# Collateral Risk Assessment - Wrapped EtherFi ETH (weETH) ![prisma_20240228_ether-fi-weETH](https://hackmd.io/_uploads/SyeJQU4pa.png) ## Useful Links - Website: [ether.fi](https://www.ether.fi/) - Documentation: etherfi.gitbook.io - Social: twitter.com/ether_fi - Contracts: [eETH](https://etherscan.io/address/0x35fA164735182de50811E8e2E824cFb9B6118ac2) | [weETH](https://etherscan.io/address/0xCd5fE23C85820F7B72D0926FC9b05b43E359b7ee) | [Contracts Registry](https://etherfi.gitbook.io/etherfi/contracts-and-integrations/deployed-contracts) - Markets: Curve ([weETH/WETH](https://curve.fi/#/ethereum/pools/factory-stable-ng-22), [weETH/rswETH](https://curve.fi/#/ethereum/pools/factory-stable-ng-80)), Balancer ([ezETH/weETH/rswETH](https://app.balancer.fi/#/ethereum/pool/0x848a5564158d84b8a8fb68ab5d004fae11619a5400000000000000000000066a) | [rETH/weETH](https://app.balancer.fi/#/ethereum/pool/0x05ff47afada98a98982113758878f9a8b9fdda0a000000000000000000000645) | [WETH/weETH](https://app.balancer.fi/#/ethereum/pool/0xb9debddf1d894c79d2b2d09f819ff9b856fca55200000000000000000000062a)) | Maverick ([ETH/weETH](https://app.mav.xyz/pool/0x2a8b91503980b2965fef0e1680d2d113f04368a0?chain=1)) - Dashboards: [Dune Dashboard](https://dune.com/ether_fi/etherfi) # Introduction **This report is conducted by the Prisma independent risk and research team operated by [Llama Risk](https://cryptorisks.substack.com/) as part of a series on LSD collateral risk assessments. In this report, we examine EtherFi's weETH.** This report will comprehensively cover all relevant risk factors of EtherFi's weETH for collateral onboarding. Our approach involves both quantitative and qualitative analysis to help determine whether the collateral can be safely onboarded and to what extent there should be restrictions on the Protocol's exposure to the collateral. As Prisma will be onboarding a variety of LSDs as collateral, our review involves comparative analysis to determine suitability as collateral. Risks are categorized into: * **Market Risk** - risks related to market liquidity and volatility * **Technology Risk** - risks related to smart contracts, dependencies, and Oracle price feeds * **Counterparty Risk** - risks related to governance, centralization vectors, and legal/regulatory considerations These risk categories will be summarized in the final section of this report and are meant to assist tokenholders in their determination around weETH onboarding and setting suitable parameters. # Section 1: Protocol Fundamentals This section addresses the fundamentals of the proposed collateral. It is essential to convey (1) the value proposition of eETH, and (2) the overall architecture of the Protocol. This section contains descriptive elements that cannot be quantified and act as an explanatory introduction to the collateral. This section is divided into two sub-sections: * 1.1: Description of the Protocol * 1.2: System Architecture ## 1.1 Description of the Protocol EtherFi is a liquid staking provider that has introduced various pathways for utilizing its liquid staking solutions. The company commenced operations in May 2023 with [Ether.fan](https://ether.fan/). This liquid staking solution allows stakers to stake any amount of ETH and mint an NFT featuring artistic traits, reminiscent of trading cards. The node operator set is permissioned and comprises several professional node operators in diverse geographical regions. In June 2023, EtherFi unveiled a delegated staking solution tailored for stakers possessing multiples of 32 ETH. This solution is characterized by two distinct NFTs representing each validator. A distinctive aspect of this delegated staking solution is the staker's ability to retain ownership of their validator keys. This solution also introduced a new category of node operator that does not require KYC, facilitated by a 2 ETH bond and the use of Distributed Validator Technology (DVT). November 2023 saw the launch of EtherFi's eETH liquid staking token, enabling stakers with any amount of ETH to generate yield on their ETH holdings. ETH deposited into the liquidity pool is automatically and transparently allocated to node operators on behalf of eETH token holders. Beyond serving as a Liquid Staking Derivative (LSD), eETH is restaked in EigenLayer, transforming it into a Liquid Restaking Token (LRT). Once deployed, eETH holders can anticipate enhanced rewards by validating Actively Validated Services (AVS). EtherFi has employed the concept of points as a core component of its marketing strategy to promote airdrop farming behaviors. eETH holders benefit from receiving 100% of the EigenLayer points, as well as EtherFi loyalty points. This strategy has contributed to a substantial increase in their Total Value Locked (TVL) following the introduction of eETH. **Key metrics (as of February 15, 2024)**: - Circulating supply: [416,955](https://etherscan.io/token/0x35fa164735182de50811e8e2e824cfb9b6118ac2) eETH - Holders (unique addresses): [65,213](https://etherscan.io/token/0x35fa164735182de50811e8e2e824cfb9b6118ac2) - Liquid stakers: [64,989](https://dune.com/ether_fi/etherfi) unique eETH holders - Market share of ETH staked: ~[1.4%](https://dune.com/hildobby/eth2-staking) - Number of validators: [13,370](https://evm.storage/eth/19241027/0x8b71140ad2e5d1e7018d2a7f8a288bd3cd38916f/numberOfValidators#map) - Number of node operators (NO): 9 