One-sentence Summary

The authors propose Canonical LST (sTEZ), a protocol-native liquid staking mechanism for Tezos that eliminates third-party intermediaries by employing an accrual-based exchange-rate model to dynamically adjust token valuations according to staking rewards and slashing events, thereby preserving fungibility while establishing liquid staking as transparent, governance-anchored infrastructure that mitigates centralization risks for tez holders.

Key Contributions

• Canonical LST (sTEZ) introduces a protocol-enshrined liquid staking mechanism that eliminates reliance on discretionary third-party operators by providing a neutral, public alternative managed directly by the Tezos protocol.
• The system utilizes an accrual-based exchange-rate model where all staking rewards and slashing events adjust the sTEZ to tez ratio, maintaining fungibility while transparently reflecting precise network economics.
• Protocol-level governance and transparency measures, including amendment-anchored oversight and public validator dashboards, replace discretionary intermediaries to prevent consensus capture and enforce deterministic lifecycle rules.

Introduction

Liquid staking has become essential for proof-of-stake networks, enabling users to participate in consensus while retaining asset liquidity for decentralized finance applications. Prior implementations, however, rely heavily on third-party operators that concentrate validation power, create winner-take-all liquidity dynamics, and introduce governance capture risks that threaten network decentralization. The authors leverage this gap to propose Canonical LST (sTEZ), a protocol-enshrined liquid staking mechanism for Tezos that removes operator discretion from core issuance and lifecycle management. By implementing an accrual-based exchange rate model that transparently reflects staking rewards and slashing events, the authors anchor governance directly to the protocol amendment process and reframe liquid staking as neutral, auditable network infrastructure.

Dataset

• Dataset Composition and Sources: The authors assemble a minimal on-chain and off-chain dataset centered on Tezos blockchain state. Core inputs include ledger balances queried from contract storage or RPC views, token supply metrics pulled from the interface contract fungible token ledger, and structured event deltas tracking reward accrual and slashing amounts. An optional external feed provides reference currency foreign exchange rates when non-tez reporting is required. The system also ingests governance amendment records and leverages full archive node state data for complete historical reconstruction.
• Subset Details: Ledger and supply metrics are captured directly from on-chain contract storage. Event deltas are filtered to isolate reward and slashing events for precise attribution. Foreign exchange feeds are included only when necessary for fiat-denominated valuations. Governance data encompasses proposal hashes, validator ballots, quorum participation rates, and super-majority thresholds across five fixed amendment periods.
• Data Usage and Processing: The authors use this dataset to compute valuations, calculate net asset values, and reconcile operator positions. The data is not partitioned for model training or combined in mixture ratios. Instead, all on-chain variables are recomputed at block, intra-day, or cycle cadences to align with native protocol mechanics. Reconciliation windows attribute returns to net rewards, slashing losses, and straddling deposits or redemptions. A tolerance band of five basis points is applied to flag valuation anomalies. Open-source indexers and monitoring scripts are provided to guide custodians and NAV agents through state reconstruction and disaster recovery workflows.
• Additional Processing and Metadata: The pipeline mirrors Tezos scheduling mechanics, recording immediate deposits and redemption burns, block-level reward accruals, and cycle-scheduled deferred rewards. Slashing penalties are tracked within bounded windows before cycle-end execution. Because the entire system state is bootstrappable from genesis via archive nodes, the authors treat the dataset as a fully reconstructible historical ledger. Governance metadata tracks participation via an exponential moving average to dynamically adjust voting quorums.

Method

The Canonical Liquid Staking Token (sTEZ) system is designed as a protocol-native mechanism within the Tezos blockchain, enabling users to participate in staking through a fungible token without relying on third-party custodians or smart contracts. At the heart of the system is the sTEZ Interface, a single enshrined contract that mediates all user interactions. This interface manages deposits, redemptions, and the minting and burning of sTEZ tokens, operating as a core component of the Tezos protocol. The system's architecture is built around a transparent and deterministic lifecycle, with all state transitions governed by on-chain rules and events. The primary data structures include the staking ledger $L_t$Lt​, representing the total tez staked, and the sTEZ token supply $S_t$St​, which tracks the circulating tokens. The exchange rate $R_t = L_t / S_t$Rt​=Lt​/St​ dynamically reflects the value of each sTEZ unit in tez and evolves as rewards accrue or slashing occurs, without altering token balances.

Refer to the framework diagram for an overview of the system's lifecycle. The process begins with a staker depositing tez into the sTEZ Interface, which increases the staking ledger $L_t$Lt​ and mints new sTEZ tokens proportional to the current exchange rate $R_t$Rt​. These tokens are immediately transferable and represent a share of the total staked amount. The deposited tez is then added to the staking ledger, where it becomes eligible for allocation to validators. At the cycle boundary, the protocol performs stake allocation based on validator eligibility, fees, and capacity caps. This allocation process is deterministic and ensures that stake is distributed fairly, promoting decentralization. Validator eligibility is defined by protocol-level criteria, including a clean recent slashing history and declared capacity, with automatic exclusion upon any slashing event.

The sTEZ Interface also manages the redemption process. When a user wishes to exit, they submit a redemption request, burning their sTEZ tokens and initiating a claim on the underlying tez. The corresponding tez value is immediately calculated using the current exchange rate $R_t$Rt​ and moved from the staking ledger to a frozen ledger, which tracks funds awaiting the completion of the unbonding period. During this period, the funds are not eligible for rewards and remain subject to slashing. Once the unbonding period expires, the funds are finalized and moved to the finalizable ledger, from which users can withdraw their tez. This mechanism ensures that redemption is secure and that slashing risks are properly managed. The entire system is designed for transparency and auditability, with all key events—deposits, redemptions, allocations, and slashing—recorded as on-chain events, providing a complete and verifiable audit trail. The absence of privileged administrator keys and the requirement for all parameter changes to go through the formal Tezos amendment process ensure the system's neutrality and security.

Experiment

The evaluation combines comprehensive software testing with a multi-layered risk assessment framework to validate the security and operational integrity of the Canonical LST protocol. Unit, integration, and property-based tests verify core implementation logic and system invariants, while public testnet simulations assess economic incentives and real-world validator behavior under diverse conditions. Together with shared technical and organizational controls among developers, validators, and custodians, these experiments demonstrate a resilient architecture that effectively mitigates risks related to market dynamics, governance, and regulatory compliance.