Create a Lido CSM DV

This is a guide on taking part in Lido's Community Staking Module (CSM) with a squad as part of a Distributed Validator Cluster.

To start, this guide makes a couple assumptions:

1. You're running a Linux distribution and you've installed Git and Docker (as a non-root user).
2. You will be deploying on Ethereum mainnet. Some screenshots in this guide are from Holesky just for demonstration purposes, so please verify you are using the correct mainnet addresses.

Getting started

This guide is broken down into 3 parts:

Part 1: Creating a shared SAFE wallet for the cluster, and a Splits.org reward splitting contract

Part 2: Using the Obol DV Launchpad + CLI to create the cluster

Part 3: Deploying the validator to Lido's CSM using their UI.

info

In this guide we'll be using CSM UI in advanced mode, using the extendedManagerPermissions to set the managerAddress to the cluster multi-sig (SAFE) and the rewardAddress to the Splits.org splitting contract.

Part 1: Creating the Cluster SAFE + Splitter Contract

Deploy the SAFE

Detailed instructions on how to create a SAFE Wallet can be found here.

The squad leader should obtain signing addresses for all the cluster members, to create a new SAFE with the operators all as owners.

After giving the Safe a name and selecting the appropriate network, continue by clicking the Next button.

Add all the signer addresses of the cluster members, select a threshold, and proceed to the final step by clicking the Next button.

tip

Don't require 100% of signers to approve transactions, in case someone loses access to their address. Using the same threshold as your cluster will use is a reasonable starting point.

Finally, submit the transaction to create the Safe by clicking on the Create button.

Deploy the Splitter Contract

The squad leader should obtain the reward addresses from all the cluster members (if members want to use a distinct address to the one they sign with for receiving rewards). Open https://app.splits.org and create a New contract. Make sure to select the appropriate network.

Select Split for the contract type.

Add the reward addresses of all cluster members. Choose whether the contract is immutable (reccommended option), whether to sponsor the maintainers of splits.org, and optionally whether to set a distribution bounty such that third parties could pay the gas costs of distributing the accrued rewards in exchange for a small fee.

Finally, click the Create Split button, execute the transaction and share the created split contract with all cluster members for review.

Part 2: Use the DV Launchpad + CLI to create the cluster keys

Charon is the middleware client that enables validators to be run by a group of independent node operators - a cluster or squad. A complete multi-container Docker setup including execution client, consensus client, validator client, MEV-Boost, the Charon client and monitoring tools can be found in this repository.

Step 1: Clone the repo

git clone https://github.com/ObolNetwork/charon-distributed-validator-node.git

Step 2: Create ENR and Backup your Private Key

Enter the CDVN directory:

cd charon-distributed-validator-node

Use docker to create an ENR

docker run --rm -v "$(pwd):/opt/charon" obolnetwork/charon:v1.1.1 create enr

Back up the private key located in .charon/charon-enr-private-key

caution

What you see in the console starting with enr:- is the public key for your Charon node (known as an ENR). The private key is in the file .charon/charon-enr-private-key, be sure to back it up securely.

Step 3: Create the DV cluster configuration using the Launchpad

Obol has integrated a CSM details into the DV Launchpad. Choosing the "Lido CSM" withdrawal configuration allows you to create up to 12 validator keys (CSM's Early Access limit) with Lido's required withdrawal and fee recipient addresses.

To start, the squad leader opens the DV Launchpad, then connects their wallet and chooses Create a cluster with a group.

Then click Get Started.

Accept all the necessary advisories and sign to confirm.

Cluster configuration begins next. First, select the cluster name and size, then enter all cluster members signer addresses.

• Select the number of validators to create (CSM's Early Access phase is capped at a maximum 12 validators).
• (If the cluster creator is taking part in the cluster) Enter your Charon node's ENR which was generated during step 2 above.
• In the Withdrawal Configuration field, select LIDO CSM. This will automatically fill the required Withdrawal Address and Fee Recipient Addresss per Lido's Documentation.
• Finally, click on the Create Cluster Configuration button.

Lastly, share the cluster invite link with the other cluster members.

Step 4: Distributed Key Generation (DKG)

All squad members need to open the cluster invitation link, connect their wallet, accept all necessary advisories, and to verify the cluster configuration is correct with a signature. Each squad member will also need to upload and sign an ENR to represent their charon client, so see steps 1 and 2 above.

Once all members confirm the configuration they will see the Continue button.

On the next page, they will find a CLI command which is used to begin the Distributed Key Generation (DKG) ceremony. All members need to synchronously complete this step.

tip

Go back to the terminal and make sure you're in the charon-distributed-validator-node directory before running the DKG command:

pwd

If you are not, navigate to it using the cd command.

Paste the DKG command into your terminal and wait for all the other squad members to connect and complete the DKG ceremony.

New files were generated: cluster-lock.json, deposit-data.json, validator_keys are all found in the .charon folder (hidden by default). This contains each operator's partial key signatures for the validators.

danger

At this point, each operator must make a backup of the .charon folder and keep it safe, as validator keys cannot be recreated if lost.

Step 5: Create a .env file for Mainnet

Copy and rename the .env.sample.mainnet file to .env

cp .env.sample.mainnet .env

Open the .env file using you favourite editor:

nano .env

Uncomment and set BUILDER_API_ENABLED=true.

Uncomment MEVBOOST_RELAYS= and set it to the URL of at least one of Lido's approved MEV relays here. Multiple relays must be separated by a comma. Consult our deployment best practices for further info on MEV relay selection.

Step 6: Starting the Node

Each cluster member should start the node with the following command:

docker compose up -d

At this point, execution and consensus clients should start syncing. Charon and the validator client should start waiting for the consensus client to be synced and the validator to be activated.

Part 3: Upload the public keys and deposit to Lido CSM

CSM is launching with a whitelisted set of approved operators (Early Access). The squad member with EA should be the one to create the node through the CSM widget.

The EA member will head to CSM Extended Mode and connect their wallet. (Note the mode=extended parameter.) This allows the Lido CSM reward address to be set to the split contract created earlier.

The EA member clicks on the Create Node Operator button.

• The EA member pastes the contents of the deposit-data.json file into the Upload deposit data field. The EA member should have enough ETH/stETH/wstETH to cover the bond.

• Expand the Specify custom addresses section.

  • Set the Reward Address field to the Split contract address and the Manager Address field to the Safe wallet address. (These were created previously in part 1)

  • Verify that the Extended box is outlined. This ensures that the Safe address has the ability to change the reward address if necessary.

• Check that the correct addresses are set and click the Create Node Operator button.

Sign the transaction. The cluster is ready for deposit from Lido CSM.