Staking on Ethereum 2.0 is accessible to almost anyone, and the deposit process using the Launchpad or our deposit flow is quite easy. There are a few tips anyone can use to reduce the risk of falling victim to phishing scams or possible bugs that could lead to a loss of ETH. Today, we want to share those tips with you and announce the release of our Eth2 Contract Data Verification Tool, which can help you stay secure during the deposit process.
What risks do you face when depositing?
There are two main areas we should pay attention to: fraud and technical bugs. A standard deposit transaction requires 32 ETH, which makes it a very appealing transaction for bad actors to try to steal the funds. On the other hand, technical bugs can also be present. What happens if there is a communication issue between your Ledger and your computer while fetching the withdrawal public key? Thankfully, there are a few things we can do to minimize the occurrence of these situations.
The checklist
Send the deposit transaction to the correct smart contract
Always double check the address of the smart contract you are interacting with. Use the following list or do your own due diligence.
Official Deposit Contract
- Address: 0x00000000219ab540356cbb839cbe05303d7705fa
- Website: https://launchpad.ethereum.org
stakefish Batch Deposit Contract
- Address: 0x0194512e77d798e4871973d9cb9d7ddfc0ffd801
- Website: https://stake.fish/ethereum
Other staking service providers may adopt a different smart contract. Get in touch with them to find out which address is the right one for their platform.
You can check this field directly in MetaMask before pressing “Confirm.”
Avoid submitting an invalid withdrawal credential
Having a correct withdrawal credential is the only way for you to withdraw funds from your validator when Ethereum Phase 1.5 is live. It’s very important to have the correct withdrawal credentials in place before broadcasting the deposit transaction. To check it, you need to compare the withdrawal credential you have in your deposit.json file with the one located in the “Data” tab of MetaMask.
You can also use our new open source Eth2 Contract Data Verification Tool to verify your withdrawal credential if checking manually sounds too complex.
Verify the signature for the deposit message
The deposit message has to be signed with the validator signing key. If the signature provided is not valid (for example when using the wrong fork version), all 32 ETH will be permanently lost and the validator will never start validating blocks. There is no way to check the correctness of the signature without doing a little bit of coding. This is why we built our open source tool and user interface to simplify this verification process.
Verify the domain and HTTPS certificate
Always double check the URL of the website you are interacting with and the SSL certificate associated with it. We also recommend making the deposit using a trusted network connection or VPN provider (i.e., don’t stake your ETH using the open WiFi network found at your local airport!).
Introducing Our Eth2 Contract Data Verification Tool
To assist you during the verification process, we created a simple tool you can use to easily verify the provided withdrawal credentials, number of validators, and correctness of the deposit message signature.
Using it is very simple: Just navigate to https://stakefish.github.io/eth2-data-verification/, copy the hex data from MetaMask to the text area, and press “Check.” If you did everything correctly, you will see a green success message along with the detected withdrawal credential, which you can manually compare with the one in your deposit_data-*.json file. The current version of the tool only supports the stakefish Batch Deposit Contract and the official Eth2 deposit contract, and transactions to other contracts will fail the verification. We plan to implement support for other deposit contracts in the near future.
About stakefish
stakefish is the leading validator for Proof of Stake blockchains. With support for 10+ networks, our mission is to secure and contribute to this exciting new ecosystem while enabling our users to stake with confidence. Because our nodes and our team are globally distributed, we are able to maintain 24-hour coverage.
Website: https://stake.fish
Telegram: https://t.me/stakefish
Twitter: https://twitter.com/stakefish
Instagram: https://www.instagram.com/stakedotfish
LinkedIn: https://www.linkedin.com/company/stakefish/
Reddit: https://www.reddit.com/r/stakefish
GitHub: https://github.com/stakefish/eth2-data-verification/
