I want to share with you what I think is the process required to participate in Ethereum 2.0 pledge, when you pledge 32 Ethereum.
I will start with the general basic process and then introduce the specific methods, and at the end, I will share more advanced security concepts, which may not be applicable to every pledger.
Step 1: Familiarize yourself with the process
1. Familiar with the deposit and pledge process and tools in one of the ETH2 testnets, such as the Medalla testnet (medalla.launchpad.ethereum.org) or the testnet to be established. This can reduce the risk of problems when the benefits are really involved. If you can’t eat hot tofu in a hurry, don’t rush for it.
2. Make sure you get all the information you need from reputable sources, such as the official Ethereum blog (blog.ethereum.org), the Ethereum launchpad (launchpad.ethereum.org), or from someone you highly trust, and use the official And approved tools, such as launchpad and eth-deposit cli tools to generate your public/private key pair.
3. If you don’t understand something, don’t be afraid to ask. Ethereum has a great supportive community. You will definitely get help on the r/eth pledger or eth pledger Discord server. But don’t forget: don’t share any secrets and always be alert to scammers or counterfeiters.
Step 2: Key generation
Now that we have talked about general preparations. So let’s take a look at the best practices for generating key pairs.
4. I suggest you generate your staking key pair on a machine running a real-time (linux) distribution/non-permanent system (such as Ubuntu or Tails), and during the generation process, make sure that you use a non-permanent operating system or hardware Opened, your machine is completely offline and disconnected.
5. Use official tools for key generation, such as the one outlined on Ethereum Lanchpad. If you use binary files, please check that the checksum matches the checksum in the release notes. Use sha256sum NameOfBinary on Linux to see if they match. If your technology is complex, you can clone the repo and compile/build from the source code.
6. Either write down the password/mnemonic phrase or save it encrypted, for example on a fingerprint drive. Make sure that no third party can know it. Make sure the camera is offline/blocked and the microphone is off.
7. If you have a key for the hardware wallet, you can also use the same key. So you only need to keep this one. Keep this copy in a safe place.
8. Never enter mnemonics or private keys on hot devices, especially devices that have (or will have) contact with the outside world.
9. Never enter the key in a field with automatic correction function. Do not print the key, because your printer may have permanent storage. Try to regenerate your deposit file and keystore file from the key you wrote down. For example, if you use the official eth-deposit-cli tool, please use the command existing-mnemonic. See if the generated file is consistent with the original file. The timestamp may be different, so check whether the public key matches in the keystore file. This can ensure that if the signature key is lost after depositing, it can be regenerated later and the corresponding withdrawal key can be generated.
10. Save the deposit file and signature key/keystore file on a clean fingerprint drive. If you use the official eth2-deposit cli tool, then the keystore will encrypt it with the password you chose during the generation process. Make sure to remember it. Store the deposit file and the key on different U disks. In this way, the keystores only need to be connected to the actual staking machine, and then the signing key will be transmitted later.
11. Safely destroy any additional key copies that you may have created and no longer need.
Step Three-Deposit Process
Now that you have safely generated your key, let’s take a look at the best practices in the deposit process.
12. Let’s start with some preparatory work, so that you will not overturn your car because of some small details. Remember, deposits occur on the public blockchain. So all transactions can be tracked. If you don’t want everyone to know how many and which validators you are running, make sure not to deposit from an address that can (easily) link to your identity.
This may include not depositing from addresses associated with the ens name or addresses associated with addresses you used in the past. You may want to consider using a mixer or sending your funds from the exchange to a clean address. For example, you can use tornado.cash and relayer options to send funds to a “clean” address.
13. If you plan to deposit more than 1 verification node, use 32 Ethereum as a group, and inject your funds into different addresses, then you are willing to bear these transaction fees by default. Taking into account the different transaction fees at different times, you can pledge at different times. But because of these steps, staking will become more complicated. Now that we have safely generated the key and the funds are ready, let’s talk about the deposit process itself.
14. If you have a hardware wallet, send your deposit from there.
15. Use official tools, such as the Ethereum deposit launchpad to make deposits.
16. Make sure you understand what the risks of the deposit process are and what the consequences of the deposit process are for you.
17. Make sure your deposit address is correct. Please check the address you will deposit with the address you found from official and reputable sources three times, see #2. The address of the deposit contract should start with 8 zeros, then 219, and finally 5fa. But don’t be superstitious about my words, and check against addresses from other sources.
18. If you plan to deposit many verification nodes, please make sure to use an appropriate audit tool, such as ethdo. If you want to deposit in batches, such as depositing 10 today and 5 later, be careful not to accidentally deposit twice for the same validator.
19. In addition to using deposit tools such as beaconcha.in or beaconscan.com and eth1 block explorer to monitor the deposit status, such as launchpad.
Last chat: ETH2 settings and deposit
Now that your pledge is successful, let’s talk about the pledge itself.
20. Consider running a non-majority ETH1 node and a non-majority ETH2 relay node to promote healthy customer diversity. In particular, running a non-majority ETH2 node can also reduce the risk of simultaneous failures with other networks, and in ETH2, the cause of the risk will generally be punished more strongly.
21. Before starting genesis, set your entire settings, in addition to other things, including your ETH1 node, your relay node, and your verification client in advance, just in case something goes wrong or You need to reset.
22. When performing staking at home, consider whether you need to take precautions to hide IP. Network analysis allows an attacker to identify which authenticator belongs to which machine relay node/ip. With ip geolocation, it is usually easy to find even where you are staking. Use vpn service or other means to hide your ip.
23. More advanced (for “master”): Consider sending signed text messages, link the verifier with the ip/machine through network analysis, and use a lightweight ETH2 network client on an independent system. You may want to use multiple lightweight web clients to send signed emails (in turn), and/or put them on different vpns, using ips in turn. This can reduce the risk of targets being attacked.
24. When pledging from home, consider (especially common or high-cost) failure situations, such as power outages or disconnections. If you are running many verification machines, consider setting up a failover Internet connection and consider installing a battery UPS. The latter not only helps you stay online during a power outage, and usually protects your hardware from power spikes, but it also reduces the risk of your verifier db being damaged during a power outage.
25. Test the migration from one client implementation to another client implementation on the testnet and practice.
26. Think about the backup procedure/process of validator db. A real-time synchronous backup system may save you headaches if the validator db is interrupted.
27. Think about all the applause you can think of that might affect your staking, and make an agreement for at least the most common failures and failures with high cost. This may include having redundant/spare hardware on hand, and having a failover internet connection.
28. Think about how to ensure the security of the operating system. Set up a firewall, and properly set up traffic and port rules. Minimize the number of publicly exposed ports. Check system/software updates regularly. In particular, ensure that you update ETH2 related issues, such as client updates, forks, etc.
29. When staking at home, please keep the firmware of the network hardware updated. Only open the required ports.
20. Consider building a monitoring system so that you can monitor your validator and system health. Set up a fault event notification system that suits your needs.
31. Not only need to consider Phase 0, but also understand what your roadmap looks like and how you need to adjust your settings.
32. Find the staking solution that best suits your needs. If you think your staking is too complicated and inconvenient, or you do not have the funds to staking for a node, then you can learn about the existing staking services.
