Preparing for Replicated Security

Conversation Essays
21

I’m not sure what you mean by ‘subordinate hub’…something like this, maybe:

The Cosmos Hub blockchain taking on another chain (Blockchain A) as a consumer chain, and Blockchain A then providing security to yet another chain (Blockchain B)? Like a subletting situation?

That hadn’t even occurred to me, honestly. I don’t know enough about the technical specifications to know if that’s possible but my gut feeling would be no, the code doesn’t let you provide security unless you have your own sovereign validator set.

A ‘high quality consumer chain’ imo, is one that is successful at filling its product niche and participates in a mutually beneficial relationship with its security provider.

22

yes thats what i meant. ok thx for your time.

23

im not concerned about replicated security as a feature, my concern is with funding liquid staking chains with atom liquidity. funding LSDs doesnt benefit atom.

I am just unable to conceive of a way an LSD consumer chain would return value back to the provider chain to justify its funding. 25% of the txn fee paid in an illiquid farming token is not much of a carrot.

24

But replicated security is providing security, not liquidity.

There will be different token designs for different LSDs. I’m not an expert, but it seems silly to write them all off as “illiquid farming tokens”.

Do you mean that your concern is that you don’t want to use up a slot in the Hub’s replicated security capacity to fund LSDs because you don’t see how a LSD token will drive value back to the Hub or act as adequate payment?

25

@ala.tusz.am

the discussion also involves prospective funding.

sure, this is an adequate approximation of what I mean. not that I am saying its impossible to some types of LSD to work.

smart contract LSDs like LIDO can serve the same function in defi and dont require the use of an additional consumer chain slot. if the same thing can be accomplished in a more efficient way, what justifies the added cost of the requisite nodes and implied funding required for an LSD chain to be a consumer chain?

with Babylon coming, will there even be demand for LSD chains?

1 Like
26

Thanks @lexa for this clarifying post. I’m copying over a post from another thread to see if I can get some help with trying to estimate ICS costs:

Trying to figure out how much ICS costs would actually be for new consumer chains, and would appreciate any clarifications you’re able to give re my back-of-the-envelope calculations below.

A figure I’ve heard being thrown around is roughly 600-800 dollars per month for validators, times 175 validators. In addition to that, on top of the rewards coming from consumer chains the validators get an average fee of around 10% (meaning we’ll have to multiply the results by 10 to get the revenue needed to cover such costs).

The result would look something like this:
$600 x 175 validators x 12 months x 10 = $12.6 million per year
$800 x 175 x 12 x 10 = $16.8 million per year

Although this does not consider the weight of different validators, these figures are quite extraordinary, and surely cannot be correct? Hard to see new chains being able to cover this kind of amount, especially so during a bear market like this. Or am I missing something?

Further, I’m wondering whether or not there is a normal investment risk for validators and the Hub (so if the project goes badly, the validators just lose money and vice versa) or if there are any requirements about what a consumer chain should provide in terms of value to the Hub in order to join Replicated Security?

Hope that makes sense, and again, I’m grateful for any light that can be shed on this matter.

27

@common_spelling

Thanks for clarifying!

Honestly, I’m not that knowledgeable about the way liquid staking chains might work so it’s possible that my generalized thoughts on replicated security as a whole don’t map perfectly onto how it works for LSDs in particular.

Relying a bit on your response to @ala.tusz.am here,

sure, this is an adequate approximation of what I mean.

My main response is just that if something doesn’t make sense to ‘take up a slot’ on the Hub, I think we have to trust the community and validators to not let it take up a slot.

I’m definitely not here to argue that there’s a way for every kind of consumer chain to be profitable and should be given a chance regardless of demand or accounting!

@saint.Ericus

The cost per validator per chain is the real thing that’s hard to nail down here, and it’s also the thing that will wildly swing the back-of-napkin cost from ‘reasonable’ to ‘what the heck’.

I haven’t been directly involved in many conversations about this parameter but I’ve heard $300-450 quoted, but that’s not an accusation that your quotes are wrong. The Hub has 175 validators, but inevitably many of them have very different per-chain costs.

Just to break your math into a few more steps (particular the fee split part, because it took me a few reads to understand what you’re saying):

  • $600 x 175 validators = $105,000 per month
  • $105,000 per month x 12 months = $1,260,000 per year

And then, assuming that the validators’ additional revenue from Replicated Security comes in the form of a revenue split where the consumer chain takes 90% and the Hub validators take 10%:

  • Total revenue = ($1,260,000 per year)/(10% fee split)
  • Total revenue = $12.6 million

My conclusion here is that I can’t really get behind any napkin math at all, even if nothing jumps out as glaringly wrong. It’s just too complex to model like this - the variation in validator costs, the unidentified fee split, not knowing how each chain will actually generate revenue, whether there are additional compensation agreements or subsidies.

