# Useful Links * Website: [Rocketpool](https://rocketpool.net/) * Documentation: [Documentation](https://docs.rocketpool.net/) | [Github](https://github.com/rocket-pool) * Social: [Twitter](https://twitter.com/Rocket_Pool) | [Discord](https://discord.gg/rocketpool) * Contracts: [rETH](https://etherscan.io/token/0xae78736cd615f374d3085123a210448e74fc6393) | [Deposit Contract](https://etherscan.io/address/0xDD3f50F8A6CafbE9b31a427582963f465E745AF8) | [Storage Contract](https://etherscan.io/address/0x1d8f8f00cfa6758d7bE78336684788Fb0ee0Fa46) | [Full List](https://docs.rocketpool.net/overview/contracts-integrations.html) * Governance: [Forum](https://dao.rocketpool.net/) | [Snapshot](https://snapshot.org/#/rocketpool-dao.eth) | [DAO](https://rocketscan.io/dao) * Markets: [Curve rETH/ETH](https://curve.fi/#/ethereum/pools/factory-crypto-210/deposit) | [Curve rETH/frxETH](https://curve.fi/#/ethereum/pools/factory-crypto-218/deposit) | [Curve rETH/stETH](https://curve.fi/#/ethereum/pools/factory-v2-89/deposit) | [Uni V3 rETH/WETH 0.05%](https://etherscan.io/address/0xa4e0faa58465a2d369aa21b3e42d43374c6f9613) | [Uni V3 rETH/WETH 0.1%](https://etherscan.io/address/0x553e9c493678d8606d6a5ba284643db2110df823) * Dashboards: [Dune rETH Premium](https://dune.com/mkr294/reth-premium) | [Dune rETH vs stETH](https://dune.com/rp_community/lst-comparison) | [Rocketscan](https://rocketscan.io/snapshot) | [rETH, Nodes, and RPL](https://dune.com/NDGcrypto/Rocket-Pool-rETH-and-Nodes) | [RPL Incentives](https://dune.com/Finsebbe/RPL-incentives) # Introduction **This report is conducted by the Prisma independent risk and research team operated by [Llama Risk](https://cryptorisks.substack.com/) as part of a series on LSD collateral risk assessments. In this report, we examine Rocketpools's rETH.** This report will comprehensively cover all relevant risk factors of rETH for collateral onboarding. Our approach involves both quantitative and qualitative analysis to help determine whether the collateral can be safely onboarded and to what extent there should be restrictions on the protocol’s exposure to the collateral. As Prisma will be onboarding a variety of LSDs as collateral, our review involves comparative analysis to determine suitability as collateral. Risks are categorized into: - **Market Risk** - risks related to market liquidity and volatility - **Technology Risk** - risks related to smart contracts, dependencies, and oracle price feeds - **Counterparty Risk** - risks related to governance, centralization vectors, and legal/regulatory considerations These risk categories will be summarized in the final section of this report and are meant to assist tokenholders in their determination around rETH onboarding and setting suitable parameters. # Section 1: Protocol Fundamentals This section addresses the fundamentals of the proposed collateral. It is essential to convey (1) the value proposition of rETH, and (2) the overall architecture of Rocketpool. This section contains descriptive elements that cannot be quantified and serves as a descriptive introduction to the collateral. This section is divided into 2 sub-sections: - 1.1: Description of the Protocol - 1.2: System Architecture ## 1.1 Description of the Protocol Rocket Pool, established in early 2016, is an ETH Proof of Stake Protocol that offers both tokenized staking and the opportunity to run a node in the network. This protocol, characterized by its decentralized, community-owned, and trustless framework, operates on the principle of maintaining independence from any single entity. The system uses a token, rETH, which enables users to stake ETH without the technical requirement of operating a node or holding the standard validator deposit of 32 ETH. In this model, node operators within Rocket Pool are required to deposit an amount of ETH collateral (+RPL insurance) that is matched with user-deposited ETH in the staking pool to form a 32 ETH validator, known as a minipool. Minipool operators earn a portion of the staking yield from the borrowed ETH and are liable for any losses from penalties. Processes involving deposit/withdrawal/rewards distribution are managed by Rocket Pool's decentralized smart contracts on the Execution layer in conjunction with a set of whitelisted nodes called the oracle DAO (oDAO). The rETH token's value gradually increases over time relative to ETH due to its incorporation of rewards from the Beacon Chain, priority fees, and Miner Extractable Value (MEV) from block proposals. This value ratio is updated approximately every 24 hours, reflecting the Beacon Chain rewards garnered by Rocket Pool's node operators. Rocket Pool provides an alternative method for Ethereum staking, with an emphasis on decentralizing the node operator set. It contributes to the expansion and security of the Ethereum network, and facilitates the growth of Liquid Staking Derivatives Finance (LSDfi). **Key metrics (as of July 2023)**: * **Staked tokens**: 748,268 ETH ($1.45bn) * **Number of validators**: 25,636 * **Number of operators**: 3,007 * **Market share of ETH staked**: 8.54% * **Market share of LSDs**: 3.16% ### 1.1.1 Underlying Collateral The Rocket Pool protocol generates rETH tokens for users who deposit ETH into the deposit pool. rETH, an ERC20 token, is non-rebasing and factors in the rewards that node operators gain from the Beacon Chain, priority fees, and Miner Extractable Value (MEV) rewards from block proposals through an rETH:ETH exchange rate. The token represents a proportional share of underlying ETH held in the protocol. The ratio that determines the value of rETH is as follows: > rETH:ETH ratio = (total rETH supply) / (total ETH staked + total rETH contract balance + total rETH share of priority fees + total rETH share of MEV rewards) This means that the rETH value relative to ETH progressively increases, as the Beacon Chain rewards, priority fees, and MEV rewards consistently accumulate. The rETH/ETH exchange rate updates roughly every 24 hours, in line with the Beacon Chain rewards earned by Rocket Pool node operators. ### 1.1.2 Yield Accrual Mechanism As validators propose blocks on the Ethereum chain, a fee recipient address at the Execution Layer receives the tips from the transactions included in the block. Rocket Pool's protocol ensures a fair distribution of these rewards between node operators and rETH pool stakers. The system automatically assigns each node a [Fee Distributor](https://docs.rocketpool.net/guides/node/fee-distrib-sp.html#your-fee-distributor) or the operator can opt into the [Smoothing Pool](https://docs.rocketpool.net/guides/node/fee-distrib-sp.html#the-smoothing-pool) as the fee recipient: - The **Fee Distributor** is a unique contract tied to the node that collects and equitably splits the priority fees between the node operator and the rETH stakers. It functions like a vault for priority fees, with the balance distributable at any time to ensure constant availability of rewards for rETH stakers. - The **Smoothing Pool** is an opt-in contract that allows participating node operators to consolidate and share their priority fees. This pool then evenly distributes these fees among the participants and the rETH pool stakers during each Rocket Pool reward interval, currently set at every 28 days. This model offers a regular and consistent income stream, mitigating the variability associated with block proposal rewards. ### 1.1.3 Provider Fee Rocket Pool has instituted a compensation structure that benefits node operators for their contributions. The protocol operates a fee model which awards node operators a certain percentage of the staking rewards earned by their minipools. This fee, extracted from the earnings of regular stakers, acts as the incentive for node operators within the Rocket Pool system. The protocol currently has a fee rate of 14% for each new minipool created, although the exact commission is locked in for the lifespan of the minipool. Therefore when scanning [node operators](https://rocketscan.io/nodes), there are a range of node operator fees. This is because previously fees had been 15% and at one point was a 5-20% sliding scale. Pre-existing minipools had been grandfathered into the previous fee amount. The protocol extracts no other fee, neither to a treasury nor to RPL tokenholders.  Source: [Token Terminal](https://tokenterminal.com/terminal/projects/rocket-pool) | Date: 05/07/2023 ### 1.1.4 Node Operator Set Rocket Pool provides a platform for individuals to serve as node operators, contributing to the Ethereum protocol's security. Becoming a Node Operator is permissionless. Node operators are tasked with setting up and maintaining computer systems and running minipools. They receive a portion of each validator's ETH rewards, interest on staked RPL, and DAO voting rights. However, they must maintain an RPL stake of at least 10% to qualify for rewards. Node operators are responsible for: - Setting up a computer (either physical or virtual) - Configuring it correctly, including their home network if applicable - Installing Rocket Pool software on it and setting up minipools to perform validation - Securing it, both from outside and inside threats - Maintaining it for the life of their validators Node operators supply either 8 or 16 ETH to each minipool along with some amount of RPL token as insurance. Any penalties, including slashing, are taken from the node operator's collateral. The Rocketpool Node Operator set currently consists of 3,041 staking service providers (on 7/13/2023) who are responsible for running and maintaining the validator nodes. An overview of operators can be found on [Rated.network](https://www.rated.network/o/Rocketpool?network=mainnet&timeWindow=all&viewBy=operator&page=2). Rocket Pool's own [Rocketscan](https://rocketscan.io/snapshot/votingpower) also provides an overview of all node operators active in Lido and their individual performance history. ### 1.1.5 Validator Selection The process of creating a minipool begins with deciding on the amount of ETH to bond. The [Atlas update](https://docs.rocketpool.net/guides/atlas/whats-new.html) (in April 2023) allows for bond amounts of either 8 ETH or 16 ETH. This bond is a validator's stake and is subject to deductions if penalties are incurred for poor performance or protocol violations. The process of initiating a minipool follows these steps: - An `initialized` minipool deployed with the appropriate stake waits in the [queue](https://rocketscan.io/minipools/queue) to receive ETH from the staking pool. - After receiving a full 32 ETH stake, the validator enters the [`prelaunch`](https://rocketscan.io/minipools/prelaunch) phase with a configurable launch timeout that is currently set to 14 days. The