Oct 10, 2023
In-Depth Analysis of Sui Staking and LSD from a Security Perspective
This technical research report was authored by Jason from the MoveBit Research Group
The Sui network is operated by a group of independent validators, each running an independent instance of Sui software on their own machines or clusters.
Sui employs the Delegated Proof-of-Stake (DPoS) mechanism to determine which validators participate in network operations and hold voting rights. This system incentivizes validators to genuinely participate by rewarding them through sharing transaction fees, staking rewards, and reducing staked assets and staking rewards in case of misconduct.
The operation of the Sui network is divided in time into non-overlapping, approximately fixed-duration periods known as “epochs,” currently set at 24 hours. Within a specific epoch, a set of validators and their voting rights remain fixed. However, at epoch boundaries, reconfigurations may occur, resulting in changes to the composition of participating validators and their voting rights.
As previously mentioned, Sui utilizes the Delegated Proof-of-Stake (DPoS) mechanism to ensure the security and operation of the network. This model allows SUI holders to stake their SUI tokens to validator nodes, and staked tokens cannot be transferred or sold until unstaked. The staking shares of validator nodes determine their voting weight within the network—the more they stake, the greater their influence on the network’s operations.
In return for processing transactions and participating in the consensus, validator nodes are rewarded based on the collected Gas fees. The most efficient validator nodes are capable of handling a higher volume of transactions, thereby increasing the overall network’s efficiency and earning larger rewards due to their staking.
However, poorly performing validator nodes may process fewer transactions due to downtime or other technical issues, resulting in smaller staking rewards or even a risk of losing staking opportunities, ultimately leading to their exit from the network’s operation. This token economic model ensures that only the most exceptional validator nodes can consistently support the security and stable operation of the network.
Sui is a permissionless open network, and anyone can configure and operate a validator node. However, the following conditions must be met:
Validator Node Operating Requirements
- Properly configure the software and hardware environment for operating a validator node.
- Create a staking pool for the validator node and stake a minimum of 30 million SUI.
- Maintain a minimum staking of 20 million SUI on a long-term basis.
- Staking should not fall below 15 million SUI, as falling below this threshold will result in disqualification.
- The voting power of the validator node is tied to the staked amount, with a maximum of 10% voting power for a single validator node.
Once the staking pool for a validator node is created, if the staked amount in the pool exceeds 30 million SUI, the node will be automatically activated by the network to commence the validation process in the next epoch. After activation, the validator node must maintain a staked amount consistently above 20 million SUI. Falling below this threshold for an extended period may result in removal. If the staked amount for a validator node drops below 15 million SUI, it will be removed in the following epoch.
At the end of each epoch, the Sui network calculates rewards for each validator node according to the following rules:
Validator Node Rewards
- Rewards are settled at the end of each epoch, with each epoch lasting 24 hours.
- StakeRewards = StakeSubsidies + GasFees.
- Nodes with higher staked amounts receive greater rewards.
- Node penalties.
StakeSubsidies are designed to subsidize the network in its early stages and are funded by a 10% allocation of SUI tokens. Once this allocation is exhausted, all stake rewards will be composed of Gas fees collected through regular network operation.
If a validator node operates poorly, experiences service issues, and is reported by multiple other nodes, it may be penalized with reduced rewards, which will then be distributed to other nodes.
Users can stake their SUI tokens by selecting a trusted validator node through a wallet or other DAPP. The following diagram illustrates the process of staking with an official Sui wallet:
When users stake SUI tokens, these SUI tokens are wrapped into StakedSui objects. StakedSui objects serve as wrappers for SUI tokens and remain in the user’s address account, under the user’s control. After staking, activation and reward calculation will occur in the next epoch. Users can withdraw both rewards and principal immediately upon unstaking.
While staking on Sui is convenient for users, there are some minor limitations to consider:
- The minimum staking amount is 1 SUI.
- Unactivated StakedSui cannot be withdrawn.
- Partial withdrawal of StakedSui is not supported.
- Individual withdrawal of rewards is not supported.
- It is possible to split and merge multiple StakedSui objects, but they must be from the same staking pool and the same activation period.
For example, if a user stakes 100 SUI in epoch n and receives 1 StakedSui, they cannot unstake it in epoch n; it becomes active in epoch n+1 and can be unstaked at any time, but it will not yield any rewards. If unstaked in epoch n+2, the user can receive staking rewards from epoch n+1.
The staking system of the Sui network is innovatively designed to complement its economic model. This design ensures that validator nodes can maintain stable business operations while keeping gas fees relatively low. It also makes participation affordable for users and token holders in the Sui network.
LSD, short for Liquidity Staking Derivatives, is a term referring to derivatives that enhance the liquidity and tradability of staked digital assets in the blockchain world. These derivatives derive their value from native digital assets that have already been staked, making them a distinct asset category within the blockchain ecosystem.
When users want to participate in staking activities on a blockchain, there are typically 2 main ways to do so: direct participation and indirect participation. Below, we’ll use Sui, Ethereum, and Aptos network as examples to explain each:
Direct participation involves users staking their assets directly with a validator node, and the validator node distributes rewards back to the users:
- Users stake SUI tokens with a validator node and receive StakedSui in return. StakedSui is an NFT certificate and has limited liquidity, meaning it cannot be used in DEFI applications such as Lending and Swap. Users can use StakedSui to withdraw their principal and rewards from the validator node.
