Unchained - Does Lido's Dual Governance Now Make It the Safest Place to Stake ETH? - Ep. 860
Episode Date: July 1, 2025Fill out our short Unchained survey and earn a chance to win a FREE one-year subscription to Bits + Bips Premium 😏 ------------------------------------------------- Lido just rolled out one of th...e most ambitious governance overhauls in DeFi: a dual governance system designed to give power back to stakers—and make it harder for malicious proposals to pass. But what does it actually do? And could it make Lido the safest place to stake ETH? Hasu, a strategic advisor at Lido, and Lido co-founder Vasiliy Shapovalov join Unchained to break it all down. How the dual governance model works Whether this dilutes LDO token value What this means for DeFi, and if others will follow Whether this might get institutions off the sidelines Visit our website for breaking news, analysis, op-eds, articles to learn about crypto, and much more: unchainedcrypto.com Thank you to our sponsors! Bitwise Guests: Hasu, Strategic advisor to Lido and Strategy lead at Flashbots. Vasiliy Shapovalov, Co-founder of Lido Unchained: Lido DAO Enables Dual Governance, stETH Holders Can Trigger ‘Rage-Quit’ Mode Learn more about the topics discussed: How Liquid Staking Works What Are Externally Owned Accounts (EOAs) in Ethereum? What Is Multi-Party Computation (MPC) and How Does It Work on Blockchains? What Is Distributed Validator Technology? Timestamps: 🎬 0:00 Intro 🧩 2:07 What problem Lido’s new governance model is actually solving ⚙️ 7:33 How dual governance works—and why it’s such a big shift 🚀 15:32 Why Hasu says this changes everything for Lido 🧠 22:20 What the team had to weigh when designing the system 🛡️ 30:26 How Lido built in resistance to attacks 📉 32:02 Whether this system weakens the value of the LDO token 🗳️ 38:58 How they’re thinking about fixing DeFi’s voter apathy problem 🏦 45:29 Whether institutions will see this as a positive sign and embrace stETH 🌐 48:01 How this compares to Sky’s “emergency shutdown”—and whether DeFi will follow suit Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
I think for LIDO in particular, it just means that LIDO, even though it's an upgradeable smart contract system,
you know, it almost has the security of an immutable system in the sense that, you know, good proposals can pass,
but bad proposals are now extremely unlikely to pass.
So it basically requires all the state defaulters to be kind of asleep at the wheel.
So this is now, this is almost like a filter.
That really raises the bar for how secure upgradable smart contract systems can be.
And I think it just flat out makes LIDO the most secure staking protocol.
Hi, everyone.
Welcome to Unchained, your no hype resource for all things crypto.
I'm your host, Laura Shin.
Every episode, we want to feature what you have to say.
Today, we have a list of comments responding to my recent interview with Lee Bratcher
on the state of Texas's recently announced Strategic Bitcoin Reserve.
On X, Storm Trade said, when states enter the Bitcoin game, it's not about if but when the big money follows.
And Rukawa Kaide wrote, head off, inevitable.
To hear a comment on a future show, write a review of the podcast overall, or leave a comment on our video on YouTube, X, or Farcaster.
This is the July 1st, 2025 episode of Unchained.
Crypto moves fast. It's why Bitwise launched the weekly CIO memo, a jargon-free summary of what
It's moving crypto markets written by one of the best in the business, CIO Matt Hogan.
Get up to speed in five minutes or less. Check it out at bitwiseinvestments.com slash CIO memo.
Carefully consider the extreme risks associated with crypto before investing.
Hi, everyone. Today we have a live stream. The guests are Hasu, strategic advisor to Lido and
strategy lead at FlashBots and Vasilin Shoppel. Welcome to Hasew and Vassi.
Thanks, Laura. Good to be here. Very excited.
Yeah. Excited to chat.
We have just seen that Lido has passed a dual governance proposal that will give the holders of Lido's Staked ETH token a way to delay or veto Lido governance proposals.
But before we dive into all the details around what just passed, why don't we first look at what it is that you guys were trying to solve in terms of like what problem you were trying to solve, what issues,
you had with the old Lido governance model.
So I think one of the things that makes crypto unique is that as a user, you should always be in control.
You should always be able to exit a protocol when you want to, and you shouldn't really have other people make decisions on you.
And so when you reflect on something like a UNISOP deployment, then clearly that's the case, right?
So there's like a UNOSP pool once deployed, it's immutable.
And the only way to deploy a new one is actually to deploy a whole new version of uniswap,
which happens every, you know, once every one to two years.
But there are some defy protocols where that is inherently hard to do because they need some
amount of upgradeability and can't just have users switching over like that.
So that includes lending markets.