operator's ETH collateral is sent to the consensus layer and confirmed by a whitelisted set of oracle DAO operators that the values are correct. - Finally, the minipool enters `staking` status when ETH is sent from the staking pool, allowing the validator to become operational. ### 1.1.6 Validator Collateralization The process of setting up a validator also involves providing additional collateral in the form of RPL tokens. The necessary RPL stake is proportional to the amount borrowed from the staking pool and can range from a minimum of 10% of the borrowed ETH amount to a maximum of 150% of the bonded ETH amount. For instance, for an 8 ETH bond, an operator stakes 8 ETH and borrows 24 ETH from the staking pool. This translates to an RPL stake that ranges from 2.4 ETH worth of RPL (10% of 24) to 12 ETH worth of RPL (150% of 8). RPL is [inflationary](https://rocketscan.io/rpl/inflation), currently set to 5% annual inflation, and is awarded to operators keeping the minimum required stake value as snapshotted on 28-day intervals. If the price of RPL goes down, operators may be required to deposit additional RPL to meet the minimum requirement and continue earning RPL rewards. ### 1.1.7 Governance Model Rocket Pool's dual Decentralized Autonomous Organization (DAO) structure encompasses the Protocol DAO (pDAO) and the Oracle DAO (oDAO). The pDAO holds the power to alter many [parameters](https://github.com/rocket-pool/rocketpool/tree/6a9dbfd85772900bb192aabeb0c9b8d9f6e019d1/contracts/contract/dao/protocol/settings) within the system and can handle protocol funds by spending the DAO treasury and collecting some portion of RPL inflation. The governance of the Protocol DAO (pDAO) is currently managed by a single Externally Owned Account ([EOA](https://etherscan.io/address/0x0cCF14983364A7735d369879603930Afe10df21e)) controlled by the Rocket Pool team. The protocol is currently in a bootstrapping phase, and at some point the team intends to pass off pDAO ownership to a DAO of active node operators with RPL governance stake. The oDAO holds the power to relay information between the consensus and execution layer, including the state of validators and their balances, processing minipool enter/exits, and updating the exchange rates of rETH and RPL. It also votes to update system code. The oDAO is a permissioned sub-set of node operators that can add or remove members, and is currently composed of [18 members](https://rocketscan.io/dao/members). The protocol's governance involves a process of [community-driven proposals](https://dao.rocketpool.net/), discussions, and [Snapshot](https://snapshot.org/#/rocketpool-dao.eth) votes, with voting power primarily vested in active node operators based on their stake amount. Rocket Pool has implemented a governance power scoring system to ensure a balanced distribution of voting influence among participants, using the following calculation: $$\sqrt{Effective RPL Stake} \over 2$$ *Note: "Effective stake" refers to the amount of RPL that is staked on an active minipool.* With a total vote power of 38,893 as of July 14th, the vast majority of node operators have <100 vote power, and a maximum of 1,330.  Source: [Rocketscan](https://rocketscan.io/snapshot) | Date: 11/07/2023 To mitigate the difficulties of active participation, Rocket Pool offers a vote delegation mechanism, allowing members to entrust their voting rights to representatives who share their values. This process is further facilitated by an official delegate system, where delegates' roles and credentials are transparently detailed on a Delegate Profile page. ## 1.2 System Architecture Diagram ### 1.2.1 Network Architecture Overview Rocket Pool uses a hub and spoke architecture whereby the [RocketStorage](https://etherscan.io/address/0x1d8f8f00cfa6758d7bE78336684788Fb0ee0Fa46) contract stores the state of the entire protocol, including all internal protocol addresses. This allows system contracts to be updated by assigning new addresses within the storage contract. Users can acquire rETH by depositing into the [RocketDepositPool](https://etherscan.io/address/0xDD3f50F8A6CafbE9b31a427582963f465E745AF8), which mints them rETH based on the current exchange rate minus a .05% fee. The ETH becomes part of the staking pool in the [RocketVault](https://etherscan.io/address/0x3bdc69c4e5e13e52a65f5583c23efb9636b469d6) and awaits deployment into a minipool. A node operator wishing to create a minipool deposits a minimum of 8 ETH (+ RPL stake worth >10% the borrowed amount) to the [RocketNodeDeposit](https://etherscan.io/address/0x2FB42FfE2d7dF8381853e96304300c6a5E846905) contract, which initiates the following process: - An `initialized` minipool deployed with the appropriate stake waits in the [queue](https://rocketscan.io/minipools/queue) to receive ETH from the staking pool. - After receiving a full 32 ETH stake, the validator enters the [`prelaunch`](https://rocketscan.io/minipools/prelaunch) phase with a configurable launch timeout that is currently set to 14 days. The operator's ETH collateral is sent to the consensus layer and confirmed by a whitelisted set of oracle DAO operators that the values are correct. - Finally, the minipool enters `staking` status when ETH is sent from the staking pool, allowing the validator to become operational. To exit the validator, the operator first exit from the Beacon Chain. After waiting in the withdrawal queue, their balance will be transferred to the minipool contract, at which point they can withdraw their funds. This puts the minipool into the `finalized` state, rendering it inactive. Finally, the operator can withdraw their staked RPL. Users can redeem rETH for ETH from the protocol if there is ETH available in the [rETH token](https://etherscan.io/address/0xae78736cd615f374d3085123a210448e74fc6393) contract. ETH is distributed to the contract when distributeBalance has been called on a minipool contract. Otherwise, rETH can be swapped for ETH on a third party exchange. ### 1.2.2 Architecture Diagram Minipool State Diagram  Source: [Consensus Atlas Audit, 2023](https://consensys.net/diligence/audits/2023/01/rocket-pool-atlas-v1.2/) and [Consensus RP Audit, 2021](https://consensys.net/diligence/audits/2021/04/rocketpool/) ### 1.2.3 Key Components While the Rocket Pool system was designed to be decentralized and permissionless, there are two privileged entities: the [oDAO and the pDAO](https://rocketscan.io/dao). **Oracle DAO (oDAO)** Because of a separation between the consensus and execution layer, a mechanism is required to relay data between them. The oDAO is responsible for transmitting validator status and balances to [RocketNetworkBalances](https://etherscan.io/address/0x07fcabcbe4ff0d80c2b1eb42855c0131b6cba2f4) (this is used to update the rETH:ETH exchange rate) and otherwise shuttling information from off-chain. The oDAO is a whitelisted subset of node operators running Rocketpool's watchtower daemon to automatically push regular updates. There are currently 18 members and the existing members can vote to add new members. As per the system parameter, a threshold of [51% consensus threshold](https://etherscan.io/address/0x320f3aAB9405e38b955178BBe75c477dECBA0C27#readContract#F3) is required for an update to execute. **Protocol DAO (pDAO)** The pDAO is intended to be an on-chain DAO that governs protocol parameters (e.g. enabling/disabling deposits and setting RPL inflation) and spending treasury funds. Currently the pDAO is controlled by a [team EOA](https://etherscan.io/address/0x0cCF14983364A7735d369879603930Afe10df21e) guardian address, although there is a [plan outlined](https://github.com/rocket-pool/rocketpool-research/blob/master/pDAO%20Replacement/pDAO.md) to transfer control to a DAO. During the so-called bootstrapping phase, the EOA address can modify system parameters, handle treasury funds, and claim some portion of RPL inflation through this [contract](https://etherscan.io/address/0x0429cdd8ceace24d4dc2b97ce22a780a407df0e1). **Auctions** A previously unmentioned mechanic is RPL Auctions handled by the `RocketAuctionManager`. If a node operator returns less than the userDeposit, their RPL stake becomes eligible for slashing. The RPL price, as reported by the oDAO, is priced at 100% within the auction and decrements quadratically over blocks to a final price of 50% or whatever price all eligible RPL is bid at. This is considered a rare event that protects users during black swan events. # Section 2: Performance Analysis ## 2.1 Usage Metrics This section evaluates rETH from a quantitative perspective. It analyzes token usage and competitive metrics, and addresses any subsidized economic activity. This section is divided into 3 sub-sections: 2.1: Usage Metrics 2.2: Competitive Analysis Metrics 2.3: Subsidization of Economic Activity ### 2.1.1 Total Value Locked (TVL) Rocketpool has 1.03m ETH in TVL worth 1.85 billion as of 10th July 2023. Although ETH withdrawals were enabled in mid-April, Rocket Pool has experienced increased growth since the upgrade. <iframe width="640px" height="360px" src="https://defillama.com/chart/protocol/rocket-pool?denomination=ETH&include_borrowed_in_tvl=true" title="DefiLlama" frameborder="0"></iframe> Source: [DeFiLlama](https://defillama.com/protocol/rocket-pool) | Date:10/07/2023 ### 2.1.2 Transaction Volume Trading volumes on decentralized exchanges, notably Uniswap, experienced considerable fluctuations. Since April 1st, the lowest activity was recorded on April 29th, 2023 with $454K, while the highest trading volume surged on June 17th, 2023 with $13.77m. rETH daily average tx volume for the period June 4th - July 4th: $2,842,655  Source: [Coingecko](https://www.coingecko.com/en/coins/rocket-pool-eth) | Date: 7/10/2023 ### 2.1.3 DEX Volume The majority of trading volume for rETH is primarily generated through decentralized exchanges (DEXs). Over the past 30 days, the trading activity has varied significantly. The highest trading day was recorded on July 12th, with almost $28 million in trades. On the contrary, the lowest trading day fell on July 5th, with just over $1 million in trades. The daily average trading volume over this period managed to maintain relative stability, coming in at $3,229,561. <iframe src="https://dune.com/embeds/2726520/4538351" height="400" width="700" ></iframe> Source: [Dune Analytics](https://dune.com/queries/2730573/4544305) 24h trade volumes per DEX show that trading activity is distributed across the four primary liquidity venues: Uniswap, Curve, PancakeSwap and Balancer.  