Introducing the EigenLayer Security Model: A Novel Approach to Operating and Securing Decentralized Services

Eigen Labs is excited to introduce the EigenLayer Security Model, an evolution of our previous model, in preparation for the upcoming ‘Slashing’ protocol feature release.

This blog post is a simple description of how EigenLayer empowers AVSs to operate more efficiently and create economically aligned incentives using three foundational concepts: Operator Sets, Total Stake, and Unique Stake. In upcoming articles, we will dive deeper into the technical details of the planned protocol updates, uncovering the full potential and advantages of EigenLayer’s innovative design.

For additional context, we have included in the appendix a brief description of what properties this new model is trying to achieve in comparison to the original.¹ 

Operator Sets

An Operator Set is a group of operators who have been delegated ETH by stakers and are assigned certain tasks by an AVS. Although EigenLayer accepts many different types of tokens, and multiple tokens can be used in a single Operator Set, for simplicity, we will proceed using only staked ETH, which we will refer to simply as ETH.

Stakers delegate ETH to operators who participate in various Operator Sets created by AVSs.² To join Operator Sets, operators send requests to the respective AVSs for inclusion. AVSs can reward operators within an Operator Set if they perform their assigned tasks correctly and impose penalties if they do not. An AVS can create as many different Operator Sets as it wants.

Total Stake

The total amount of ETH delegated to an operator is the Total Stake of that operator. An Operator Set’s Total Stake is the sum of all its operators Total Stake. For example, if there are 3 operators in an Operator Set and each has 100 ETH delegated to them, then the Total Stake for each operator is 100 ETH, and the Total Stake for that Operator Set is 300 ETH.

Unique Stake

Operators allocate a percentage of their ETH that an Operator Set is permitted to slash. An operator’s total allocation across Operator Sets must be between 0% and 100%. In other words, a unit of ETH can only be slashed by a single Operator Set at any given time. The allocated amount of ETH is called the operator's Unique Stake for that Operator Set. 

If a task is performed incorrectly, the Operator Set may choose to slash an operator for up to that amount as defined by the AVS. The Unique Stake of an Operator Set is the amount of ETH exclusively slashable by that Operator Set. 

Building on our previous example, if an AVS has one Operator Set and the three operators allocate 0%, 10%, and 20% of their ETH to it, their Unique Stake would be 0, 10 and 20 ETH, respectively, totaling 30 ETH in Unique Stake for the Operator Set.

Attack Mitigation Using Total and Unique Stake

AVSs can use the Total Stake and Unique Stake of an Operator Set for security. For example, consider an AVS creates a single Operator Set which has operators perform a task and vote on its output. The output that receives more than 50% of the stake-weighted vote is deemed correct. We assume that all pre-existing operators are honest and cannot be bribed to corrupt the task.

Using the numbers from our previous example, if the Operator Set weighs votes solely by Total Stake, a new malicious operator could manipulate the task’s result (attack) by allocating slightly more than 300 ETH in Total Stake (eg. 301 ETH). Without the ability to slash, no penal action can be taken against this operator besides ejection from the Operator Set. 

To use slashing as a punitive disincentive for misbehavior, the Operator Set can instead weigh votes by Unique Stake. In this case, the malicious operator would need to allocate just over 30 ETH in Unique Stake to carry out an attack (e.g. 30.1 ETH). Afterward, the Operator Set can slash the malicious operator for 30.1 ETH. While this imposes a tangible economic penalty, it significantly lowers the capital requirement from 301 ETH to 30.1 ETH. 

An Operator Set could also require agreement between votes based on both Total Stake and Unique Stake, effectively balancing their weaknesses and leveraging their strengths. This approach forces a new malicious operator to meet the higher threshold of 301 ETH in Total Stake to compromise the task’s result while committing 30.1 ETH in Unique Stake that can be slashed after the attack. Thus, the Total Stake raises the capital required to corrupt the task, while the Unique Stake ensures an economic penalty for the malicious operator.

Operator Sets are Versatile and Extensible

Thus far, we have provided a simplified demonstration of how this security model works. In reality, Operator Sets are far more versatile. For example, an Operator Set can include multiple tasks and tokens, none of which need to be ETH. It can specify slashing conditions for different types of tokens, tasks, and infractions, as well as define confirmation rules for the set of tasks. An Operator Set can determine which tokens will be used to reward operators and how these rewards will be distributed. This model is also extensible to accommodate various preferences for handling slashed stake, including burning or redistribution (see StakeSure), although redistribution will not be available in the initial slashing release. Finally, because an Operator Set’s Unique Stake is only slashable by that specific Operator Set, slashing is localized, eliminating the need for a common veto committee.

Conclusion

In future articles we will delve into the nuances of the security model, why it is an improvement over other models, and other components that are actively being researched.

Appendix

¹ What is the new model trying to accomplish? 

The original security model had the following structure: each operator can opt into a subset of AVSs, and the entire stake delegated to that operator could be slashed by any of those AVSs, which meant: 

1. Less control over slashing risk: An AVS sharing slashable stake could be inadvertently exposed to the risks of slashing by other AVSs. Additionally, the entirety of an operator’s delegated stake is at risk of being slashed by any AVS it opted into. 
2. No slashable stake assurances for AVSs: AVSs had no assurance that they would have access to slashable stake when needed.
3. Needs a common slashing veto committee: The system needed a common veto committee to buffer slashing events from becoming systemic. 
4. Permissioned onboarding of AVSs: Because of the need for a common veto committee, AVS onboarding needed to be permissioned otherwise the veto committee would be taking on uncalibrated risks.

The new EigenLayer security model described in the blog post above has been specifically designed to address these shortcomings by offering greater flexibility and control:

1. Greater control over slashing risk: With Unique Stake, the risk of slashing is isolated to the individual AVS, and operators can control how much of their stake any AVS can slash.
2. Guaranteed slashable stake: Each AVS knows how much slashable stake they have by adding up the Unique Stake allocated to them across all its operators.
3. No need for a common veto committee: Since slashing is localized to individual AVSs, there is no necessity for a common veto committee. Each AVS can specify its own mechanisms for slashing and governance. 
4. Permissionless onboarding of AVSs: AVS onboarding is permissionless and only requires operators to opt in.

² Stakers can delegate to only one operator per address. For example, as shown in Figure 1, stakers collectively have delegated 100 ETH to each of the three operators. However, behind the scenes, each staker uses three separate addresses, with each one delegating to a specific operator.

Consider Figure 5 below in the context of Figure 1: