ToC

Overview

Hi everyone, thank you for joining Lido’s integration of Obol based DVT on mainnet as part of a Super Cluster in the Simple DVT Module. All participating members have been split into various clusters that represent your group to operate DVs (distributed validators) and will represent an entry in the Lido Node Operator registry. Each cluster will coordinate in a corresponding Discord channel thread that will be used to set up a SAFE Multisig, represent an entry in the Lido Node Operator registry, coordinate a DKG ceremony, and run distributed validators on mainnet.

Prerequisites

• START HERE: Completion of the Super Cluster Operating Rules of the Simple DVT Module ****

  • Read the rules of participation, sign a message confirming your agreement, make a tweet using the included template, and then fill out this form: https://forms.gle/46f92VKuECYeLRyL7

• Fill out this form to additional teammates (if they do not already have roles) that will be directly involved in running your individual node: https://forms.gle/Y9RfvHnfyaAqZ38F9

• A server to run your node located in the region for your specific cluster

  • Please note many participants have experienced issues with Contabo, we would recommend using a different provider
  • One you can give a static public IP to and open ports on
  • We recommend the following specs if you’re going to use the template docker-repo that contains the Beacon Node and Execution Client. Charon alone uses negligible disk space of not more than a few MBs.
    • 8 physical cores (16 virtual) with good CPU single-core performance
    • 32GB RAM
    • 2TB NVME storage (or more depending on your EL)

• The template docker-compose repo for lido DVs. This will simplify the process as support for various CL clients is under active development. You can also use an existing beacon node and other Charon deployment methods if you have tested that setup before, but note that the Charon version must align with the one used in the docker-compose repo.

• Agreement on who will deploy the SAFE, stage transactions, and execute the transactions once approved. This person is referred to as the cluster coordinator.

• Join the relevant Discord thread for your cluster. The name of the thread is also the name of your cluster that should be referenced where needed.

First Steps

When your team has chosen the cluster coordinator, please tag @kimonsh. A form (linked below) will be used to collect each cluster member’s Ethereum addresses that they plan to use to sign messages in the SAFE, sign the distributed validator config and receive validators’ rewards to.

Each cluster member must submit the form and verify the address(es) they would like to use. Each cluster member should submit up to two addresses.

1. Required: Your individual manager address. This will be your address used for the SAFE Multisig and for signing messages related to your distributed validator cluster in the DV Launchpad. The launchpad only supports Metamask* at the moment so you need to be able to connect to Dapps via Metamask (which can also import a hardware wallet for example). If you would like to, it can also act as your individual reward address. Each cluster member must submit the address and verification (see “Address Verification” below) in the form.

*Multisig support will be added in the future, however is not available at this time

2. Optional: Your reward address. This will be the address added to the reward splitter contract. The splitter contract will evenly distribute rewards between all members of your cluster. This rewards address should be used if you would like to use an address other than the one used for your manager address to collect rewards. If you provide a reward address you will need to sign a message verifying ownership of it in addition to the manager address’s verification.

Each individual participant is responsible for the security and storage of the private key(s) related to these addresses. Please confirm that you have your seed phrase backed up and the address is secure before submitting. This is crucial for signing transactions and receiving rewards over the coming years.

Use this form to submit your address and verification link (see verification instructions below): https://forms.gle/nT3oUcmM1FLYGaSBA

Address Verification Instructions

Use the following guide to prepare and sign a message that will be used for verification of your chosen manager and (where applicable) reward address:

In case of using externally owned account (EOA):

1. Sign the message on mainnet using the text (add your specific details within <>: with the private key you’ll use as the signing key. One of the options is using Etherscan.
   1. Go to https://etherscan.io/verifiedSignatures
   2. Press the “Sign Message” button and connect your wallet
   3. Input the address you’re verifying (your Individual Manager Address or Individual Rewards Address)
   4. Enter your message using the following template (add your specific details within <>: “<my name> is joining Lido x Obol cluster <cluster name> with address <public address>”
   5. Press sign message and if the message is successfully signed, publish it.
   6. Submit the verified signature URL via the form (e.g. https://etherscan.io/verifySig/27336).

• In case of using SAFE Multisig (ONLY FOR INDIVIDUAL REWARD ADDRESSES):

SAFE Multisig

Once the form is filled out, please tag @kimonsh and @perrier and wait for confirmation to proceed further.

Once each cluster members has submitted the form and Lido NOM team has approved, the addresses will be shared to the group and the cluster coordinator will create the 5/7 threshold Safe Multisig using each cluster member’s individual manager address on mainnet (https://app.safe.global/). When the Safe is created, share the Safe URL for your cluster to review and tag @kimonsh and @perrier. This address will be your cluster’s representation in the Lido Simple DVT Node Operator Registry.

Each cluster should also pin a message with basic info in their threads:

<participant name>   :  <ETH address here>   | <participant cluster identifier>
<participant2 name>  :  <ETH address here>   | <participant3 cluster identifier>
<participant3 name>  :  <ETH address here>   | <participant3 cluster identifier>

repeat above 'n' times where 'n' = cluster size

The cluster identifier will be obtained at the end of the DKG (steps below). Update the message to reflect it once done.

During this time, the Simple DVT Module Committee will add your cluster to the Lido Node Operator Registry using the SAFE multisig you provided.

Operator Joining Flow

<aside> ℹ️ NOTE: It’s an NO’s responsibility to make sure that configurations and software are correct, to aid in this we’ve created a config guide to help you double check values as you go through the guide and configure your software. Simple DVT Config Guide Mainnet

</aside>

Create your ENR

All operators should already be familiar with the Obol Launchpad Quickstart Guide - Operator Journey and launchpad walkthrough video.

