Risk Analysis and Best Practices for Restaking Projects

With the rise of the Restaking concept, several Restaking projects based on Eigenlayer have emerged in the market. Restaking aims to allow users to share their staking shares with other projects by leveraging the trust of the Ethereum Beacon staking layer, thereby earning more rewards while enabling other projects to enjoy the same consensus trust and security as the ETH Beacon layer.

To help users better understand the interaction risks between different Restaking projects, the security team conducted in-depth research on mainstream Restaking protocols and mainstream LST assets, systematically sorting out the related risks so that users can better manage the corresponding risks while pursuing returns.

Overview of Risk Points

Currently, the Restaking protocols in the market are basically built on EigenLayer. For users, participating in Restaking means exposing themselves to the following risks:

Contract Risk

1. Users need to interact with the project party's contract; therefore, they must bear the risk of the contract being attacked.
2. Funds for projects built on EigenLayer will ultimately be stored in the contracts of the EigenLayer protocol. If these contracts are attacked, the relevant project funds will also suffer losses.
3. There are two types of Restaking in EigenLayer: native ETH Restaking and LST Restaking. The funds for LST Restaking are directly stored in the EigenLayer contract, while the funds for Native ETH Restaking are stored in the ETH Beacon chain. This means that users participating in LST Restaking may suffer losses due to risks associated with the EigenLayer contract.
4. Project parties may have high-risk permissions and, in some cases, can misappropriate user funds through sensitive permissions.

LST risk

There is a possibility of LST tokens becoming unpegged, or deviations and losses in LST value occurring due to LST contract upgrades or attacks.

exit risk

Currently, apart from EigenLayer, mainstream Restaking protocols in the market do not support withdrawals. If the project party has not upgraded the corresponding withdrawal logic through the contract, users may not be able to directly retrieve their assets and will need to obtain liquidity from the secondary market to exit.

Mainstream Restaking Protocol Risk Analysis

The security team conducted a systematic research on some of the mainstream Restaking protocols currently available in the market and found the following main issues:

1. Low project completion rate, most projects have not implemented withdrawal logic.
2. Centralization Risk: User assets are ultimately controlled by a multi-signature wallet, and the project team has a certain ability for Rug Pull.
3. Based on the above situation, when internal malfeasance occurs or multi-signature private keys are lost, it may result in asset loss.

EigenLayer Special Risk Warning

As the cornerstone of all projects, EigenLayer also has the following risk points that users need to pay attention to:

1. The contracts currently deployed on the mainnet have not fully implemented all the functions outlined in the white paper (such as AVS and slash). Among them, the slash function has only implemented the relevant interfaces, and there is no specific complete logic yet. Currently, the slash is triggered by the owner of the StrategyManager contract (admin privileges of the project party), and the execution method is relatively centralized.

2. When performing EigenLayer native ETH Restaking, in addition to creating an EigenPod contract for fund management, you also need to run a Beacon chain node service yourself and bear the risk of being slashed by the Beacon chain. It is recommended to choose a reliable node service provider.

3. Since ETH is stored in the Beacon chain, the withdrawal process requires the user to initiate it and be assisted by the node service provider to exit funds from the Beacon chain, meaning the exit process requires mutual consent from both parties.

4. Since EigenLayer has not fully implemented the AVS and Slash mechanisms, it is recommended that users exercise caution when using the deleGate feature, fully understanding the risks involved, to avoid potential financial losses.

Specific Project Risk Warning

EigenPie

Currently, all contracts are upgradeable contracts, with upgrade privileges held by 3/6 Gnosis Safe. However, the upgrade privileges for the MLRT token contracts of cbETH, ethX, and ankrETH are held by EOA addresses.

KelpDAO

During the recharge process, when calculating the share allocation obtained by the user, the share value needs to be calculated, but the rsETHPrice must be manually updated in the corresponding oracle. For tokens other than stETH, the share price of the corresponding contract is used as the price source, while stETH is converted at a 1:1 ratio. When stETH is at a discount in the secondary market, there may be arbitrage opportunities during the recharge process.

Renzo

OperatorDelegator is responsible for routing protocol funds to EigenLayer with corresponding different deposit ratios. However, during the configuration process, the protocol did not check whether all OperatorDelegator ratios were greater than 100%, which may result in scenarios like OperatorDelegator-1 (70%) and OperatorDelegator-2 (70%). This primarily affects user fund withdrawals, but due to the incomplete withdrawal logic, it is impossible to assess the specific impact on the principal.

LST Token Risk Analysis

In addition to the risks associated with the protocol itself, the risks of LST should not be overlooked during the Restaking process. The security team conducted research on mainstream LST tokens in the market, and the results showed that there are differences among LST tokens in terms of governance mechanisms, upgrade permissions, etc. Users should choose suitable LST assets for Restaking based on their own risk preferences.

Best Practices for Reducing Restaking Risks

Based on the current research conclusions, the security team has organized a relatively safe interaction path for users:

Fund Allocation Recommendations

1. Large capital users can directly participate in EigenLayer's Native ETH restaking, as the assets are stored in the Beacon chain contract, which is relatively secure.

2. Large fund users who are unwilling to endure long redemption times can choose relatively stable stETH as their participating asset to directly engage in EigenLayer.

3. Users seeking additional returns can appropriately choose to allocate part of their funds to projects based on EigenLayer, such as Puffer, KelpDAO, Eigenpie, and Renzo, according to their risk tolerance. However, it should be noted that these projects have not yet implemented withdrawal logic, and users should consider the liquidity of the related LRT in the secondary market.

Risk Monitoring Recommendations

1. Configure contract monitoring to pay attention to contract upgrades and the execution of sensitive operations by the project team.

2. Use the conditions of multi-signature wallets to trigger automated bots and single-signature authorization configurations, based on changes in pool TVL, fluctuations in ETH prices, and whale actions, to set up automatic deposit functions to EigenLayer and various restaking protocols.

By taking these measures, users can effectively reduce potential risks while participating in Restaking, achieving safer asset management and yield optimization.