Co-written by James Burnie and Matt Kimber
Since 15 September 2022, the majority in number and value of blockchain systems are secured by proof-of-stake consensus mechanisms. Yet the legal treatment of staking has received little attention. Further confusion is caused by the fact that the use of the word “staking” has generally focussed on the existence of a return, rather than consideration of how that return is generated. For this reason, the term “staking” is now used to refer to a range of materially different activities, from staking for the purposes of validating a blockchain protocol (the primary focus of this article) to staking referring to DeFi lending and staking as used as a rewards system in NFT markets or online games. This article considers the features of different staking arrangements, describes some of the potential legal consequences of those arrangements and identifies issues that might arise as proof-of-stake consensus mechanisms evolve.
The article suggests that validator staking within proof-of-stake systems is a very different type of arrangement, with a very different risk profile, to the provision of other staking models, even if colloquially or economically they are seen as “equivalent”, as both arrangements generate a return and involve locking up tokens.
On 15 September 2022, “the Merge” occurred – the pre-existing execution layer of the Ethereum blockchain system joined with a new proof-of-stake consensus layer, the Beacon Chain. The principal effect of the Merge was to transition the consensus mechanism used to secure the Ethereum system from proof-of-work to proof-of-stake. Following the Merge, the majority in number and value of blockchain systems are secured by proof-of-stake consensus mechanisms. Yet the legal treatment of staking has received little attention. That is likely to change as greater transactional volume and value flows through blockchains secured by proof-of-stake. This article considers the features of different staking arrangements, describes some of the potential legal consequences of those arrangements and identifies issues that might arise as proof-of-stake consensus mechanisms evolve.
Blockchain systems use consensus mechanisms (a combination of system rules and specific algorithms which must be followed) to achieve consensus between participant nodes regarding the current state of the distributed ledger or structured record in a secure way. The issue of consensus is intrinsic to the viability of blockchain systems, because if the consensus mechanism is compromised, then the blockchain system is (or is likely to become) defunct. The two most well-known consensus mechanisms for distributed blockchain systems are proof-of-work and proof-of-stake.
Proof-of-work (used by the Bitcoin system and the Ethereum system pre-Merge) requires miners to expend computational resources to find a number within defined parameters (thus, undertaking “work” and requiring electricity which has a market value). The first participant to find the number is rewarded with the ability to construct and propose a new block containing new transactions, updating the state of the distributed ledger or structured record for propagation across the network. Most miners construct and propose blocks such that the block reward (if any) for creating the new block and any transaction fees included in that block are paid to them. Proof-of-work consensus mechanisms are based on the thesis that the energy cost of illicitly overriding the consensus should be so high as to not be (economically) viable.
Proof-of-stake consensus mechanisms (used by the Tezos system and the Ethereum system post-Merge) work differently. Validators – participants who have “staked” tokens – are permitted to participate in the system’s consensus process. A validator is chosen at random to construct and propose a new block containing new transactions, thereby updating the state of the distributed ledger or structured record for propagation across the network. Again, most validators construct and propose blocks such that the block reward (if any) for creating the new block and any transaction fees included in that block, are paid to them. Conversely, if a validator acts in a “bad” or “malicious” way (eg by inappropriately interfering with the consensus mechanism), the validator risks forfeiting his stake (either through penalties or by a process called slashing). The consensus mechanism is focussed on penalising bad behaviour, meaning that participants do not interfere with the consensus for fear of receiving a penalty – thus making the economic cost of illicitly overriding the system so high as to not be (economically) viable through different means to proof-of-work. So, while proof-of-work focuses on maintaining a high computational resource (hardware plus energy) cost of overriding the consensus mechanism, proof-of-stake relies on maintaining high economic costs of override through the destruction of staked tokens as a consequence of bad behaviour.
The difference in consensus mechanism means that the validation process for proof-of-stake systems generally uses much less electricity (often over 99% less) than proof-of-work systems.
Additionally, under proof-of-stake systems, there are no (or significantly reduced) hardware and electricity costs imposed on a validator. In practice, this opens the validation role to a wider range of potential participants, potentially reinforcing the decentralised nature of the blockchain (because the level of resources required to be staked and become a validator is generally lower than the level of resources required to operate a (consistently profitable) proof-of-work miner).
Quis Custodiet ipsos custodes (who watches the watchers)?