Source: [Dex.guru](https://dex.guru/history/token/eth/0xae78736cd615f374d3085123a210448e74fc6393) | Date: 7/15/2023 ### 2.1.4 Average Transaction Size The 7-day average transaction size for rETH stands at $207,533. However, when expanding the timeframe to the last 30 days, the average daily transaction size decreases to $50,056. The minimum and maximum daily averages within this period were $13,523 and $140,312 respectively, highlighting significant fluctuations in rETH transaction sizes.  Source: [IntoTheBlock](https://app.intotheblock.com/coin/RETH/deep-dive?group=financials&chart=avgTrxSize) ### 2.1.5 Trading Volume to Market Capitalization Ratio The daily volume to market cap ratio shows the average daily volume as a percent of the overall marketcap. This indicates how much demand for trading activity rETH has. It is currently .59%, typically ranging between .15% and .25% in the past month. This is comparable to competitors: stETH averages ~.14% and cbETH ~.36%.  Source: [Coingecko](https://www.coingecko.com/en/coins/rocket-pool-eth/historical_data?start=2023-05-14&end=2023-07-13#panel) | Date: 7/12/2023 ### 2.1.6 LSD Token Velocity rETH average daily velocity for last 30 days is 1.92% with lowest day 0.54% and highest 4.74%.  Source: [IntoTheBlock](https://app.intotheblock.com/coin/RETH/deep-dive?group=network&chart=transactions) and [CoinGecko](https://www.coingecko.com/en/coins/rocket-pool-eth/historical_data?start=2023-05-13&end=2023-07-12#panel) | 6/11/2023 to 7/10/2023 ### 2.1.7 Active Addresses/Users Rocket Pool has seen a notable uptick in user engagement following the Atlas upgrade in mid-April (at the time of the Ethereum Shapella upgrade). The platform has experienced a substantial increase in its user base with the weekly user count reaching 408, marking a growth of 43% over the last 30 days. Similarly, the monthly user count has risen to 1549, reflecting a 13.8% increase in the same time period.  Source: [Token Terminal](https://tokenterminal.com/terminal/projects/rocket-pool) | Date: 05/07/2023 ### 2.1.8 User Growth At the time of the merge in September 15, 2022, weekly and monthly user stood at 2,010 and 7,317. Most recent data from Token Terminal shows 2,760 weekly and 11,827 monthly users. User growth since the merge has increased 37.3% for weekly users and 61.6% for monthly users. ### 2.1.9 Integration with Other Protocols Rocket Pool's rETH token has been incorporated into numerous lending protocols on Ethereum, including Aave, MakerDAO, Gravita, and Silo. It also has numerous DEX integrations, including Balancer, Curve, PancakeSwap, Uniswap, and Loopring. Additionally, rETH has been integrated into LSD vault strategies and transferred to layer 2's Arbitrum and Optimism through their respective bridges. Below is a full breakdown of individual DeFi integrations:  Source: [Nansen](https://pro.nansen.ai/token-god-mode/notable?token_address=0xae78736cd615f374d3085123a210448e74fc6393) | 7/14/2023 Below is a breakdown of rETH in DeFi sorted by categories:  Source: [Etherscan](https://etherscan.io/token/0xae78736cd615f374d3085123a210448e74fc6393#balances) | Date: 7/14/2023 The following table lists all DeFi integrations by rETH amount: | PROTOCOL | rETH AMOUNT | CATEGORY | PUBLIC ADDRESS | | --- | --- | --- | --- | | Balancer v2 | 31,105 | DEX | 0xba12222222228d8ba445958a75a0704d566bf2c8 | | MakerDAO: Join RETH A | 28,836 | Lending (CDP) | 0xc6424e862f1462281b0a5fac078e4b63006bdebf | | Aave | 26,561 | Lending | 0xcc9ee9483f662091a1de4795249e24ac0ac2630f | | EigenLayer: rETH Strategy | 15,000 | LSD Vault - re-staking | 0x1bee69b7dfffa4e2d53c2a2df135c388ad25dcd2 | | Optimism: Gateway | 11,856 | Bridge | 0x99c9fc46f92e8a1c0dec1b1747d010903e884be1 | | Arbitrum: L1 ERC20 Gateway | 7,647 | Bridge | 0xa3a7b6f88361f48403514059f1f16c8e78d60eec | | Gravita Protocol: Active Pool | 5,210 | Lending (CDP) | 0x2b0024ecee0626e9cfb5f0195f69dcac5b759dc9 | | OETHVaultProxy | 4,655 | LSD Vault | 0x39254033945aa2e4809cc2977e7087bee48bd7ab | | Curve_fi | 3,353 | DEX | 0x0f3159811670c117c372428d4e69ac32325e4d0f | | unshETH: LSD Vault | 1,832 | LSD Vault | 0x51a80238b5738725128d3a3e06ab41c1d4c05c74 | | Alchemix: alETH Alchemist | 1,318 | Lending, Synth issuer | 0x062bf725dc4cdf947aa79ca2aaccd4f385b13b5c | | PancakeSwap: rETH-ETH Liqudity Pool (0.05%) | 1,306 | DEX | 0x2201d2400d30bfd8172104b4ad046d019ca4e7bd | | Curve_fi | 1,071 | DEX | 0xe7c6e0a739021cdba7aac21b4b728779eef974d9 | | Curve_fi: rETH-wstETH Factory Plain Pool | 878 | DEX | 0x447ddd4960d9fdbf6af9a790560d0af76795cb08 | | Uniswap: V3 rETH-WETH (0.05%) Liquidity Pool | 746 | DEX | 0xa4e0faa58465a2d369aa21b3e42d43374c6f9613 | | Aave: Aave Collector V2 | 743 | Lending | 0x464c71f6c2f760dda6093dcb91c24c39e5d6e18c | | Silo: rETH Silo | 612 | Lending | 0xb1590d554dc7d66f710369983b46a5905ad34c8c | | Loopring: Default Deposit Contract | 551 | L2 DEX (orderbook) | 0x674bdf20a0f284d710bc40872100128e2d66bd3f | | Opyn: Margin Pool | 387 | Derivatives (options) | 0x5934807cc0654d46755ebd2848840b616256c6ef | | Polygon: Zk EVM Bridge Proxy | 379 | Bridge | 0x2a3dd3eb832af982ec71669e178424b10dca2ede | | Passive Uniswap V3 LP | 366 | DEX | 0xdec5adf97b5c575bff6c1ea5539e8279537b03d8 | | Passive Uniswap V3 LP - 2 | 366 | DEX | 0x1e86f55581daab7ed33d89b52d6561b5856e18ff | | zkSync: zySync Era Bridge | 359 | Bridge | 0x57891966931eb4bb6fb81430e6ce0a03aabde063 | | Passive Uniswap V3 LP - 3 | 358 | DEX | 0x1d56b40e64a63563f39450bf3f3529a1c12d6697 | | Passive Uniswap V3 LP - 4 | 348 | DEX | 0x0b28c1c956b72a5a4475a9aae13d90084e7291ca | | IndexCoop: dsETH | 330 | Index | 0x341c05c0e9b33c0e38d64de76516b2ce970bb3be | | Morpho: Seed Funding | 202 | Lending | 0x6abfd6139c7c3cc270ee2ce132e309f59caaf6a2 | Source: [Etherscan](https://etherscan.io/token/0xae78736cd615f374d3085123a210448e74fc6393#balances) | Date: 7/14/2023 ## 2.2 Competitive Analysis Metrics ### 2.2.1 Market Share Rocketpool rETH currently makes up a 7.99% share of the Liquid Staking Derivative sector as of July 6, 2023. It ranks 3rd in marketshare after Lido stETH and Coinbase cbETH.  Source: [DefiLlama](https://defillama.com/lsd) | Date: 07/6/2023 Prior to the merge, Rocket Pool held a relatively small share of the market, representing just 3%. However, Rocket Pool's share has shown steady growth since that time, and has experienced increased growth since the [Atlas upgrade](https://docs.rocketpool.net/guides/atlas/whats-new.html).  Source: [DefiLlama](https://defillama.com/lsd) Date: 7/15/2023 ### 2.2.2 Trading Volume Share in Total LSD Trading Volume rETH has emerged as the third-largest liquid staking derivative (LSD) in the market. Despite the liquidity dominance of wstETH and cbETH, rETH has steadily carved out its own substantial segment in the market. Daily rETH Trading Volume (30d avg) is [$2,813,009](https://www.coingecko.com/en/coins/rocket-pool-eth/historical_data#panel) as of 06/07/2023. rETH share in overal LSD daily volume (for last 30d) is 4.92%. | Liquid Staking Derivative | Average Daily Volume for 30d period (13-06 to 12-07 2023 ) | | --- | --- | | Volume (stETH) | $12,558,163 | | Volume (wstETH) | $29,627,596 | | Volume (cbETH) | $4,665,314 | | Volume (wBETH) | $246,379 | | Volume (rETH) | $2,696,197 | | Volume (frxETH) | $3,672,219 | | Volume (sfrxETH) | $994,956 | | Volume (ankrETH) | $56,604 | | Volume (sETH2) | $196,351 | | Total | $54,713,779 - total ETH LSD tokens avg daily volume (30d) | Source: [CoinGecko](https://www.coingecko.com/en/categories/liquid-staking-tokens) | Date: 6/13/2023 to 7/12/2023 ### 2.2.3 Protocol Staking Yield As per recent data, the 30-day average percentage yield (APY) is at 3.13%, while the weekly average APY sits at 3.21%. Since the Ethereum network's merge, Rocket Pool has sustained an average APY of 4.47%.  Source: [Dune analytics](https://dune.com/rp_community/lst-comparison) | Date: 07/15/2023 As of 13th July the current APR of rETH vs. competitors is: rETH: 3.31% stETH: 4.28% cbETH: 3.28% sfrxETH: 5.20% BETH: 4.09% rETH is being outperformed by most major competitors in terms of staking yield. There are two main factors responsible for this: - **High staking reward fees**: Newly created minipools have a fixed 14% fee. Previously this was a 15% fee, and even earlier was an operator configurable 5-20% fee. Existing [minipool nodes](https://rocketscan.io/nodes) are grandfathered into their fee rate. As a result, the largest node operator has an 18.21% fee rate. These fees in general are higher than most competitors (stETH charges 10% on rewards). - **Congested Validator Queue**: The [Atlas upgrade](https://docs.rocketpool.net/guides/atlas/whats-new.html) introduced 8-ETH bonded minipools, allowing node operators to earn greater yields. Following the upgrade in mid-April, many operators have been migrating, which involves exiting and re-entering validators. This process has caused a congestion in the [validator queue](https://www.validatorqueue.com/) that has temporarily reduced rETH staking yield. The following chart shows actual average APR (yellow) compared to what APR would be with 100% effectiveness (green). Effectiveness refers to the % of ETH in the system actively staking.  Source: [Rocket Pool Discord](https://discord.com/channels/405159462932971535/704196071881965589) | Date: 7/15/2023 ### 2.2.4 Slashing Rate Rocketpool rETH has experienced more slashing events than most of its competitors, except for Lido's stETH. Its losses as a percent of total consensus rewards earned, at about 1.15%, is quite high compared to competitors. However, whereas competitors such as stETH socialize penalty losses across all stETH holders, rETH node operators are required to bond their own ETH and RPL as insurance against penalty losses. Improper node operation leading to penalties and slashing should primarily impact the operator and not rETH holders. | Protocol | Slashing Events | Consensus Rewards Earned | Total Penalties Accrued | Percent Loss from Penalties | | --------------- |:---------------:|:------------------------:|:-----------------------:|:---------------------------:| | Rocketpool rETH | 8 | 17,840.93 ETH | -204.90 ETH | 1.15% | | Coinbase cbETH | 1 | 170,562.99 ETH | -725.40 ETH | 0.43% | | Lido stETH | 11 | 315,147.55 ETH | -1,156.22 ETH | 0.37% | | Frax frxETH | 0 | 2,346.19 ETH | -4.80 ETH | 0.20% | | Binance WBETH | 0 | 108,025.42 ETH | -492.44 ETH | 0.46% | Source: [Rated.network](https://www.rated.network/?network=mainnet&view=pool&timeWindow=1d&page=1) | Date: 7/13/2023 ## 2.3 Subsidization of Economic Activity ### 2.3.1 Existence of an Incentive Program RPL is an inflationary token that launched on September 30th, 2021, with an initial inflation rate of 5%. The inflation is distributed amongst Node Operators, the Oracle DAO (oDAO), and the Protocol DAO (pDAO). The parameters surrounding the inflation rate and its distribution are governed by the pDAO, which currently is a team-controlled EOA but is planned to transition