With the rise of Restaking popularity, more and more similar products have appeared on the market.EigenlayerBased on the Restaking project. Restaking is intended to share EthereumBeaconThe trust of the pledge layer shares the users pledge share with other projects, allowing users to gain more benefits while allowing other projects to enjoy the same consensus trust and security as the ETH Beacon layer.

In order to help everyone better understand the interaction risks between different Restaking projects, the Cobo security team conducted research on the mainstream Restaking protocols and mainstream LST assets on the market, and sorted out the related risks, so that everyone can enjoy the benefits while Can better control corresponding risks.

• Note: The relevant conclusions listed by the Cobo security team are based on before 0:00 UTC on February 5, 2024.

Overview of risk points

Restaking protocols currently on the market are basically built based on EigenLayer. For users, participating in Restaking means exposing themselves to the following risks:

Contract risk

1. Currently, participating in Restaking requires interaction with the project partys contract, and users need to bear the risk of the contract being attacked;

2. Project funds built based on EigenLayer will eventually be stored in the contract of the EigenLayer protocol. If the EigenLayer contract is attacked, related project funds will also be lost;

3. In EigenLayer, there are two types of Restaking, namely native ETH Restaking and LST Restaking. For LST Restaking, funds are stored directly in the EigenLayer contract. But for Native ETH Restaking, funds are stored in the ETH Beacon chain; this means that users who perform LST Restaking may suffer losses due to EigenLayer contract risks;

4. The project side has high-risk permissions, and in some cases user funds can be misappropriated through sensitive permissions.

LST risk

• There is a possibility that the LST token will become unanchored, or that the LST contract will be upgraded/attacked, causing deviations and losses in the value of LST.

exit risk

• Currently, except for EigenLayer, none of the mainstream Restaking protocols on the market support withdrawals. Assuming that the project party does not upgrade the corresponding withdrawal logic through the contract, users will never be able to get their assets back and will need to obtain liquidity from the secondary market to exit.

Based on the risk points listed above, the Cobo security team systematically investigated some of the mainstream Restaking protocols currently on the market and sorted them out. Currently it mainly includes:

1. Project completion is low, and most projects do not implement withdrawal logic;

2. Centralization risk: User assets are ultimately controlled by multi-signature wallets. The project side has certainRug Pullability;

3. Based on the second point, when internal evil occurs or the multi-sign private key is lost, asset losses may occur.

In order to make the results more intuitive, the Cobo security team organized and categorized the survey results for everyone to view, as follows:

Since EigenLayer is the cornerstone of all projects, in addition to what is mentioned in the table, there are also the following points that users need to pay attention to:

1. EigenLayer is currently deployed in the contract of the main network and has not fully implemented all the functions in its white paper (AVS, slash). Among them, the slash function only implements the relevant interfaces and does not yet have specific and complete logic. According to the contract code, the current slash is triggered by the owner of the StrategyManager contract (admin authority of the project side), and the execution method is relatively centralized;

2. In the process of EigenLayer native ETH Restaking, in addition to creating an EigenPod contract for Restaking fund management, you also need to run the Beacon chain node service yourself and bear the risk of being slashed by the Beacon chain. When users perform native ETH Restaking, it is recommended to choose a more reliable node service provider. In addition, since ETH is stored in the Beacon chain, during the withdrawal process, in addition to being initiated by the user, the node service provider also needs to help the user withdraw the relevant funds from the Beacon chain, that is, the withdrawal process requires the consent of both parties. ;

3. Since EigenLayer has not yet implemented the complete AVS and Slash mechanisms, the Cobo security team recommends that users do not enable the delegate function in the EigenLayer protocol without fully understanding the relevant risks, otherwise it may cause certain financial losses.

In addition, through code review, some projects also have some code risks that may affect the security of user funds. When Cobo discovered relevant risks, it immediately communicated and confirmed with the project team. Some risk points and communication results are as follows:

EigenPie

• At present, all contracts in the protocol are upgradeable contracts, and the upgrade rights are 3/6 Gnosis Safe. However, the upgrade rights of the MLRT token contracts of cbETH, ethX, and ankrETH in the MLRT token areEOAaddress.

