Subscribe to Tokensight Research Hub to receive new posts directly to your inbox.
This research in collaboration with Symbiotic explores how networks can estimate the amount of stake (or collateral) required to operate securely under Proof-of-Stake or restaking-based models. It introduces a framework for calculating “target stake” based on variables such as total value at risk, attack profitability, validator behavior, and slashing conditions. It also accounts for added complexities introduced by restaking, including collateral reuse and cross-network risk, and proposes how flexible, context-specific security thresholds can be designed for services like data availability, oracles, or zero-knowledge provers.
Abstract This research in collaboration with TokenSight explores how networks can estimate the amount of stake (or collateral) required to operate securely under Proof-of-Stake or restaking-based models. It introduces a framework for calculating "target stake" based on variables such as total value at risk, attack profitability, validator behavior, and slashing
Before defining the target stake itself, it's important to understand what it's meant to defend against. A protocol needs enough stake bonded to make corruption economically irrational. This baseline level, the minimum stake required to deter an economically motivated attack, is what we refer to as minCoC, or the minimum cost of corruption. The higher the potential reward from corruption, the weaker the network’s slashing conditions, or the greater its infrastructure risk and slashing overlap with other networks, the more stake is needed to secure it.
To model the required stake for economic security, it’s essential to understand what an attacker could gain. This is captured by PfC, the potential profit from corruption. For accurate modeling, we distinguish between two categories:
Endogenous PfC: Profit extracted within the protocol, by manipulating internal mechanics.
Examples include:
Transaction ordering (MEV)
Validation logic
Proof generation or minting
Internal slashing evasion
This can often be measured quantitatively as average value transacted (AVT) per epoch or window, depending on the network type.
Exogenous PfC: Profit extracted outside the protocol, using the network as a vector to influence external ecosystems (typically in DeFi).
Examples include:
Arbitrage opportunities
Shorting or forced liquidations
Bridge exploits and downstream capital drains
Exogenous PfC is more contextual and harder to measure directly. In practice, we treat it as a scalar multiplier applied to the endogenous baseline, reflecting the network’s exposure to external attack surfaces.
The target stake must be set such that the cost to corrupt (minCoC) exceeds the expected PfC: minCoC > PfC
The type of corruption profit (PfC) a network is exposed to depends on its role in the stack. Some networks (like sequencers and provers) are vulnerable to endogenous attacks, where profits are extracted through internal logic like MEV or forged proofs. Others, like oracles and bridges, are more exposed to exogenous attack surfaces, where the protocol is used to manipulate downstream systems or trigger external value extraction.
Below is a breakdown of different network types, how they map to PfC categories, and historical examples that illustrate the nature of attacks seen (or expected) in each case:
With PfC defined, we can now formalize how to compute the minimum amount of stake required to economically secure a network. The formula below captures the relationship between the profit from corruption, the stake required to corrupt, and a set of modifiers that reflect the quality of slashing conditions, network-specific risks, and correlated validator exposure. The goal is to ensure that the cost to corrupt the system (minCoC) exceeds the potential profit, creating a deterrent that’s enforceable and economically rational.
PfC_endo can be reasonably estimated based on in-protocol activity, but PfCexo is harder to quantify. To account for this, we introduce a scaling term α, which amplifies the total PfC value based on the network’s exposure to exogenous attack surfaces. Together, PfCendo * αPfCexo represents the risk-adjusted corruption profit, capturing both internal and external threat vectors.
The denominator then adjusts this value based on network-specific defensive characteristics, including the percentage of stake required to attack, the strength and uniqueness of slashing conditions, and the network’s overall security posture. This allows us to compute a target stake threshold that dynamically adapts to the economic realities of each network or service.
To illustrate how the formula performs in practice, we applied it to several representative network types — spanning from sequencers and ZK provers to oracles and data availability layers. Each example assumes a base endogenous PfC estimate and applies a network-specific multiplier αPfCexo to account for external risk exposure.
By adjusting these variables across different contexts, we show how seemingly similar services can require vastly different security budgets. For instance, the sequencer and ZK prover examples result in relatively modest target stakes, as their attack surfaces are mostly endogenous and easier to quantify. In contrast, oracles and DA layers, which are tightly coupled to downstream DeFi ecosystems, show significantly higher required stake due to harder-to-measure, externally realized attack profits.
These examples help demonstrate how network-specific risk and validator strategy design directly affect how much stake is truly needed to secure a system. The more exogenous risk a network exposes itself to, the higher the required stake to maintain economic security.
Tokensight Research