- Ethereum’s staking requires a minimum stake of 32 ETH, which presents a certain entry barrier for users.
Indirect participation involves users staking their assets with a contract protocol. The protocol aggregates funds, then delegates to validator nodes. After earning rewards, the validator nodes distribute rewards to the protocol, which, in turn, distributes them to users:
- Users stake ETH with the Lido protocol and receive stETH in return. stETH is an ERC20 token and is freely tradable. Lido then stakes the ETH with validator nodes. When users want to withdraw, they submit stETH to the protocol and receive ETH and rewards in return.
- Users stake APT with the Ditto protocol and receive stAPTOS in return. stAPTOS is a fungible token and can be freely traded. Ditto then stakes the APT with validator nodes. When users want to withdraw, they submit stAPTOS to the protocol and receive APT and rewards in return.
The difference between the 2 methods is that with direct participation, users’ original holdings of SUI and ETH are locked and cannot be traded until they are withdrawn to access the principal and rewards. In indirect participation, protocols typically provide users with a new type of token (e.g., stETH or stAPTOS) that can be used to withdraw the staked tokens. These new tokens can also be traded, providing users with flexibility and additional benefits.
Tokens like stETH and stAPTOS, derived from staking ETH and APT, are part of the Liquid Staking Tokens (LST) category. They are used to replace locked assets (ETH and APT) for trading and can be utilized in Lending, Swap, and other applications. This form of indirect staking participation has gained significant popularity, offering users multiple benefits and opportunities for additional income.
Holding Liquid Staking Tokens (LST) can provide various forms of rewards, and below are 3 common ways:
Because PoS blockchain nodes earn rewards for block production, the amount of these rewards is determined by the staked token quantity held by the nodes. Nodes typically distribute these rewards to the stakers, and stakers receive rewards based on their staked amount. Contract protocols collect these rewards from nodes and distribute them to users. This distribution can be achieved through updating the face value of LST tokens or changing the exchange rate between LST and the underlying staked tokens.
After holding LST tokens, users can participate in lending applications to earn returns. Here’s an example:
- Stake ETH with LIDO to obtain wstETH.
- Deposit wstETH into AAVE and borrow ETH.
- Repeat the above steps (as long as the interest paid on the borrowed amount is less than the staking rewards, users can engage in circular borrowing and lending arbitrage).
After holding LST tokens, users can participate in decentralized exchange (DEX) applications to earn returns. Here’s an example:
- Provide liquidity for the stETH:ETH trading pair on Curve and earn liquidity rewards.
There are several LSD projects on the Ethereum network. Here are three well-known projects, with Lido being particularly prominent as it has played a significant role in popularizing the entire LSD sector:
- Rocket Pool
Given the staking system based on Sui, there is significant potential for the development of LSD applications. The Sui team has shown a strong commitment to fostering the LSD sector, as evidenced by the successful Sui Liquid Staking Hackathon held in September this year. This event attracted a substantial number of developers to focus on the Sui ecosystem, and it is believed that LSD projects on Sui will thrive in the near future.
As a security company, MoveBit has been continuously dedicated to the Move ecosystem and pays special attention to the LSD sector on Sui. We have already completed audits for 2 LSD projects on Sui and have conducted in-depth security research related to LSD projects. While a project’s smart contract code should cover general audit points, we have identified specific audit points tailored to LSD projects, which we will elaborate on below.
LSD Audit Key Points
- Validator Selection: To maximize returns, the protocol needs to choose validators for staking who are highly reliable and offer high returns.
- Rewards Calculation and Exchange Rate Updates: The protocol’s rewards calculation rules should be as transparent as possible, with minimal mathematical precision loss. Exchange rate updates should be close to real-time and have minimal delays.
- Asset Security: Ensuring the security of assets managed by the protocol is crucial. There should be strict permission controls for different roles regarding asset access. Users should only be able to withdraw their staked assets and rewards, while protocol administrators should only be allowed to manage assets, such as staking or unstaking funds, without the ability to transfer assets.
- LST Issuance Oversight: Ensuring that the issuance and burning of LST are synchronized with user staking and unstaking activities to prevent any improper issuance or destruction of tokens.
- Fair and Equitable Rewards Distribution: When the protocol earns rewards, it should ensure that these rewards are distributed correctly and fairly among users. Users who stake for longer periods should receive more rewards.
- Support for Fund Withdrawal and Re-staking: In cases where issues are detected with a staked node (e.g., removal from the network), there should be support for withdrawing funds from that node and reselecting a node for staking.
These audit points are crucial to ensuring that Liquidity Staking Derivatives projects’ smart contracts meet higher standards of security and stability, reducing potential risks and vulnerabilities. Auditing is a critical step in the project development process and should be conducted before contract deployment.
The Sui network boasts an excellent economic model and an innovative staking system, providing a solid foundation for Liquidity Staking Derivatives applications. These elements create outstanding opportunities for both users and developers, and we anticipate that the LSD application space will witness exciting transformations and innovations in the future.
MoveBit is a blockchain security company that specializes in the Move Ecosystem. We are at the forefront of utilizing cutting-edge Formal Verification techniques. The team comprises security professionals with extensive experience in both academia and enterprise. As one of the earliest contributors to the Move ecosystem, we have collaborated closely with Move developers to establish security standards for secure Move applications, making it the most secure Web3 destination.