TenderVault / tTokens
Liquid staking vault that accepts user deposits, staking them to a the validator chosen by the user, minting and burning tTokens.
TenderTokens are ERC-20 tokens with an elastic supply model like aTokens in the Aave protocol. These types of tokens work by updating the total supply to map 1:1 with the amount of underlying tokens staked. Supply changes upward as staking rewards are earned and downward when slashing occurs and/or tokens are removed from the node. As staking service providers conducts business, staking rewards and/or slashing losses are distributed among all tToken holders of that node.
Thanks to the ability to unstake through Tenderize, the exchange rate of tTokens is at parity to the liquid version. Holders of tTokens don’t have to worry about the asset depegging from the underlying market value of the liquid asset. This also means that protocols don’t have to use custom price oracles to track the price of tTokens when using them in other Defi protocols.
💡 Example: Alice stakes 10 LPT to Bob’s Livepeer node using Tenderize and receives 10 tLPT in return. After some time passes, she earns 2 LPT because Bob’s node earned staking rewards. Alice’s wallet balance is now 12 tLPT. She can sell the 2 tLPT on TenderSwap or unstake the 12 LPT.
For any underlying token, there can be as many unique TenderTokens as there are node operators on that network. Each TenderToken represents a separate delegation vault that acts as a proxy to allocate stake to the node operator. Each tToken has yield tied to the node’s performance and parameters.
Delegation vaults execute the logic which would be done by a user when natively staking on the underlying protocol. Both staking and unstaking capabilities are fully available. Unstaking is time is determined by the underlying network’s rules. No additional unstaking time is added when using Tenderize v2.
When a user stakes underlying tokens in a delegation vault, an equivalent amount of TenderTokens (tTokens) are minted for the user. When unstaking, TenderTokens are removed from the supply and burnt. After a tToken is burnt, an unstaking request is sent to the underlying protocol. A receipt is issued for the user which can be redeemed for underlying tokens when the unstaking period ends (specific to each protocol supported).
When a user in in the middle of an unstaking period, assets are still exposed to market volatility. To address this issue, receipts are given to the user when unstaking are tokenized and represented as NFTs using the ERC-721 standard. A receipt contains the amount of tokens to be received and can be redeemed by the holder at its maturity date. Tokenized receipts are transferrable and can be sold on the secondary market or over-the-counter when a user requires liquidity during the unstaking period
While Tenderize’s delegation vaults take liquid staking to a much more granular level than traditional designs, not every user is an advanced user that wants to stake to specific validators. Some users simply want to stake as an investment. For these users, there will be a liquid staking pool for each supported network that is made up of tTokens for various node operators on that network.
A liquid staking pool in Tenderize is not managed by a subjective governance process or whitelist. Rather, users stake Tenderize’s native token, WAGYU, to determine the weight of each node in the index.
Indexes are peripheral to the Tenderize core protocol and will not be available at launch. More specifications will follow in the future.
The Tenderize Protocol charges a small fee on the staking rewards before they are distributed. These fees are fully contributed towards the protocol treasury and its protocol-owned liquidity. No fees are charged on the principal when staking or unstaking to or from Tenderize, however the underlying protocol might implement fees or taxes that the Tenderize protocol also takes into account (e.g. The Graph 5% delegation tax).
At launch, this fee will be set to the hardcoded maximum in the protocol of 0.50%. As the protocol grows over time and the treasury builds up additional revenue sources and sufficient liquidity, a dynamic fee system could be installed.
Node operators and its delegators in various web3 protocols are often subject to staking penalties and slashing when misbehaving (e.g. long down-time, performing bad work, etc.). Tenderize does not aim to mitigate this risk as it merely acts as middleware for staking.
If validator A is slashed, only tToken A will suffer the penalty.
Node Operator Misbehaviour
Due to the design of the native staking experience, node operators on the network can arbitrarily increase their commission rates to draw more rewards from delegations. This problem already exists for delegators before Tenderize, the problem will continue as Tenderize v2 is a delegator in the ecosystem. However, should this happen, it would likely cause staked assets to move towards different node operators offering more favorable rates. Tenderize will notify users if rates are changed by the validator.
Smart Contract Risk
There is an inherent risk that any piece of software could contain vulnerabilities or bugs. However, security is a top priority for the Tenderize protocol. Therefore, the smart contract code is fully open source for anyone to verify and battle test. Before launch, the code will undergo security audits.