The Operational Risks Of Ethereum Node Management

At Bitcoin’s inception, nodes played a few simple, yet important, roles: namely, to read, write, and validate transactions, as well as mining blocks, confirming BTC transfers in the process. Mining, the primary consensus mechanism for over a decade, would continue to be adopted over time by other cryptocurrencies, such as Bitcoin Cash, Litecoin, and Dogecoin.

But in recent years, staking has grown in market share relative to mining’s historical dominance. Ethereum, the world’s largest smart contract platform, shifted to Proof-of-Stake in September 2022, no longer relying on an external resource (electricity), rather using an internal resource (stake), to achieve consensus.

Yet while Proof-of-Stake adoption has grown, so too has the complexity and operational overhead of managing the nodes responsible for staking participation, known as validators. From protocol conformance to infrastructure resilience and secure key management, these risks scale as the value of staked assets grows. Risks also compound exponentially as liquid staking and restaking technologies proliferate.

In the spirit of Cybersecurity Awareness Month therefore, we explore the challenges inherent to staking node operations on Ethereum today, and how robust institutional standards play a key role in risk management.

3 Inherent Operator Risks of Ethereum Validators

The staking life cycle begins when an entity holds 32 ETH, plus gas, which is the minimum amount required to stake. However, the journey from holding ETH to securing rewards is fraught with risks which can jeopardize a staker’s ability to contribute effectively, if not managed properly.

Infrastructure

A staker with 32 ETH first needs a computer with specific hardware that meets or exceeds Ethereum’s standards to run a node. The computer also runs the software needed to stake, known as clients. A validator node is the combination of these components: it is an up to spec machine that stores a copy of Ethereum’s blockchain, runs the client software needed to stake, and connects with hundreds of thousands of other nodes distributed globally in order to participate in staking.

Yet even the best machines can still fail. Internet connections drop. Client bugs can pop up. Validators can also mistakenly join the non-canonical chain, leading to missed rewards and possible penalties. Nodes that rely on third party services, such as cloud-based infrastructure, can also face disruption outside of their control. Even with the best initial setup, ongoing risks abound in managing infrastructure.

Key Security

A validator node has two keys – a signing key and withdrawal key. These are required to both participate in staking, and to withdraw rewards and assets, respectively. A major risk, therefore, is improper key management and security, resulting in a potential loss or theft of ETH.

A signing key participates in on-chain operations. However, it must be kept in a wallet that is connected to the internet, also known as a hot wallet. While this allows signing keys to be moved easily from one machine to another, they are a potential attack vector for nefarious actors. A lost or stolen signing key can result in slashing, or forcing a voluntary exit. Losing a withdrawal key means losing access to the validator principle and rewards.

Improper handling of private key material or lack of diversity when storing keys raises the risk profile significantly. A validator’s withdrawal key can be held in an offline, cold wallet for long-term storage with higher security. A staker can then delegate their signing key to an operator, while their assets remain secure.

Protocol Adherence

Two ways of securing staking ETH rewards is by proposing blocks of transactions to be added to Ethereum’s blockchain, and attestions, confirming that a block proposed by a fellow validator is correct. By performing these duties, a node is complying with the protocol and receiving ETH as a result. To operate continuously, some stakers choose an active-passive node configuration. In this scenario, one machine is kept on ‘standby’ to continue validator duties should the active node fail, with the failover triggered by an automated script.

Three main slashing risks are ever present regardless of node setup. A misconfigured dual node setup can trigger slashing by both nodes inadvertently attesting using the same validator key at once. A script error or poor monitoring can accidentally break the protocol rules, resulting in real value being lost.

While other operational risks are also notable, such as change control, disaster recovery, business continuity, and entity level controls, initiatives have emerged to better manage the risks associated with Ethereum validators.

How to Mitigate Risks in Ethereum Validator Management

As Ethereum staking grows, institutions require a framework to ensure node operations meet high standards. The Node Operator Risk Standard (NORS) was created to address this need, providing a certification that assures compliance with stringent operational controls.

The NORS Certification is the world’s first certification to attest to staking risk management. It represents rigorous, enterprise-grade standards and controls that cover critical aspects of node operation, including slashing prevention, validator diversity, responsible private key management, and overall operational security. Such controls offer a benchmark of excellence for node operators.

NORS is also adopting Distributed Validators (DVs) as “an implementation which can increase the diversity of an operator’s tech stack and decrease dependency on active-passive failover methods.” DVs are a promising technology primitive which can solve many of the traditional challenges faced by both solo and institutional stakers alike.

While risks are inherent in emerging technology, industry standards such as NORS are key to maintaining a healthy balance of innovation with high institutional standards and criteria.