So if you see protocols like Avey or Sky that need to update the interest rates and stuff like
that and collateral limits, but it also includes generally all decentralized staking pools,
because as a staking pool, Ethereum itself is always changing, like with every new fork
stuff changes that we need to adapt to to even stay compatible with Ethereum. And so we need to
be able to update the protocol as the developers. But as a user, this means that you are always
exposed to a certain risk from the protocol changing not only in ways that you like and that are good for you, but also changing potentially in ways that you don't like. And kind of the worst case example of this is a governance attack where somebody, you know, buys or steals a lot of LDO and then, you know, implements a proposal that is very harmful for users and gets that passed through the on-chain governance. And so,
So usually the way that protocols handle this is through so-called time locks.
So the time lock is the idea that if you, in order for a proposal to pass, some amount of time,
so first the proposal passes and then you have a window of time where users can look at, you know,
what is going to change.
And if they don't like it, they can exit.
Okay.
So that one's kind of a very obvious solution.
but the problem with Lido in particular, because of Lido's size and also the size of the Ethereum
withdrawal queue, the way that withdrawing works from the beacon chain, you know, you can't make a
time lock that's actually long enough.
If you were to make it long enough so that all users could safely withdraw, then this
would take months.
And so the challenge that we try to solve is, how do you make a time lock that's actually
dynamic. How do you make a time lock that is really short if the proposal is clearly friendly
and good for the protocol, but it can be as long as necessary for everybody to withdraw in a
very safe and relaxed manner if the proposal is deemed to be unfriendly. And so that's the starting
point for us. And Vasili, do you want to add anything? The gist is correct. That's the main reason.
main problem that is solved by dual governance,
it's a way to solve principal agent problem for a protocol that has to be upgradable.
The one thing that I would add is that door governance, as it implemented,
has a multiple options for signaling and de-escalation built-in.
So I think it's going to be useful in cases where it's not,
quite a governance attack. It's not quite a risk for the stakers. It's something that is not in the
interest, but is not really an attack or a theft or a hack. Something like changing the not operator
composition to one that is not to the likings of the stakers or changing the fees in some way,
adding features to the protocol that are not desired by some stakers, etc., etc., and those
Law governance allows people to signal their displeasure by raising the temporary veto on the change
for the token holder governance of LIDA to de-escalate by rolling back the change if they see that
it's not to the likes of the users. So I'd say that it's a really powerful consumer like client
protection mechanism for a protocol. Yeah. And one other point, which is probably obvious to a lot of people
who are very familiar with crypto is just simply that the number of LDO token holders.
So the number of people who hold the Lido governance token is probably nowhere near as big as the number of people who will hold stake to ETH.
And so, you know, it's just the main people who are using the protocol are not always the one who have a stake in the say in the governance.
Okay, so now let's dive into how the dual governance model works.
The way that it works is, so I described this to be a dynamic time lock, right?
So basically the time lock starts out, assuming that everything is fine.
But then if certain things happen, it basically, we get a signal that something is not fine,
then the time lock will extend, giving people time to withdraw.
So the way that it starts is we want to give these staked eF holders the ability to express that something is not how they like it.
And so we should slow things down.
And so there are two thresholds here required.
So at 1% at 1% of staked eif depositing into the dual governance contract, it's basically saying we're entering an escalation period.
And this is what Vasili touched on.
And from there, it can either kind of escalate or deescalate.
And if more people keep piling on, if more people keep staking their stake into the dual governance contract,
then at 10% you reach the period where the protocol is basically frozen and everybody can withdraw.
So those are the two thresholds.
So 1% to buy enough time for everybody to look.
at what's going on. And then 10% is the trigger where enough people say, you know,
something is not looking right. And, and then it's basically you enter this state of freezing
where no governance proposal can pass and everybody can safely withdraw no matter how long it takes.
And the pauses have like certain lengths of time, right? Like so once the 1% threshold is reached,
then, you know, what happens? And then how long is the,
freezing. It's a dynamic interval, but in general, the minimum duration of dynamic time lock is
five days, like it's for the 1% signal, and the maximum delay for dynamic time loss, maximum duration
is 45 days, so it's quite a lot of time to gather all the needed power to outrage queen,
basically, from the protocol.
those percentages and timeframes chosen, was it based on anything using like historic execute
lengths or any simulations about like worst case scenarios or how did you come up with those?
It's models and simulations. It's a mechanism to protect us against tail risks. We didn't have
this tail risk realized. We wouldn't be talking if this theory is realized, like in general if there was a
successful governance to collider. It would be a bit too late to implement all governance.
So by necessity, there is no good practical examples of things to rely upon. And there are some
historical governance attacks in there. I think there was very small landing protocol on
Binance, B&B chain that was attacked. But like these cases, no way near of the scale.
impact of LIDO. So we had to model things and the most important parameters of the model, basically, how many people very near their keys to signal the first threshold? What is a reasonable amount of time and amount of stake to signal that there is something fisher and we need to look in deeper? And in a way, that is not available to just like anyone to
pause the protocol,
pose the upgrades to the protocol
essentially free.