to an on-chain DAO. The Rocketpool staking service, at present, provides an additional RPL yield of 2-3% APY on a typical 32 ETH node, with roughly 62k RPL being distributed monthly. This serves to boost the appeal of operating a node, providing supplementary rewards to the inflationary distribution. As for the inflation distribution, it is currently apportioned as follows: 70% to Node Operators, 15% to the oDAO, and 15% to the pDAO. However, an [active proposal](https://vote.rocketpool.net/#/proposal/0x510383ca82a0096fa670a260692cf7a4097e199ce4f731dc4efd97a21f19f988) at the time of writing will adjust these figures - decreasing the oDAO's allocation to 8% and increasing the pDAO's share to 22%. <iframe src="https://dune.com/embeds/603942/1127441" height="400" width="700" ></iframe> Source: [Dune Analytics](https://dune.com/Finsebbe/RPL-incentives) | Date: 7/14/2023 ### 2.3.2 Size of the Incentive Program in USD Over the past year, the Rocketpool incentive program has allocated 660k RPL to node operators. This reflects a significant proportion of the approximately 1m RPL (70% of total inflation) that has been emitted since the program's inception. The incentive program serves a specific function of aligning node operator interests with the protocol. RPL staked in active minipools is given governance power so additional incentives to active node operators helps the protocol reinforce participation from its most active members. By offering RPL yield, Rocketpool allows for higher staking yields than its competitors. However, the competitive advantage that this may provide is contingent on a variety of factors, including market conditions and participant behavior. Additionally, it's important to note that the forecasted annual inflation is expected to be 977,412 RPL. Given the size of the program and its effect on the total supply of RPL, these figures represent a crucial aspect of Rocketpool's financial model.  Source: [Token Terminal](https://tokenterminal.com/terminal/projects/rocket-pool) | Date: 7/5/2023 # Section 3: Market Risk This section addresses the ease of liquidation based on historical market conditions. It seeks to clarify (1) the Liquid Staking Basis & Volatility of rETH, and (2) the liquidity profile of the collateral. Market risk refers to the potential for financial losses resulting from adverse changes in market conditions. This section is divided into 2 sub-sections: - 3.1: Volatility Analysis - 3.2: Liquidity Analysis ## 3.1 Volatility Analysis ### 3.1.1 Liquid Staking Basis (LSB) *Note: The “Liquid Staking Basis & Volatility Analysis” section is based on data provided by the CoinGecko Terminal API. We used OHLCV (Open, High, Low, Close, Volume) daily data for the analysis.* The LSB (Liquid Staking Basis) represents the price difference between rETH (liquid staking token) and its underlying asset, ETH. It measures the deviation of the rETH fair value from the ETH price.  Source: [CoinGecko](https://www.coingecko.com/en/coins/ethereum/historical_data?start=2023-04-11&end=2023-07-10#panel) | 4/11/2023 to 7/9/2023 The LSB values range from negative to positive, indicating periods when rETH traded at a discount or premium relative to ETH. As seen from the chart, rETH generally trades tightly around the price of ETH. ### 3.1.2 LSD Volatility The following chart shows the daily volatility of rETH over the past 3 months:  Source: [CoinGecko](https://www.coingecko.com/en/coins/ethereum/historical_data?start=2023-04-11&end=2023-07-10#panel) | 4/11/2023 to 7/9/2023 The following chart shows the daily volatility of rETH overlaid with ETH over the same time period:  Source: [CoinGecko](https://www.coingecko.com/en/coins/ethereum/historical_data?start=2023-04-11&end=2023-07-10#panel) | 4/11/2023 to 7/9/2023 rETH's relative volatility to ETH has correlated very closely over the observed time period. ### 3.1.3 Yield Volatility The Compass Staking Yield Reference Index Ethereum (STYETH) is a measure of the annualized daily ETH staking yield. The following chart shows the rETH staking median APY compared with the STYETH:  Source: [DefiLlama](https://defillama.com/yields/pool/d4b3c522-6127-4b89-bedf-83641cdcd2eb) and [Compass STYETH index](https://www.compassft.com/indice/styeth/) | 4/11/2023 to 7/9/2023 RocketPool rETH daily average, highest, and lowest staking APY for the period from 11 April 2023 to 9 July 2023 compared to the Compass Reference Rate - STYETH: - Average daily APY: 4.06% (STYETH average 5.15%) - Min daily APY: 2.87% (STYETH min 4.18%) - Max daily APY: 5.66% (STYETH max 8.31%) ## 3.2 Liquidity Analysis ### 3.2.1 Supported DEXs and CEXs rETH is primarily held across DeFi protocols. A significant majority, just under 80%, is on Balancer, and approximately 20% of the supply is distributed across Curve, PancakeSwap, and Uniswap. Centralized exchanges, such as Coinbase and Kraken, collectively account for less than 1% of total rETH balances, further underlining the asset's strong presence in DeFi.  Source: [Nansen](https://pro.nansen.ai/token-god-mode?token_address=0xae78736cd615f374d3085123a210448e74fc6393) | Date 08/07/2023  Source: [Nansen](https://pro.nansen.ai/token-god-mode?token_address=0xae78736cd615f374d3085123a210448e74fc6393) | Date 08/07/2023 ### 3.2.2 LSD Token Total On-chain Liquidity To obtain the total on-chain liquidity of rETH in $ denomination, we sum up the top 6 rETH liquidity pools. We also aggregate the quantity of rETH present in these five liquidity venues. This data is up to date as of July 8, 2023. | Platform | Pool | TVL | rETH Quantity | | ----------------------- | ------------------- | -------- | ------------- | | Balancer | rETH/WETH | $89.72m | 24,008 | | Balancer | rETH/sfrxETH/wstETH | $43.24m | 5,260 | | Balancer | rETH/Badger | $19m | 4,735 | | Curve.<span>fi (Factory pool) | rETH/ETH | $17.96m | 4,602 | | Uniswap V3 | rETH/WETH | $5.04m | 784 | | Curve<span>.fi (Factory pool) | rETH/frxETH | $3.56m | 926 | | **Total** | | $178.52m | 39,775 | Source: [Nansen](https://pro.nansen.ai/token-god-mode?token_address=0xae78736cd615f374d3085123a210448e74fc6393) | Date 08/07/2023 ### 3.2.3 Liquidity Utilization Rate The liquidity utilization rate has been quite volatile over the past 30 days, ranging from 20.3% on June 16th to 1.16% on July 5th.  Source: [Dune Analytics](https://dune.com/kolten/reth-liquidity) and [DexGuru](https://dex.guru/liquidity/token/eth/0xae78736cd615f374d3085123a210448e74fc6393) | 6/11/2023 to 7/10/2023 ### 3.2.4 LSD Leverage Ratio rETH is adopted by two key lending protocols: Maker DAO and AAVE. Maker DAO hosts 28,811 rETH with a Loan-to-Value (LTV) parameter set at 68.5%. AAVE sustains 24,718 rETH with a lower LTV of 60%. Additional lending platforms include Silo and Gravita, although there is substantially less rETH in those protocols. | Lending protocol | rETH | rETH $ Value | Max LTV | LT | Utilization Rate | | ---------------- | ------ | ------------ | ------- | ----- | ---------------- | | [Maker DAO](https://messari.io/pool/makerdao-ethereum-0xc6424e862f1462281b0a5fac078e4b63006bdebf) | 28,811 | $59,638,770 | 68.5% | 79.5% | ~37% | | [Silo Finance](https://app.silo.finance/silo/0xB1590d554dC7d66F710369983b46a5905AD34c8c?screen=deposit) | 618.622 | $1,280,547 | 80% | 85% | 2% | | [Gravita](https://app.gravitaprotocol.com/pool) | 5,208.19 | $10,780,953 | 85% | | ~44.03% | | [AAVE](https://app.aave.com/reserve-overview/?underlyingAsset=0xae78736cd615f374d3085123a210448e74fc6393&marketName=proto_mainnet_v3) | 24,718 | $51,166,260 |67% (e-mode 90%) | 74% (e-mode 93%) | 1.67% | ### 3.2.6 Slippage As per DefiLlama’s token liquidity tool, a swap size of around 19,000 rETH will yield a 1% slippage when converting from rETH to ETH. This equates to approximately $38.22 million at the prevailing market prices. Notably, rETH's liquidity is primarily located on decentralized exchanges (DEXs), and as such, it offers lower slippage compared to centralized liquid staking tokens such as cbETH and WBETH.  Source: [DefiLlama](https://defillama.com/liquidity) | Date: 08/07/2023 # Section 4: Technological Risk This section addresses the persistence of collateral properties from a technological perspective. It aims to convey, (1) where technological risk arises that can change the fundamental properties of the collateral (e.g. unresolved audit issues), and (2) do any composability/dependency requirements present potential issues (e.g. is a reliable pricefeed oracle available?). This section is divided into 3 sub-sections: - 4.1: Smart Contract Risk - 4.2: Product and Layer Composability - 4.3: Oracle Pricefeed Availability ## 4.1 Smart Contract Risk ### 4.1.1 Protocol Audits The Rocketpool protocol has gone through several audits: - [Consensys Audit](https://consensys.net/diligence/audits/2021/04/rocketpool/#rocketpool-cli---lax-data-validation-and-output-sanitation) released April 2021 - [Sigma Prime Audit](https://rocketpool.net/files/sigma-prime-audit.pdf) released May 2021 - [Trail Of Bits Audit](https://github.com/trailofbits/publications/blob/master/reviews/RocketPool.pdf) released September 9 2021 - [Sigma Prime Audit](https://rocketpool.net/files/sigma-prime-fix-review.pdf) released November 2021 - [Consensys Audit- Atlas (v1.2)](https://consensys.net/diligence/audits/2023/01/rocket-pool-atlas-v1.2/) released January 2023 Almost all of the issues that were raised were either fixed or acknowledged. Most of them were fixed, and all critical issues were fixed. ### 4.1.2 Concerning Audit Signs Although the Rocketpool team acknowledged and fixed most of the issues raised in each audit. There are still some details that we need to keep in mind. - The RocketStorage contract is initially deployed with the Guardian/Bootstrapping role, granting privileges to bootstrap the TrustedNode and Protocol DAO, add members, upgrade components, and change settings. Additionally, RocketDaoNodeTrusted implements a recovery mode, allowing registered nodes to join the DAO without approval if the member count is below a certain threshold. This opens a window for any Ethereum address to register as a node and become a trusted member, potentially taking control of the DAO by issuing proposals and executing them. This is an unlikely circumstance since the current member count is 18 and the minimum is set to 3. ### 4.1.3 Bug Bounty Rocketpool has a bug bounty program with [Immunefi](https://immunefi.com/bounty/rocketpool/). All the smart contracts are in scope. The payouts are handled by the Rocket Pool team directly and are denominated in USD, but paid in RPL tokens. The rewards range from $5,000 to $250,000 worth of RPL tokens, depending on the severity of the vulnerability. This program has also led to the detection of a [frontrun