On the interrelationship between the security budget and the business prospects of the Cosmos network

Introduction

The past few days brought a flurry of conversation on whether validators charging 0% are harmful to the success of the Cosmos Hub. I would like to present one critical element missing from most of these conversations - that of preserving the business prospects of the Cosmos Hub. What does success even mean if we don’t talk about the business prospects of the network as a whole?

At stake, in this conversation, is the fundamental question of the network security budget - the total amount of atoms earned (and kept and re-invested) by its entire validator set. As Zaki Manian mentioned in a conversation, validators charging 0% (or 4%), shift the network security budget toward zero. Other validators, will need to lower their rates to stay competitive, accentuating the effect. The end destination of this competition is a network security budget of near zero. The fundamental question is whether Cosmos Hub should go down that path of a zero budget. Or whether some reasonable effort be made to stall that eventuality?

The consequences of a zero security budget validation ecosystem

In this scenario, the only validators that survive are ones that can up-sell other services by validating. For example, a centralized exchange prices validation at zero, but makes money from trading commissions on delegation vouchers. Or, a custodian like Anchorage could offer free validation in order to entice hedge funds to consume its custody product. In these cases, validation is the free sample/teaser, and the money is made someplace else. A zero security budget Cosmos network is full of players like these with large delegations. Majority of the current validator set does not survive - these people will end up bankrupt or pivot. A few that depend on AIB or ICF for majority of their delegations could cling to life.

Implication for business prospects

Cosmos’s business prospects in the future are shaped by its validator set. The best business model the network has is shared security. In that model, Cosmos sells its validator set to other zones by developing programs such as Interchain Collateralisation, Validator Set Projection Protocol etc. A future with hundreds of blockchains buying security from the Cosmos Hub, to the tune of billions of dollars in network revenue, will make atoms very valuable. This future is the embodiment of success for me.

In contrast,being a router for IBC messages, as indicated in the whitepaper, is less critical - that business model is dependent on transaction fee revenue, and the incipient scalability of PoS networks (Solana at 100k tps) will mean that transaction fee revenue models are sub-optimal.

Since validator set is the main asset being sold in shared security, it is important for the protocol to actually look after its validators, and keep them enthusiastic + decentralized. If Cosmos ends up having a validator set full of exchanges and custodians, why would any other zone buy security from Cosmos Hub? The ability to sell the validator set is dependent on the quality of the set itself. Cosmos will be rationally out-competed by a different Hub, that looked after its set better, and was therefore able to get more customers for shared security.

Stated differently, Cosmos can’t function as “a labor union for validators” if the only laborers that survive are large exchanges or people up-selling validation for other services. (The phrase “labor union for validators” is generally attributed to Sunny Aggarwal)

In colloquial terms
Selling security first requires decently good wages for the security guards.

If the protocol pays its validators peanuts, it will attract monkeys. And few zones will buy a set of monkeys for their security.

Shared security is as much about looking after your people, than making some fancy technical computer science innovation. I would say the human element is way more material than the technology - the technology is indefinitely forkable, the human element is not.

The interdependence between network security budget and future business prospects, must be front and center in this conversation.

Sorry, i’m a bit distracted. This is a very good post, thanks for making it. I think it clearly outlines the existential issue with Cosmos namely, “Why does anyone validate if the expectation is that validating in of itself will not be profitable?” For me, there are two answers:

1. The existence of the network facilitates transactions the validator is a counter-party to and would otherwise be impossible. (Because they would be too expensive to insure.)

2. Any given validator makes money from providing secondary services to users of the network.

Both of these possibilities suggest the network is providing a valuable service. And neither suggests that inflationary rewards are the justification for validation. Rewards assume a liquid market in the future. Fees are a little different in that it requires more immediate liquidity to allow the validator to keep operating. Fees are only sufficient to secure the network if they can cover operating costs, on a block by block basis. We need rewards to offset the CapEx, but they don’t directly provide security, because at some point, “all the hardware will be paid for”. At that point, if we assume validating is worthwhile in and of itself, transaction fees must be the justification. I don’t see how a moat can be put around this. Even if we achieve something in protocol, some other protocol will simply undercut. Well funded validators from within Cosmos will fork and undercut, or offer rebates, etc etc.

I guess what i’m looking for is an explanation for why we shouldn’t expect validation, like so many other businesses in the world, to naturally centralize? (I understand that we don’t want it to, but how can we possibly make it so?)

