🙀

Protocol-induced risks to storage providers

Creator
Alex North
Created
May 14, 2023 9:09 PM
Project
Crypto-economics

The Filecoin protocol creates many risks for storage providers. Not all of these are strictly necessary to the functioning of a decentralised storage network. Risks all have potential to decrease participation by introducing uncertainty.

In many cases, an SP can convert a risk into a cost by outsourcing it—paying another party to take the risk on their behalf. Thus, risks directly represent costs to SPs, raising the cost of providing storage to clients.

Outsourcing it doesn’t make a risk go away, it just means another party (e.g. token holder/lessor) must bear it instead. The risk then affects their participation.

Risks to storage providers

  • Pledge commitment duration and amount
    • SPs take on price volatility risk on locked FIL tokens when onboarding storage.
    • Risk grows with both the pledge amount and the lock-up duration.
    • Frequently outsourced by leasing the pledge tokens,
      • Currently a shortage of holders willing to take this risk for the returns that are actually available to SPs.
      • Lessors indirectly take on some of the other risks below, since the leased pledge is directly at risk.
      • Fees range from ~20% p.a. to much higher, and dominate SP costs today.
    • Could also be hedged (by SPs or holders) with derivatives.
  • Vesting of rewards
    • SPs take on price volatility risk on block rewards while they vest.
    • Can be outsourced by selling forward tokens. Means SP sells more tokens to pay expenses than they would have needed to without vesting, while speculator captures margin and any upside.
      • Anecdotal premium of 25% p.a. (w/o additional collateral)
    • Could also be hedged with derivatives.
  • Consensus faults
    • Operational error can lead to consensus fault slashing and lost rewards, a risk to pledged capital. Ultimately unbounded, but at a maximum rate over time.
    • Easier for owner/operator to avoid than insure against.
    • Outsourced when leasing pledge or selling rewards forward, lessor takes counterparty risk (raises leasing costs).
  • Termination fees
    • Operational error can lead to fees for terminated sectors, a risk to pledged capital.
    • Risk of event grows with commitment duration.
    • Easier for owner/operator to avoid than insure against.
    • Outsourced when leasing pledge, lessor takes counterparty risk.
      • Anecdotally, lessors assume termination when calculating outcomes, and require collateral up to that amount.
  • Deal collateral (functionally: a termination fee for deals)
    • Operational error can lead to fees for terminated deals, a risk to pledged capital.
    • Implications as for sector termination fees.
  • Fault fees
    • Operational error can lead to fees for temporarily faulty sectors, a risk to pledged capital.
    • Implications as for sector termination fees, but less magnitude.
  • Pre-commit deposit
    • Operational error can lead to loss of sector pre-commit deposits if the SP cannot prove a sector within deadline after pre-commitment.
  • Uncertainty of future rewards
    • SPs take risk on both the expected amount (due to network growth or non-growth) and fiat price of future rewards.
    • The baseline minting mechanism amplifies variance and uncertainty.
    • Fiat price risk could be hedged with derivatives. Network growth risk could be theoretically insured (but we’re unaware of any instances of this).
  • Gas fees
    • SPs don’t know the price of gas for operations they must perform to maintain storage over time, or even follow through onboarding a pre-committed sector.
  • Protocol change
    • Changes to the protocol rules can change SP outcomes.
    • Protocol change is necessary to address some of the above risks, but may be more or less disadvantageous to specific SPs.

The focus of this note is protocol-induced risk, but it’s worth briefly mentioning other significant risks to SPs. They include dependency on FIL+ verifiers/clients, dependency on clients to provide data, specialization of hardware towards Filecoin rather than general-purpose use, depreciation, availability of financing, and more.

Commentary

Unnecessary risks are an inefficiency

SPs can convert some risks into costs, giving them a more stable business (which is good for clients too). The risk-takers are the financial sector of the Filecoin economy, which charge more than the underlying risk is worth (if they are to remain profitable), but can diversify more effectively than an individual SP. This financial sector is essential, but risk-mitigation costs are a net inefficiency for the productive economy. Risks transfer value from primary producers to the financial sector, raise the price of storage services, and reduce participation and investment in the infrastructure actually providing that storage.

Artificial risks to force “alignment” are not effective

A motivation behind some protocol-induced risks is alignment of SP with “long term network value”. That is, SPs are incentivised to behave in a way that supports the token value since they are forced holders, and explicitly penalised for particular actions.

These mechanisms are ineffective at alignment when they can be outsourced. SPs cannot be forced to hold tokens since they can lease them, sell forwards, or hedge. Pledge collateral is necessary for multiple reasons, but the high levels do not produce the expected alignment, because it is leased. Similarly, a long vesting period for rewards doesn’t force exposure to the token, though many SPs absorb that risk (and are thus unstable when FIL price falls sharply).

Beyond leasing of pledge collateral, hedging is uncommon at the moment partly because few financiers will take the other side of the risk involved. SPs must absorb those risks instead, creating instability in their business. At any particular equilibrium, uncompetitive SPs going out of business is to expected, but the current level involves significant inefficiencies caused by protocol-imposed risks.

The locking mechanisms are ineffective at creating alignment. Instead, they create risk for SPs. This risk can be outsourced, increasing costs, or must be absorbed, increasing uncertainty and instability. In both cases, risks reduce participation and investment.

Which risks are necessary?

Removal or reduction of some protocol-induced risks could reduce costs to storage providers (and hence clients) and improve efficiency of the network.

  • Pledge collateral is necessary, but the long-duration commitment isn’t
    • The storage pledge part of initial pledge is necessary to guarantee funds to pay penalties, but is a small part of the total.
    • The consensus pledge part of initial pledge is critical to token supply dynamics.
    • The long duration commitment of pledge is not fundamentally necessary (especially for CC), but increases the risk. Coupled with termination fees.
  • Reward vesting
    • Not fundamentally necessary, so long as storage pledge guarantees funds to pay penalties. Both term and amount could be reduced.
  • Consensus faults
    • Necessary unless we can strengthen analysis to remove/reduce penalties.
  • Termination fees
  • Deal collateral (deal termination fees)
    • Some mechanism is necessary, but specific level is arguable. A better mechanism would be negotiated with each client, and remit funds to client on failure.
    • Some level of deal collateral for FIL+ deals is necessary
  • Fault fees
    • Some level is necessary for storage security, but quite possibly lower than current levels.
  • Uncertainty of future reward share or price
    • Unavoidable.
  • Gas fees
    • Competition with other SPs for chain bandwidth for similar activities is difficult to avoid.
    • Competition with general-purpose VM usage could be avoided with a gas lane mechanism
  • Protocol change
    • Avoidable, but not if we’re to reduce some of the other protocol-induced risks.

CryptoNet is a Protocol Labs initiative.