identify above, while reducing yields
substantially beyond that point. Lastly, one could even consider an incentive function that is not
exclusively tied to ETH staked or validators, but rather price itself. This of course introduces
oracle dependence risks, but we encourage further exploration of this topic. In any case, we
recommend using Phases 0 and 1 to further test the incentive mechanism and staying agile and
open to future changes in rewards structure to respond to new data points.
Finally, we reiterate that, given the complexity of the system, further analyses and more
dynamic models (e.g. Agent-Based Models) could help identify further attack vectors and
economic risks. We encourage the continuation of these analyses and hope this paper can
serve as a helpful starting point for further research along these lines.
86
Bibliography
eth2.0-specs, Github, https://github.com/ethereum/eth2.0-specs.
Vlad Zamfir, “The History of Casper — Part 1”, Medium, December 6, 2016,
https://medium.com/@Vlad_Zamfir/the-history-of-casper-part-1-59233819c9a9.
“Sharding FAQ,” Github,

https://github.com/ethereum/wiki/wiki/Sharding-FAQ#this-sounds-like-theres-some-kind-of-scala
bility-trilemma-at-play-what-is-this-trilemma-and-can-we-break-through-it.
Ben Edgington, “State of Ethereum Protocol #2: The Beacon Chain,” Medium, October 26,
2018,
https://media.consensys.net/state-of-ethereum-protocol-2-the-beacon-chain-c6b6a9a69129.
Eric Conor, “Ethereum 2.0 Phases,” Ethhub, November 16, 2019,

https://docs.ethhub.io/ethereum-roadmap/ethereum-2.0/eth-2.0-phases/.
“Proof of Stake FAQ,” Github, https://github.com/ethereum/wiki/wiki/Proof-of-Stake-FAQ.
“Ethereum 2.0 Phase 0 -- Deposit Contract,” Github,

https://github.com/ethereum/eth2.0-specs/blob/dev/specs/phase0/deposit-contract.md#deposit-
amount.
Vitalik Buterin, Diego Hernandez, Thor Kamphefner, Khiem Pham, Zhi Qiao, Danny Ryan,
Juhyeok Sin, Ying Wang, and Yan X Zhang, “Combining GHOST and Casper,” Github, October
31, 2019, https://github.com/ethereum/research/blob/master/papers/ffg%2Bghost/paper.pdf.
Joseph Chow, “The Beacon Chain Ethereum 2.0 explainer you need to read first,” Ethos.dev,
May 23, 2020, https://ethos.dev/beacon-chain/.
Ben Edgington, “The Ethereum 2.0 Annotated Specification,” benjaminion.xyz,

https://benjaminion.xyz/eth2-annotated-spec/.
Herman Junge, “Rewards and Penalties on Ethereum 2.0 [Phase 0],” ConsenSys Codefi, March
2, 2020, https://codefi.consensys.net/blog/rewards-and-penalties-on-ethereum-20-phase-0.
“Serenity Design Rationale,” Github,

https://notes.ethereum.org/@vbuterin/rkhCgQteN?type=view#Serenity-Design-Rationale.
87
Jim McDonald, “Understanding Validator Effective Balance,” Attestant, November 28, 2019,
https://www.attestant.io/posts/understanding-validator-effective-balance/.
“Ethereum 2.0 Staking Ecosystem Report,” ConsenSys Insights, May 2020,

https://cdn2.hubspot.net/hubfs/4795067/Codefi/Ethereum%202.0%20Staking%20Ecosystem%2
0Report.pdf?__hstc=148571112.51d5567256d6f4167c1422d5c083e93e.1574348924308.15887
70700176.1588788083651.18&__hssc=148571112.1.1588788083651.
Aqeel Mohammad, “Ethereum Lighthouse: Chasing Serenity,” Medium, April 2, 2020,

https://medium.com/empireventures/eth2uxreport-858c73ca1f53.
“Installing Prysm on macOS,” prylabs docs, https://docs.prylabs.network/docs/install/mac/.
“Institutional Investor Study,” Fidelity Digital Assets, June 9, 2020,

https://www.fidelitydigitalassets.com/bin-public/060_www_fidelity_com/documents/FDAS/instituti
onal-investor-study.pdf
Harry M. Markovitz, “Portfolio Selection: Efficient Diversification of Investments,” Cowles