professional permissioned NO ### 1.1.1 Underlying Collateral eETH is a yield-bearing asset within the EtherFi ecosystem, characterized by a soft peg to ETH and underpinned by collateral in the form of staked ETH. EtherFi introduces an innovative staking model utilizing T-NFT and B-NFT tokens for participants desiring to maintain control over their validator keys. Conforming to the ERC-721 standard, these tokens are collateralized by 30 and 2 staked ETH, respectively. T-NFT tokens are transferable assets, whereas B-NFT tokens are soul-bound. The T-NFT token represents a claim on 30 staked ETH and its associated yield. Conversely, the B-NFT token functions as a bond, representing a claim on 2 staked ETH and serving as a deductible in scenarios where the corresponding Validator is penalized or fails to fulfill its obligations. Responsibilities of the B-NFT holders include safeguarding the mnemonic phrase from which Validator and withdrawal keys are derived and utilizing the validator key to facilitate the exit of the associated Validator upon protocol request. In recognition of the additional responsibilities and risks assumed, B-NFT holders receive a reward enhancement of 50% compared to T-NFT and eETH holders. ETH, T-NFT, and eETH transactions can be executed seamlessly within the EtherFi liquidity pool. However, because of the soul-bound nature of B-NFTs, one must exit its associated valdiator in order to retrieve the 2 ETH. During correlated slashing events, validators may incur losses exceeding 2 ETH, potentially impacting B-NFT and T-NFT holders through collateral forfeiture. Acknowledging that T-NFT and B-NFT tokens maintain a unique association with a specific Validator, encapsulating claims on their principal amount, yield generation, and any resultant losses is crucial. Such losses are borne exclusively by the token holders of that particular Validator. This contrasts with eETH holders, where risks and returns from multiple T-NFTs are distributed across all participants within the eETH pool. For enhanced utility within DeFi protocols—spanning borrowing, lending, and trading applications—eETH can be converted into weETH [through wrapping](https://app.ether.fi/eeth/wrap). weETH is a non-rebasing variant of eETH, offering stability in token quantity while enabling an exchange into an incrementally increasing amount of eETH over time, reflecting the token's yield generation capabilities. ### 1.1.2 Yield Accrual Mechanism eETH employs a rebasing model to accrue value, wherein the balance of eETH held by an individual incrementally increases by a specific calculation, as detailed in the EtherFi documentation. This model ensures that the value of eETH reflects the accruing staking rewards over time. ![image](https://hackmd.io/_uploads/BkbPgi5hp.png) Source: [EtherFi documentation](https://etherfi.gitbook.io/etherfi/ether.fi-whitepaper/technical-documentation#eeth) The distribution mechanism for staking rewards is automated through a treasury contract, which is programmed to execute distributions every quarter to all relevant stakeholders, including node operators, T-NFT and B-NFT holders, and the treasury itself. Additionally, node operators can trigger these distributions at any time by covering the associated gas fees. Following the [Shanghai upgrade](https://ethereum.org/history#shanghai), consensus rewards are regularly transferred to Validators' withdrawal addresses approximately every seven days. This process happens in addition to the distribution of execution and MEV rewards, which were already directly sent to the withdrawal address of the Validator. The implication of this mechanism is twofold: it ensures a steady stream of cash flow for node operators and enhances ETH liquidity within the EtherFi liquidity pool. Consequently, this liquidity supports the seamless redemption of eETH, T-NFTs, and B-NFTs for ETH without necessitating an exit from Validators. ### 1.1.3 Provider Fee EtherFi generates revenue through these three primary sources: 1. **Validator Auction Fee**: This revenue stream originates from fees collected for Validator slots within the EtherFi network during the auction process. 2. **Liquidity Pool Trading Revenue**: Income is generated from the trading activities within EtherFi's liquidity pools, leveraging transaction fees. 3. **Infrastructure Service Revenue**: This pertains to fees accrued from various infrastructure services provided by EtherFi to its users and partners, including the 5% staking fee and the yield of the B-NFTs it holds. ![image](https://hackmd.io/_uploads/Skxdlj5n6.png) Source: [Token Terminal](https://tokenterminal.com/terminal/projects/etherfi) Regarding the distribution of validators' rewards within EtherFi, the current structure is as follows: - **90% of rewards are allocated to stakers**, recognizing their capital contribution to the network. - **5% of rewards are designated for EtherFi itself**, categorized under infrastructure revenue, which supports the ongoing development and maintenance of the platform. - **5% of rewards are distributed to Node operators**, compensating them for their role in maintaining network integrity and performance. The specifics of this reward split can be verified through the storage of the [`EtherFiNodesManager`](https://etherscan.io/address/0x8b71140ad2e5d1e7018d2a7f8a288bd3cd38916f) contract: ![image](https://hackmd.io/_uploads/B1ZYlocn6.png) Source: [evm.storage](https://evm.storage/eth/19233814/0x8b71140ad2e5d1e7018d2a7f8a288bd3cd38916f/stakingRewardsSplit#table) - February, 15th, 2024 ### 1.1.4 Node Operator Set The node operator ecosystem within EtherFi is currently segmented into two distinct categories: 1. **Permissioned Professional Node Operators** (subject to KYC requirements). 