What Are Exit Messages?

To initiate a validator exit, an exit message needs to be generated, signed and submitted to a Consensus Node.

It looks like this:

{
  "message": { "epoch": "123", "validator_index": "123" },
  "signature": "0x123"
}

After it's generated, it is signed using the validator BLS key which needs to be exited and a signed exit message is formed.

Why Pre-sign?

Pre-signing is a well balanced solution allowing to achieve meaningful automation without sacrificing security or decentralization.

However, if you have existing tooling in place to create and send out exit messages, you can use webhook mode of the Validator Ejector which will call an endpoint in order to initiate a validator exit.

On the endpoint, JSON will be POSTed with the following structure:

{
		"validatorIndex": "123"
		"validatorPubkey": "0x123"
}

200 response will be counted as a successful exit, non-200 as a fail.

If it's not enough, you'll have to fork the Validator Ejector or monitor ETHDepositsDeallocated events of the RioLRTOperatorRegistry in your tooling.

Example in the Validator Ejector

How Many Keys to Pre-Sign?

Operators should pre-sign an amount or a percentage of validators which they are comfortable with managing. Smaller amounts means more frequent refills and vice versa.

For withdrawal preparations, for example, exits for 10% of the validators pre-signed is suggested. After that, it will depend on the withdrawal demand and operator preferences.

How to Understand Which Keys to Pre-sign

If your validator signing keys are stored in generation order, you can simply start exit generation and signing from the oldest keys since the exit algorithm is deterministic and will choose oldest keys first for each operator.

However, for each batch you'll need to either track the last key exit message was generated for or query validator statuses on the Consensus Node to understand where to start next.

Storing Signed Exit Messages

Storing signed exit messages as-is is discouraged. If an attacker gains access to them, they will simply submit them, which will exit every validator for which you had exit messages.

It's recommended to encrypt the messages, for example using the encryption script provided with the Validator Ejector.

The Validator Ejector automatically decrypts EIP-2335-encrypted files on app start.

How to Initiate a Validator Exit

Signed messages are sent to a Consensus Node via the /eth/v1/beacon/pool/voluntary_exits endpoint in order to initiate an exit.

The Validator Ejector will do this automatically when necessary.

If you don't run the Validator Ejector, you'll have to do this manually or develop your own tooling. If your exit messages are encrypted, you'll need to decrypt them first.