The Operator can generate new validation keys and upload their deposit data to the Staking Contract to make them available to fund. Note that they need to be approved by SYS_ADMIN before being able to be funded.
The Staking Contract generates deterministically CL / EL Recipient addresses from the validator public key. To know the withdrawal_credentials of the validators to generate (ie their CL Recipient), the recommended setup is:
Generate a new validation key
call the getCLFeeRecipient(bytes calldata _publicKey)
view function with the validator public key as parameter
Re-create the signature of the validator deposit data with the address outputed during step 2 as withdrawal_credentials
Once the keys are generated with the proper withdrawal_credentials, they can be registered on the Deposit Contract with:
OPERATOR calls addValidators(uint256 _operatorIndex, uint256 _keyCount, bytes calldata _publicKeys, bytes calldata _signatures)
to upload multiple public keys and their signatures
SYS_ADMIN can approve the keys uploaded by the OPERATOR with the following call:
setOperatorLimit(uint256 _operatorIndex, uint256 _limit)
to set the new number of approved keys for the operator _operatorIndex
It is recommended that the SYS_ADMIN verifies the validation keys before approving them (no duplicates, valid signatures etc). To do so Kiln provides a verification utility available here.
At any point in time, a validator owner (ie staker) can notify onchain the operator that it wants to exit a validator.
When doing the requestValidatorsExit
function call, the validator owner emits one event per validator exit request.
This event is as follow:
event ExitRequest(address caller, bytes pubkey)
where caller
is the validator owner address and pubkey
the validator public key to exit. This event is emitted only if the caller is the owner of the validator registered in the Smart Contract
It is expected that Operators watch for these events and trigger accordingly the exit of the requested validators within 48 hours.