vulnerability](https://medium.com/immunefi/rocketpool-lido-frontrunning-bug-fix-postmortem-e701f26d7971), which has been fixed. ### 4.1.4 Immutability The smart contracts are upgradable, apart from `RocketVault.sol`. It follows a Proxy Pattern. This pattern involves separating the contract's logic from its data storage (`RocketStorage.sol`), allowing for the upgrade of the contract's logic while preserving the existing data. ### 4.1.5 Developer Activity The [Rocket Pool](https://github.com/rocket-pool) repositories are very active. Not only are the smart contracts being developed actively, but the smart nodes repository too. In the smart contract repository, the last commit was on 21st June 2023. Meanwhile the last commit in the smart node repository is on July 8, 2023. ### 4.1.6 SC Maturity The current Rocketpool token was deployed on September 30, 2021. The rETH contract was also deployed on the same day. The recent ["Atlas" upgrade](https://etherscan.io/tx/0x78adcfc97632d86ea9dbfadcbabbf6257baf1893b81e8d1cd69d09ec1c8ef3b4) happened on 17 April 2023 to accommodate upgrades to Ethereum staking. A related governance post can be found [here](https://github.com/rocket-pool/RPIPs/blob/main/RPIPs/RPIP-16.md). All of these contracts were deployed by this [deployer](https://etherscan.io/address/0x0ccf14983364a7735d369879603930afe10df21e), so one can peruse the activity of this address to see what contracts are being deployed. ### 4.1.7 Previous Incidents On May 26, 2022, two Oracle DAO nodes (oDAO) operated by Rocket Pool were compromised, resulting in the theft of ETH and RPL tokens from the node accounts. The breach occurred when a team member's workstation was hijacked using a remote execution exploit. The presence of unencrypted SSH keys on the workstation allowed the attacker to access the private keys of the oDAO nodes and drain the associated accounts. The post mortem can be found [here](https://dao.rocketpool.net/t/post-mortem-security-incident-26-05/701). ## 4.2 Product and Layer Composability ### 4.2.1 Dependencies **RocketBase**: Many system contracts inherit from RocketBase, which provides access control modifiers and correctly implements getters and setters for system-wide functionality. Since this could potentially be a **single point of failure**, Trail of Bits' audit extensively **checked all the access control features using fuzz tests**. **RocketStorage**: This contract serves as the central storage for system data. It has its own access control modifier and provides direct getters and setters for various data types. It also manages the guardian mechanism and allows for changing a node's withdrawal address. Could serve as a **single point of failure**, which is why this smart contract was also **extensively audited**. **RocketVault**: Responsible for holding the system's ether and token balances. It enables other contracts to deposit and withdraw ether and tokens, transfer tokens, and burn tokens. Careful attention is paid to ensuring correct functionality and avoiding common pitfalls related to token and ether transfers. This contract is **not upgradable at all**. A comment in the smart contract says **“ETH and rETH are stored here to prevent contract upgrades from affecting balances”**. Various audits have identified this as a potential single source of failure and hence have audited it multiple times, which proves the veracity of safety of this contract. **RocketDepositPool**: Handles users' ether deposits. This contract ensures that the deposit flow meets the correct preconditions, such as minimum and maximum values. It also ensures that rETH tokens are minted accurately based on the deposited amount. Proper management of ether flow and the creation and assignment of minipools to node operators is also considered. Multiple reports have mentioned that this **contract might be gas heavy**, making it **harder for clients to guess the gas needed**. **RocketNodeManager**: Manages the registration of new decentralized nodes, updates to their time zones, and the aggregation of storage values for other contracts. The process of registering nodes, handling time zones, and implementing view methods are thoroughly reviewed. **RocketNodeDeposit**: Facilitates the deposit of ether staked by nodes. The contract ensures proper handling of ether flow and the creation of minipools. User deposits are appropriately assigned to the corresponding minipools. **RocketNodeStaking**: Allows nodes to stake RPL tokens to enhance the protocol's confidence in them. Verification includes ensuring the correct staking process, proper handling of arithmetic operations, and robust stake withdrawal and slashing mechanisms. **Minipool Contracts**: Each contract represents a minipool, acting as a bridge between the Rocket Pool network and the Eth2 deposit contract. Key aspects include proper interaction with the RocketMinipoolQueue and AddressQueueStorage, handling different deposit types, minipool creation and destruction, and delegation mechanisms. **AddressQueueStorage**: A utility contract defining a priority queue data structure. Thorough testing, including **fuzzing with various test properties and sequences**, was conducted to assess the consistency and correctness of the exposed priority queue API. **RocketTokenRETH**: Represents the rETH token, which reflects the yield realized by Rocket Pool network nodes. The contract ensures accurate calculation of exchange rates and applies appropriate access controls on authorized methods. **RocketTokenRPL**: Represents the RPL token, the primary network token with inflationary properties. The contract facilitates the minting of new RPL tokens distributed by the RocketRewardsPool. It ensures that tokens can be minted only once per period, the correct number of tokens are minted, and new RPL tokens are accurately deposited into the rewards pool. ### 4.2.2 Withdrawals Processing Atlas upgrade introduces a delegate contract designed for minipools, enabling node operators to fairly distribute the ETH balance of the minipool. The distribution splits the balance evenly between the node operator and the rETH holders, considering any applicable commission. Notably, this feature grants node operators instant access to their Beacon Chain rewards. Additionally, the portion allocated to rETH holders is returned to the deposit pool, allowing them to unstake rETH for ETH based on the protocol's exchange rate or utilize it to create new minipools. Hence, the **Atlas upgrade enables immediate withdrawals, so long as there is ETH available in the deposit pool or the rETH contract**. In some cases, there may not be a surplus of ETH available that inhibits the protocol's ability to process withdrawals. In situations where rETH has depegged and there is no ETH available, there is an incentive for node operators to buy rETH at a discount, exit their minipool, and arbitrage their withdrawn ETH. Validator withdrawals can be an unpredicatably lengthy process, and it is unknown how efficient this arbitrage mechanism can be in practice. ## 4.3 Oracles Pricefeed Availability ### 4.3.1 Understanding the Oracle The [rETH/ETH](https://data.chain.link/ethereum/mainnet/crypto-eth/reth-eth) Chainlink price feed uses an adapter to pull the rETH/ETH price and convert it into a USD equivalent within a single contract. This method extracts the ratio between rETH and ETH, and uses a separate Chainlink price feed to obtain the ETH/USD price. The Chainlink price feed sources data from 16 Oracle providers, which are a combination of decentralized and centralized exchanges. For accuracy and security, the price feed mandates consensus from a minimum of 11 Oracle providers. The price feed activates either on a 24-hour heartbeat or when a price deviation of 2% or greater is detected. ### 4.3.2 Token Liquidity and Distribution rETH liquidity is primarily distributed across Balancer, Curve, PancakeSwap, and Uniswap. These pools account for approximately 73%, 14%, 7% and 6% of DEX token liquidity respectively.  Source: [Dex.guru](https://dex.guru/liquidity/token/eth/0xae78736cd615f374d3085123a210448e74fc6393) | Date: 7/14/2023 Dex.guru calculates total rETH on-chain liquidity as $71.1m. While this demonstrates significant liquidity of rETH, the high concentration within these three platforms highlights the potential susceptibility of rETH to price manipulation within these Decentralized Exchanges (DEXs). ### 4.3.3 Attack Vectors **Balancer Concentration:** The rETH liquidity is heavily dependent on Balancer, with the majority of the TVL (~73%) held here. This reliance exposes the system to potential vulnerabilities. If an attacker were to gain control over a significant part of this pool, it could potentially lead to the manipulation of the rETH market and influence the Chainlink price feed. **Volume-Weighted Asset Pricing:** Chainlink uses VWAP to produce its aggregated market price. A significant amount of rETH volume takes place on Uniswap despite it being one of the smallest pools by TVL. Higher price weighting on a low liquidity exchange may increase the possibility of manipulation on the Uniswap market. **Chainlink Data Update Frequency:** rETH's reliance on Chainlink's 24-hour heartbeat and 2% price deviation trigger for price updates could pose risks. This is especially relevant during periods of intense market volatility, where price updates may not be as immediate as necessary. ### 4.3.4 Associated Vulnerabilities **Potential for Bad Debt:** Manipulation of the price feed, if it were to occur, could contribute to the creation of bad debt within the protocol. The accuracy of price feeds is integral to lending protocols in order to maintain correct collateralization ratios. Any manipulation may lead to the accrual of bad debt. **Risk of Faulty Liquidation:** If an oracle were manipulated to significantly lower the collateral asset price, this could prompt improper liquidations. Such an event could result in substantial financial losses for users and disrupt the usual functioning of the lending protocol. # Section 5: Counterparty Risk This section addresses the persistence of rETH’s properties from an ownership rights perspective (i.e. possession, use, transfer, exclusion, profiteering, control, legal claim). The reader should get a clear idea of (1) who can legitimately change properties of the collateral (e.g. minting additional units) and what their reputation is, (2) the extent that changes can be implemented and the effect on the collateral. This section is divided into 4 subsections: - 5.1: Governance - 5.2: Decentralization of the LSD - 5.3: Economic Performance - 5.4: Legal ## 5.1 Governance ### 5.1.1 Governance Scope Rocket Pool's [governance](https://rocketscan.io/dao) revolves around