Ethereum‘s main chain is expected to merge with its Beacon Chain later this year, effectively turning it into a Proof of Stake protocol. In anticipation of this, users have increasingly been staking their ETH, with the staking deposit contract amassing over 9.41 million Ether worth over $24.83 billion at press time.
As anticipation for the merger grows, so do concerns about the increasing centralization within clients of the beacon chain used by validators. This is especially true for validators run by centralized exchanges such as Coinbase and Kraken, which “hold 78,000 out of 296,000 validators on the Ethereum beacon chain.”
Validators are those that have staked their Ether into the deposit contract in exchange for the ability to validate blocks and also receive rewards.
A community member recently underline the same on Twitter, adding that these exchanges use Prysmatic Labs to run all their validators. This could lead to the centralization of clients within the network, making it more vulnerable to attacks.
The Ethereum network has a number of interoperable clients that are developed in various languages. Validators can utilize these for both their ease and to ensure that the impact of any bugs or hacks is limited to the portion of the network running the affected client.
However, Ethereum developer Jonathan Cook noted in a recent blog post that “the vast majority of Ethereum nodes are running a single client, which introduces unnecessary risk to the network.” He added,
“With even distribution of validators across multiple clients the consequences of attacks or bugs that exploit specific clients is drastically reduced, whereas single-client dominance acts as a risk multiplier.”
Indeed, a bug affecting any consensus client can either directly cause false attestations. Or, it may expose a vulnerability that allows a malicious attacker to force a client to make incorrect attestations.
Cook further explained that while the effects of a bug controlling 1/3 of the staked ether might be negligible, any control more than that would lead to consequences for the whole network. Moreover, the validators using the affected clients could also stand to have their staked Ether burned until the Beacon chain recovers.
An even more dreaded scenario would result from the bug controlling 2/3 or more of the staked Ether as this could bifurcate the Beacon chain, even allowing the bug to finalize its own chain.
“Incorrect information would then likely be cemented into Ethereum’s history forever,” Cook added.
The network has suffered such attacks before, and only narrowly escaped them each time. Prysm itself suffered a bug related to its validation of Eth1 repository roots in early 2021, which then spread rapidly due to its large validator share. Although its consequences were negligible, it gave promoters a fair idea of the importance of customer diversification.
Surprisingly, superphiz.eth did receive assurance from Kraken over these concerns. Coinbase though is yet to issue a statement of its own. The exchange said,
“We can confirm that we are exploring other customers to diversify. We will not abandon Prysm Labs completely, but rest assured that our developers are looking to diversify.
