Layer 2 networks, sidechains, and other scaling technologies aim to dramatically reduce the cost and time of transactions on Ethereum. Initially we proposed a framework to assist an Ethereum user in judging any scaling solution that inherits the security of Layer 1 Ethereum based on four simple questions: 1) Who operates it? 2) How's the data? 3) What's the stack like? 4) How does it prepare for the worst. In this blog post we apply this framework to the SKALE Network.
Who Operates It?
Miner nodes on mainnet Ethereum move or “operate” the network by proving a certain amount of computational effort has been expended to create new blocks. The L2 solution requires a similar “operator” role on its network, which is the miner-equivalent of Ethereum mainnet that can move the L2 network forward. There are a few differences, however. For example, along with processing and authorizing transactions like a miner, an L2 operator may also facilitate users entering and exiting the Layer 2 itself.
Who or what is required to operate the SKALE network?
SKALE is an Ethereum Native Multichain Network. It is Ethereum-native because a major percentage of network operations exist on Ethereum. Also because it drives value back to Ethereum in terms of fees rather than acting as a parasitic chain that only sucks value out of Ethereum. Further, it’s a “claimed chain” and will not function if Ethereum no longer functions. Lastly, it is a decentralized, open, and community-run blockchain network consisting of an ever-expanding set of SKALE Chains of varying sizes. These SKALE Chains are operated and maintained by sets of nodes randomly selected and frequently rotated from a large and shared pool of validators
Organizations that run validation nodes are called Validator Operators. Validator Operators must meet economic and technical network node benchmarks in order to integrate nodes live onto the SKALE mainnet. These requirements are enforced via decentralized onchain mechanics. The node’s economic requirement is to meet a Minimum Stake Requirement (MSR) which can be submitted by the validator operator or any person/entity/organization who stakes SKL tokens to the validator address. This means a minimum amount of SKL must be staked at any time for the node to be in a compliant state. At present an interim manual step is in place whereby 5 unique entities use a multisig contract on the Ethereum Mainnet to authorize new node approval. This step is a short-term measure and is set to expire in the near future.
The MSR is designed to start high and move to a very low point over time to facilitate network growth. Current MSR is set at 20,000,000 SKL tokens. There will be a proposal to move this to 10,000,000 tokens later in 2021 and will be finalized via onchain voting. Further proposals at later dates are expected to continue to halve the MSR to facilitate network growth. Network growth is also facilitated by an elastic price curve for SKALE Chains, which increases price when the network is overloaded, incentivizing more nodes to join the network.
The technical requirements for Validator Operators include meeting all technical specifications for nodes, including meeting or exceeding the SLA thresholds. An SLA mechanism is employed to gauge performance, latency, and physical components on machines such as memory, and connectivity prowess/speeds. Nodes that do not meet the necessary requirements for hardware and network connections and exhibit suboptimal performance will not be rewarded at the same level as high performing peers.
How do they become operators in the SKALE network? What rules do they abide by?
Most importantly, nodes must run in an honest and performant fashion. Severe onchain penalties incentivize honest behavior and punish dishonest or colluding nodes. Additionally, nodes must meet requirements detailed in the prior question. They must meet rules for MSR, ETH balances, minimum hardware requirements, and maintain network performance metrics such as latency and uptime. Operators must also run the appropriate version of SKALE software or they will be automatically placed in maintenance mode until the node is compliant.
The SKALE Network offers Validator Operator Testnet capabilities and the operations team, in conjunction with the SKALE ambassadors and community at large, is set up to assist validator operators.
What trust assumptions must the SKALE users make about the operator?
In short, users trust that less than 2/3rds of the nodes will be malicious. If less than 2/3rds of nodes are malicious then money or assets on the chain cannot be stolen. If greater than 1/3rd but less than 2/3rds of nodes are malicious then liveliness can be impacted. In this scenario, the network is taking a consistent snapshot of data which is backed up on all nodes. Malicious nodes would be penalized and automatically removed from the chain via smart contracts on the Ethereum Mainnet, called the SKALE Manager. The SKALE Manager contracts would then “self heal” the chain by assigning new node resources, which would then initiate a recovery and catch up protocol to sync the new chains with the current ones based on the last snapshot.
An additional security measure is in place to prevent collusion and bribery attacks. Each node runs containerized software which allows it to be placed on many different chains simultaneously. This gives the network greater resourcing capabilities but also helps pool security across chains. If a node is malicious on one chain it gets penalized in full which brings additional security to all chains that it operates on. The entropy or node assignments are also critical. A bad validator operator would attempt to place as many of their nodes as possible on a single chain making their collusion effort easier. The Ethereum Network provides security in this instance by randomly assigning nodes to chains and then rotating them intermittently. A random number generator is used, which is a BLS Randao mashup, which requires every node in the network to create a random number. Then threshold encryption is used to message the total number to the Ethereum mainnet, which is then used to select node containers for chain assignments.
In summary, SKALE Consensus is a leaderless asynchronous BFT consensus using BLS threshold cryptography to sign blocks. Inherent in this consensus algorithm is an assumption that ⅔ of node operators are not malicious. If greater than ⅓ are malicious they can pause the chain. If greater than ⅔ are malicious they can re-write the ledger to steal funds and create a false truth.
Each node must meet MSR requirements. This is a “stake” in the network. If nodes are malicious they will be penalized. Network monitoring mechanisms in the SKALE Network are designed to identify non-performing and/or malicious nodes. Issues related to non-performance are addressed via reductions in rewards. Issues identified as malicious in nature are addressed via the governance structure and can and will be addressed by slashing, node removal, and other putative measures.
What are the operators responsible for? What power do they have?
Validator Operators are responsible for provisioning servers to the network, running the correct version of SKALE software, ensuring stake requirements are met, and maintaining proper SLAs.
Once nodes are assigned to a validator set, they execute smart contracts and validate blocks. They have power, but due to SKALE’s unique integration with Ethereum and security model, collusion is an extremely difficult and very costly effort.
What are the motivations to become an operator of a SKALE node?
SKALE Validators earn SKL bounty tokens by securely and effectively running SKL nodes. Their rewards are given out onchain, via smart contracts on the Ethereum Network. The SKL bounty is made up of monthly inflation, and fees from dapps that rent SKALE Chains from the network. The bounty pool is divided up via an onchain mechanic on the Ethereum network, which automatically rewards stakers and validator operators based on the fee settings validators input to the Ethereum Network.
Proof of Stake networks are a logical next step in blockchain technology as they offer significant advancement in current issues related to scalability, throughput, settlement times, gas fees, and energy. Proper network design, however, extends far beyond just a Proof of Stake model and includes the structure and arrangement of validator sets, node workins, consensus model, security mode, interchain messaging and bridging approach, and more.
The SKALE Network is an Ethereum-native multichain Proof of Stake network that makes operational use of, and inherits significant security properties of the Ethereum mainnet. SKALE cannot operate without Ethereum. Also, the use of SKALE requires consistent payment back to Ethereum in gas fees for functions such as node assignments to chains, staking, slashing, token transfers, and bridge activity between SKALE and Ethereum. SKALE uses an innovative shared pooling approach in combination with a containerized and virtualized subnode architecture to preserve security while optimizing node efficiency, chain performance, and network economics.
The SKALE Network is designed to scale with the growth of Web3 and offers a tremendous ROI for validators to run SKALE nodes.
Read more here: https://skale.network/blog/validator-economics/
Additional SKALE Validator resources include:
Validator Operator FAQ - https://skale.network/blog/the-skale-network-validator-faq/
Bounties and workflows - https://skale.network/blog/network-bounties-and-delegation-workflow/
How’s the Data?
By definition, a Layer 2 technology must create incremental data checkpoints on a Layer 1 (Ethereum mainnet). Our concern, then, is with the interstitial time between those periodic Layer 1 check-ins. Specifically, how is Layer 2 data generated, stored and stewarded while away from the safe harbor of Layer 1? We are most concerned with this because it is when the user is furthest from the trustless security of a public mainnet.
What are the lock-up conditions for SKALE?
Assets on the SKALE Chain are fluid between the SKALE Chains and the Ethereum Mainnet. There is capital efficiency which delivers greater UX to end users. Funds can move from SKALE to Ethereum in 18 seconds.
However, a “Roll Back” can be used to protect the chain users. SKALE Chain owners can limit withdrawal quantities via the Ethereum Bridge contract. For example they can limit withdrawal to X% of the total value locked over Y period of time. If malicious validators were to organize an attack they could only pull X amount out of the SKALE Chain in the given time period. Ie - A DeFi protocol can limit exits to no greater than 5% of TVL every 10 minutes.
This smart contract trigger would initiate a decentralized governance mechanism where the chain would be automatically paused. To restart the chain and penalize bad actors, a combination of two special security keys can bring the state back to the last accurate snapshot. A special security key held under a multisig smart contract by a diverse set of community members triggers the first key. This combined with a special security key held by the chain owner (which in most cases would also be a multisig) would trigger the reset. This limits worst case scenario exposure for end users while maintaining decentralization.
In addition, Zero-Knowledge (ZK) Rollups will be an integrated option to the SKALE Chain application operators. SKALE is an open framework where ZK operators can sell their services and software to SKALE Chain app developers and run ZK techniques. The SKALE Community is not opposed to this technique and welcomes ZK companies to run their services in a decentralized manner on SKALE Chains.
How soon are those funds available on SKALE?
As soon as a transaction is mined on Ethereum, the bridge will send the relevant message to the SKALE Chain. (Inbound transactions require 10 block confirmations on Ethereum and all outbound transactions are set by the dapp controlling the SKALE chain). Specifically, each of the nodes in a SKALE chain (16 nodes) independently monitor Ethereum for a deposit transaction. This transaction is mined once at least 2/3rds of the nodes confirm the transaction is mined + block confirmations. This takes minutes for execution from the Ethereum side, but takes only ~4 seconds to be confirmed on the SKALE side.
Does SKALE provide support for users entering without a L1 lock-up (i.e. in the case of onboarding a user directly onto SKALE, then the user wishes to exit to Ethereum mainnet)?
Yes, tokens can be minted directly on SKALE Chains. Liquidity providers and fiat on ramp services can build connections directly to SKALE.
Additionally NFTs can be minted directly on SKALE where they can be burned and moved to the Mainnet.
How would a user dispute an invalid SKALE transaction? Prove a valid SKALE transaction?
Disputes are delivered directly to chain owners or DAOs that run SKALE chains. These disputes can be resolved using a “Roll Back” by initiating the Chain owner security multisig combined by the network DAO held multisig. State can be rolled back to the latest accurate state snap shot as agreed by the governance mechanism for the Chain owner and network DAO.
Once a SKALE user wishes to exit, how soon are the locked-up Layer 1 funds (plus or minus any L2 gains or losses) available back on L1?
18 seconds is the current metric. The exit transaction is minted in seconds on SKALE, and then the exit message is transmitted to Ethereum. Once mined on Ethereum, the funds are available.
Do you anticipate there being Liquidity Providers on Layer 1 willing to provide immediately redeemable L1 funds to users exiting SKALE?
There are many liquidity providers that are building SKALE plugins to streamline asset transfers. The goal is to make the UX as streamlined as possible.
How’s the Stack?
The comparison of stack is important to highlight what a Layer 2 has or has not changed from Ethereum mainnet.
How much does the SKALE stack share with the Ethereum mainnet stack?
SKALE runs a client (skale-d) that was forked from Ethereum’s Aleth (cpp-ethereum). EVM, RLP, and most RPC calls are unchanged. In general, contracts that work on Ethereum work on SKALE.
Where does the SKALE differ from Ethereum mainnet stack and what risks / rewards does that introduce?
SKALE enables high speed gasless transactions, greater computational block sizes, and file storage directly onchain. The security properties are different in that only 16 validator operators will be running your chain at any given time. However, these 16 operators are part of a much larger pool of security that runs across the network.
Preparing for the Worst
How does the SKALE system prepare for:
A mass exit of users?
Exit transactions in the bridge are rate limited to prevent an unorderly exit.
Exit rates can be modified by the Chain owner as detailed in the “Roll Back” mechanism, ie if more than X% of the tokens leave the chain in Y seconds the chain will pause.
SKALE participants attempting to game the SKALE consensus. For example, by forming a cartel?
SKALE is a blockchain that assumes less than 2/3rds of the validator operators are malicious. If greater than 2/3rds of the operators are malicious then the system is lost. This scenario is mitigated and made incredibly unlikely by random node assignments to chains, rotation of operators that are already running on chains, and incentives such as slashing and staking rewards for good behavior.
At the end of the day, blockchains are really about coordinating human behavior with math and computer science. Bitcoin is secure because people would rather make money than lose it. SKALE relies on similar properties of incentive alignment amongst validators.
In addition, the validator operators that run the SKALE Network are the primary operators that run Eth 2 and run every other major chain such as Solana, Avalanche, Near, and others. 80 percent of Proof of Stake Networks are run by less than 20 percent of validators. These validators would lose all of their business not only on a SKALE chain but every single network if they were to intentionally collude and create a cartel designed to steal money from end users. Additionally, most of them are well known entities that advertise their business to delegators and connect their onchain IDs to their brands. They would lose not just reputational risk, but incur potential legal and criminal penalties in certain jurisdictions. Overall it is even more unlikely that these entities would collude to steal money than it would be for the 6 major Ethereum Mining pools to collude to steal money which they could do at any given second.
A bug or exploit discovered in a critical part of its system?
The SKALE Manager contracts that orchestrate the entirety of the network, control delegation flows and token states, have been audited in 3 separate instances (by Consensys Diligence and Quantstamp). Manager contracts are also upgradeable.
For the SKALE - Ethereum bridge (IMA), contracts are also upgradeable, and have been audited twice. There is a nuclear kill feature that enables a Chain owner and a second party to kill the bridge and allow users to withdraw funds from IMA Ethereum deposit boxes, should a critical security issue be exploited.
SKALE also has an active bug bounty program running for over one year, and so far no critical exploits have been discovered.