Points of centralization in Ethereum – Part I
Sep 6, 2022 - 8 min read
On August 8, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the Tornado Cash protocol and 44 smart contract addresses associated with it for aiding thieves in laundering stolen money. Tornado Cash is a privacy protecting crypto mixer running on Ethereum that enables users to send and receive digital assets anonymously. While it was the first time sanctioning an immutable smart contract, a piece of software as opposed to individuals, OFAC has a history of 13 cases sanctioning addresses linked to various entities and individuals reaching back to 2018. The recent sanctions fueled controversies around Ethereum’s various points of centralisation as these offer attack surface for censorship.
Censorship in crypto is a spectrum that can range from weak to strong censorship and often derives from centralized points in the tech stack. Weak censorship might happen on the protocol level if a fraction of validators actively participates in block censorship. This form of censorship then leads to a delay of transaction inclusion and therefore a degradation in User Experience (UX). Weak censorship also happens above the protocol level though for example via DeFi frontends that prevent access or via centralized infrastructure providers such as Infura or Alchemy that are capable of restricting transactions flowing through their nodes. They then basically pick and choose to not include certain transactions. Furthermore, builder centralization and trusted Maximal Extractable Value (MEV) relays offer another layer of possible censorship. Strong censorship however happens on the protocol level rooted in block proposer attestations and means that censored transactions never get included in any block. Strong censorship is possible if a certain entity controls the machine layer consensus by hitting an aggregate of 51% consensus threshold. If the machine layer is compromised, the social layer might be able to step in and reboot the machine layer, a term known as social slashing.
According to Ethereum Researcher Justin Drake, censorship-resistance on the protocol level is required for credible neutrality, credible neutrality is required for legitimacy, legitimacy is required for monetary premium and monetary premium is required as it leads to economic security (staking) and economic bandwidth (collateral in DeFi). Therefore, protocol level censorship-resistance is mandatory in order protect and maintain Ethereum’s integrity as well as its core value proposition offering equal access to anybody.
As the whole matter is highly nuanced, we will follow up in Part II with a more in depth analysis on censorship resistance and its technical quirks in a PoW and PoS environment.
Highlighting the weak spots
Following the Tornado Cash sanctions, infrastructure providers and wallets, source code repositories, frontends and centralized stablecoin issuers were quick to ban associated addresses and access to Tornado Cash. While the Treasury’s move has philosophical ramifications for the battle over privacy, it raises severe concerns about the ecosystem's censorship-resistance since a range of weak spots regarding Ethereum’s centralized tech stack were exposed. Below, we will address the most impactful points of centralization and how they operate.
Even if PoS was designed to lower entry level complexity for validators, independent staking still comes with significant friction regarding risk tolerance (slashing), technical know-how (setup and operation) and investment size (32 ETH to spin up an individual validator). Thus, small holders and anybody with less technical expertise are almost forced to use some form of staking service with a ranging degree of trade-offs in order to gain staking rewards as these providers often allow to stake in increments smaller than 32 ETH.
In particular, centralized (e.g. Coinbase’s cbETH) and decentralized (e.g. Rocketpool’s rETH) liquid staking solutions became popular as these offer an additional liquid staking token derived from the underlying stake that providers further utility in DeFi. As we saw since inception of the Beacon chain however, these services are forces of centralization that might even amplify with MEV being distributed to validators post-Merge if staking pools exceed critical consensus thresholds. As Danny Ryan, lead researcher at the EF, wrote in a blog post:
“Liquid staking derivatives (LSD) such as Lido and similar protocols are a stratum for cartelization and induce significant risks to the Ethereum protocol and to the associated pooled capital when exceeding critical consensus thresholds...In the extreme, if an LSD protocol exceeds critical consensus thresholds such as 1/3, 1/2, and 2/3, the staking derivative can achieve outsized profits compared to non-pooled capital due to coordinated MEV extraction, block-timing manipulation, and/or censorship – the cartelization of block space. And in this scenario, staked capital becomes discouraged from staking elsewhere due to outsized cartel rewards, self reinforcing the cartel’s hold on staking.”
As the overall integrity and security of Ethereum’s PoS can only be guaranteed with no one entity surpassing crucial consensus thresholds, an excessively concentrated stake can call into question the decentralization and neutrality of the network. One entity holding a third of the stake can cause concern as it breaks Byzantine fault-tolerance, a crucial characteristic of the consensus protocol that enables resilience against dishonest players. As of writing, Coinbase, Lido and Kraken already make 55% of the overall stake with Lido alone being responsible for >31%, see Illustration 1. With that, a massive amount of stake currently resides directly or indirectly under the jurisdiction of the U.S. government.
Illustration 1: Staked ETH in Beacon chain deposit contract
However, at least two staking services, Lido and Coinbase controlling 46% of staked ETH have already committed to not censoring. Lido is the liquid staking solution behind stETH, that can be redeemed for ETH after withdrawals are enabled post-Merge. Lido however has about 21 delegates and nodes running their validators. As such, it is not a completely centralized staking provider. Lido is also committed to addressing these issues aiming for a “trustless, governance-minimized, and ethos aligned liquid staking protocol”. Lido and Rocketpool, another liquid more decentralized staking provider, both offer permissionless staking compared to Coinbase’s cbETH. Yet Rocketpool offers additional permissionless node operation as well leading to greater decentralization as anyone can operate a node, known as Minipools.
