1 of 2

Ethereum (ETH)

There are two ways to unstake Ethereum validators with Kiln.

Option 1: Unstake from Kiln Dashboard

Following the Shapella upgrade, you can unstake your validators in a couple of clicks from the Kiln dashboard:

You can request multiple validators to exit by:

Selecting them on the dashboard and using the batch request exit button (ideal for specific stakes; otherwise, use option 2).
Using the batch request exit on the dashboard and adjusting the slider to auto-select stakes (for exiting many stakes simultaneously).
Inputting a list of validators in the requestExit function with the bytes[] validators parameter.

On the dashboard you can see when a stake is pending to exit along with the estimated time it will take (look for the status Exit requested).

The addresses of our Ethereum Exit Contracts are as follows:

Make sure these contracts are whitelisted in your custody solution.

For more details on what happens behind the scenes when you unstake, check out this blog post.

Option 2: pre-signed exit messages

In Option 1, you rely on Kiln processing the requestExit message that you send via the Dashboard. Option 2 is a fully non-custodial approach we describe below.

The validator exit operation requires the validator’s validation key to sign a VoluntaryExit message and broadcast it to the Consensus Layer. It has become an industry standard that the validation keys are protected by the node operator themselves and are rarely shared with customers; having the same validation key in multiple places exposes the staker to slashing risks.

The problem we are trying to solve is the following:

As an ETH holder staking on dedicated ETH validators through a node provider, I want to be able to exit my validator without relying on the node operator to perform the VoluntaryExit task.

This is why at Kiln we developed a full flow to provide pre-signed VoluntaryExit messages to all our clients.

We built our ExitMessage API, which exposes signed VoluntaryExit messages of your validators, encrypted using your GPG key, this way guaranteeing that only you can access these messages. After getting these messages you can decrypt them and send them directly to a beacon chain node which will execute the exit.

Steps to setup and exit validators

Provide PGP/GPG public key
1. PGP/GPG key must be provided in order to encrypt the messages in our database and in the API
2. The public key can be shared with your CSM or Sales Engineer and they’ll share it internally
3. PGP/GPG private key must be stored in a safe place as it’ll be the only way to decrypt the messages.
Create integration with our getExitMessage endpoint
Request encrypted messages via getExitMessage endpoint
Decrypt exit messages with the private key that corresponds to the PGP public key shared

If you want to perform exits, broadcast the messages to a Beacon Chain node

For testing we usually use Nimbus open Beacon Nodes APIs:
1. Goerli/Prater: http://unstable.prater.beacon-api.nimbus.team/eth/v1/beacon/pool/voluntary_exits
2. Holesky: http://unstable.holesky.beacon- api.nimbus.team/eth/v1/beacon/pool/voluntary_exits
3. Mainnet: http://unstable.mainnet.beacon- api.nimbus.team/eth/v1/beacon/pool/voluntary_exits

The request must be a POST with the following structure:

{
  "message": {
    "epoch": "162304",
    "validator_index": "487005"
  },
  "signature": "0xb1ab6ec1476c7797667ac1d460c5adc7215074ba5b"
}

curl request example

curl --location --request POST 'http://unstable.holesky.beacon-api.nimbus.team/eth/v1/beacon/pool/voluntary_exits' \
--header 'accept: */*' \
--header 'Content-Type: application/json' \
--data-raw '{
  "message": {
    "epoch": "162304",
    "validator_index": "487005"
  },
  "signature": "0xb1ab6ec1476c7797667ac1d460c5adc7215074ba5b"
}'

Wait for exit queue + skimming cycle to get the ETH back to the withdrawal credentials of your validator(s). You have now unstaked!

If you have any questions on this flow, please don't hesitate to reach out to your CSM or SE.

Native EigenLayer Withdraw Flow

This page describes how you can withdraw your CL rewards or exit your validators from your EigenPod.