two key elements: the Protocol DAO (pDAO) and the Oracle DAO (oDAO). These entities together control treasury funds and have operational control over system contract upgrades and setting system parameters. **pDAO** The pDAO, run by RPL governance, forms the decision-making body for Rocket Pool Improvement Proposals ([RPIPs](https://rpips.rocketpool.net/)). Node operators possess pDAO voting power through their effectively staked RPL, modified to balance vote power with the following formula: $$\sqrt{Effective RPL Stake} \over 2$$ "Effective Stake" places a requirement that the operator must have staked the RPL on validators that they are currently running to qualify for governance power. Despite having a token voting process in place for the pDAO, the protocol is currently in a bootstrapping phase whereby voting takes place on [Snapshot](https://rocketscan.io/snapshot) and execution relies on a single [guardian EOA](https://etherscan.io/address/0x0cCF14983364A7735d369879603930Afe10df21e). In response to criticism about operational centralization, Rocket Pool has [proposed](https://github.com/rocket-pool/rocketpool-research/blob/master/pDAO%20Replacement/pDAO.md) a governance upgrade that would maintain the same governance model but pass access control to tokenholders. It would also introduce a security council multisig for a subset of emergency actions (e.g. system pause). The timeline of the upgrade is unknown. **oDAO** The oDAO, on the other hand, comprises oracle nodes responsible for executing various oracle tasks vital to the protocol and also votes to update system contracts. The oDAO is vital for bridging the information gap between Ethereum's Execution Layer (EL) and the Consensus Layer (CL), where validator activities occur. Any data relayed to the protocol by the oDAO must receive majority consensus among the members to ensure data integrity and prevent malicious behavior. These nodes are part of an on-chain DAO and fulfill additional duties for the protocol. Contract upgrades are approved by a 51% on-chain approval from oDAO members. Currently there are 18 members and members can be added or removed by existing oDAO members. DAO settings are [configurable parameters](https://rocketscan.io/dao/settings). ### 5.1.2 Access Control **pDAO Access Control** The [guardian address](https://etherscan.io/address/0x1d8f8f00cfa6758d7bE78336684788Fb0ee0Fa46#readContract#F6) can change [major parameters](https://github.com/rocket-pool/rocketpool/tree/6a9dbfd85772900bb192aabeb0c9b8d9f6e019d1/contracts/contract/dao/protocol/settings) within the protocol. Params in the following contracts can be changes: | Contract | Function | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------ | | [RocketDAOProtocolSettingsAuction.sol](https://github.com/rocket-pool/rocketpool/blob/6a9dbfd85772900bb192aabeb0c9b8d9f6e019d1/contracts/contract/dao/protocol/settings/RocketDAOProtocolSettingsAuction.sol) | Handles settings related to auction | | [RocketDAOProtocolSettingsDeposit.sol](https://github.com/rocket-pool/rocketpool/blob/6a9dbfd85772900bb192aabeb0c9b8d9f6e019d1/contracts/contract/dao/protocol/settings/RocketDAOProtocolSettingsDeposit.sol) | Handles settings related to deposits | | [RocketDAOProtocolSettingsInflation.sol](https://github.com/rocket-pool/rocketpool/blob/6a9dbfd85772900bb192aabeb0c9b8d9f6e019d1/contracts/contract/dao/protocol/settings/RocketDAOProtocolSettingsInflation.sol) | Handles settings related to inflation | | [RocketDAOProtocolSettingsMinipool.sol](https://github.com/rocket-pool/rocketpool/blob/6a9dbfd85772900bb192aabeb0c9b8d9f6e019d1/contracts/contract/dao/protocol/settings/RocketDAOProtocolSettingsMinipool.sol) | Handles settings related to minipools | | [RocketDAOProtocolSettingsNetwork.sol](https://github.com/rocket-pool/rocketpool/blob/6a9dbfd85772900bb192aabeb0c9b8d9f6e019d1/contracts/contract/dao/protocol/settings/RocketDAOProtocolSettingsNetwork.sol) | Handles settings related to the network | | [RocketDAOProtocolSettingsNode.sol](https://github.com/rocket-pool/rocketpool/blob/6a9dbfd85772900bb192aabeb0c9b8d9f6e019d1/contracts/contract/dao/protocol/settings/RocketDAOProtocolSettingsNode.sol) | Handles settings related to node operators | | [RocketDAOProtocolSettingsRewards.sol](https://github.com/rocket-pool/rocketpool/blob/6a9dbfd85772900bb192aabeb0c9b8d9f6e019d1/contracts/contract/dao/protocol/settings/RocketDAOProtocolSettingsRewards.sol) | Handles settings related to rewards | Through the [RocketDAOProtocol](https://etherscan.io/address/0x0429cdd8ceace24d4dc2b97ce22a780a407df0e1) contract, it is able to set parameters for system contracts, handle Treasury funds in the [RocketVault](https://etherscan.io/address/0x3bdc69c4e5e13e52a65f5583c23efb9636b469d6#code), and collect some portion of the RPL inflation. **oDAO Access Controls** Oracle nodes monitor several key elements: - **Minipool Validator Balances:** The performance of each validator, referred to as a Minipool, needs to be tracked so the protocol can accurately calculate the overall network performance and set the correct exchange rate for rETH to ETH conversions. - **RPL:ETH Ratio:** This is required when node operators deposit ETH, as they must also provide at least 10% of the ETH value in RPL as insurance to the protocol. The RPL:ETH ratio must be agreed upon by more than 50% of ODAO members to ensure fairness. - **Validator credentials:** Ensuring validator public keys aren't already in use, and have the proper withdrawal credentials so the protocol can safely fund them. - **Validator Processes:** Onboarding and offboarding minipools, including to process transition requests between 16-ETH minipools and 8-ETH minipools. - **Epoch Rewards:** Constructing the rewards Merkle tree at the end of each rewards period and uploading it to IPFS for other node operators to access. - **Contract Upgrades:** The oDAO votes on contract upgrades, such as [vote ID 13](https://rocketscan.io/dao/proposals) that executed the Atlas upgrade to handle ETH staking withdrawals based on on-chain approvals from 10 of its 18 members. ### 5.1.3 Distribution of Governance Tokens In 2017, the initial distribution of 18 million $RPL tokens was created through a [presale and crowdsale](https://medium.com/rocket-pool/rocket-pool-token-presale-9d0832477894), which served as a catalyst for early interest and investment in the rETH platform.  Source: [Research article](https://www.cryptoeq.io/articles/rocketpool) | Date: 14/07/2023 The total [RPL token supply](https://rocketscan.io/rpl) stands at 19,547,495.80, accompanied by an annual inflation rate of 5%. The distribution methodology of RPL tokens has been carefully designed to fortify the operations and safeguard the robustness of the network. In this distribution model, node operators are apportioned a significant 70% of all new tokens, a proportion that reflects their pivotal role in maintaining network performance. The oDAO and pDAO Treasury each receive a 15% allocation of the new tokens. The oDAO performs essential operational functions involving data availability and updating contracts. Concurrently, the pDAO Treasury allocates their tokens to propel a variety of projects, contributing to the ongoing expansion of the rETH ecosystem. ### 5.1.4 Proposals Frequency During May, Rocketpool's pDAO conducted two [Snapshot](https://vote.rocketpool.net/#/) votes. The proposals concerned the extension of the IMC Charter and an improvement in the transparency of oDAO Health. Each proposal garnered substantial participation, with quorums exceeding 121% in both instances. The pDAO employs a 14-day timeframe for the voting process before finalizing the outcomes, providing stakeholders sufficient opportunity for involvement in the protocol's decision-making processes. Moreover, the pDAO displays an active governance ecosystem with regular monthly proposals. As of the time of this report, there are three active proposals. The level of participation generally ensures that most proposals reach their quorum, indicating robust community engagement in governance matters. ### 5.1.5 Participation RocketPool operates with a total voting power of 39,281, with the quorum requirement set at 6100. This translates to approximately 15.5% of the total voting power required for a vote to be considered legitimate. There is no single voter dominating the voting power.Looking at the last two votes, participation was calculated at 18.8% and 17.8% respectively, which surpasses the quorum requirement. Despite this, it's noteworthy to observe that the participation does not greatly exceed the quorum, indicating a moderate level of engagement from the voting members. Recent proposals have over 200 unique voters, indicating a substantially higher interest in governance participation than most DAOs. Furthermore, it's worth highlighting that there are consistent monthly proposals, with three active proposals at the time of this report. These proposals generally reach the required quorum, demonstrating an ongoing active involvement from the community in the governance of the protocol. ## 5.2 Decentralization of the LSD ### 5.2.1 Number of Node Operators As of 9th July there are 3,000 node operators. Node Operator registration rates increased greatly in May 2023 with 298 registrations.  Source: [Rocketscan](https://rocketscan.io/nodes) | Date: 7/9/2023 ### 5.2.2 Validators per Node Operator According to data from [Rocketpool website](https://stake.rocketpool.net/network), of the 3,061 node operators (7/14/2023), 39 have >99 minipools. Most operators have 1 minipool (1095 operators). There is an average of 8.84 minipools per node operator. <img src="https://hackmd.io/_uploads/rkDHCN793.png" alt="drawing" width="300"> ### 5.2.3 Validator Enter/Exit (Churn) According to Rated.network, there were 3,194 validators activated and 399 exited in the past 30 days.  Source: [Rated Network](https://www.rated.network/o/Rocketpool?network=mainnet&timeWindow=30d&viewBy=aggregate) | Date: 7/12/2023 Minipools being onboarded wait in a queue to process their validator. Following the Atlas update on April 18th, a new minipool type was added that requires only 8 ETH instead of 16. Many operators transitioned their minipool to 8 ETH pools, causing a massive spike in the queue from mid-April to mid-June. The queue has since declined to normal levels.  Source: [RocketScan](https://rocketscan.io/minipools/queue) | Date: 7/17/2023 ### 5.2.4 Stake Distribution Across Geographic Jurisdictions Most stake is managed by node operators in North America (39.07%) followed by Europe (26.72%). Those two regions make up a mojority of stake distribution.  