AVS Challenges: Securing a Sustainable Future

Co-authored with Josh Levine & Steven Valeri.

In this post, we explore the current landscape of Active Validated Services (AVS) in the Eigenlayer ecosystem and highlight some under-explored challenges they face in sourcing robust economic security.

By considering the perspectives and incentives of all parties involved – AVSs, operators, Liquid Restaking Token (LRT) providers, and restakers – we aim to provide a broad view into some long-term economic security challenges for AVS networks.

What are Active Validated Services and Economic Security?

Active Validated Services (AVSs) are key components of the Eigenlayer restaking protocol. They are external distributed systems that ETH restakers validate in addition to the Ethereum Protocol. AVS examples include Data Availability (DA) layers, virtual machines, oracle networks, keeper networks, and interoperability networks.

Restakers provide capital-based commitments and delegate their staked ETH to Node Operators who run the AVS client software. With the help of Node Operators, restakers opt-in to AVS validation by granting additional slashing conditions on their staked ETH, thereby lending their economic security to their supported AVSs.

An AVS’s economic security is based on how much slashable stake is committed to validating the network. An AVS can have high economic security, but for it to be considered secure, its Cost of Corruption (CoC) must significantly exceed the Profit from Corruption (PfC) to create a deterrent against malicious behavior. [1]

The Challenges of Securing AVSs

AVS networks must attract enough economic security to operate, and some will leverage their size as a differentiator. However, many factors will make it challenging to maintain delegated staked ETH. The following are the challenges of securing AVSs, broken up into the primary challenges – the ones we expect to be most salient for teams – and additional challenges:

Primary Challenges

  1. Restaker, Liquid Restaking Token (LRT), and Node Operator Mobility: There are no inherent guarantees that restakers will continue to restake, Liquid Restaking Tokens (LRTs) will consistently delegate to specific AVSs, or that Operators will continue to support a given AVS without off-chain agreements. We expect LRTs to frequently re-evaluate their AVS allocation strategy and ensure their stake is earning the highest risk-adjusted return; the market is already starting to converge around a rebalancing cadence. This lack of commitment can make it difficult for AVSs to maintain a consistent level of economic security.

  2. AVS Reward Volatility: Restaking rewards will likely be given in the form of an AVS’s native token or some “points” variant — let’s call these rewards $AVS. In the early days, the value of $AVS will be highly speculative and volatile, making it difficult to secure long-term economic security. If there is a token, a compounding factor will be the constant sell pressure from LRT operators and LRT holders who are interested in ETH-based returns. Moreover, LRT providers may demand higher yields to compensate them for the opportunity costs associated with 7-day withdrawal delays, further increasing the yield demanded from AVSs. Until an AVS can prove its utility and enough traction, the $AVS will likely be bolstered by speculation and have to fight off consistent sell pressure.

  3. AVS Resource planning: AVSs face uncertainty in resource planning. Determining the appropriate level of economic security is not straightforward, and will depend on its unique PfC; for example, the PfC of a hypothetical bridge protocol could be bound by the TVL of its liquidity pool, whereas for an oracle network, the PfC is bound by the total value secured by its oracles, which could touch external DeFi protocols. The uncertainty is especially acute for new network types, such as shared sequencers and Rollups-as-a-Service platforms, where the AVS team is still de-risking the business model. This makes it challenging to define the initial amount of stake needed and ensure it does not hinder the AVS's future growth.

Additional Challenges

  1. Balancing the Needs/Incentives of Different Parties: AVSs must identify suitable operators to build for and ensure that reputable operators are comfortable running their validators. Engaging the right LRTs is also crucial, as AVSs must determine which LRTs value non-ETH yield incentives and assess which LRTs can properly evaluate the risks they present. LRTs that cannot evaluate their risks could demand an unjustifiably higher yield in return. Meeting each party's needs and maintaining these relationships over time will likely prove challenging.

  2. Concurrent AVS Slashing Risks: While this factor is less probable than the others, we think it’s worth mentioning for completeness. Restakers that pool security by mixing risky and safe AVSs could inadvertently jeopardize the security of the safe AVSs. [2] The risk is that a low-tier AVS, managed by a low-tier operator, slashes the stake of a blue-chip AVS, damaging its security and exposing it to a subsequent attack [3]. Suppose the PfC of the safe AVS (e.g. TVL of a large DeFi protocol, or the return from oracle manipulation) does not react quickly enough to changes in economic security. In that case, the safe AVS is at risk of being attacked or manipulated, further exacerbating the risk of subsequent, adjacent slashing. The wide range of slashing criteria across different AVS types further complicates this issue.

  3. Long-Tail AVS Risk Compounding: Well-known operators and LRTs may prefer to support only standards-compliant, high-yield AVSs, leaving long-tail AVSs with riskier operators and lower stake amounts. LRTs can help pool economic security across long-tail AVSs, but the risk of concurrent slashing is compounded by exposure to low-tier operators of other long-tail AVSs. This bias towards established AVSs can lead to centralizing forces and limit the entry and growth of new, niche services catering to specific use cases. Therefore, long-tail AVSs may end up more co-exposed to the riskiest AVSs, leaving them most vulnerable to the challenges of economic security.

Overall, these risks can lead to AVS teams overpaying in yield to establish some minimum economic security. Moreover, each AVS carries idiosyncratic risk, so the market will discover a unique fair market price for each AVS yield, leading to initial market inefficiencies.


Eigenlayer enables a rich ecosystem of new, secure networks by tapping into the billions of dollars of staked ETH looking for more ways to be productive. In this post, we highlighted the challenges of sourcing economic security in a new AVS. By shedding light on these under-explored aspects of the ecosystem, we hope to encourage further discussion and research into solutions that can support the growth and innovation of AVSs, ultimately leading to a more valuable ecosystem.

Stay tuned as we continue to explore the landscape of AVSs, and if you’re affected by these challenges or are working on potential solutions, we’d love to chat.

Many thanks to Brandon Curtis, Anthony Spezzano, Austin King, Kydo of Eigenlayer, Eshwar of KelpDAO, Edgar Roth, Nikhil Raghuveera, Baley of Swell, Ethan Lippman, Ertemann of Lavender.Five, Sammy of Staked, and others for helping read earlier drafts of this post, and/or chatting with us about these topics in general!


  1. In practice, AVS networks will consider the adjusted PfC, which accounts for the opportunity cost and complexity of an AVS attack.

  2. In search of a competitive return, the restakers and LRTs may “stack” yields by delegating their stake to secure multiple AVSs simultaneously, otherwise known as “pooled security”. by pooling security, EigenLayer effectively raises the CoC for AVSs, as attackers now face a significantly higher CoC to successfully compromise any single AVS. However, even with individual PfC being low relative to the pooled CoC, attackers could theoretically combine the PfC across multiple AVSs to stage a global attack. The practicality of this, however, is mitigated by the inherent complexity and difficulty in coordinating an attack across numerous distinct AVSs.

  3. We expect AVS slash risk to be low, arising only from operator failure, direct attacks, and subjective slashing conditions. The risk is mitigated by a couple of key factors:

    • Pooled Security: Increases the CoC for any one AVS

    • Filtering of Accidental Slashes: A veto committee differentiates between accidental and malicious slashes, minimizing unjust penalties.

Subscribe to Kenton
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
This entry has been permanently stored onchain and signed by its creator.