So while I agree that the figures are extraordinary, I also can’t really say that they’re ‘correct’ or even that you’re “missing something” beyond what you already know you’re missing: The enormous variation and unknowability of a complex situation.

My hope is that I’ve laid out a broad enough exploration of that complexity that upcoming consumer chains will come to the table with clear, coherent answers for some of these big questions.

Further, I’m wondering whether or not there is a normal investment risk for validators and the Hub (so if the project goes badly, the validators just lose money and vice versa) or if there are any requirements about what a consumer chain should provide in terms of value to the Hub in order to join Replicated Security?

There are no requirements beyond the what the Hub agrees to uphold together. I might be a bit biased, but my personal requirement would be that a new chain has read my essay and has a sensible business plan and contract structure to start off the conversation. I don’t think it makes sense (or that it’s enforceable) to be strict and quantitative in an initial requirement.

2 Likes
28

Thanks Lexa - appreciate you taking the time to answer this. We’ll just wait and see I guess. But if figures eventually land anywhere remotely close to this, consumer chains will inevitably struggle unless the initial cost and risk can be shared somehow.

29

Thanks for the post @lexa !

Do I understand correctly that if a validator decides to not validate the consumer chain although it has been approved by 2/3, it would get slashed on the Cosmos Hub? Would the normal Cosmos Hub slashing rules apply?

Further, do I understand correctly that Cosmos Hub validators would still earn the same as now and ON TOP the rewards from the consumer chain?

What will happen to the “CEX Validators” such as Kraken or Coinbase. I assume they are not allowed to onboard new tokens that easily (here: potential consumer chain tokens). What if such a token would be classified as a security? Would these validators then simply vote against them and maybe overrule the “community validators” or is there some middle way? For instance, Validators could opt-in to receive the token of the consumer chain and it they don’t they would receive ATOM. Maybe the consumer chain could directly swap their token to ATOM and then send these as a rewards.
What do you guys think?

30

I am always surprised about how many costs validators make on validating chains. You need proper resources, that is for sure. But I am also sure that a lot are overspending by several lightyears.

I have been playing around on some chains (also spoke to @jtremback last week) where when there is not a lot of traffic you can easily validate with servers of costing $20 a month or so. (I really like to find out what the bottom is where validating is simply not reliable anymore, just out of curiousity)
It most likely is a bit less on performance, but why go for a Ferrari when you are not allowed to drive of 30 km/h?

Suppose every validator runs 5 of those servers (Horcrux, sentries, etc); then the expected costs go down dramatically:

  • $100 x 175 validators = $17,500 per month
  • $17,500 per month x 12 months = $210,000 per year

That makes quite the difference…

31

@BuilderBot

Do I understand correctly that if a validator decides to not validate the consumer chain although it has been approved by 2/3, it would get slashed on the Cosmos Hub? Would the normal Cosmos Hub slashing rules apply?

That is correct. I think it is absolutely critical that everyone knows that there is no ‘opt-in’ to validating a consumer chain once it has met those two criteria (governance approved, adopted by >2/3 of the validator set). ‘Deciding not to validate’ = downtime = slashing on the Hub. That said - the window for downtime is going to be much more flexible for consumer chains; i think we’re looking at something like 4 days whereas the Hub’s window is approximately 19 hours (note that both of these are approximate since the downtime window is really in the form of “missed blocks”, not “days absent”).

What will happen to the “CEX Validators” such as Kraken or Coinbase. I assume they are not allowed to onboard new tokens that easily (here: potential consumer chain tokens).

This is such an interesting idea to explore - thanks for bringing this up!

I think the first relevant thing is that CEXs aren’t necessarily sending the exact rewards to their customers. With funds in non-custodial wallets being staked to a validator, we see directly that if you stake 100 ATOM, you’ll receive a staking reward % in ATOM and whatever consumer chain tokens.

With a custodial wallet, the CEX tells you the % interest you earn, but the actual tokens added to your account aren’t necessarily the tokens directly coming from the block rewards. There might be no relationship at all between the % interest and the tokens being staked - it’s a bit of a black box.

Point being - CEXs don’t need to support consumer chain tokens, and they don’t need to actually give consumer chain tokens to their customers. They could decide to just provide an interest rate in ATOM and their customers could either accept that or move to a custodial wallet if they really want to see the direct upside of a consumer chain.

What if such a token would be classified as a security? Would these validators then simply vote against them and maybe overrule the “community validators” or is there some middle way?

Well…I don’t want to say ‘never’ but with 0/48 governance proposals voted on from all the CEX validators…I think the risk of them getting into governance to reject a consumer chain is low. More likely, they just wouldn’t start running the binary and then they would face penalties. The CEX validators hold a lot of voting power, but they are not the majority.