With 5’586 nodes operating on the network, Ethereum appears to be rather decentralized regarding nodes. For instance, a staggering 14’336 nodes operate on the Bitcoin network and even up to 46’228 nodes if combined with unreachable Bitcoin nodes. However, if we zoom in, 62.51% of Ethereum’s nodes are hosted on centralized Internet Service Providers (ISPs). As of writing, 55.4% among the hosted Ethereum nodes count on Amazon, a single entity, followed by Hetzner Online (13.4%), see Illustration 2. Furthermore, 35.3% of nodes are running in residential environments. Of them, almost 52%, that matches the global distribution data of Etherscan, are tied to U.S. residential ISPs such as Comcast, Spectrum, Verizon and AT&T. Thus, Ethereum nodes are primarily located in the U.S. (48.17%) followed by Germany (18.22%).
Illustration 2: Hosting ISPs
Last week, German data giant Hetzner Online, currently accounting for 13.4% of hosted Ethereum nodes, said that using its hosting services for any cryptocurrency mining application is not permitted for both PoW and PoS applications. This illustrates how one centralized entity hosting a substantial amount of nodes might pose serious risk in the short term.
With more than $140b in value, Stablecoins are a monumental part of DeFi. Despite coming in different flavors, fiat-backed stablecoins take the biggest share with fully centralized USDC and USDT being the most important representatives. As the name indicates, these are backed by fiat and operated by a centralized entity such as Circle and Tether. Since they are custodied by a centralized issuer able to make unilateral decisions, they represent a single point of failure. Issuers of fiat-backed stablecoins must abide by the law's requirements for KYC/AML and transaction monitoring. To remain compliant, issuers maintain the ability to freeze their stablecoins or prevent a particular address from interacting with their stablecoin via blacklists. Technically, the stablecoin smart contracts query an off-chain blacklist as soon as a transfer function is called. The issuer blocks an address if there is a match with the blacklist basically rendering the stablecoins useless for the wallet holding them. In case of a hack and some other cases, the feature is of great help as it offers a possible recovery of funds. Yet, it also opens the door for censorship above the protocol level.
USDC addresses connected to Tornado Cash were recently blacklisted, exposing that stablecoins that represent liabilities to off-chain issuers are a major vulnerability for DeFi. The Centre consortium behind USDC banned 38 addresses (holding $149k) linked to the OFAC actions. Tether issuing USDT called Circle’s action “premature” and refrained from freezing sanctioned Tornado Cash addresses as they did not yet receive formal request from the OFAC. As Tether is based in Hong Kong, they do neither conduct business in the U.S. nor serve American customers. Hence, Tether would only comply voluntarily if OFAC send such a request. As a market response to Centre’s freeze, the USDC supply recently lost $1.8b that primarily went to USDT gaining $1.7b in supply. However, historically, Tether banned way more addresses on Ethereum than Cirlce, see Illustration 3. Overall, funds worth of $4.1m are currently frozen in USDC of 82 banned addresses and $421.9m are frozen in USDT of 717 addresses.
Illustration 3: Number of blacklisted USDC (Cricle) and USDT (Tether) addresses on Ethereum
At some point, this control might be even reverted where transactions are only possible to whitelisted addresses. That would not only introduce additional friction but also a significant reduction in privacy.
The sanctions and subsequent blacklisting not only exposed the lack of censorship resistance of centralized stablecoins but also the contagion of stablecoins that are supposed to be decentralized such as DAI and FRAX as they hold a substantial amount of centralized non-permissionless stablecoins as collateral. Initially, DAI was a single collateral stablecoin based on Ethereum only. However, Maker’s reserve composition has shifted to a multi collateral approach including centralized issued stablecoins and therefore deviates significantly from its original vision by becoming reliant on centralized choke points. By holding centralized stablecoins, the risk of these stablecoins is extended to DAI being censorable by extension and hence neglects the value proposition of a decentralized stablecoin.
As of August 31, USDC collateral counts for 50.8% of the minted DAI supply. Taking into account USDC balances in collateralized LP positions, the USDC backed DAI increases to >61%. A staggering 90% of the backing for FRAX, a stablecoin that employs an algorithmic stability mechanism and partial collateralization, comes from USDC.
Aside from the above points of centralization, also oracles, upgradeable smart contracts, multisigs, centralized source code hosting services like Github, wrapped assets, and rollups offer even more attack surface. Rollups for instance face centralization issues due to their young nature. Since it’s easier and faster to iterate, the sequencer, a node that batches transactions and posts the result to the on-chain rollup contract, of Arbitrum, Optimism, zkSync and StarkNet is a single node and therefore highly centralized. Moreover, when it comes to optimistic rollups, Optimism currently does not have fraud proofs while Arbitrum only allows whitelisted addresses to submit fraud proofs. Thus, both do not fully inherit Ethereum’s security. For detailed information, we refer to L2BEAT and for a deep dive into rollups, check our dedicated Decrypt “Rollups: Proof of Bundling”. Current PoW mining pools present another source of centralization. For instance, Ethermine, the largest Ethereum mining pool, actively started censoring by refraining block production containing Tornado Cash transactions. Even DAOs face centralization issues. Chainalysis found that of ten major DAO governance tokens less than 1% of all holders owned 90% of the voting power. By that, highly centralized voting power is able to outvote the remaining 99% of holders on any decision to their benefit. Moreover, minority holders are substantially limited to acquire proposal and passing requirements.
Conclusion and Outlook
The fact that Tornado Cash sanctions drove awareness towards points of centralization in Ethereum’s tech stack and their ability to enable censorship is overall healthy for the ecosystem. Various weak spots got exposed and solutions can now be railed. In Part II of this series, we will complete the list of missing weak spots such as MEV relays and Interfaces. Most importantly though, we will provide orientation on what helps to mitigate these risks moving forward. As a teaser: there is light at the end of the tunnel.