Cobo has contacted the Eigenpie team before the deadline, and the project team responded that they will give the upgrade permissions for all MLRT tokens to the multi-signature wallet within 24 hours.

KelpDAO

• During the recharge process, when calculating the share obtained by the user, the share value needs to be calculated, but the rsETHPrice in the calculation formula needs to be manually updated with the corresponding oracle. Except for stETH, the share price of the corresponding token contract is used as the price source. stETH directly adopts 1:1 conversion. When stETH is discounted in the secondary market, there will be a certain amount of arbitrage space during the recharge process.

KelpDAO responded on February 5 that the exchange rate of the Lido contract is named 1 stETH = 1 ETH. Because KelpDAO has not yet opened the withdrawal function, arbitrageurs cannot take advantage of this strategy. In response to this problem, the KelpDAO team will addcircuit breaker, used to check the market price of stETH, compare it to the contract price of stETH, and apply necessary guardrails if the deviation is large.

Renzo

• OperatorDelegator is responsible for routing protocol funds to EigenLayer and corresponding to different recharge ratios. However, during the process of configuring OperatorDelegator, the protocol did not check whether the proportions of all OperatorDelegators are greater than 100%, resulting in the possibility of OperatorDelegator-1 (70%) and OperatorDelegator-2 ( 70%) situation. This problem mainly affects users’ fund withdrawals. Since the withdrawal logic is currently incomplete, it is impossible to evaluate the specific impact on the principal.

The Renzo team stated that in this specific case funds would be transferred to the incorrect OperatorDelegator contract for deposits, or withdrawn from the incorrect OperatorDelegator. Renzo stated that although this technical issue will cause a mismatch in Renzo’s expected allocations to different operators, it will not affect the calculation of total value locked (TVL) or the security of funds. At the same time, the Renzo team will upgrade the contract in the future to solve this technical problem.

In addition to the risks of the protocol itself, LST risks cannot be ignored during the restaking process. The Cobo security team also conducted a survey on the mainstream LST tokens on the market and organized the results for everyone to view, as follows:

How to effectively reduce the risk of participating in Restaking?

Restaking is an emerging concept. Neither the contract layer nor the protocol layer has passed the corresponding time test. In addition to the risks listed above, there may be other unknown risks. So is there a relatively safe best interaction guide that can effectively reduce risks during interaction?

Based on the current research conclusions, the Cobo security team has compiled a relatively safe interaction path for everyone.

Fund allocation

For users who use larger funds to participate in restaking, directly participating in EigenLayers Native ETH restaking is a good choice. The reason is that for Native ETH restaking, the recharged ETH assets are not stored in the EigenLayer contract, but in the Beacon chain contract. Even in the worst case scenario where a contract attack occurs, the attacker cannot immediately obtain the users assets.

For users who also want to use large funds to participate but are not willing to endure a long redemption time, they can choose the relatively safe stETH as a participating asset to directly participate in EigenLayer.

For users who want to earn extra income, they can choose a part of the funds to participate in projects based on EigenLayer such as Puffer, KelpDAO, Eigenpie and Renzo according to their risk tolerance. However, it should be noted that since none of the above projects currently have To implement the corresponding withdrawal logic, users participating in such protocols need to consider the corresponding exit risks at the same time, and the liquidity of the relevant LRT in the secondary market should also be considered during the investment process.

Monitoring configuration

The projects currently listed in this article all have the ability to upgrade and suspend the contract. At the same time, the project party can also perform high-risk operations on the project with multiple signatures. For advanced users, you can configure corresponding contract monitoring to monitor related contract upgrades and the execution of sensitive operations of the project side.

At the same time, teams and users who want to invest in ETH to participate in the project can cooperate with Cobo Argus to trigger automated robots and single-sign authorization configurations for the conditions of the Safe multi-signature wallet, and set them based on TVL changes in the pool, fluctuations in ETH prices, and the actions of giant whales. Auto-deposit functionality to EigenLayer and various re-pledge protocols.