In order to withdraw, you will need to whitelist the following smart contracts:

EigenPod Manager: used to create your EigenPod
- Mainnet address: 0x91E677b07F7AF907ec9a428aafA9fc14a0d3A338
- Holesky address: 0x30770d7E3e71112d7A6b7259542D1f680a70e315
EigenPod address associated to your wallet
- Mainnet: Can be retrieved entering your wallet address in the getPod method here
- Holesky: Can be retrieved entering your wallet address in the getPod method here
EigenLayer Delayed Withdrawal Router: Smart contract to withdraw rewards
- Mainnet address: 0x7Fe7E9CC0F274d2435AD5d56D5fa73E47F6A23D8
- Holesky address: 0x642c646053eaf2254f088e9019ACD73d9AE0FA32

This contracts should be whitelisted alongside the staking and exiting contract for native staking in our dashboard that can be found here

Overview

On EigenLayer, your CL rewards and exited validators get skimmed on your EigenPod.

Withdraw CL rewards: Consensus layer rewards of your validator are automatically skimmed every ~8 days by the protocol to the withdrawal address set on the validator, which is set to your EigenPod. To withdraw these rewards you need to perform 2 transactions:
1. The first transaction requires you to upload one proof per validator. If you have more than 80 validators, you may need to sign multiple transactions, as each proof transaction can contain a maximum of 80 validator proofs. Once the transaction(s) are confirmed on chain the proven amount will be placed in a withdraw queue for 7 days. Note that this withdraw queue is implemented by the EigenLayer contracts and distinct from the Beacon Chain validator queues.
2. After the queuing period of 7 days, the equivalent amount of ETH will be available to withdraw.
Withdraw Exited Validators: First, you will need to exit it from the Beacon Chain. After the Beacon Chain has processed the exit, your 32 ETH collateral gets sent to your EigenPod. This is also a skimming cycle, so you need to submit the same proofs as for the rewards and then wait 7 days as described in step 1.1. Once this is done, you will be able to withdraw your stake in one transaction.

About the proofs

We saw in several of the above steps that proofs needed to be submitted to the EigenLayer smart contracts - when restaking a new validator, and when skimming consensus layer rewards. What are these proofs and why are they needed?

In short, these proofs enable the EigenPod contracts to confirm that the ETH that comes into them is indeed linked to the consensus-layer activity of the corresponding validator, and not ETH that may have been sent to the EigenPod from another source. The proofs are generated off-chain using Consensus-layer data, and submitted to the EigenLayer smart contract which performs a cryptographic verification using Merkle Trees.

Withdraw ETH from your EigenPod

Make sure your validators are restaked before you request the exit or try to withdraw CL rewards. Not restaking your validators could place your EigenPod in a state where he generates rewards but it's complex to exit, contact our support team if you need help.

1 - Exit your ETH validator, this can be done from Kiln Dashboard

To unstake your restaked validator, please follow the usual flow described here (i.e either Kiln Dashboard or pre-signed exit messages)

Once your validator has exited, the funds will go to your EigenPod. You will see this amount in the dashboard under total available balance and see the breakdown for each EigenPod in the table bellow.

This balance is composed of CL rewards and exited validators.

2 - Request withdraw from your available balance

If you are using Fireblocks, you will need to whitelist your EigenPod address and the DelayedWithdrawalRouter address. Get in touch with the Kiln team if you need help on this.

Hover your EigenPod, and click "Request withdraw"

This flow will allow you to withdraw generated CL rewards or exited validators by automatically generating the right transaction to create the request withdraw, you can click on request withdraw and see the amount requested in each transaction incrementing in the withdraw requested section.

After your performed this operations, you will be able to see the amount queued in the key metric "withdraw balance", under pending.

This flow can take a couple of transaction to complete depending on the number of validator that point to the EigenPod.

A common cause of withdrawal errors when using Fireblocks is related to the size of the transaction payload. Resolution steps:

Inform Fireblocks that you're experiencing issues with large transaction payloads from Eigenlayer.
Request that they "disable decoding of contract call data" for your workspace.
The resolution typically involves a manual setup adjustment on Fireblocks' end for your specific workspace. This allows their system to handle the large transaction payloads associated with Eigenlayer withdrawals. Learn more about this issue here.

3 - Fulfill withdraw

After the 7-day escrow period, you will be able to see an amount of ETH ready in the withdraw balances. Hover your EigenPod, and click "Withdraw" to continue.

This will open the withdrawals modal, where you can see the amount available to withdraw and the amount pending. You can over the bottom section of the modal to have the details on when your request is estimated to be ready and the amount associated with it.

Click "Withdraw" to receive the displayed amount on your wallet.