Unstake Griefing
Description
When staking on Ethereum, validators must go through an entry queue to bring money into the system, and an exit queue to bring it back out. The entry queue increases in size as more people want to stake. While the money is in the entry queue, it is not earning any rewards. When a validator is active, or in the exit queue, it is earning rewards. Once a validator enters the entry queue, the only way that the money can be retrieved is by waiting for it to become active and then to exit it again. As of July 2023, the entry queue is approximately 40 days and the exit queue is 0 days (with ~6 days of processing time).
In a non-optimal scenario for the protocol, a user could stake (for example) 32 ETH to receive mETH, wait until a validator enters the queue, and then request to unstake to recover their 32 ETH. Now we have 32 ETH in the system (which affects the exchange rate), but is not earning rewards.
In this case, the "fair" thing to do would be to make the user wait for the queue processing to finish before returning their funds. However, because the tokens are fungible, we have no way of matching "pending" stakes to a particular user. This means that in order to fulfill unstake requests quickly, we must exit a different validator to return the user's funds. If we exit a validator, we can return the funds after ~5 days, but the original 32 ETH will not be earning for another 35 days, leading to a small but repeatable socialized loss of efficiency for the protocol. As we can only exit validators in chunks of 32 ETH, this case is also exacerbated by a user unstaking smaller amounts of ETH.
To compensate for the fact that these two queues differ in length, we apply an adjustment to the exchange rate to reflect the difference and mitigate its effect on the protocol. This protects the protocol from the case above, and also from griefing attacks following the same principle. Essentially, when you stake you are receiving a value of mETH that discounts ~35 days worth of rewards in return for being able to access your money without waiting the full 40 days when unstaking. As the adjustment is applied to the exchange rate, this results in a small "improvement" to the rate for all existing stakers (i.e. it is not a fee levied by the protocol itself).
As the adjustment is applied to the exchange rate, the result is reflected in any user interface which shows the amount of mETH received when staking, meaning there is no surprise for users when staking or unstaking.
Mitigation
(Staking) Exchange Adjustment Rate: Implementing a different exchange rate for staking and redemptions.
Last updated