Validators (and miners) have a core function within blockchain systems – they do real work – participating in functions necessary to the continued operation of the system. Gabriel Shapiro summarises this work as:
• proposing blocks for addition to the blockchain;
• accepting or endorsing (“attesting”) proposed blocks for addition to the blockchain;
• receiving and storing broadcasted and/or private requests for including certain data or state changes in/to the blockchain;
• choosing which among the transaction requests received by them to include in the blocks they propose (and sometimes the order in which those requests will be processed within the block);
• executing smart contract code (for example, calling a certain function with certain parameters on a smart contract) to be able to include the results of that computation in a block they propose;
• “enforcing the protocol” in performing the above actions (that is, performing them in accordance with the protocol rules); and
• receiving block rewards from the protocol and/or transaction fees from requesters for having their proposed blocks successfully added to the blockchain.
Validators (and miners) are therefore some of the most powerful and influential DeFi ecosystem participants and are crucial to the ongoing functioning of blockchain systems. They ensure the integrity and security of the protocols on which DeFi ecosystems are built.
Proof-of-stake systems use a variety of mechanisms to check the inherent power of validators, based on a system of economic disincentives broadly aligned to how egregious their behaviour is considered to be (according to the social consensus of the system). Economic disincentives include missing out on rewards or receiving a direct penalty (a reduction in a validator’s token balance). These might arise if a validator fails to participate in some or all of the work/activities listed above when called upon or if they do not meet certain specified criteria when performing their role. Additionally, a validator could suffer “slashing”: a more severe punishment which refers to the removal of the validator from participation in the proof-of-stake consensus mechanism and reductions from its token balance in the meantime. This might occur if the protocol determines that there is “dishonest” behaviour, for example proposing multiple blocks in a single slot.
A core point to note in this respect is that whether behaviour is “good”/”honest” or “bad”/”dishonest” is generally determined by the blockchain protocol (potentially including the social consensus built into the system). So even if a validator is generally seen to be a “good actor”, there is a risk that its behaviour is determined “bad” by the protocol, for example because of an accidental error, and so it is common for even “good” actors to be subject to occasional penalties.
Animal, vegetable or mineral? Characterising validator staking
Based on the above, a validator staking arrangement can be characterised as an arrangement under which crypto-tokens are put at risk in exchange for the opportunity to participate in certain functions/perform certain work. Whether and how the work is carried out determines any rewards and/or fees, or whether any penalties and/or slashing are applicable to the staked assets.
It is instructive to compare validator staking with the operation of a deposit account. In both cases, the participant locks up value (either crypto-tokens or fiat money), in return for a “reward” (interest in the context of banking). However, while the look and feel of both relationships is similar, the reality is very different. In particular, with a deposit account there is no actual “locking-up” of money with the bank; rather a debt relationship is created – the bank owes a debt to the deposit holder and the depositor takes credit risk against the bank (and is rewarded for taking that risk with interest). Conversely, validator stakers are not rewarded for taking credit risk against a counterparty – they are instead rewarded for performing work that is vital to the ongoing operation of the blockchain system. In addition, another difference is that, with a banking relationship, monies are usually on-lent by the bank to generate the interest paid to a depositor. Banks therefore fund the interest payments themselves directly. In contrast, proof-of-stake consensus mechanisms fund rewards paid to validator stakers from a combination of fees paid by participants within the system and emissions of new tokens (which can be seen as a cost shared between all existing tokenholders as their existing holdings will be diluted).
Arguably, validator staking arrangements can also be seen as distinct from normal collateral arrangements which typically involve granting recourse to certain specified assets to secure or otherwise cover a payment obligation or the performance of an undertaking. Generally, parties use collateral arrangements to protect against credit risk of their counterparty. Party A acquires a proprietary interest in assets, so that it has a right to pay itself out of the value of those assets, despite the insolvency of B.3 But validator staking arrangements do not use risked (that is, staked) assets for credit risk mitigation purposes against a single counterparty to a specified obligation. Instead, staked collateral is used as a financial incentive within a broader system of incentives for “good” or “honest” participation in essential system functions/work – there is no direct counterparty to a validator staking relationship.
IGNORANCE IS BLISS; KNOWLEDGE IS POWER
In addition, validator staking arrangements give rise to novel issues that do not apply to conventional deposit taking or collateral arrangements.