So it should be high enough
to not be
easily available to a bad actor,
but low enough for good actors
to be able to react on it
really fast.
And the second threshold is
what the amount of
steak that we can reasonably expect
to be active
in a short time frame
but like a few weeks or
a slightly more than a month's time frame.
So that's how we
reach hold this.
And one other thing I wanted to ask,
so, you know,
we have this period in the
rage quit stage
where, you know,
new proposals cannot be executed.
And during that time,
I guess what kind of determines
what happens is either
the dissenting stakers,
they all fully withdraw
or the Dow drops the measure,
meaning the dissenting
stakeholders like fully withdraw
from their stake to Eith. So is it just a period where, like, it seems like at that point,
the dissenting stakers would, would most likely withdraw, I'm guessing that that's how I was thinking
about, but maybe not. Like, what would force the Dow to say, hey, we're going to drop the measure?
You know, because it seems like that would be the only thing that would keep them from deciding
they're all going to leave. So, you know, is it just like a bunch of discussions? And then, like,
there's some kind of decentralized vote amongst the, you know, either the LDO token holders or,
yeah, I don't know. So how would that be decided? On the social layer, it's not set in by the
proposal. It doesn't have, it only has a technical and smart contract rails to implement it.
So on technical, it just assumes in like that in 45 days, either the LDO holders agree to
vote for rolling back the change and the whole issue disappears, everything is rolled back to the
previous state. Or LDO holders will not roll back the change. And then it means that the stakeholders
who signal the rage quit, desire to reach quit, they are automatically put to the unstake.
Oh, I'm sorry, they're automatically, what did you say? Unstaking. Automatically unstaking. Like,
they are quitting the protocol and the changes don't apply to them, basically.
They just get the other day that was stakes with light, but they are protected against
like anything that changes in the protocol or in the DAO.
In technical terms, in technical terms, LDO holders can vote to roll back the proposal.
So the path of a proposal in this case would be LGO holders propose one,
vote for one to go over the quorum threshold, like positive quorum threshold, then wait until
the dual governance kicks in and stop the proposal, like puts it on pause until the first and second
threshold are met. And then they can either, LDO holders can either vote to roll the
proposal back and be back to square one, or they can refuse to
to do that and then the dissentions take us, get their stake back and quit the protocol.
One thing that I could imagine would be that basically it would, it would, the deciding factor
would probably be the percentage of people who have entered that the dual governance contract
and are indicating that they will rage quit. Like if it's just like, you know, barely above the
threshold, then maybe the LDO token holders would be less inclined to reverse the proposal.
But if it's, you know, a significantly higher number, maybe they might be more willing to consider that.
So I did also want to ask like just generally, you know, when you think about the ramifications that you think this change will have, you know, why is it that you think it's significant?
and how do you expect it will impact either how Lido is used or who uses it?
Yeah.
So I think that dual governance is very exciting and kind of fundamental for mainly two reasons.
So I think for Lido in particular, it just means that Lido, even though it's an upgradeable smart contract system, you know, it almost has the security of an immune.
system in the sense that, you know, good proposals can pass, but bad proposals are
now extremely unlikely to pass.
So it basically requires all the state defaulters to be kind of asleep at the wheel.
So this is now, this is almost like a filter that really raises the bar for how secure
upgradable smart contract systems can be.
And it, I think it just flat out makes LIDO the most secure staking protocol.
And this, I mean, for a long time, I think this was one of the advantages that, you know, more direct forms of staking would have, ones that don't give you liquidity.
So you always had to choose, do you want maximum security and like non-custodiality by directly staking?
Or do you want liquidity, which requires you to opt into some smart contract system that will then, by definition, be upgradable?
because that's necessary if you build it on Ethereum today.
And dual governance basically removes this dilemma, right?
It just removes it.
So you had to choose between maximum security or liquidity and now you can have both.
And so I think from a protocol perspective for our users, it's a really big upgrade.
And second, I think that this dual governance is not just a feature.
I think it's a principle.
It's the idea that you can have.
have systems that are governed by multiple stakeholders in a cryptographically verifiable way at the
same time.
And so I think this is, you know, one of the very cool things about crypto is that, you know,
we are making some stuff better at the margin, but we're also inventing entirely new stuff
that that doesn't exist outside of crypto, that we're really pioneering here.
Right.
And so I think, you know, there's no companies out there in Web 2 where as a year.
user, you have a cryptographic guarantee that they can't just raise the fees on you, for example,
or that they can't start selling your data or that they can't in any way, like, change the
terms on you in a way that you don't agree to. And I think that's what makes dual governance really
special. So I think today, dual governance is something that we associate with LIDO, but my hope is that
dual governance is just a term that we use kind of colloquially in crypto and eventually beyond
to describe many things that, you know, give users power over the services that they use.