For instance, Validators could opt-in to receive the token of the consumer chain and it they don’t they would receive ATOM. Maybe the consumer chain could directly swap their token to ATOM and then send these as a rewards.

I don’t love this idea - the thing I think makes ICS really cool is that that it can be an investment into new projects where we get to see their upside along with the ramifications it has on ATOM. Maybe if other validators are interested in receiving only-ATOM rewards then it could be an idea to develop, but I’m definitely not keen on pursuing this idea specifically so that CEXs can choose to get ATOM instead of consumer chain tokens.

@LeonoorsCryptoman

I tend to agree. $600-800 sounds like using AWS, whereas I’ve heard lower figures from bare metal operators. Of course, that might also mean costs end up in different areas or in maintenance, but the numbers span a huge range depending on a validator’s setup.

32

@lexa thanks a lot!
Two follow-up questions:

If the consumer chains would pay out rewards in ATOM, where do they get the ATOM from? Would the inflation increase or do they need to buy ATOM?

Running the consumer chain nodes - could this be outsourced to third parties? For instance, if a small validator is overwhelmed with creating and maintaining nodes for multiple chains, is it feasible then to outsource it to infrastructure providers? In other words, how does the Cosmos Hub validator “talk” to its consumer chain node?

33

If the consumer chains would pay out rewards in ATOM, where do they get the ATOM from? Would the inflation increase or do they need to buy ATOM?

That’s a level of detail/specificity that feels more up to the consumer chain to figure out. Maybe the project was bootstrapped with ATOM (like some of the Prop 72 chains) so it already has an ATOM-heavy treasury, maybe they do a tokenswap, maybe the system isn’t ready to pay ATOM up front but transitions to ATOM once their token is established and can swap for ATOM in liquidity pools? There’s lots of creative ways for a project to get a hold of ATOM, but I don’t think I’m the most creative person to lay them all out.

Running the consumer chain nodes - could this be outsourced to third parties?

Not running a validator setup myself, I can’t be sure. But we know that not all validators are running bare metal machines - plenty already outsource even their Hub node to AWS or other white label providers. I imagine it would be possible but I don’t know how practical or likely it would be.

From a philosophical perspective, I find it hard to imagine that a bare metal validator would decide to outsource part of their setup. Bare metal seems more work to maintain, but overall cheaper in the long run and I think bare metal operators tend to be very proud of their contribution to the decentralization of the network by adding infra resilience and security.

I’d love to hear from validators about their thought process around the idea. Maybe @leonoorscryptoman could comment on this part?

34

I indeed this bare metal (self hosted) validators are really proud of the fact that they own, control and run their own hardware. Having them go over the line of going back to cloud hosted servers is probably a sign that the load on validators is too high and that we have to think hard about simplifying the work required to run validators on the Hub in combination with consumer chains.

And really outsourcing the operations of a node for a consumer chain feels a bit like the line of work we see for AllNodes. Where everything (server, OS, binary) is managed by a 3rd party provider, which is really a bad thing imo. Validators should be in control of their own nodes at all times, being able to maintain it. Running a validator is not a job on the side, it requires learning how things work. So the max we should ever want for renting stuff from 3rd party is the hardware, nothing more.

3 Likes
35

sounds reasonable, thanks a lot for your answers! They were all very helpful.

Another question came up, assuming Validators will receive the consumer chain tokens. How does the claiming work?

  • Can I claim once and it claims all consumer chain tokens including the normal Cosmos Hub ATOM rewards?
  • I set a separate reward address for my val where I receive rewards currently. Will I need one reward address per consumer chain?
  • I assume Keplr wallet would support the consumer chain tokens? I guess one could just add it there.

Thoughts?

36

thanks! Makes sense!

37

I think these questions are more about the specific wallet app you use than about the details of ICS so now this is just two folks guessing at how things will work! I’m not an expert here!

  1. Probably claim all at once? Since ‘claiming’ is an interaction with your validator and your validator would be holding all those rewards for you.
  2. I have no idea…I’m not sure if you mean a ‘reward address’ held by a validator to receive block rewards?
  3. I think if ICS launches and a consumer chain gets added, it would be a very weird choice on the Keplr team’s part to not support it :sweat_smile:
38

okay thanks a ton! Alright, I thought ICS also handles how the rewards process of the consumer chain works but I guess not then, or at least not that specific part.

39

What i understand…
Preparing for replicated security involves the following steps in brief:

  1. Identify critical data and systems.
  2. Choose appropriate replication technology.
  3. Define security policies and procedures.
  4. Implement encryption for data protection.
  5. Conduct regular security audits.
  6. Train employees on security measures.
  7. Continuously monitor and update security.
40

@Amarjeet_Singh

I’m not sure what you mean by this. Those steps don’t seem related to what I’ve written or to the Replicated Security technology.