Make validator shares transferable to allow for key rotation

Hi Matic team,

When a delegator delegates their tokens to a validator, Validator share tokens are minted and sent to the delegator. Validator shares are typical ERC20 tokens, except that they are non-transferrable today.

This is problematic because this makes it impossible for people that are delegating to rotate their keys quickly in case of a security breach. To rotate keys, they have to unbond, wait out the unbonding period, and then claim their tokens before they can move their tokens to another address and re-delegate their tokens. The whole process could take 9+ days at the very least, and by then it is likely going to be too late.

I understand that the original motivation behind making the tokens untransferable was to prevent fraudulent validators from committing a slashable offense on the network and then selling their validator share tokens to someone else before the slashing occurs.

While I appreciate the original motivation, I believe that it is highly unlikely for people to be trading validator share tokens as opposed to MATIC tokens. Loss of funds caused by not being able to react quickly to a security breach is much more likely to happen. Unlike other “staking” tokens popular in DeFi, validator shares lack proper ERC20 metadata (no symbol for example) and aren’t fully fungible (between validators), which should suggest that these are not meant to be traded.

Although it is probably not necessary but if we want to absolutely make sure that it is not traded on DEXes, another option is to disable approve/transferFrom functions while keeping the transfer function.

I recommend removing the restriction. Private key theft is one of the most common causes of fund losses in this space, and it is also good security practice to rotate keys periodically.

Thank you and keep up the great work! I have been building a blockchain game on Matic and it’s been such a joy to use. Easily the best scaling solution on Ethereum today!

Thanks @jim for the proposal. Great idea to disable transferFrom/approve. Now that I think about it, it’s not meant to be traded in most cases and hard to trade due to liquidity.

Would you be okay doing PR on branch release-0.3-3 (https://github.com/maticnetwork/contracts/tree/release-0.3-3)? Just editing ERC20NonTransferable should it.

Thanks a lot!

Thanks for the response, JD! It’s much appreciated. The PR is submitted, but the CI is failing due to an error unrelated to the PR. Please take a look. I hope it gets merged and deployed soon!

Thanks!

This post was flagged by the community and is temporarily hidden.