Like the early development of MEV, LSDfi on Ethereum has a centralizing trend, with a validator set consisting of only a few entities, which has unprecedented control over the Ethereum block space. This situation exposes all ETH and LST holders to regulatory risks.

As a trusted and decentralized platform, Ethereum requires protocols to maintain the rights of ordinary stakers. We focus on Puffer Finance, a liquidity staking protocol that has been favored by many investment institutions and received a grant from the Ethereum Foundation. Puffer Finance is expected to become a new benchmark in the field of liquidity staking.

Puffer Finance: Efficient, Permissionless LSD Protocol

Puffer Finance is developing a capital-efficient and completely permissionless liquidity staking protocol aimed at lowering the entry barrier for individual stakers. The protocol mitigates slashing risks through Secure-Signer and provides an innovative solution for inactive slashing, reducing Puffer's node operator capital requirement to just 2 ETH, allowing more people to participate in staking validation.

In addition to reducing margin requirements, Puffer's liquidity collateral protocol also considers decentralization in its design, avoiding reliance on DAO voting to add new and reviewed validators. This promotes a more diverse and decentralized set of validators. Through this approach, Puffer is committed to maintaining the values and principles of Ethereum as a decentralized platform.

任何验证者都可以通过与现有的共识客户端一起运行 Secure-Signer 来严格提高安全性。对于代表客户运行验证器节点的机构利益相关者来说，无论是作为矿池运营商还是 SaaS 提供商，使用 Secure-Signer 都可以为其客户提供额外的保护和信心。

Puffer's Secure-Signer is a remote signing tool that has received funding from the Ethereum Foundation. It aims to use Intel SGX technology to prevent actions that can trigger reductions. Through Secure-Signer, Puffer can safely reduce the validator threshold requirement from 32 ETH to just 2 ETH, and eliminate the risk of consensus client errors or user errors leading to reducible crimes.

Security Signature

Secure-Signer is a remote signing tool that manages validator keys on behalf of consensus clients. The remote signer is a module in the validator stack that allows key management and signing logic to be moved outside of the consensus client. Secure-Signer runs on Intel SGX and can provide validators with stronger key security and reduced assurance of protection.

Secure-Signer in the validator technology stack

Secure-Signer can run locally on the consensus client or on a remote server. From the perspective of node operators, setting up a validator is almost no different. As long as they have hardware that supports SGX, they can install and run Secure-Signer and instruct their chosen consensus client to use Secure-Signer as a remote signer. Using TEE to protect validators can be seen as a win-win situation.

From the perspective of individual validators, using TEE can reduce the risk of capital loss due to slashing. From the perspective of the validator set, as more and more validators use TEE, the risk of highly correlated large-scale slashing events will also decrease. For this reason, Secure-Signer is released as a public good for the benefit of the entire validator set.

Secure-Signer can prevent two types of faults that may lead to slashing, including user errors and client errors. Secure-Signer can completely avoid severe attacks caused by poor key management by preventing access to the validator's private key. If the validator's consensus client is compromised or suffers from errors that lead to slashing, Secure-Signer will act as a backstop, as the final signing operation is performed in a secure and isolated enclave.

In order to prevent potential reduction through double signing, Secure-Signer generates and protects all BLS validator keys in its encrypted and tamper-proof memory. These keys can only be accessed at runtime and remain encrypted at rest, making them inaccessible to nodes unless used for signing non-reducible block proposals or proofs.

Secure-Signer operation

除了保护验证器密钥外，Secure-Signer 还通过维护遵守EIP-3076的先前签名材料的完整性保护数据库来防止削减。即使节点的操作系统受到损害，enclave 也可以强制执行这些声明。

In addition to protecting validator keys, Secure-Signer also protects against slashing by maintaining the integrity of previously signed materials that comply with EIP-3076 in its database. Even if the node's operating system is compromised, the enclave can enforce these statements.