Yeah, honestly, it reminds me of maybe you could call it like a referendum style of governance,
where, you know, for instance, like there were, there have been periods when I've lived in California.
And of course, you have your elected state representatives, but then the state often has these, like,
referendums that are on the ballot and then everyday people can vote on different measures.
And obviously this isn't exactly that, but it's like, you know, if it were designed more
where like the California state legislature would have votes and then everyday citizens could,
you know, have a function by which they could like veto those or at least delay them.
So one other thing I wanted to just say is I do think that this,
could make LITO more appealing to institutions who want to participate in DFI.
That would be another aspect that I think could change.
Thessaly, do you want to add anything?
I agree on that.
I think that in terms of security guarantees for the decentralized protocols,
LIDO is a bit of the market in both on the supply and demand side,
as in people don't require that.
from the protocols as they are right now.
So there are protocols that, for example, are immutable
and cannot be upgraded in any way.
And there are protocols that fully like,
basically multi-seek upgradable.
And there's a difference in how much value that can attract
that can be used, but this difference is not super high.
Like, people don't put a lot of that much attention to it.
I think this will change as we go in the era of more major protocols, of more major
decentralized finance, and more major users, like institutional users and extremely
security-conscious users, eventually, I think, in nation states and stuff like that,
they will put a lot of effort into risk management, and this includes risk management on
the governance risk as well.
The other trend that is, I think, will put higher emphasis on security and governance risk mitigation matters
is just that cyber attacks are trending higher every year, like more and more and more harm is done by them.
So this trend is not stopping.
And I think with AI attackers, it will just like continue to go higher.
So we'll have just more attacks and more harm done by them.
and that will make people consider the safeguards and the risk mitigations more.
So I think we are a bit ahead on the trend on this.
I think that it's the right thing to do in holistic sense,
like it's the right thing to do to give the stakers,
means to not be at whims of the governance of the protocol.
They don't have to trust fully.
They only have to trust fully.
that the code is right right, basically.
And I think that it just makes us a bit more better positions for the future.
All right.
So I'd be interested also to hear how you came up with this design.
Like, you know, I know this has been a few years in the making.
So yeah, how did this particular design come about?
Oh, it's out of these two and like a bit more than two years.
of work, I think the design took the most time.
Like, we put a lot of effort into implementation,
but you had multiple back and forth about, like, what is feasible,
what is possible, what is likely in terms of threats and attacks,
what is acceptable risk, not acceptable risk?
What would be the right approach to this?
We started with a lot of things that could be done.
So right now, dual governance is essentially a form of very,
sturdy rage quit so that if you don't want to be in protocol when it changes you can always quit
this is a really good property to have it other approaches included full opportunity for dual
governance like given the opportunity for stake stakeholders to to vote on all the stuff and
roll back some stuff and propose more changes things like full shut down the protocol inside
things like instead of
rage quit of dissidents
so a lot of
options and ultimately
we end up with more team design
because otherwise
it would be very risky
to have dual
governance systems
very
like there is a lot of them
in the
real world like
every
major governance system is
dual governance more like there are three
branches of power
powers and in the in the yes for example right and the legislative branch is two chambers so
it's more like five-fold governance or something and it works because when there is a deadlock
there is a way to resolve this and the way to resolve this deadlock is usually some form of
emergency power over the governance system or some form of violence so like some forms of
deadlocks between governance only expected to be resolved by
essentially a coup or like or a billion or something like that.
You can't have this on the smart contract level and like you can't really rely on
like expect people to be up and honest about the staking protocol.
So you can't replicate that.
You need to design something that can't have any deadlocks at all.
Because deadlocks and smart contracts just means the protocol stop walking and like everyone
isn't happy. So and the other vector of harm to LIDD to users that is possible is an outsized
actor staking some amount of EDA into protocol like a lot of EDA, for example, and then using it to
harm the protocol if the protocol allows it. So if the protocol would allow to dismantle, the dog
guns would allow to dismantle the protocol wholesale, it would be very vulnerable to
outside actors. So I think we had about like 25 cycles cycles of back and forth,
different options, evaluations, models and stuff like that, and ended up with a very well-thought-out
system that can't be that locked. And is protecting the stakeholders and is allowing emergency upgrades
if we need emergency, like if there is a need for an emergency upgrade. I'd say this is
most complex change to the protocol we have made overall.
All right.
So in a moment, we're going to talk a little bit more about how the design came about.
But first, we'll take this quick word from our sponsor.
Hi, I'm Matt Hogan, CIO of Crypto Asset Manager Bitwise.
Look, crypto can be confusing.
There's so much noise and the space changes so quickly.
That's why, every week, I write a five-minute memo on the biggest stories in people.
hacking crypto in plain English.
Why is Bitcoin up or down?
What are people missing?
Where should investors look next?
Get the lowdown every week.
Sign up to get the weekly CIO memo delivered straight to your inbox.
