Lido's Community Staking Module (CSM) is a groundbreaking step toward decentralized staking. However, the manual process of creating validator keys, deploying them, handling exits, and ensuring everything runs smoothly can become a bit tedious, complex and stressful — especially when you're managing a large number of validators.
We are excited to introduce the Lido CSM Validator Manager, an open-source tool we've developed to streamline the deployment, monitoring, and management of Lido CSM validators at scale. At Firstset, we've successfully used it to run over 100 validators during the CSM testnet process, and we believe it can benefit other node operators facing similar challenges.
Key Features
Deploy Validators
Automated Key Generation and Deployment: Create and deploy new validator keys to both your validator client and the Lido CSM seamlessly.
Node Operator Registration: Automatically register a new CSM Node Operator if needed.
Duplicate Key Checks: Prevent issues by checking for duplicate validator keys across your validator client, remote signer, and the CSM.
Remote Signer Support: Optionally upload keystores to a remote signer setup, such as Web3Signer.
Manage Validator Keys
State Consistency Checks: Identify inconsistencies between keys registered in the validator client, remote signer, and the CSM.
Inconsistency Resolution: Roll back inconsistent states to maintain a reliable validator setup.
Exit Validators
Manual Exits: Exit validators individually using their public keys.
Automated Exits: Monitor the Lido Validator Exit Bus Oracle and automatically action exit requests for your node operator IDs.
Notifications: Receive Telegram notifications for detected exit requests to stay informed in real-time.
Additional Support
Remote Signer Setups: Full support for remote signer configurations, enhancing security for your validator keys.
Design
The Lido CSM Validator Manager relies on one external process and several APIs to function effectively:
Staking Deposit CLI: Used for generating the keystores and deposit data required for validator creation.
Lido Keys API: Checks if any of the generated keys have been previously uploaded to prevent duplication.
Note: This is a critical step as uploading duplicate keys to the Lido CSM is possible, which could lead to submitting a bond for a validator that will never be activated.
Validator Client Keymanager API: Allows remote loading of keystores into the validator client.
Note: Since the Keymanager API is typically offered over plain HTTP, the Validator Manager securely wraps the connection over an SSH tunnel to enhance security.
Ethereum JSON-RPC API: Interacts with the Lido CSM contracts for reading data and submitting transactions.
The interaction flow is as follows:
Key Generation: The Staking Deposit CLI generates the validator keys and deposit data.
Duplicate Key Check: The Lido Keys API is consulted to ensure that the generated keys have not been previously uploaded.
Keystore Upload: The keystores are securely uploaded to the validator client using the Keymanager API over an SSH tunnel.
CSM Registration: The Ethereum JSON-RPC API is used to interact with the Lido CSM contracts, registering the validator keys and, if necessary, the node operator.
This design ensures a streamlined and secure process for deploying and managing validators within the Lido CSM ecosystem.
Caveats
Due to the distributed nature of validator operations and non-transactional behavior, inconsistencies may arise from failures or interruptions. The Lido CSM Validator Manager helps mitigate these issues by providing state checks to find discrepancies and the ability to resolve them in one command.
As a node operator, it's essential to ensure that:
For each validator keystore loaded in your validator client or remote signer, there is a corresponding public key registered in the Lido CSM contracts.
For each public key registered in the Lido CSM contracts, there is a corresponding keystore loaded in your validator client or remote signer.
If inconsistencies occur (e.g., the tool is interrupted during key deployment), use the state-check functionality to identify and resolve them.
Get Started
To get started with the Lido CSM Validator Manager, visit the GitHub repository. The repository contains detailed instructions on setup, configuration, and usage.