Switzerland: Dencun Upgrade: Impact On ETH Staking

The Dencun upgrade for Ethereum is set to be adopted on March 13, 2024. The upgrade introduces EIP-7044 and EIP-7045 Ethereum improvement proposals, which further improve the security and quality of staking services on Ethereum.

In a nutshell:

In December 2023, the Swiss Financial Market Supervisory Authority (FINMA) published its guidance on the qualification of stakes-as-a-service offerings under Swiss financial market laws, in particular the Banking Act (see our magazine article). The focus was specifically on staking services for Proof-of-Stake (PoS) networks such as Ethereum, as they require the transfer of the native assets to the validating node. Staking services on Delegated Proof-of-Stake (DPoS) networks are seen as less problematic because of the delegation function does not require the transfer of the native assets to the validator node.

The Dencun upgrade for Ethereum is set to be adopted on March 13, 2024. The upgrade introduces EIP-7044 and EIP-7045 Ethereum improvement proposals, which further improve the security and quality of staking services on Ethereum.

In more detail:

On December 20, 2023, FINMA published guidance on staking services (FINMA Staking Guidance 08/2023). In summary, FINMA concluded that staking services do not qualify as public deposits under the Banking Act but as segregable assets according to article 16 1bis Banking Act (BA), provided that:

• Delegated Proof-of-Stake (DPoS) Networks: The staking service provider (custodian) always (at any time) has power of disposal (Verfügungsmacht) over the keys to the address to which the delegated native assets are allocated;
• Proof-of-Stake (PoS) Networks: The node is operated by (a) the staking service provider (custodian) and the provider has power of disposal (Verfügungsmacht) over the withdrawal and the validator keys; or (b) a third party service provider and special measures have been taken to ensure that the staking service provider (Custodian) has the power of disposal (Verfügungsmacht) over the staked native assets at any time.

Of course, a qualification as banking deposit still requires that the native assets of a protocol qualify as payment instruments according to the Banking Act. If this is not the case, the Banking Act does not apply. Non-custodial staking, i.e. direct staking without a custodian on a Proof-of-Stake (PoS) or Delegated Proof-of-Stake (DPoS) network, are not affected by FINMA's guidance and are permitted without restrictions.

Ethereum is the most popular network for staking as a service. As a PoS network, offering staking services on Ethereum requires special technical measures to ensure that the services do not qualify as a deposit under the Banking Act.

How shall ETH staking-as-a-service be technically setup and what is the impact of the Dencun upgrade?

There are two basic setups for Ethereum custodial staking services:

Staking provider operates nodes: If a custodian operates the technical infrastructure for the validator nodes itself, both the withdrawal key and the validator key, also known as the signing key, are held by the custodian. In this case, the custodian has exclusive control over the crypto-based assets at all times. This satisfies the legal requirement (Art. 16 para. 1^bis of the Banking Act) to keep the assets available to the client at all times.

Staking provider outsources the operation of nodes: If the custodian outsources the operation of the technical infrastructure for the validator nodes to a third party, the custodian shall at all times retain control of the crypto-based assets within the meaning of Art. 16 para. 1^bis of the Banking Act, if the validator keys are held by the third party and the withdrawal keys are held by the custodian.

In addition, this requires that the third party (i) has signed a message with validator keys prior to commencing its services or setting up a node, which is sent to the staking (beacon) deposit contract, thereby irrevocably designating the customer's withdrawal address, and (ii) sends a pre-signed Voluntary Exit Message (VEM) – a message sent by the validator to the beacon chain in case of voluntary exits to queue the validator exit process – to the custodian off-chain.

This ensures that the staking rewards and the 32 ETH allocated to the node can only go to the customer's withdrawal address and that the custodian can dissolve the node at any time by sending (broadcasting) the VEM and disposing of the 32 ETH without the intervention of a third party.

Alternatively, the third party can provide the validator keys to the custodian in advance in a secure manner, whereby the custodian can dissolve the node and dispose of the 32 ETH at any time after determining the exit address using the validator keys without the intervention of the third party.

For node outsourcing, the first variant has become the standard in practice. The Dencun upgrade further improves the security and quality for node outsourcing by introducing the EIP-7044 and EIP-7045 Ethereum implementation proposals.

Currently, signed voluntary exits are only valid up to two upgrades for block inclusion because the beacon chain state only considers the current and previous fork versions. This means that the pre-signed Voluntary Exit Message (VEM) must be exchanged on an ongoing basis and ahead of a second upgrade. Otherwise, the custodian (staking service provider) does not anymore control the staked assets and the services would qualify as deposits under the Banking Act. EIP-7044 now ensures that the pre-signed Voluntary Exit Messages (VEMs) remain valid even when the Ethereum protocol is upgraded multiple times. An ongoing exchange is not needed anymore.

Attestations can currently be included on Ethereum with a minimum delay (1 slot on mainnet) up to SLOTS_PER_EPOCH slots after the slot in which the attestation was created. This rolling window of one epoch was decided on during phase 0 because the same inclusion window for each attestation was considered fair. Since such implementation, it has become clear that an alternative design is critical for the current LMD-GHOST security proofs (Latest Message-Driven GHOST is a fork-choice rule driven not by blocks added by proposers, but by latest messages [attestations, votes] published by all validators) as well as a new confirmation rule (which will allow block confirmations in approximately 3-4 slots under normal mainnet conditions). EIP-7045 will now increase the time period in which an attestation can be included in the beacon chain (from 1 rolling epoch to 2 non-rolling epochs), which is critical for LMD-GHOST security proofs and confirmation rule.

The implementation is therefore highly recommended and will soon become market standard.

The Ethereum protocol is constantly being further developed. EIP-7044 and EIP-7045 are central for adaptation in the traditional financial market industry. Further implementation proposals (EIPs) will follow shortly, and the security and quality of the services offered in connection with Ethereum staking will continue to increase, thus increasing the acceptance of the web3 technology.

Further structuring options (fiduciary deposit) and the necessary contractual and operational requirements for offering staking as a service are outlined in our magazine article.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.