Maximal Extractable Value (MEV)
Potentially the most contentious issue in staking, the nature of the work that the validator undertakes as part of the validator staking relationship affords validators significant power. Validators have power to arbitrarily include, exclude, or re-order transactions from the blocks they construct and propose for propagation through the network. This means that validators are generally incentivised to construct blocks in ways which maximise their potential returns through token emissions and fees. Validators can benefit from this power in several ways: directly, by maximising their own profits from transaction fees and block rewards, and indirectly from the (otherwise above market) fees that DeFi traders are willing to pay for certain transactions in anticipation of rational value-maximisation activity by miners. Certain miners (or their associated persons) may also be involved in trading operations themselves, which could lead to potential information asymmetry in respect of transaction ordering decisions for blocks that they construct and propose.
Validators have the power to censor specific transactions or users and, potentially, to halt, rewrite or otherwise impair the blockchain system or its execution environment.
HMRC guidance is that where validator staking “does not amount to a trade, the pound sterling value (at the time of receipt) of any tokens awarded will be taxable as income (miscellaneous income) with any appropriate expenses reducing the amount chargeable”.4 Therefore HMRC treats newly-emitted crypto-tokens as “income” for tax purposes when received by a validator staker, even though there is an argument that such tokens have been acquired through a form of original acquisition (under which crypto-tokens would likely be liable to capital gains tax only on disposal). Given the nascence of validator staking arrangements at scale, there is little market evidence as to the practical and economic incentives that different tax treatment could give rise to.
More complex validator staking arrangements
Validator staking is not always performed directly, on an individual basis. The market has developed a number of more complex validator staking arrangements.
Delegated validator staking
Delegated validator staking (or “staking as a service”) involves a validator providing software as a service to a tokenholder, who then stakes tokens on-chain using that software. The tokenholder therefore “performs” the staking, in terms of determining when and how much to stake, as well as directly engaging in the validator activities described above. However, the validator is dependent on the skill of the provider of the validation software to ensure that validation is performed to the requisite standard. It is common to structure the relationship in terms of being software as a service, and a standard issue is determining the level of responsibility of the software or the provider for any economic disincentives suffered.
Validator staking services are usually provided in return for a fee. The fee can be structured as a direct fee payable from the software user to the service provider, or a smart contract can be built into the software to divert a share of the rewards to the software provider.
Care also must be taken with delegated validator staking to protect the consensus.
A core general assumption behind consensus mechanisms is that there are a range of persons performing the validator role, and that different validators are therefore keeping each other in check. With a delegation model, the same software may be used/running for a range of – notionally different – participants. So there is a risk that a software provider obtains a dominant market position with the illusion of multiple validators masking the substance of a single software provider determining how a significant share of validation is carried-out. This risks the blockchain system becoming centralised around a small number of validators. There are two opposing forces at play here for the software provider: the more participants that the software provider represents, the more rewards it will receive (and indeed, the greater the ability to exploit the MEV, on which see above). However, those rewards are likely to lose value to the extent that the blockchain system is perceived as less legitimate, useful or reliable due to a lack of decentralisation of the consensus mechanism.
Pooled validator staking
Pooled validator staking involves a tokenholder making an outright transfer of tokens into a “pool” (or pools) held by another person, or into a smart contract account(s). The pool operator will then use the pool of transferred tokens to engage in validator staking directly.
The advantage of this approach is that any economic disincentives suffered are diluted across the range of ultimate participants involved. The disadvantages are that each participant has less control over their (or their transferred) tokens and the legal risk that such arrangements are characterised as a collective investment scheme (CIS).
A CIS is defined as (emphasis added):
1. In this Part ‘collective investment scheme’ means any arrangements with respect to property of any description, including money, the purpose or effect of which is to enable persons taking part in the arrangements (whether by becoming owners of the property or any part of it or otherwise) to participate in or receive profits or income arising from the acquisition, holding, management or disposal of the property or sums paid out of such profits or income.
- The arrangements must be such that the persons who are to participate (“participants”) do not have day-to-day control over the management of the property, whether or not they have the right to be consulted or to give directions.
- The arrangements must also have either or both of the following characteristics—
a. the contributions of the participants and the profits or income out of which payments are to be made to them are pooled;
b. the property is managed as a whole by or on behalf of the operator of the scheme. …”
This definition is very broad, and as written naturally tends to include simple pooled validator staking. This creates fundamental issues in terms of participant access (ie participants are limited to professional investors) and compliance cost (meaning that the pool needs to be a certain size to be financially viable). Simply ignoring the CIS regime is a breach of the general prohibition, the consequences of which can include up to two years imprisonment, a fine and (more often) a requirement to return back participant’s money as if they had not invested (meaning that if participants lose out, they have an incentive to get the arrangement declared void to get their assets back).