Source: [stake.rocketpool.net](https://stake.rocketpool.net/network) | Date: 7/12/2023 ### 5.2.5 Node Software Diversity According to [Rated.Network](https://www.rated.network/o/Rocketpool?network=mainnet&timeWindow=30d&viewBy=aggregate), the RocketPool client distribution is: * Lighthouse - 41.9% * Teku - 31.9% * Nimbus - 16.6% * Prysm - 9.6% This appears to be more diverse than most major competitors. ## 5.3 Economic Performance ### 5.3.1 Revenue Source Rocket Pool charges a 14% fee on staking yield, which, as of now, is exclusively distributed to the node operators with active minipools. The protocol itself does not take a fee and the function of the RPL token within the network is as a mandatory collateral in case of penalty losses. The revenue of Rocket Pool's rETH staking yield is determined by a number of factors. These include the rewards from the Ethereum consensus layer, the execution layer rewards (including Minor Extractable Value and network usage), the total amount of ETH staked through Rocket Pool, and the prevailing USD price of Ethereum. ### 5.3.2 Revenue As of July 13, 2023, Rocket Pool has a total of 374,213 ETH staked, generating a return of 3.13% APY. It's crucial to note that, at the present moment, there is no value captured directly by the DAO. All generated revenues are exclusively distributed to the node operators within the Rocket Pool network. ### 5.3.3 Net Profit Since Rocketpool does not extract a protocol fee, it could be thought of as a node operator co-op and revenue shared with node operators as the protocol's profit. According to [rocketpool.net](https://rocketpool.net/#security), node operators can earn an average 8.52% APR. Rocketscan shows that of a total 25,801 minipools, 15420 are 8 ETH deposit pools and 10381 are 16 ETH deposit pools. <img src="https://hackmd.io/_uploads/HJq1ZHmc3.png" alt="drawing" width="450"> Source: [RocketScan](https://rocketscan.io/minipools) | Date: 7/14/2023 This implies operators are borrowing stake worth (15420*24) + (10381*16) = 536,176ETH. Assuming a blanket fee of 14% and an average staking yield of 4.4%, node operators are collectively earning ~3,303 ETH/year from borrowed ETH. The actual returns will likely be substantially different based on unpredictable factors mentioned in section 5.3.1. ## 5.4 Legal *See also our general [LSD Legal Framework Considerations](https://docs.google.com/document/d/e/2PACX-1vRQttlfMTK-kUzPAn_Rx0Mwt_K7pVYK-w27AbxU7iFxMqZctme2Sd_PAhpBHCmVMAUsA7B1KNhVTojH/pub)* ### 5.4.1 Legal Structure Rocket Pool Pty Ltd is an Australian Private Company designated as the owner and operator of https://rocketpool.net/, which serves as the user interface for the decentralized Rocket Pool Protocol. The company was officially registered on May 10, 2018, and since then, it has been maintaining active status with the [Australian Business Register](https://abr.business.gov.au/ABN/View/65626068951). As a private company incorporated in Australia, Rocket Pool Pty Ltd is governed by the laws and regulations of the Commonwealth of Australia. The [record](https://connectonline.asic.gov.au/RegistrySearch/faces/landing/panelSearch.jspx?searchText=626068951&searchType=OrgAndBusNm&_adf.ctrl-state=17k80jtm92_32) on the Australian Securities & Investments Commission (ASIC) page confirms the private status of the company, meaning that it is not listed on the stock exchange and is not included in the description of Australian public company or cooperative. ASIC regulates Australian companies, financial markets, and financial services organizations and professionals who deal and advise in investments, superannuation, insurance, deposit-taking, and credit. Based on our research, Rocket Pool Pty Ltd is not currently listed on the ASIC register as an Australian Financial Services Licence (AFSL) holder. Additionally, no AFSL number is visibly displayed on their website. This suggests that the Company may not be licensed by ASIC to provide financial services in Australia. In the context of its involvement with the Rocket Pool Protocol, Rocket Pool Pty Ltd is presumably responsible for managing the website, maintaining the user interface, and handling any off-chain activities or responsibilities associated with the protocol. ### 5.4.2 Licenses Australian entities providing services in relation to crypto-asset-related products should be aware that some such products may be financial products. ASIC's [INFO 225](https://asic.gov.au/regulatory-resources/digital-transformation/crypto-assets) provides guidance on the circumstances in which a crypto-asset-related offering may be a financial product. A range of Australian laws apply to entities giving advice, dealing, providing insurance, or providing other intermediary services for crypto-assets that are financial products. These include the requirement to hold an AFS licence or appropriate authorisation by an AFS licence holder. **As of the current date, Australian regulatory bodies have not implemented a distinctive framework concerning crypto staking or classified staking as a financial product or an auxiliary service to a financial product**. Presently, Rocket Pool entity is leveraging the existing status quo where staking operations remain unregulated. It is under this premise that hosting of an interface to provide access to Rocket Pool protocol does not constitute the undertaking of financial services business. An explicit delineation made in website terms may serve as a protective measure against potential regulatory actions. Тhe commencement of civil penalty proceedings by ASIC against [Finder Wallet](https://asic.gov.au/about-asic/news-centre/find-a-media-release/2022-releases/22-359mr-finder-wallet-sued-for-alleged-unlicensed-conduct-and-inadequate-risk-disclosure-over-finder-earn-product/) and [Blocker Earner](https://asic.gov.au/about-asic/news-centre/find-a-media-release/2022-releases/22-324mr-asic-sues-block-earner-for-unlicensed-conduct-over-crypto-asset-based-products/) are clear indications of the regulator's current stance towards centralized crypto staking products. Finder Earn is allegedly considered a debenture because customers deposited money with Finder Wallet on the understanding that their money would ultimately be repaid, together with a return for allowing Finder Wallet to use their capital. Block Earner offered a range of fixed-yield earning products based on crypto-assets, all collectively representing a managed investment scheme, a facility through which a person makes a financial investment, and/or a derivative. These actions underscore the regulatory scrutiny that such products are currently under, and the attention being paid to ensure that they comply with existing financial service regulations. ASIC lawsuits represent an important juncture in the regulation of crypto-assets in Australia, particularly staking products, as they may set a precedent for how such services are treated from a legal perspective in the future. The outcome of these legal proceedings will likely play a pivotal role in determining whether staking is considered a financial service under existing regulations or if there will be a need for a revised regulatory frameworks to address these novel forms of services. ### 5.4.3 Enforcement Actions As of the time of our review, we have not identified any reports or credible sources indicating the involvement of Rocket Pool Pty Ltd or other persons associated with Rocket Pool in past or ongoing lawsuits or enforcement actions. ### 5.4.4 Sanctions Rocket Pool provides its node operators with connections to a variety of relays: https://docs.rocketpool.net/guides/node/mev.html  Relays that adhere to OFAC sanctions comply with the list of blocked addresses maintained by the United States Office of Foreign Assets Control (OFAC). Rocket Pool strongly advises users to enhance their understanding of OFAC sanctions and network censorship, and make a thoroughly considered decision about the relays they will use and the level of compliance they will follow. ### 5.4.5 Liability Risk Rocket Pool Pty Ltd appears to be protected to a significant degree under the [Terms of Service](https://rocketpool.net/files/terms-of-service.pdf). - Access to the site is provided "as is" and "as available", and Rocket Pool doesn't guarantee constant, uninterrupted availability. - Rocket Pool can limit or terminate access to the site at its sole discretion, which might be the case, for example, if a user breaches the given terms. Any loss or damage due to site unavailability will not be Rock Pool’s liability. - Users are obligated to comply with all applicable laws and regulations, and ensure their actions on the site do not violate any laws or regulations. - All risks related to the interaction with Smart Contracts lie entirely with the user, with Rocket Pool not being party to these contracts. - The user's access to their cryptocurrency assets can be suspended or terminated at any time, and Rocket Pool will not bear responsibility for the consequences, including potential decrease in value of the assets. - By using the site, users agree to assume all risk and to expressly waive and release Rocket Pool from any liability or damages arising from the use of the site or Smart Contracts. Key Point Summary of Disclaimers: - Rocket Pool Pty Ltd does not guarantee that the site will be secure or free from bugs or viruses. The responsibility of maintaining the security and integrity of the user's information technology, computer programs, and platform falls upon the user. - All content and materials on the Site are solely for informational purposes and should not be seen as any form of advice or recommendation. The company explicitly discourages users from considering it as an invitation or recommendation to buy or sell investments, securities, or financial services. - The Site is not intended to be relied upon by users for making any specific investment or other decisions, and independent financial advice is recommended. - Nothing included on the site is an offer or solicitation to sell, or distribution of, investments and related services. This, combined with the liability waivers, offers Rocket Pool considerable protection against potential legal disputes or claims. Nonetheless, the enforceability of these clauses could be subject to the specific laws and regulations of the jurisdiction(s) where users are based. ### 5.4.6 Adverse Media Check Upon conducting an open search, several instances of adverse media pertaining to Rocket Pool have been identified. These instances primarily revolve around malicious activities carried out by third parties, exploiting the Rocket Pool brand for fraudulent purposes. - 1,354 [NFTs fraudulently created](https://twitter.com/realScamSniffer/status/1672157571590008832), ostensibly mimicking legitimate airdrops from several reputable projects including RocketPool, ApeCoin, Polygon, Uniswap, and Aave. These deceptive NFTs are not associated with Rocket Pool or the other projects mentioned. - A [phishing attack](https://crypto.news/investor-loses-3-8m-worth-of-tokens-in-phishing-attack/) targeting a cryptocurrency investor resulted in a significant loss of approximately $3.8 million worth of Rocket Pool tokens. It is essential to note that this attack was not directly linked to Rocket Pool, but rather to malicious actors exploiting the investor's trust in the brand. - Rocket Pool has reported an incident involving a [counterfeit Twitter account](https://www.reddit.com/r/rocketpool/comments/ut99vj/beware_of_fake_rocket_pool_scam_airdrop/), falsely announced an airdrop event in an attempt to lure unsuspecting users. Rocket Pool has issued a warning about this scam, advising users not to interact with the fraudulent website or connect their wallets to it. - [Medium post](https://medium.com/@galileo.condechi/the-simple-math-behind-rocketpool-ico-scam-5d9a2fcfcf8a) was found alleging a Rocket Pool ICO scam. However, this claim is unsupported by substantial evidence, and its veracity remains uncertain. # Section 6: Risk Management This section will summarize the findings of the report by highlighting the most significant risk factors in each of the three risk categories: Market Risk, Technology Risk, and Counterparty Risk. ### 6.1.1 Market Risk **LIQUIDITY: Does the LSD have a liquid market that can facilitate liquidations in all foreseeable market events?