There are two ways to unstake Ethereum validators with Kiln.

Option 1: Unstake from Kiln Dashboard

Following the Shapella upgrade, you can unstake your validators in a couple of clicks from the Kiln dashboard:

You can request multiple validators to exit by:

1. Selecting them on the dashboard and using the batch request exit button (ideal for specific stakes; otherwise, use option 2).

2. Using the batch request exit on the dashboard and adjusting the slider to auto-select stakes (for exiting many stakes simultaneously).

3. Inputting a list of validators in the requestExit function with the bytes[] validators parameter.

On the dashboard you can see when a stake is pending to exit along with the estimated time it will take (look for the status Exit requested).

The addresses of our Ethereum Exit Contracts are as follows:

For more details on what happens behind the scenes when you unstake, check out this blog post.

Option 2: pre-signed exit messages

In Option 1, you rely on Kiln processing the requestExit message that you send via the Dashboard. Option 2 is a fully non-custodial approach we describe below.

The validator exit operation requires the validator’s validation key to sign a VoluntaryExit message and broadcast it to the Consensus Layer. It has become an industry standard that the validation keys are protected by the node operator themselves and are rarely shared with customers; having the same validation key in multiple places exposes the staker to slashing risks.

The problem we are trying to solve is the following:

As an ETH holder staking on dedicated ETH validators through a node provider, I want to be able to exit my validator without relying on the node operator to perform the VoluntaryExit task.

This is why at Kiln we developed a full flow to provide pre-signed VoluntaryExit messages to all our clients.

We built our ExitMessage API, which exposes signed VoluntaryExit messages of your validators, encrypted using your GPG key, this way guaranteeing that only you can access these messages. After getting these messages you can decrypt them and send them directly to a beacon chain node which will execute the exit.

Steps to setup and exit validators

• Provide PGP/GPG public key

  1. PGP/GPG key must be provided in order to encrypt the messages in our database and in the API

  2. The public key can be shared with your CSM or Sales Engineer and they’ll share it internally

  3. PGP/GPG private key must be stored in a safe place as it’ll be the only way to decrypt the messages.

• Create integration with our getExitMessage endpoint

• Request encrypted messages via getExitMessage endpoint

• Decrypt exit messages with the private key that corresponds to the PGP public key shared

• If you want to perform exits, broadcast the messages to a Beacon Chain node

  1. For testing we usually use Nimbus open Beacon Nodes APIs:

     1. Goerli/Prater: http://unstable.prater.beacon-api.nimbus.team/eth/v1/beacon/pool/voluntary_exits

     2. Holesky: http://unstable.holesky.beacon- api.nimbus.team/eth/v1/beacon/pool/voluntary_exits

     3. Mainnet: http://unstable.mainnet.beacon- api.nimbus.team/eth/v1/beacon/pool/voluntary_exits

  2. The request must be a POST with the following structure:

     Copy

     {
       "message": {
         "epoch": "162304",
         "validator_index": "487005"
       },
       "signature": "0xb1ab6ec1476c7797667ac1d460c5adc7215074ba5b"
     }

  3. curl request example

  Copy

  curl --location --request POST 'http://unstable.holesky.beacon-api.nimbus.team/eth/v1/beacon/pool/voluntary_exits' \
  --header 'accept: */*' \
  --header 'Content-Type: application/json' \
  --data-raw '{
    "message": {
      "epoch": "162304",
      "validator_index": "487005"
    },
    "signature": "0xb1ab6ec1476c7797667ac1d460c5adc7215074ba5b"
  }'

• Wait for exit queue + skimming cycle to get the ETH back to the withdrawal credentials of your validator(s). You have now unstaked!

If you have any questions on this flow, please don't hesitate to reach out to your CSM or SE.