Go to Bitwiseinvestments.com slash CIO memo.
That's bitwiseinvestments.com slash CIO memo.
Carefully consider the extreme risks associated with crypto before investing.
Here are more listener comments responding to my interview with Lee Bratcher.
and the bipartisan support for Bitcoin in the state of Texas.
On X, khaki-stocracy said,
States shouldn't buy BTC on the open market.
State should hold Bitcoin seized or mines.
U.S. states actually have the capacity to mine Bitcoin.
What do you think?
To hear your take featured on a future episode of Unchained,
please write a review or leave a comment on YouTube, Farcaster, or X.
All right, so I'm back with Hasu and Vasili.
Hasu, did you want to add anything on how you came up with a design?
Yeah, I mean, I can maybe try to frame it in like the bigger picture because Lido has the decentralization roadmap that's kind of going back three, four years by this point.
And so when Lido started out, it was so early to staking, it wasn't even possible to control a validator on the consensus layer with a smart contract on the execution layer.
Like that didn't even work.
A validator could only be owned by an EOA.
And so Lido actually started out as this multi-sick-based solution in a way.
There was one key that owned all the VALDAs and they were split out using MPC.
And the first thing that we did was replace this EOA with a smart contract.
Now it will governance effectively replacing that or upgrading that smart contract with a veto right.
So that's already kind of the second major step in that area.
Earlier this year, we, you know, Ethereum added execution layer trigger it withdrawals.
So now Lytos smart contract system can also force withdraw from the consensus layer,
even if node operators for some reason they go rogue and they refuse to give the money back.
So that's another big element.
And then last year, another big area was basically the, how do you become a node operator?
how is the stake distributed across those different modules that we have?
And so we added community staking module, CSM and distributed value data technology DVT to make staking
permissionless in LIDO, you know, not just so it's not only permissionless for users, but it's
increasingly also permissionless for node operators.
And so we have this decentralization roadmap that's going back at this point many years.
And I think many people are not really aware of that.
they think, you know, oh, Lido is maybe reacting in response to, you know, because Lido got so big
and there's public pressure put on us. And like the reality is you can literally go back to like
read our blog and it's there like three, four years ago, exactly laying out. Here's what we will do
over the next five years to make this protocol completely neutral, thin, permissionless,
decentralized, secure middleware that people can just use.
to stake that other people can run, you know, notes for, and that gives you liquidity on that
stake. And that is otherwise completely safe and un-opinionated. And by now, we are like 80, 90% there.
And, you know, it's been just like, it's been such a great experience, just like working towards
this roadmap over time. And I see dual governance as a major, major building block in this journey.
And I know you did a number of things to make sure that this new system would be resistant to various types of attacks, including economic ones.
Can you describe how you did that?
Yeah, it was based on agentic simulations mostly.
We categorized the current stakeholders into agents, the current BIP users of stake teeth as well.
Like, one of the biggest stakeholders in the overall is, for example, Ava.
And Ava is a upgradable contract, so governance attack over Ava could result into a big amount of rock state.
So, like, we had analyzed things like that.
And we put a parameter to that, like, how likely they are to react to the news?
How likely they are to be harmful?
Like, what happens if a big eth-hold or like an agent of itth holders, like Binance or Coinbase or some custody, is exploited or something like that?
And what happens then? So we put some probabilities to it, some numbers, and that's how we
reasoned about the Stake Thist side of attack. On the LDO side of analysis, we didn't do much work here
because the whole premise of making a dual governance is considering that there can be governance
compromise. So we kind of assume that, like, okay, if there is a compromise of LDO holders,
can stake thief holders still reach quit.
So that was a question that we analyze with agent-like simulation, basically.
I wondered, you know, for that example that Vasily gave,
so could there be like a single steeth whale that like repeatedly triggers max delays
or, you know, how would you deal with that?
And then even for people who hold LDO, so for the opposite side,
for people who hold LDO, there's kind of,
an incentive there or, you know, they have like this interest because they can influence this
Dow. But now is there like less of an incentive to hold LDO because these teeth holders could
veto the LDO decisions? Yeah, I can maybe take the last one first because this is a question that
I really like. It's been asked many times over the course of us working on dual governance. Like,
will this make, you know, LDO in some way less valuable? And I think for me,
you know, it's a clear no.
I think it's quite the opposite because the value of LDO doesn't come from the ability to make
negative proposals and steal money.
So for every LDO holder who's actually a good kind of long-term oriented investor in the
protocol, in the Dow, right, and the participant, for them, a governance attack or something like
a hostile takeover is just as much a risk.
risk for their investment as it would be for a staker.
And so now I know that Lido overall as a business is becoming much more durable, right?
It's becoming much more secure from any kind of attack.
So that's the first side.
The second side is now the trust required from a staker to use Lido is also much lower.