Foundation for Research in Economics at Yale University, 1959,
https://cowles.yale.edu/sites/default/files/files/pub/mon/m16-all.pdf.
Tarun Chitra, “Competitive equilibria between staking and on-chain lending,” February 4, 2020,
https://arxiv.org/abs/2001.00919.
Fred Wilson, “The Hit Rate,” AVC, September 15, 2019, https://avc.com/2019/09/the-hit-rate/.
Chih-Cheng Liang, “Minimum Committee Size Explained,” Medium, July 12, 2019,
https://medium.com/@chihchengliang/minimum-committee-size-explained-67047111fa20.
Vitalik Buterin, “Discouragement Attacks,” December 16, 2018,

https://github.com/ethereum/research/blob/master/papers/discouragement/discouragement.pdf.
88
Appendix A - Ethereum Resources
Ethereum 2.0 Specification

● Eth2.0 Spec v.0.12
● Annotated Spec, by Ben Edgington
Ethereum 2.0 Design Rationale & Explanations

● Vitalik Buterin, Serenity Design Rationale
● Danny Ryan, “Phase 0 for Humans”
● Sharding FAQ
● Proof of Stake FAQ
Ethereum 2.0 Foundations

● Ben Edgington, “State of Ethereum Protocol #2: The Beacon Chain”
● Joseph Chow, “The Ethereum 2.0 Beacon Chain Explainer You Need to Read First”
● State of Eth2, by Danny Ryan
● “Validated: Staking on eth2 #0,” by Carl Beekhuizen
● “Validated, staking on eth2: #2 - Two ghosts in a trench coat,” by Carl Beekhuizen
● “Validated, staking on eth2: #3 - Sharding Consensus,” by Carl Beekhuizen
Ethereum 2.0 Economics

● ConsenSys Codefi Rewards and Penalties on Ethereum 2.0
● “Validated, staking on eth2: #1 - Incentives,” by Carl Beekhuizen
Validator Costs
● Prysmatic Labs, “Installing Prsym on macOS”
● Sigma Prime Benchmarks
Attack Vectors
● See the Ethereum Wiki for the Nothing at stake (and other well-known attacks)
● Discouragement Attacks
● Ethresear.ch
User Surveys
● ConsenSys Insights “Ethereum 2.0 Staking Ecosystem Report”
● Empire Ventures “Ethereum Lighthouse: Chasing Serenity”
89
Appendix B - Stakeholder Interviews Summary

In parallel to the construction of our economic model, over the course of our research we
conducted several stakeholder interviews from a representative group of the Ethereum
ecosystem at large. We interviewed 20+ teams or individuals from the following groups:
● Researchers: Danny Ryan and Barnabe Monnot from the Ethereum Foundation; Ben
Edgington from PegaSys R&D
● Implementers: Raul Jordan and Preston van Loon from Prysmatic Labs (Prysm); Mehdi
Zerouali and Paul Hauner from Sigma Prime (Lighthouse); Cem Ozer from PegaSys
(Teku)
● Pool Operators: David Rugendyke from Rocket Pool
● Staking-as-a-Service Infrastructure Providers: Tim Lowe and Herman Junge from Codefi
Staking; Viktor Bunin from Bison Trails
● Retail investors, users, and enthusiasts: a group of various individuals working at
blockchain and crypto companies
● Institutional Investors and service providers: a representative from a major
cryptocurrency exchange with institutional services; representatives from two major
asset managers, and Tom Shaughnessy from Delphi Digital, a digital assets research
and consulting firm that serves institutional clients.
We have summarized the learnings from these interviews into a few recurring themes and
patterns that came up across interviews. These learnings are integrated into our conclusions
within the main paper.
Summary of Themes
Eth2 Objectives
● From Researchers and Client teams, we heard:
○ Security is the biggest goal
○ Building a client that is correct, stable, and reliable
○ There are three main goals for the client: Security, Performance, Usability
● An infrastructure provider representative suggested that the goal of Phase 0 shouldn’t be
to overemphasize security but rather to hook people into Ethereum 2 and bootstrap the
network by building stickiness
Eth2 Risks - Attacks

