Ethereum‘s main chain is expected to merge with its Beacon Chain later this year, effectively turning it into a Proof of Stake protocol. In anticipation of this, users have increasingly been staking their ETH, with the staking deposit contract amassing over 9.41 million Ether worth over $24.83 billion at press time.
While anticipation for the Merge is mounting, so are concerns over increasing centralization within beacon chain clients being used by validators. This is especially true for validators run by centralized exchanges such as Coinbase and Kraken, who “hold 78k out of 296k validators on the Ethereum beacon chain.”
Validators are those that have staked their Ether into the deposit contract in exchange for the ability to validate blocks and also receive rewards.
A community member recently pointed out the same on Twitter, adding that these exchanges are using Prysmatic Labs to run all of their validators. This could lead to client centralization within the network, making it more susceptible to attacks.
.@coinbase and @krakensupport hold 78k out of 296k validators on the Ethereum beacon chain and they're running @prylabs without any published plans to switch to a non-majority client. Their radio silence on an issue that impacts your funds and our network should infuriate you.
— superphiz.eth 🦇🔊🐼 (@superphiz) February 20, 2022
The Ethereum network has a number of interoperable clients that are developed in various languages. Validators can utilize these for both their ease and to ensure that the impact of any bugs or hacks is limited to the portion of the network running the affected client.
However, Ethereum developer Jonathan Cook noted in a recent blog post that “the vast majority of Ethereum nodes run a single client, inviting unnecessary risk to the network.” He added,
“With even distribution of validators across multiple clients the consequences of attacks or bugs that exploit specific clients is drastically reduced, whereas single-client dominance acts as a risk multiplier.”
This is because a bug affecting any consensus client can either directly cause false attestations. Or else, it can expose a vulnerability that allows a malicious attacker to force a client to make incorrect attestations.
Cook further explained that while the effects of a bug controlling 1/3 of the staked ether might be negligible, any control more than that would lead to consequences for the whole network. Moreover, the validators using the affected clients could also stand to have their staked Ether burned until the Beacon chain recovers.
An even more dreaded scenario would result from the bug controlling 2/3 or more of the staked Ether as this could fork the Beacon Chain, even allowing the bug to finalize its own chain.
“Incorrect information would then likely be cemented into Ethereum’s history forever,” Cook added.
The network has already suffered through such attacks in the past, and has only narrowly escaped each time. Prysm itself suffered a bug related to its validation of Eth1 deposit roots in early 2021, which then spread rapidly due to its large validator share. While its consequences were negligible, it did give developers a fair idea of the importance of client diversification.
Surprisingly, superphiz.eth did receive assurance from Kraken over these concerns. Coinbase though is yet to issue a statement of its own. The exchange said,
“We can confirm that we are exploring other clients to diversify. We won’t be abandoning Prysm labs completely but rest assured knowing that our developers are looking to diversify.”