And so to the degree that this converts to more usage.
you know, more people using LIDO because they really value the security and the decentralization.
You know, maybe folks who were previously only using direct staking,
who said, you know, I would like to have liquidity, but not if it comes at the cost of,
you know, giving up my security, right? So I want the highest security. And, you know,
to the degree that now more people stake with LIDO, this is again very good for LIDO holders.
And so I think it only takes away, you know, there's positive rights and there's negative rights in that sense.
And like, or positive commitments and negative commitments.
And so to the degree that the ability to make negative actions in any kind of multiplayer game can be removed,
it actually increases the value and the space in which cooperation can happen.
That's then kind of really zero sum and wealth creating.
And I think that's a great example of that.
Possely, do you want to add anything?
I'm going to rephrase that, I think.
So it's going to be the same things in different terms, how I think about it.
What dual governance does in terms of power to the LDO folders,
it removes the power to make changes that are really harmful for stakeholders,
like stealing steak or putting like 100% fees, things like that.
I don't think it's a meaningfully valuable.
thing to lose. And I think it actually improves quite a bit on the product and makes it more attractive.
It's one of the main questions you hear when you talk with some stakers that are choosing between
different staking providers. Like what happens if guns compromises? Like what's your risk management
practices? Like what happens if like Lido goes rogue? And this is a question that
is asked by the likes of fund managers, for example, of
institutional, stuff like that.
They are really conscious about that.
The governance risk is one of the things that they're used to evaluate in the
corporations in like when evaluating country,
exposure risk, like asset exporter risk.
And defy and crypto are no exceptions to how people think about.
risks and governance risks requires real mitigations and if they are based on smart contracts
it's more sturdy than anything that is based on the traditional law basically so I think
that's a good change that will bring more stake in exchange for losing the power
that shouldn't have been there from the start but it's it's not right for the
staking protocol governance to have the right to steal the stake
like we shouldn't be like that.
And I think it's overall positive change.
In terms of, if we go back to the initial questions,
what if some big stake date holders decides to just stalling changes and stuff, right?
I think that if you're talking about a big user of the Stakeet Protocol,
like a genuine user that is like there for a reason for a long time
and it tends to stake for a long time,
they already have a pretty big bargaining power with the Dow.
So like if 10% of stakes say that, okay, folks, please don't trade the fee to 15%.
It's right to listen to the staker because like that's what good product is.
Like you're solving the problem of a user and you're doing the way that is good for user.
this change does
just makes it very clear
about how they can go about
what are the options of the big stakeholders
to go about the actual power
they already have because they have the power
to stake with Lido or not to stick with Lido
that's they if they can
do whatever they want with this right
so that just give them the rails
and if we're talking about
some kind of grifter
attack like rogue ether that I don't know have been stoned by like hackers and they don't like try to find
the way to and they can't sell it on exchanges because it's like compromised and they have to find a way
to use it in a way to for profit they can't really stall the protocol for long what they can do is to
trigger the rage quit be unstaked for the protocol and that's it that's what they can do and
they have an opportunity cost for that.
So, like, this is while they are in this loop of, like, making a dual governance vote to put the protocol,
they can't do anything else with it.
I did also want to ask.
So turnout was just over 5%.
You know, the quorum was 5%.
So it just barely met the quorum.
So how do you think you can fix voter apathy, generally, both for LDO token holders and
staked-eith holders?
Yeah.
And so I wouldn't say, you know, this is necessarily such a bad sign because if, yes, the quorum
is 5%, but then like once 5% is reached, what's your incentive?
What's incentive for someone to vote who, whose vote will not in any way, like, influence the
result anymore, right?
So I think we have seen in, you know, in other DAOs in cases where vote is actually contentious, all of a sudden you have like much higher turnout of people.
So there is a bigger universe of people who will vote when it matters.
But once 5% is reached, basically like why should I vote?
You know, it costs me probably a couple bucks and like, you know, a couple minutes on my on my hardware wallet, right?
So I think that's not really a surprise.
So that said, I think, I mean, in general, there's a couple of ways that you can attack this problem,
not just like getting more turnout in general.
One is you can attract LDO holders who are more active in general, you know, who are more long-term aligned and strategically thinking and want to be involved.
And you can give them the tools to do that.
So you kind of proactively like you choose your own,
Eddie O holders and empower those who want to participate,
and I think we're really trying to do that.
What else can you do?
I mean, so you can try to remove the need for as much voting to happen.
I think that's kind of attacking the problem from the other side.
So I'm generally a big proponent of the idea of optimistic governance.
So if you look right now in LIDO, you know, even when a node operator is like rotated out of the node operator set, that is something that goes into an on-chain board.
Is that really like a, you know, is it such a consequential decision for, you know, L.O holders or stakeholders that this needs to be voted on?
So in my mind, the answer would be no, right? So you overall kind of really compress the things that need to be voted on.