All cluster participants should have already shared their individual manager and reward addresses in their cluster-specific form (see above).

To prepare for the distributed key generation (DKG) ceremony, you need to create an ENR. On the machine where you plan to run your Obol DVs, run the following commands to get your ENR.

# Clone this repo
git clone <https://github.com/ObolNetwork/lido-charon-distributed-validator-node.git>
 
# Change directory
cd lido-charon-distributed-validator-node
 
# Create your charon ENR private key, this will create a charon-enr-private-key file in the .charon directory
docker run -u $(id -u):$(id -g) --rm -v "$(pwd):/opt/charon" obolnetwork/charon:v1.0.1 create enr

You should see an output similar to the below:

Created ENR private key: .charon/charon-enr-private-key

enr:-JG4QGQpV4qYe32QFUAbY1UyGNtNcrVMip83cvJRhw1brMslPeyELIz3q6dsZ7GblVaCjL_8FKQhF6Syg-O_kIWztimGAYHY5EvPgmlkgnY0gmlwhH8AAAGJc2VjcDI1NmsxoQKzMe_GFPpSqtnYl-mJr8uZAUtmkqccsAx7ojGmFy-FY4N0Y3CCDhqDdWRwgg4u

<aside> ⚠️

</aside>

Creating the Obol Distributed Validator

Each cluster configuration will be created by the Obol team who will send a specific invite code to each cluster as a URL link.

Operators will follow the invite link to their cluster set up page in the DV Launchpad, they will review the cluster configuration, input their previously-generated ENR, and sign a message using their individual manager address provided earlier to confirm the cluster configuration.

Here are the steps to follow in detail once on the invite link:

• Connect your wallet using the individual manager address provided in the form.

• Review the other operator manager addresses in the cluster and click Get Started to continue

• Review and accept the advisories by signing a message when prompted.

• Review the configuration - confirm that the withdrawal address and fee recipient match Lido’s requirements.

  • The withdrawal address for Lido withdrawal credentials:

    0xb9d7934878b5fb9610b3fe8a5e441e8fad7e293f

  • The Fee Recipient address for Lido Execution Layer Rewards Vault:

    0x388C818CA8B9251b393131C08a736A67ccB19297

• Input the ENR that you previously generated.

• Sign the following with your wallet

  • The config hash. This is a hashed representation of all of the details for this cluster.
  • Your own ENR. This signature authorises the private key represented by this ENR to act on your behalf in the cluster. (Again, make sure you made a safe backup of the private key before completing this step)

• Wait for all the other operators in your cluster to do the same.

DKG Ceremony

Once all operators have successfully signed the operator configuration, the next step is to perform the Distributed Key Generation ceremony.

A command will be automatically displayed in the launchpad once all operators have signed the config. Running that command will start the DKG process for your node.

Please note this process requires semi-synchronous coordination between all cluster operators. Your cluster should determine a time window of ~ 6 hours that all members can meet to conduct this one-time process.

When you start the DKG ceremony, you shouldn’t stop the process until all members have completed the ceremony.

You can’t just run the command and then turn your machine off! You must wait for everyone to run the command and the DKG to finish (<60sec). However, you can let the command run in the background as it will retry the DKG until successful. Be aware of your machine going into standby or your ssh connection breaking, which may disrupt your DKG process.

When the DKG ceremony has been completed, operators will see the following messages:

All peers connected, starting DKG ceremony
Successfully completed DKG ceremony 🎉

The artifacts of the DKG ceremony will be created in the .charon folder for each member (inside their lido-distributed-validator-node repo).

• deposit-data.json file (the same across all operators)
• cluster-lock.json file (the same across all operators)
• validator_keys/ folder NOTE: unique to each operator, make a backup and keep it somewhere safe!

💡 Please ensure that ALL the operators have the above files created successfully before moving forward.

<aside> ⚠️ Please ensure that you have backed up your validator_keys/ folder. There is no way to recover your private key share or take part in the DV if you lose it.

</aside>

Add Operator ID to .env

While the quick-start guide linked above is adequate for general-purpose deployments, this repository needs further setup to integrate with Lido’s smart contracts:

1. Grab your Operator_ID from https://operators.lido.fi/module/2 (it will be present after Simple DVT Module Committee adds your cluster to the registry) (note that in Simple DVT “Operator ID” refers to a Cluster, not an operator)
2. Run the following three separate commands to add the Operator_ID into the .env file in the validator-ejector config section:

cp .env.sample.mainnet .env

export MY_OPERATOR_ID=your_operator_id_here

sed -i.bak "s|#VE_OPERATOR_ID=|VE_OPERATOR_ID=$MY_OPERATOR_ID|g" .env

Reference the README for more information.

Add MEV-Boost Relays

To optimise for latency, your cluster will be assigned a few MEV-Boost relays depending on your cluster location and any potential filtering requirements. Please add these relays in the .env by following the below instructions. A table of each relay’s URI is included here: https://enchanted-direction-844.notion.site/6d369eb33f664487800b0dedfe32171e?v=8e5d1f1276b0493caea8a2aa1517ed65&pvs=74

By default, the template repo is configured with all listed relays included so no change should be required through the .env unless you are a cluster that will be using a limited set of relays (this will be communicated to your cluster).

| --- | --- | --- |

Monitoring

Simple DVT Config Guide Mainnet