** rETH ranks thirds in the LSD category by marketcap with ~1.61b in TVL. Its liquidity is primarily on-chain across several DEXs (Balancer, Curve, PancakeSwap, and Uniswap). Of the liquidity venues, there is not a dominant DEX by trade volume, although Uniswap makes up a high portion of trade volume compared to its low TVL. The Curve rETH/ETH pool ($9.04m) and Balancer rETH/ETH pool ($80.87m) represent the main sources of liquidity backing rETH's stability. When comparing its liquidity to marketcap, ~4.4% of the total token supply is on exchange. stETH ranks somewhat lower at ~3%. According to the DeFiLlama Token Liquidity tool, a rETH>ETH trade of $38.22m would produce a 1% slippage compared to a $300m swap required from stETH>ETH. While stETH is substantially more liquid overall, rETH performs on par in terms of liquidity depth given its substantially lower TVL (rETH has 10.75% the amount of ETH staked compared to stETH). **VOLATILITY: Has the LSD had any significant depeg event (post merge)?** Post-merge, rETH has not experienced a negative depeg against ETH. In fact, post-merge from November '22 until March '23, rETH depegged to the upside, at some point trading at a over 2% premium to fair value.  Source: [Dune Analytics](https://dune.com/rp_community/lst-comparison) Since withdrawals were activated in mid-April, rETH has kept a strong peg to ETH and has no significant depeg to the downside. However, the withdrawal mechanism requires that users deposit fresh ETH into the system or node operators exit their minipools (or rewards are distributed) to make ETH available for withdrawals. It is conceivable that in some circumstances, there may not be enough ETH available to facilitate arbitrage during a severe market event. ### 6.1.2 Technology Risk **SMART CONTRACTS: Does the analysis of the audits and development activity suggest any cause for concern?** The Rocketpool protocol has gone through several audits: - [Consensys Audit](https://consensys.net/diligence/audits/2021/04/rocketpool/#rocketpool-cli---lax-data-validation-and-output-sanitation) released April 2021 - [Sigma Prime Audit](https://rocketpool.net/files/sigma-prime-audit.pdf) released May 2021 - [Trail Of Bits Audit](https://github.com/trailofbits/publications/blob/master/reviews/RocketPool.pdf) released September 9 2021 - [Sigma Prime Audit](https://rocketpool.net/files/sigma-prime-fix-review.pdf) released November 2021 - [Consensys Audit- Atlas (v1.2)](https://consensys.net/diligence/audits/2023/01/rocket-pool-atlas-v1.2/) released January 2023 The commit history is not sparse, it can be seen that regular updates are being made over the year. The [Atlas Update](https://docs.rocketpool.net/guides/atlas/whats-new.html) was deployed in April. The new contracts were audited, but have added additional functionality and there may be unfound bugs or unintended change in the behavior of the system. **DEPENDENCIES: Does the analysis of dependencies (e.g. oracles) suggest any cause for concern?** Due to limitations of the Ethereum network requiring an oracle to communicate state between the consensus and execution layer, Rocket Pool makes use of an oDAO composed of a whitelisted subset of node operators. These oracles push updates about system balances that update the rETH:ETH exchange rate, vote on introducing contract upgrades, facilitate onboarding/offboarding validators, and are necessary to process rewards. The oDAO can add or remove members and currently stands at 18 members with a consensus of 10 required to execute actions. There is a Chainlink price feed available for rETH/ETH that can be considered highly reliable. ### 6.1.3 Counterparty Risk **CENTRALIZATION: Are there any significant centralization vectors that could rug users?** There is a strong trust assumption in the honest and reliable behavior of the oDAO members. The oDAO performs a number of responsibilities that effectively custody user funds. The oDAO can choose to push any price or exchange rate update and can update system contracts, both of which could result in loss of user funds if the oDAO misbehaves. The pDAO EOA guardian is also trusted to set sensible parameters for the system and to custody Treasury funds. There is a proposal in the research phase to transition to an on-chain DAO and deprecate the guardian role, but the timeline of the governance upgrade is unknown. **LEGAL: Does the legal analysis of the protocol suggest any cause for concern?** Rocket Pool Pty Ltd is an Australian Private Company, officially registered on May 10, 2018, and since then, it has been maintaining active status with the Australian Business Register. There is regulatory uncertainty in Australia concerning crypto staking or classified staking as a financial product or an auxiliary service to a financial product. The existence of a team-controlled guardian that can access treasury funds and set system parameters may pose a centralization argument by the competent authorities and put the project in a situation to be obliged to pursue VASP licensing. In the same line of thought the team may be vulnerable to enforcement actions in the future." There are no enforcement actions presently or historically against Rocket Pool Pty Ltd. Rocket Pool Pty Ltd appears to be protected to a significant degree under the Terms of Service. ### 6.1.4 Risk Rating - We rank rETH **good in liquidity** because despite having a fraction of the TVL as stETH, it has comparable liquidity depth in relation to its marketcap. Liquidity is distributed across several DEXs, including AMMs supporting high liquidity density on Balancer and Curve. - We rank rETH **good in volatility** because since the merge, rETH has not depegged to the downside and has exhibited low volatility since the Shappella upgrade. The decentralized design may prevent adequate withdrawal liquidity in some market situations that could result in higher volatility. - We rank rETH **good in smart contract** because there have been multiple smart contract audits, including an audit for the most recent Atlas update. Since the update happened several months ago, the contracts cannot be considered mature, and there may be undiscovered issues. - We rank rETH **good in dependencies** because there is a reliable pricefeed available for rETH. The oDAO is a somewhat decentralized mechanism for updating rates and other processes between the consensus and execution layer, requiring 10 of 18 members to reach consensus. - We rank rETH **ok in decentralization** because in the current bootstrapping phase, a team-controlled EOA acts as the guardian on behalf of the DAO. It can set parameters and handle treasury funds. The oDAO is a multisig that has significant power in the system, including to update contracts. - We rank rETH **good in legal** because Rocket Pool has a legal entity (Rocket Pool Pty Ltd) that provides front end and technology service to support the system. They appear to cover their liabilities thoroughly in the Terms of Use and do not have any current or historical enforcement actions against them. However, due to the centralized guardian role, they may be exposed to legal liability in the future. <!--  --> <iframe src='https://flo.uri.sh/visualisation/14951150/embed' title='Interactive or visual content' class='flourish-embed-iframe' frameborder='0' scrolling='no' style='width:100%;height:600px;' sandbox='allow-same-origin allow-forms allow-scripts allow-downloads allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation'></iframe><div style='width:100%!;margin-top:4px!important;text-align:right!important;'><a class='flourish-credit' href='https://public.flourish.studio/visualisation/14951150/?utm_source=embed&utm_campaign=visualisation/14951150' target='_top' style='text-decoration:none!important'><img alt='Made with Flourish' src='https://public.flourish.studio/resources/made_with_flourish.svg' style='width:105px!important;height:16px!important;border:none!important;margin:0!important;'> </a></div> Our overall assessment is that rETH performs quite well all-around with the exception of some centralization concerns. Compared to its DeFi competitors (stETH and frxETH), rETH provides good balance. It scores somewhat lower than Frax on the market risk side, but scores higher on legal and dependencies. We've scored is higher than stETH in volatility as it has not experienced problematic volatility events as has stETH. However, it doesn't score as high as stETH on decentralization or liquidity. Our opinion is that the strongest case to limit protocol exposure of rETH is the potentially problematic centralization vector posed by the team-controlled guardian and to a lesser extent, the 18-member oracle DAO. This exposes users to additional counterparty risk and possible legal issues in the future (although Rocket Pool's legal history does appear to be very clean). Otherwise, rETH represents a well-rounded LSD product from a risk perspective. It would make a suitable addition to the collateral basket with minority exposure after wstETH. Rocket Pool's transition to on-chain governance should be monitored, at which point it may be appropriate to consider a more dominant rETH presence within the basket.