Therefore, if a catastrophic consensus client error occurs (such as an error that overrides the protection of EIP-3076), nodes using Secure-Signer will be protected because the enclave runs in an isolated environment and can maintain its integrity to protect the reduced protection database. By eliminating the possibility of reduction due to accidents or consensus client errors, Secure-Signer significantly reduces node risk and allows Puffer Pool to safely reduce ETH requirements.

Remote Authentication

RAVe (Remote Attestation Verification) is the second part of the Puffer team's project funded by the Ethereum Foundation. This powerful foundational technology provides high integrity and off-chain confidential computing in a blockchain environment.

In the Puffer project, RA (Remote Attestation) is a node that proves the state of running Secure-Signer. RAVe (Remote Attestation Verification) is used to verify the RA evidence and determine whether the node is allowed to enter the Puffer Pool.

When generating a validator key, the Secure-Signer enclave promises its validator public key in the "USERDATA" field reported by the RA. Then, RAVe verifies the node's RA evidence, extracts the validator's public key, and registers it on the blockchain. This enables nodes to prove to the Puffer Pool that they are running the Secure-Signer enclave and have generated a new validator key within it.

By examining the source code, anyone can verify that the Secure-Signer program has never leaked the key, ensuring security. In short, the role of RAVe in the Puffer Pool is to verify whether the node has generated the validator key in a secure environment as required.

In addition, in the Eigenlayer environment, using enclaves is relatively less costly than using ZKPs. Through enclaves and RAVe, it is possible to more effectively perform re-collateralization, ensuring the security and correctness of the entire process, to solve the problem of secret re-collateralization.

Protocol Operation Mechanism

In order to resist centralization risks, Puffer Finance takes the initiative to limit the size of its pools and implement control measures to mitigate the negative impact of re-collateralization on the Ethereum ecosystem. As mentioned earlier, this allows node operators to obtain Ethereum (ETH) without permission and become validators for Proof of Stake (PoS).

Puffer Finance has also set up a reward mechanism to promote the development of its ecosystem. As it is built on Eigenlayer, its rules can be defined as Active Verification Services (AVS). Eigenlayer defines AVS as services or middleware that retryers can choose to join, where provable misbehavior can be programmatically reduced. For example, if a validator's 32 ETH deposit is proven to have fraudulent behavior when re-staked to operate optimistic aggregation, the deposit can be programmatically reduced. If an AVS of the Puffer protocol is violated, the ETH of the offending validator will be programmatically reduced and the amount will be allocated back to the pool.

During this process, in order to proactively protect Puffer's ETH from inactive penalties, the current balance of each validator needs to be maintained above the threshold set by Puffer DAO. The threshold should be low enough to allow for reasonable downtime, but high enough to incentivize good performance.

In addition, MEV-smoothing is crucial for suppressing centralization within the protocol. It allows local nodes to earn more income than themselves and reduces the economies of scale of centralization staking operations. Validators who propose blocks need to distribute execution rewards with mining pools. If theft is proven on the chain, violators will be punished.

Node and Reward

The

node runs AVS (virtual server) located above Eigenlayer through re-collateralization. When Puffer (user) stakes ETH, they receive pufETH LST token rewards. As Puffer Finance gains validator and re-collateralization rewards, the value of pufETH LST tokens increases over time. PUFI tokens are used to manage the protocol through voting in Puffer DAO, including approving which AVS Puffer nodes can use and allocating Ethereum from the protocol library to specific AVS.

When Puffer collateral is greater than or equal to 0.01 ETH, it is added to the ETH pool. Part of this pool is provided to nodes to meet the 32 ETH requirement for activating Ethereum validators, while the remaining portion is available for users to withdraw liquidity when exchanging ETH for pufETH. As rewards are generated by the protocol, the amount of ETH supporting pufETH increases, and the conversion rate between the two also increases. Holding pufETH liquidity allows people to earn rewards for staking/re-staking over time while still participating in DeFi.