And then, you know, it's, you know, when there's fewer votes and you bundle them more together.
And so the overall effort is lower.
I think that's the other big thing that you can do.
And you want to do that in a way that everything that is actually important and that touches important parts of the protocol still goes into an on-chain vote.
But then other things maybe go on, you know, something that we call it like fast track or optimistic governance where different teams can just decide a different domain level.
experts can just decide it and then maybe if nobody objects within a week or so,
then it just becomes activated, it goes on chain, right? So this is, you know,
very much same idea. We've been using something like this in Idaho for a long time for some
decisions, but not others. It's also what, for example, your optimistic roll-ups are based on, you know,
just the idea of, you know, it just happens. And then there's a waiting period and if nobody
objects, then it becomes finalized. And I think more governance should over time might,
grade to this kind of theme and especially when you have dual governance I think it's going to
open up doors to move to this more optimistic governance in the future that like law
corums are effect of life for many specialized governance like this is how it is like many people don't want to
vote they want to own the token but only interfere in matters that
they first like on one hand they think very important then they think are very
contentious and third they understand so a lot of woes that get to the status of
the vote in proposal they are not controversial and people don't think
they need to express their opinion basically they think that it's going like
someone is going to vote for it so like that's how it will be and I think
the bigger more of the size of dual governance,
like in general, protocol upgrades
you need to go in through that process,
like the full process of token holder voting.
But in general, yes, a lot of things,
especially with safeguards such as dual governance
and other ways of like safeguarding against by doctors,
go through the optimistic governance processes,
like easy track voting in LIDDA and stuff.
Okay. Well, I did notice also,
so wrapped versions of Steeth
in systems like eigenlayer and pedal are not eligible to vote. Why is that?
Robvation of Steve is not upgradable contract and the ability to vote with
stake teeth in this contract cannot be implemented by a token upgrade.
Implementing a custom voting system for every place that holds stake data is out of
questions, but maybe RobSticketeet needs to be implemented and upgrade. Right now, it's not
that important. The reason is unlocking Stake Theta from RobState Thet is can be done within
the same transaction. It's not a long process. It's something that can easily be done if you want
to Rage Quid, basically. It's not imperative to have this ability to work with Robstack Tid because
like it's a matter of convenience, not ability. Making something about, like making convenience better
is valuable, but not so valuable to, for example, delay the launch of Dole Gaundans by like three months or something.
I didn't dig into how Steak Tithen Egan layer and other places work, but I think it's the same reasons.
Like the contracts where Stake Tether resides are not upgradable, and thereby they can't be used to initiate a vote, like to participate in Dole Gardens.
I think that's it. But I didn't begin.
Proverbs, I know the answer.
Husser, do you want to add anything?
No, I think that captures it.
All right. So institutions, you know, can be concerned about how governance will affect them.
And I wondered how you felt dual governance moved the needle for treasuries that held Steeth as collateral.
That's more safety for them, like institutions and people and protocols that hold stake either as collateral.
they will be more safe knowing that there is always a way to rage quit.
There is a governance attack.
Yeah, I mean, I think that's, we keep coming back to this idea that I think the largest investors have the highest demands in terms of security.
Sometimes from their own accord, sometimes imposed by regulation, which gets more strict and onerous, you know, the higher you go.
up the food chain in terms of institutional capital. And I think this bridges the gap between
security and liquidity, which in particular, I think as we are starting to speak about kind of
ETP, ETF like products, what we found is that I think this would be, you know, for between
these products as Ethereum staking becomes unlocked, it will, you know, to a large degree will be a competition,
who can stake the most if, right?
Because you need to, on the one hand, optimize for the API that you give to your users.
And on the other hand, you need to optimize for liquidity when they want to withdraw,
because you have, again, regulatory imposed withdrawal times that you need to service, right?
And so you're trying to maximize both of those things.
And then you're optimizing, like, security at the same time.
And so I think dual governance really helps make, you know, by adding this layer of security that previously didn't exist, it really amplifies the benefit of the liquidity that LIDA already has and where it's the market leader and kind of brings that more into play.
And I think it will just allow these issuers to stake more of their customers even give them an overall higher API.
without increasing the liquidity risk
or without increasing any security risks.
And so on net, I think it would be a big improvement for users.
All right, so last question here.
Obviously, there's a lot of systems
that probably might find this interesting.
So I wondered whether you felt that this model
might spill over to other protocols.
I don't know if you've been hearing from other systems.
from other systems.
And just as like a point of comparison, MakerDAO's like emergency shutdown,
module is obviously a sort of different way of handling it.
So I wondered if you could just talk a little bit about like how you see this could affect
the wider defy world or, you know, why it is that you chose something that's a more gradual
response than Maker's emergency or Skies emergency shutdown.
So yeah, I think that Maker back then, you know, when it was still called Maker, I think was struggling with a similar problem, right?