Ecosystem of most other PoW network also pays profit to its miners from future network value of the network: the current price of coins. What dPoS is different from PoW is that now most profit(inflation) goes to delegator and very little part goes to miners. In PoW, all inflation goes to miners.

So, when use-case is not enoughly settled, it is inevitable for most blockchain to lean to the current price of the coins. The structure of distribution of rewards in dPoS improved a lot from PoW. It is also exactly same as how company grows. Company continuously issue new stocks and sell them to investors, resulting in dilution of share value, promising that such cash inflow can accelerate the growth of the company so that the final share value in the future can be much higher than now.

So in relative term, I think it is a success: 1) most rewards go to delegators, 2) tx fee is significantly reduced, 3) miners can expand their support on other networks with quite low marginal cost 4) miners hire humans, not heavy machines, resulting in more enriched community with great participation.

In addition, validators are not hoping a ton of profit generated from mining, like miners and mining pool did in PoW ecosystem. Validators will be happy enough to cover our cost at this moment, but practically almost all of us are in deficit.

Could you explain the problem again compared to exist PoW blockchains?

Hey Everyone,

This is my first post here, glad to see these conversations are happening! Take my thoughts here with a grain of salt, as I may be missing some context.

I run ShapeShift, and we are considering being a validator. We’re very bullish on Cosmos generally. So, here’s my thoughts…

I don’t think it is correct to equate the staking fee to the “network security budget.” Indeed, as OP mentions, many validators are companies that offer various services, staking being one of them. The amount these companies spend on server infrastructure and security is NOT set by the Cosmos ecosystem rules. Rather, it is set by the management of those companies. For us as ShapeShift, the amount we invest in our validator is only partially influenced by the revenues we make from validating directly, and it is much more influenced by the revenues we make indirectly by validating, which may have nothing to do with the actual validation fee we charge.

Whether we are permitted to charge 0% if we wish, or are forced to charge at least 1%, for example, will have little to no material effect on our validator spending decisions.

In aggregate across the set, if Network Security Budget is X when validator fees may be set at 0%, it does not follow that the Network Security Budget is >X when validator fees must be over 0%.

In fact, the Network Security Budget may actually be lower if the 0% fee is banned.

Consider this: Company X is considering whether to spend a bunch of money and time to set up a professional validator on Cosmos. They provide various crypto services, and they plan to use their validator as a loss leader for other revenue streams with their customers. They are excited to be able to market, “Free staking on Cosmos” to their customers. But, if they are unable to offer free staking, they don’t believe the marketing pitch will be strong enough, and thus they don’t validate on Cosmos. Now Network Security Budget is lower than it otherwise would be… which is counter-intuitive, but plausible.

Most importantly though…
Even if the system mandates 1% fees instead of 0% fees… the market can easily find a way to get around that. A validating company forced to charge 1% can simply then pay out 1% back to its customers through any other means… thus returning the validation fee to effectively 0%. There is no way to stop this.

If you want the Network Security Budget to be high, I’d suggest we don’t put roadblocks or restrictions on the very parties who are paying for that budget (the validators). By removing options (such as the option to charge 0%) from those validators, I can’t see that increasing the enthusiasm said validators have for spending money on their validating infrastructure.

Consider also that Cosmos is one of many DPoS chains… any rule set in Cosmos will affect its ability to compete within the marketplace of other blockchains. A price control on fees (such as forcing validators to not charge 0%) could allow other chains to seize opportunity if indeed the market rate for validation is 0% long term.

My suggestion is to let the market set the validation rate. If the market rate for validation on Cosmos is 0%, then we shouldn’t try to artificially raise it.

The market will tend toward centralization given what you’ve described. This may be okay for you, it may be okay for me, but the question is does the community support that? Currently, there seems to be a lack of enthusiasm for so quickly abandoning the narrative of a chain that is as egalitarian as possible to new validators.

