Loading...

Stakewisestakewise.io

Overall Evaluation

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Questions + Answers

Stakewise was provided an initial questionnaire by the EDDC to provide further insights into how Stakewise works and to evaluate their safety as a Staking Pool Service. Please see below for the EDDC questions and Stakewise answers.

  • 4

    PASS

    4

    WARNINGS

    2

    ISSUES

    0

    SLASHINGS

Estonia

We are confident about being compliant with the laws of Estonia. We are working with a reputable Scandinavian law firm with a portfolio of clients in crypto to draft the Terms of Use as well as receive a Legal Opinion about our full compliance.

In the Pool service, we will generate a shared withdrawal key with Shamir’s secret sharing. The parts will be distributed between trusted entities in the Ethereum community to prevent centralization of custody in our hands and will be used to sign the withdrawal transaction through a threshold signature (akin to multisig) arrangement. For the Solo service, we require users to submit their withdrawal public key. In both instances, we retain control of the validator keys. However, for the solo service, we will implement pulling validator keys upon request, so that they could migrate from StakeWise to some other provider or continue running by themselves. When pulling the validator keys, they will be encrypted using the user’s eth1 address or RSA. They will also retrieve validator.db to avoid slashing.

We don’t have an insurance that covers the loss of the funds. We expect users to turn to insurance protocols like Shield DAO and Nexus Mutual to insure their funds, and will likely have an internal solution where some users can underwrite the risk of the slashing-related losses for the rest of the users in exchange for a fee.

As a company, this is our first commercial crypto project, yet we obtained decent exposure to the cryptocurrency space individually. Dmitri has been involved with blockchains and cryptography for about 5 years, having obtained a Master’s degree in Cryptography and Security and later working on hobby projects like mining Monero on cellphones using CPU and designing no-loss lotteries based on Ethereum mining. Kirill has been invested in Ether since 2017.

Dmitri is a FullStack engineer with a wealth of DevOps and System Administration experience. He worked on the development of a public cloud network for the government in the Middle East, and later helped build a 5G network for Verizon while at Ericsson. He has a degree in Computer Science and a Master’s in Cryptography and Security.

Kirill is an investment analyst by occupation, having worked for one of the largest investment funds in Estonia since 2017. His experience includes working with public and private companies in the equity and debt markets on the buy-side. He has a degree with an Economics major and has passed Level 1 of the CFA exam.

We are choosing an audit team now, but in addition to them, our code will be audited by a few private individuals with a strong background in security.

1.We are using Google Cloud and Microsoft Azure to run a distributed cloud setup in different geographies to achieve redundancy. We use Prysm and Lighthouse as Eth2 clients and run 2 beacon nodes per cluster. The setup allows to quicky switch between clients and clouds in case one of the parts of the setup goes down (in case of a bug or datacenter downtime, for example).

2.We run our server clusters using Kubernetes. This allows us to automatically scale the number of servers in the cluster according to the # of validators that we run and allocate more resources to the servers in times of peak demand (for example, when there is no finality).

3.We have a failover mechanism enabled to achieve maximum redundancy. Failover allows us to automatically migrate validators to a new server in case some other server failed, without loss of uptime. We ensure protection from slashing by enabling local and external slashing protection, as well as storing the validator db’s on a separated volume.

We have a few offers on the table and are negotiating the venture structure now.

We have 2 tokens for the Pool, to represent the deposit and the rewards separately. They are called stETH (staked ETH) and rwETH (reward ETH). Users receive stETH when they make a deposit in the Pool (at a 1:1 ratio). As long as they hold stETH in their address, they accrue rewards in rwETH, proportionally to their share of the Pool. rwETH similarly reflects users’ rewards in 1:1 fashion (net of StakeWise staking fee). Transferring stETH to another address would be akin to transferring one’s deposit in the Pool to someone else, so in case stETH is transferred to another address, rwETH will start accruing there. More about our tokens can be read here: https://docs.stakewise.io/tokens

We have a 10% fee on rewards in the Pool and charge 10 DAI/validator/month for Solo.

Deep-dive Report

Key Takeaways

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

Strengths
  • - Lorem ipsum dolor sit amet
  • - Consectetur adipiscing elit
  • - Ed do eiusmod tempor incididunt ut labore
  • - Lorem ipsum dolor sit amet
  • - Consectetur adipiscing elit
Improvement Areas
  • - Lorem ipsum dolor sit amet
  • - Consectetur adipiscing elit
  • - Ed do eiusmod tempor incididunt ut labore
Changed
  • - Lorem ipsum dolor sit amet
  • - Consectetur adipiscing elit
  • - Ed do eiusmod tempor incididunt ut labore