You needed, this was a smart contract that you needed to be upgradable as well because interest rates needed to be changed.
New collateral needed to be added as kind of more people were buying and to die and kind of creating these deposits that then needed to be like invested.
in something, right, in order to generate interest on it.
And I think they were very ahead of their time in designing this kind of poison pill mechanism.
But the poison pill mechanism, kind of the threshold was raised over the years, I think, multiple times.
Because, you know, when this becomes triggered, the protocol actually shuts down.
You know, there's like no way to stop it at this point.
And so I think I as a long, very long term kind of MKR holder and participant of that community,
I always saw it as a really double-edged sword.
So I think it's great for users.
It made me feel better about holding dye and now holding kind of USDS.
But as an MKR holder, it also felt to me like, wow, like somebody can just buy or borrow 5% of MKR
and they can just shut down the protocol.
And so, you know, it can be restarted,
but who says that the same people are going to deposit again, right?
So if you're a competitor, you can really destroy like all of the network effect of that system.
And so I think this one was really calibrated in a way that like it over optimized,
like it optimized in terms of user security,
but because of kind of its simplicity and rigidity,
it was not really kind of the optimum mechanism.
And I think dual governance brings us way closer to that because it provides this, you know, much more kind of, you know, there's no shutdown per se, right?
Like, so you just, you can withdraw if you want to, but you don't have to.
And if enough people have withdrawn, actually, the protocol goes like back out of the shutdown, right?
And so I think it gives, it's just this much more elegant idea of a dynamic time lock that,
you know, extends the time lock as long as it needs to, but no longer.
And so I think that's what makes this more elegant.
And so will this be present in every protocol?
I think, well, some protocols have an easier time designing exit rights for users.
Why?
Because they can just implement shorter time locks kind of period.
But longer time locks have a certain beauty to it.
in the sense that you know, you don't need to be watching your crypto all the time.
And I think as this becomes a major industry, a major asset class, you want to give, you know,
this one this industry won't consist of people who are like terminally online, you know,
and like are watching their portfolio every day or every week.
And so I think just by making these security systems more, you know, working also for
people who maybe check their portfolio every six months, every year.
I think we gain a lot of peace of mind also for those investors and kind of players who are not themselves kind of at the cutting edge.
And so I think something like that, just this idea of the dynamic time lock and kind of giving users a voice in the protocol, I hope that something like that will catch on everywhere.
There is a balance between the safety and usability, like complete ability to shut down the protocol,
would be like if some threshold is reached would be safer for people who can't reach their keys for 45 days for example right so if i am on like
half a year sabbatical i don't have an opportunity to react to to governance attack essentially and i think
that's that's not as good as having the someone to save me basically and
to react in time and direct the protocol on one hand.
On the other hand, it opens out the protocol to the external attack.
There will be more if outside in LIDO,
and there will always be someone holding enough if to break the protocol.
And one big thing about, like, how do you think about that?
like you can't assume that the adversary is rational because the adversary can be
can essentially do some kind of identity theft so steal the private keys or find out a buck
in smart contracts or like smart wallet or compromise custodial solution or something like that
So, like, you don't know a way, like, you can't think about an owner of a large amount of
that they will not probably do this.
Like, you can be reasonably saved that they will not do anything like stupid on that
class for no gain, essentially.
But you can't think in these terms about, in general, because I think, like, hacks happen
and they happen in huge amounts.
like rolling hack that was mostly e-think, I think, was $800 million, like right in size.
And that's just like the biggest hack we had.
The biggest hack ever will be bigger than that, so we don't know.
The same reason we can't assume that LD holders will be reasonable people,
that they can't be compromise, like, right?
We can't assume that it holds us like will be reasonable people
and will not try to break the protocol.
So is the asset like Stakeith that is always under the risk of external attack,
a better asset to hold than one that is you can always flee from,
but you can't guarantee that it's shutdowns like for everyone when that happens?
It's a judgment call.
You can't say one is definitely better the other because it's for different people, it's different things.
But my impression is with all governance, LIDO, and Stake Thief is already ahead of the curve on security there.
and it's better than most
like forms of staking
in idium and otherwise
and in terms of security
and risk management
and
perfect would be the enemy of good here
in terms of security and it does
like add additional risk
on on the other that is
probably not worth it so
You can say, someone can say that they would make the decision differently if they were to decide.
Lido token holders essentially voted for these options.
So it's reasonable.
All right.
Well, this has been such a great discussion.
Thank you both for coming on on Chaita and also congrats on something that you've been working on for so long passing.
Thank you.
Thanks, Laura.
Thanks so much for joining us today.
To learn more about Hasu, Vossili, and Lido's dual governance, check out the show notes for this episode.
Unchained is produced by me, Laura Shin, with all from Matt Pilchard, Juan Aranovich, Pamma Jumdar, and Marka Curia.
Thanks for listening.