Puffer deposits ETH into the PufferPool contract to mint pufETH. At the beginning of the protocol, the conversion rate is 1:1. Assuming the protocol performs well and rewards outweigh penalties, the conversion rate will increase the value of pufETH over ETH. Therefore, Puffers holding pufETH can expect its value to increase over time.

After registering the validator key, Puffer nodes will mint pufETH based on the value of their bonds, which will be locked until the protocol is launched. When nodes generate consensus, execute and re-collateralize rewards, they will receive liquid ETH rewards based on the commission rate set by Puffer DAO, with the remaining portion sent to PufferPool and the treasury. As nodes hold locked pufETH, they also share rewards generated by other nodes in the protocol. This enables efficient MEV-smoothing and helps adjust node incentives.

Withdrawal and Governance

When there is sufficient liquidity in the withdrawal pool of the protocol, Puffer can redeem their original ETH and accrued rewards with their pufETH. A portion of all Puffer deposits, rewards, and node withdrawals are added to the withdrawal pool to provide exit liquidity. Nodes fully exit the Puffer protocol by proving that they have exited the beacon chain.

After completely exiting the Puffer protocol, if a node with 2 ETH bonds exits with a validator balance of 32 ETH and the pufETH:ETH ratio has doubled since registration, they will receive 4 ETH, while 28 ETH will be returned to the pool.

Puffer hopes to continue to grow and operate in the future without relying on the Puffer core team, becoming a fully decentralized protocol. Therefore, Puffer hopes to minimize the impact of governance in the protocol. PUFI Token will mainly be used to vote on contract pauses and upgrades, commission rates, and other protocol parameters in the event of vulnerabilities and Ethereum hard forks, manage the Puffer Protocol treasury through grants and ESaaS, and whitelist projects that align with the Ethereum spirit.

Puffer only supports AVS. All Puffer nodes built on top of Eigenlayer can become native resakers to increase their rewards. Such reallocation tasks cover important middleware such as bridges and oracles, as well as services such as data availability layers and L2 sorters. In addition, nodes that support Enclave can participate in Puffer's unique AVS, such as privacy-protected L2 and ZK-2FA.

Puffer Pool has set a maximum burst threshold of 22% to ensure the stability of Ethereum (the danger consensus threshold is 33%). If Puffer Pool reaches 22% of the validator set, pufETH minting and node deployment will be frozen.

Team and Financing Background

The Puffer Finance team includes a mathematician who dropped out of a PhD program, an alumnus who previously worked at NASA on real space math projects, and a seasoned professional with experience in the Metaverse field. The team has collaborated with renowned Ethereum researchers and has been guided by leaders in the industry, community, and research fields.

On August 9th, Puffer Finance announced that it has raised $5.5 million in seed funding. The seed round was jointly led by Lemniscap and Lightspeed Faction, with participation from investors who share a common vision with Puffer Finance, such as Brevan Howard Digital, Bankless Ventures, Animoca Ventures, and DACM, as well as community funds including 33DAO, WAGMI33, and Concave.

In addition, they also received support from researchers and KOLs in the ecosystem, including Sreeram Kannan and Calvin Liu from Eigen Layer, Mrblock from Curve, Frederick Allen from Coinbase Instituteal, Anand Iyer from Canonical Ventures, and Shen Yu, Ramble, Ladislaus, and Richard Malone from Obol Labs. They participated in the seed round financing as angel investors.

Regarding the vision of Puffer Finance, Justin Drake, a researcher at the Ethereum Foundation, stated: "Validator operators should consider Puffer's SGX-based secure signer - at least until we obtain one-time signatures. To narrow the scope, when the pure cryptographic defense capability is insufficient, enclave is a good way to gradually improve security."

Currently, Puffer Finance is still in the early stages of development. The community expects to launch the testnet in the later part of 2023, with the goal of launching the mainnet in 2023.

欢迎加入律动 BlockBeats 官方社群：

Telegram 订阅群：https://t.me/theblockbeats

Telegram 交流群：https://t.me/BlockBeats_App

Twitter 官方账号：https://twitter.com/BlockBeatsAsia