● One researcher is worried about Whistleblowing; currently, in Phase 0 the proposer
obtains the full reward, as there is no way to tell who actually whistleblew, presenting a
verifier’s dilemma. There is concern that the cost of detecting slashable offenses is too
90
high, with the highest cost coming from detecting surrounding attestations (one of the
slashable offenses).
● There were multiple concerns raised around finality and the possibility of stalling the
network. From one researcher: there’s still a way to stay on the sideline (ie. online but
not attesting) and, once there’s a fork, fight to keep forks alive rather than GHOST
choosing one of the forks.
● Similarly, one client team mentioned skipping slots in an effort to penalize others (by
skipping slots, others are robbed of their potential incentives from attestations). This
team mentioned that with around 10% of validator control, an attacker could start doing
interesting things with the network.
ETH2 Risks - Usability

● There is still much uncertainty around Eth2 development and launch timelines. Not
knowing when a validator can retrieve their ETH is a massive barrier, according to one
client team.
● Another individual on the institutional side suggested that the risk is not so much that
Eth2 will not happen; the main concern is that the goal posts keep moving and
developers may start to feel discouraged and leave toward other platforms.
Underexplored & Undertested Areas

● According to a researcher, many of the constants in the rewards and penalties scheme
(and in the spec more broadly) are somewhat arbitrary (based on powers of 2), including
the base reward factor itself. That isn’t to say they were not chosen with care and
thought, but rather they are not derived from any mathematical proof or optimization.
● Slashing, according to a researcher, is also not necessarily a requirement and has roots
in Vitalik and Vlad’s work around Slasher. One potential attack coming out of it is
blackmailing validators to slash themselves to gain the whistleblower reward. [Author’s
note: other researchers disagreed with this claim, arguing instead it was a requirement.
Moreover, the whistleblower reward is a small fraction of the slashed amount, meaning
this is not a profitable approach.]
● One client team is relatively concerned about the use of new or undertested
technological primitives. For example, this is the first such network using BLS signatures.
The same client team is also concerned that the fork choice rule is undertested as well.
● There was concern from a few researchers and client teams around the ⅔ honest
majority assumption for security.
Cost of Running Nodes

● All client teams and researchers confirmed that the hardware requirements for running
an Eth2 beacon node are largely a result of the Eth1 client requirements, as a beacon
node must run an Eth1 and Eth2 client. Eth1 chews up memory and hard drive space.
91
● Rocket Pool suggested that given testnet results, a validator could get away with a
relatively cheap hardware setup with minimal CPU specs, 2GB RAM, and a SSD hard
drive. For cloud, an EC2 instance with 2-4 CPUs, 2GB RAM, and 200GB storage would
suffice.
● Sigma Prime pointed to the results of their UX survey, which suggested many individuals
expect to be able to run validators on a raspberry pi. However, while the team estimated
that it was possible to run a beacon node on a Raspberry pi with several thousand
validators, they cautioned that tests are required on multi-client testnets as well as
adversarial conditions. The number of validators on the network also has an impact: the
more validators, the more messages and the larger the state size. Other individuals
recommended staying away from a Raspberry pi and using a desktop computer instead.
Validator Fees
● In our interviews, some individuals estimated staking pool fees to start around 12%, with
that percentage subject to change based on supply and demand.
● Staking as a Service providers indicated a possible fee of around 15%.
● Two individuals on the infrastructure as a service side posited a belief that validator fees
would trend toward zero over time — in other words, become commoditized.
Institutional Demand
● In terms of crypto asset demand, two asset managers indicated that so far, the demand
from investors is still exclusive to BTC.
● The investors that show interest in crypto and serve as clients of the asset managers we
spoke to are crypto natives, first movers (family offices, financial advisors, large scale
institutions), and global macro hedge funds. Family offices and HNWIs are the initial
clients given their risk appetite.
● These investors categorize BTC and crypto more broadly under two groups:
○ As an alternative asset that can improve the risk-reward of a portfolio (improve its
information ratio)
○ As a VC-type bet with asymmetric upside; essentially an option-style bet
● Investors in this group will allocate no more than 0.5% - 2% of their portfolio to BTC.
● With regards to ETH as an asset class, some family offices show interest in learning
about ETH. They are not, however, interested in the state of the network or any
technological properties of the protocol, and have expressed confusion around the
transition to Eth2 and the uncertainty around the success and timeline of that transition.
In contrast, the narrative of BTC as an uncorrelated store of value asset is easier to
grasp. Lastly, ETH doesn’t have support from incumbent institutions in the same way
Bitcoin does; for example, there are no ETH futures on Bakkt or CME.
● Capital efficiency is important; even when it comes to BTC, institutions are thinking about
how to put that capital to work. One asset manager stated that investors’ decisions were
all about opportunity cost, with the following questions coming up in conversation: would
92
we not make more money trading money actively? What about lending it out? What
about a different crypto asset? What is the cost of locking up one asset and what’s the
cost of taking it out?
● With regards to staking, two asset managers expressed that realistically, very few
institutions are going to be comfortable enough to stake assets; however, there is more
of a possibility if it staking is packaged in a product they’re more familiar with, like a
derivative. Another individual mentioned that no investor is going to be ok locking up
ETH for at least 2 years, particularly when running a fund with a time horizon; there is
too much risk and no liquidity. One asset manager mentioned that staking had rarely
come up in client conversations.
● There are signs that derivative products will be made available, echoed by infrastructure
providers. For example, pools or exchanges may mints new tokens that reflect balances
on Eth2.
● One individual stated that large institutional investors are motivated by the monetary
incentive; they don’t care about PoS vs. PoW, they make decisions based on yield and
risk.
● Referring again to the uncertainty of the Eth2 timeline, one individual mentioned that
investors would prefer to prioritize other assets with higher yields in the short term while
waiting for more clarity on Eth2.
Institutional Yield Expectations

