Robust Restaking Networks

TL;DR

The paper formalizes restaking networks as bipartite graphs linking services and validators, then analyzes cryptoeconomic security under economically motivated attacks that trade stake loss against profits. It proves tight upper bounds on worst-case stake loss after shocks, parameterized by an overcollateralization factor $\gamma$, with the global guarantee $R_\psi(G) < (1+\tfrac{1}{\gamma})\psi$, and extends these results to local guarantees via attack headers and stability constraints. It also shows how cascading attacks can inflate risk and provides a bound on the maximum cascade length depending on $k$, $\gamma$, and other parameters. The results yield practical risk measures and computable sufficient conditions (e.g., via EigenLayer-like checks) to ensure robustness, along with structural arguments about the necessity of stable attacks and header-based overcollateralization. Overall, the work connects cryptoeconomic security, systemic risk concepts, and restaking design to produce tight, verifiable guarantees and guidance for designing robust multi-service restaking ecosystems.

Abstract

We study the risks of validator reuse across multiple services in a restaking protocol. We characterize the robust security of a restaking network as a function of the buffer between the costs and profits from attacks. For example, our results imply that if attack costs always exceed attack profits by 10\%, then a sudden loss of .1\% of the overall stake (e.g., due to a software error) cannot result in the ultimate loss of more than 1.1\% of the overall stake. We also provide local analogs of these overcollateralization conditions and robust security guarantees that apply specifically for a target service or coalition of services. All of our bounds on worst-case stake loss are the best possible. Finally, we bound the maximum-possible length of a cascade of attacks. Our results suggest measures of robustness that could be exposed to the participants in a restaking protocol. We also suggest polynomial-time computable sufficient conditions that can proxy for these measures.

Figures (5)

• Figure 1: A blockchain protocol operated by a collection of validators, with $\pi$ denoting the profit of successfully attacking the protocol and $\sigma_v$ the amount of stake posted by a validator $v$ as collateral.
• Figure 2: A general restaking network, with validators reused across multiple services.
• Figure 3: Two restaking networks. Each service (left-hand side vertex) and validator (right-hand side vertex) is labeled with its profit-from corruption or stake, respectively. Assume that a service can be corrupted if and only if it is attacked by at least half of its validators (i.e., $\alpha_s = 1/2$ for every service $s$). The restaking network in (a) is not secure because there is a valid attack (indicated by the dotted line): three validators can earn a profit of 4 by corrupting all four services while losing only three units of stake. The restaking network in (b) is secure.
• Figure 4: Simple overcollateralization is insufficient in the local setting. There are two restaking networks shown above. In each, the validators are denoted along with their corresponding stakes by the yellow circles. Services and their profits from corruption are denoted by the blue rounded squares. In each of these networks, the service outlined in green is overcollateralized. However, despite being unrelated to the overcollateralized service, if the validator outlined in red disappears, the validators in yellow can attack all services (including the overcollateralized one).
• Figure 5: The graph $G$ for $n = 30$. Here, each circle denotes a validator. The red services constitute $S_6$, and the blue services constitute $S_3$. Observe that the graph forms a single connected component.

Theorems & Definitions (36)

• Claim 1: EigenLayer Sufficient Conditions, from Appendix B.1 of the EigenLayer Whitepaper el
• proof
• Lemma 1
• proof
• Corollary 1
• proof
• Theorem 1
• proof
• Corollary 2
• proof