If that’s true, why is it not true when you consider the reality that any validator can simply pay out any forced fee back to the user? (thus in no scenario can you actually cause a minimum fee to be required)

That’s a good question. I think the market tends toward centralization with or without this particular forced minimum, but the way it’s currently set it seems to be accelerating towards a security minimizing centralization rather quickly. It’s valid for people attempt to slow this acceleration via governance, which also works as a social signal. Maybe it’s most important utility is as a social signal to small validators and naive delegators about the ideals of the chain. Again, I’m not being prescriptive about what those ideals are, but I think slowing centralization as much as possible will need to be required if the goal is for Cosmos Hub to be permissionless. (I personally think this period of Cosmos Hub history is people trying to figure out the cartel structure and that it ultimately will be permissioned/centralized but that’s a different topic…)

If people want to offer and take kickbacks, that’s fine, I think that’s better than 0% commission on delegation, given the latter feels like it accelerates an already quite quick race to the bottom.

as a delegator, i appreciate the hard work, the technical expertise and the transparency of the validators in the cosmos network.

as a delegator, i understand that the security of the network depends on both validators and delegators. each stakeholder group has its role to play, with commensurate rewards.

as a delegator, i did not chose my 0% validator because of the commission rate. provided the commission rate is not egregious, at this stage of development not only of cosmos but the blockchain space in general, the rate is irrelevant. probably, it matters little for most delegators if for every 100 atoms they stake, their annual return of 10 - 20 atoms is reduced by 1 - 3 atoms or so versus if atoms themselves reduced in value to usd 0.1 or appreciated to usd 100.

as atom holders themselves and a good number of whom were involved at the initial sale and distribution of cosmos atoms, this should hold true for validators as well. the great benefit that would accrue to these parties with the appreciation of the atom is well-deserved for the early risk they took.

as a businessperson, it is all about risk. competition from better funded parties who enjoy greater economies of scope / scale that drive price points to “unsustainable” levels is an everyday phenomenon in my web 2.0 world. the market does not provide a floor to cover cost for anyone, whether the competition is “ruinous” or not.

as an entrepreneur, a constant decision point is whether the long-term benefit outweigh the risk of competing, given whatever conditions of the playing field. the fact of the matter is that in almost every space that has (perceived) tremendous, long-term upside, there are and will continue to be parties interested in participating, just as there are people that will make the decision to pack it up.

it is great to participate in these discussions about the security of the network, how best to prevent centralization, whether these measures should be protocol driven and so forth. however, we should carefully weigh whether there is an urgency to bringing this to a head now.

I think there are two different issues that must be considered here:

1. Security of a single validator
2. Security of the network

I agree that using commission rate as a proxy for security spend is not a good idea – even if a validator has a 20% commission does not mean they’re pouring it into security. I would suggest that before staking any significant amount of ATOMs, delegators should ask validator operators about their security. There are a number of firms (shameless plug: including mine) that do security assessments for validators – that should be a good signal right there. The community is still small enough that validator operators are accessible, so this is a perfectly feasible approach (and as recently discussed on Twitter, eventually we should get this information on-chain).

The bigger problem I see is that even if one delegates to a secure node, if a couple nodes are able to attract 2/3rds of the stake AND they do not have good security, then an attacker can simply take over the network just by compromising those couple validators. Then it doesn’t matter if the other 98 (or 123) validators did everything perfectly – you won’t see your delegation get slashed, you’ll just see the value of ATOM plummet to nothing. So the discussion of security and zero commission is not simply about security spend on each validator, but on its effect on network centralization.

These are valid and plausible descriptions of what might happen in the future.

At the same time, I wish to point out another possibility, which is that some validators are charging high fees simply because they have high burn-rates due to their incompetency. We don’t know this yet because they haven’t been through fire (I think). Once there’s a good money to be made, I think we will start witnessing specularly clear-headed cheaters entering the network. If true, we may see something similar to the battle between Kung-fu master and MMA fighter within our own space.

In order to create and maintain a healthy ecosystem, I think it is crucial to have both expansion and contraction (or mutation and selection). Therefore I am still open to validators experimenting and exploring all possible combinations of parameters to find out what works for them, and then deal with the consequences of their decisions later on. In this context, 0% fee validators may exert a selective force on those who can’t run validator nodes without unreasonably high burn-rates, or think that the fees they charge is the only reason why delegators chooses a particular validator (therefore tries to compete only within that domain).

Similarly, I wish validators to be a little more creative with regards to differentiating themselves from others. In other words, please give the delegators an attractive reason to delegate to you. For example, I really like Chorus One’s proposal to offset carbon-emission and this will be a good reason for me to support them (I know there’s a recent paper that argues something like this is too late anyway but I wish to remain optimistic). Establishing a theme or a consistent philosophical stance on different issues would be one of many ways to differentiate oneself from others but there could be many more. Please do not assume that the delegators are an uneducated mass because at some point they will start acting like one.