● The concept of a risk-free rate on ETH is becoming interesting, but there are doubts as
to whether Eth2 staking can actually be considered as such. In particular, the technical
risk associated with staking is hard to quantify as part of that rate.
● There is also an understanding that, as crypto evolves (and it is rapidly changing),
institutional investors are going to have to constantly find new forms of yield.
● One asset manager stated that anything in the range of 5-15% yields is compelling.
● Another individual mentioned that 1-3% yield is really low, especially if there are liquid
alternatives.
93
Appendix C - Detailed Charts & Figures
Cost Assumptions
Exhibit 54: Validator Cost Assumptions
94
Net Yields and Spreads of Validator Environments Using Base

Assumptions
DIY - Hardware
Exhibit 55: Net Yields
Exhibit 56: Revenue-Net Yields Spreads
DIY - Cloud
95
Pool - StaaS
96
Pool - Hardware
Pool - Cloud
97
StaaS - Full
98
StaaS - Self-Custodied
99
Appendix D - Other Economic Evaluation Tools
Validator Duration
Duration is the time, in years, which it would take for cash flows from a yield-generating asset to
return the principal of the investment. Validator duration can have different interpretations
depending on the asset used in the model. For example, if the principal amount is the
underlying staked asset, or Ether, then it equates to the time for the validator to receive a net
yield as cash flow to reach the minimum effective balance requirements to stake another
validator, a metric which could delineate the magnitude of perceived risks from validators on the
network (the lower the variables in RSAVY model, higher the duration). Alternatively, and more
illustrative in our view, the duration of net yield cash flows against a benchmark asset/index, or
‘benchmark duration,’ should articulate the price sensitivities to changes in yield.
Pb
Dvb = Rv x P e
Where:
Dvb = validator duration against benchmark asset
P b = price of benchmark, e.g. Bitcoin
P e = price of underlying staked asset, e.g. Ether
Rv = net yield on validator environment
The relationship between yield and price of the underlying asset is important for modeling and
scenario analyzing the projected investment return of a yielding asset. Interpreting the
benchmark duration, a drop in the underlying assets price might imply higher volatility of the
asset, thus more risk and a higher required rate of a return. For assessing the sustainable
economics of the Eth2 network, the benchmark duration could support assumptions on the
theoretical stability of adjusting the base reward factor. We envision this economic evaluation
method being useful as a tool when measuring and comparing against actual data.
100
Disclosures
The authors of this research were compensated in the form of a grant by MolochDAO to perform
an economic review of Ethereum 2.0. Compensation was not received on any basis contingent
upon expressing a positive opinion in this report.
This report is not investment advice. The above references an opinion and is for information
purposes only. The authors are not recommending to trade, invest, or stake in ETH or any
tokens, entities, or companies based solely upon this information. Furthermore, the authors are
not recommending to participate as a validator on the Ethereum network. Any investment
involves substantial risks, including but not limited to pricing volatility, inadequate liquidity, and
the potential complete loss of principal. Seek a duly licensed professional for investment advice.
This information is presented “as is,” without warranty of any kind.
The information contained in this document may include forward-looking statements. These
statements are not guarantees of future performance and undue reliance should not be placed
on them. Such forward-looking statements necessarily involve known and unknown risks and
uncertainties, which may cause actual results in future periods to differ materially from any
projections of result expressed or implied by such forward-looking statements. It can be
expected that some or all of such forward-looking assumptions will not materialize or will vary
significantly from actual results.
101