A common way to reduce the risk of characterisation of an arrangement as a CIS is to operate individual managed accounts. This is increasingly becoming popular as a service provided by custodians, who may hold tokens on behalf of their customers on a segregated basis and provide staking as an additional incentive to use their services. Thought needs to be given here to the nature of the custodial relationship, as some custodians hold assets on trust, some enter into a contractual relationship to return equivalent assets, and some are set-up so that they provide the software for users to self-custody. Thought also needs to be given as to the level of responsibility assumed by the custodian in such a relationship, as it is common for the custodian to seek to limit liability or exclude fiduciary liability. This is important because it is likely that the custodian determines which validator is used, and the client is therefore dependent on the custodian’s due diligence of the validator used. Because custodians hold a large proportion of all crypto-tokens used for validator staking, this model may also be subject to the general considerations regarding consensus as discussed above in relation to delegated validator staking.
Liquid validator staking
Liquid validator staking is a twist on pooled validator staking, and refers to an arrangement where a tokenholder transfers tokens to a “pool” (or pools) held in a smart contract managed by another person, and in return is issued with a newly-minted token that receives rewards linked to the underlying validation activities. Participants therefore have either a contractual or proprietary right to the staked crypto-token (or its equivalent), as well as a contractual right to the reward from staking, linked to a newly-minted and freely tradeable (ie liquid) token which can itself be leveraged. As liquid validator staking arguably involves pooled validator staking, it is subject to the same legal risk that such arrangements could be characterised as a CIS.
FORM OVER SUBSTANCE
The breadth of the CIS definition is the biggest single hinderance to validator staking in the UK. It is also UK-specific and pre-dates the concept of proof-of-stake by 10 years. The question is therefore whether it is appropriate for validator staking arrangements potentially to fall within the definition of a CIS.
One principal purpose of the CIS regime is to regulate those arrangements which involve the exercise by managers of investment management decisions in respect of pooled assets aimed at generating wealth. In contrast, validators undertake valuable work (validation) and are rewarded for that work. Their decision making is limited to compliance (or otherwise) with specified, open-source and verifiable protocol rules. Validators do have discretion to engage in MEV related activities but this discretion could be limited through sub-contracting block-builders, contract or other technical MEV mitigation techniques. Where validator discretion is limited in a precise, transparent and openly verifiable way, it is not clear that the “management” element of validator staking poses the same (or equivalent) risk to investors as “management” in the sense of an investment management decision aimed at generating wealth.
Validator staking involves the provision of valuable and important work for blockchain systems. Pooled validator staking arrangements potentially allow retail participants to contribute to the provision of this work and share in the rewards generated. This provides retail investors with an opportunity for exposure to a different type of risk than deposit accounts or schemes involving the investment of their assets. Pooled validator staking arrangements help to protect retail users through the reduction of technical/error risk and the reduction of concentration of penalty and slashing risk through the use of multiple validators.
Validator staking is a fundamental part of blockchain ecosystems and, if the UK is to become a global crypto-hub, it will be important to incentivise validators to use the jurisdiction of England and Wales. One option which could facilitate this is to introduce a new specific exemption to the CIS definition to allow for validator staking. Such an exemption could help to clarify and mitigate the types of risk that users take under a pooled validator staking arrangement, while incentivising validators – as some of the most important DeFi ecosystem participants – to base part or all of their operations in the UK.
1 See also Digital Assets (2022) Law Com CP No 256. “A crypto-token system is manifested or realised by the active operation of a particular set of protocol rules.” (emphasis added).
2 G Shapiro, ‘A Functionalist Framework for DeFi Regulation’, 2022. Available at: https://lexnode.substack.com/p/a-functionalist-framework-for-defi.
3 See L Gullifer ‘What should we do about financial collateral?’ (2012) 65 Current Legal Problems 377, 378.
4 See CRYPTO40250 – Cryptoassets for businesses: staking – HMRC internal manual. Available at: https://www.gov.uk/hmrc-internal-manuals/cryptoassets-manual/crypto40250#:~:text=If%20the%20mining%20activity%20does,expenses%20reducing%20the%20amount%20chargeable
5 Section 235 Financial Services and Markets Act 2000.
- Baking, staking, Tezos and trusts: crypto sale and repurchase transactions analysed by the
High Court (2022) 2 JIBFL 96.
- Crypto yield (2022) 3 JIBFL 199.
- LexisPSL: Tax: CRYPTO61120 Meaning of “Loan” and “Staking”.
The article first appeared in the October edition of Butterworths Journal of International Banking & Financial Law.