Eth2 Economic Review

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Eth2 Economic Review

Uploaded by

Copyright:

Available Formats

Ethereum 2.

July 16, 2020

Please refer to disclosures at the end of this document.

4. A Framework for Evaluating Economic Security in Eth2.0 13

6. Model Walk Through 20

8. A Model for Measuring Required Yield 44

Applying the RSAVY Model to Phase 0 51

9. Economic Attack Vectors 56

10. Scenario Analysis 66

11. Conclusion & Recommendations 81

Appendix A - Ethereum Resources 89

Appendix B - Stakeholder Interviews Summary 90

Appendix C - Detailed Charts & Figures 94

Appendix D - Other Economic Evaluation Tools 100

Ethereum 2.0 Roadmap

Exhibit 1: Phased Rollout of Serenity

4. A Framework for Evaluating Economic Security in Eth2.0

Visualized formulaically, we obtain the following conditions:

● P is the economic gain derived from the attack

BASE_REW ARD_F ACT OR

● BASE_REWARDS_PER_EPOCH is another constant reflective of the number of ways

endogenous variables, the BASE_REWARD_FACTOR is the most significant parameter; from

6. Model Walk Through

Below, we briefly outline and explain each tab in the model:

General Inputs and Assumptions

Exhibit 2: Eth2 Beacon Chain Phase 0 Spec v0.12 Variables

Exhibit 3: Base Assumptions

Exhibit 4: Revenue-Net Yield Spreads Considering Above Assumptions

Determining these costs requires a separate set of assumptions.

Validator Cost Assumptions

We expect these hardware requirements to be higher than needed and to be competed

Control Panel Assumptions

Exhibit 6: Base Assumptions in Control Panel - Variables for Annualized Model

Exhibit 7: Base Assumptions in Control panel - Variables for WWIII Model

Illustrating Network Outputs Using Base Assumptions

Exhibit 8: Network Average Yields and Network Inflation

Exhibit 9: Revenue Yield Data Table (USD)

Network Average41 Net Yield

Exhibit 10: Average Net Yields (USD)

Comparing Net Yields

Revenue Yield Sources

Exhibit 16: Annual Issuance at 33.6mm (30%) Total ETH Staked

Using Narrower Parameters

Exhibit 19: Network Average Yields and Network Inflation

Exhibit 20: Revenue Yield Data Table - Network Average (USD)

Exhibit 21: Net Yields - Network Average (USD)

Exhibit 22: Revenue-Net Yield Spreads - Network Average (USD)

Low ETH Price Analysis

Exhibit 24: Revenue Yield Data Table - Network Average (USD)

Exhibit 25: Net Yields - Network Average (USD)

Exhibit 26: Revenue-Net Yield Spreads - Network Average (USD)

8. A Model for Measuring Required Yield

Defining the Types of Validators

Exhibit 30: Types of Validators

Who Enthusiasts/crypto holders Asset managers/institutional investors

Motivation Maximizing Maximizing return on investment net

Exhibit 31: Number of Ethereum Wallets with More than 32 ETH

Source: ​Arcane Research​ with data from ​Nansen.ai

Potential Motivations of the Capital Efficient Validator

Source: ​https://chart-studio.plotly.com/~ggiv/5/#/​. Represents the correlation over the previous

The Required Serenity Active Validator Yield Model

● The opportunity cost of allocating capital to a risk free rate

Expressed mathematically, we obtain:

Source: Arcane Research with data from Nansen.ai

Source: https://chart-studio.plotly.com/~ggiv/5/#/. Represents the correlation over the previous

Scenario Background: The rationale for analyzing this scenario