2. **Permissioned 2 ETH Bonded Node Operators** (exempt from KYC requirements). #### Permissioned node operators This group comprises [several entities](https://etherfi.gitbook.io/etherfi/partnerships/node-operators) known for their professional staking services, including but not limited to: [Finoa](https://www.finoa.io/staking/), [DSRV](https://www.dsrvlabs.com/) (Lido, Swell), [Allnodes](https://www.allnodes.com/) (Lido, RocketPool, StakeHound, Stader), [Chainnodes](https://www.chainnodes.org/), [a41](https://www.a41.io/stake) (Lido, Stader), [Pier Two](https://piertwo.com/) (Stader). These professional stakers often support various liquid staking protocols, both permissioned and permissionless. Notably, Allnodes has the most extensive network engagement, accounting for 2.68% of the total stake, and previously experienced slashing incidents on four occasions. DSRV has a significant network presence, holding 1.06% of the total stake. The participation rates for these entities generally exceed 99%, with Pier Two as an exception at 91.8% due to early operational challenges. However, it has since recovered and had a 97.5% rating over the last 30 days. The performance metrics for these operators are accessible for review on [rated.network](https://www.rated.network). ![image](https://hackmd.io/_uploads/rkE5xo5ha.png) Source: rated.network - February 17, 2024 EtherFi leverages the Distributed Validator Technology (DVT) in a [strategic partnership with the Obol Network](https://www.youtube.com/watch?v=d6OwRoG1j6k). This approach fragments Validator keys into multiple distributed shares, enhancing the system's resilience and security. Specifically, a Validator's private key is divided into N shares, where only K shares are needed to generate a valid signature, such that K<N. This configuration allows some node operators to be offline without hindering the cluster's functionality. Moreover, since K>1, no single key share can reconstruct the complete Validator key, thereby bolstering security. Despite necessitating additional coordination and slightly increasing latency due to network IO demands, DVT is deemed practical for operational use. #### ETH Bond Node Operators The second category comprises node operators who are still permissioned but are not required to undergo KYC or fulfill contractual obligations. Instead, they must post a 2 ETH bond complemented by 30 ETH from the liquidity pool. According to EtherFi's reports, 150 Validators are currently operated under this model, representing a collective stake of 4,800 ETH — a modest portion of the platform's total TVL. ### 1.1.5 Validator Selection The selection of node operators within EtherFi is predicated on their ability to operate nodes reliably and securely. Considerations for selection include: - An operator's track record. - Past effectiveness in validation tasks. - The diversity of clients they support. A formal contract outlining the terms of use, responsibilities, and commitments is a prerequisite for engagement, necessitating KYC procedures and publicly recognizing node operators' identities. Conversely, 2 ETH bonded node operators are required to demonstrate technical proficiency and effective node operation capabilities without the necessity for contract signing or undergoing KYC procedures. Candidates interested in becoming node operators for either track must complete a specific [form](https://www.ether.fi/solo-staker#solo-staker-form) and be subsequently whitelisted into EtherFi's smart contracts to participate. ![image](https://hackmd.io/_uploads/H1Vogjchp.png) Source: Snapshot of internal graphana dashboard provided by Ether.fi - February 19th, 2024 ### 1.1.6 Validator Collateralization Professional node operators are distinguished by their lack of collateral provision. Instead, their engagement with EtherFi is formalized through agreements between their legal entities and EtherFi. The absence of collateral underscores the reliance on these operators' professional reputations and integrity to fulfill their obligations. Should professional node operators fail to meet their contractual obligations or underperform, they may be subject to legal recourse initiated by EtherFi. The potential for compensation or damages claims is determined by the specific terms outlined in their contracts, which may include clauses related to liability limitations, arbitration agreements, and jurisdictional considerations. Instead, node operators opting out of KYC and contractual agreements must provide a 2 ETH bond. This bond protects against penalties arising from inactivity or slashing events. However, the allocation of losses does not prioritize the 2 ETH bond exclusively. Still, it involves a more [complex calculation](https://docs.google.com/spreadsheets/d/1LXOjdRxItjdeZXHQ0C07M7OfddML0x9ER75mB-F1GwQ), often resulting in an approximate 50/50 split between T-NFT and B-NFT holders relative to their stakes. This distribution mechanism suggests that the B-NFT's role as a bond is somewhat nuanced. In isolated slashing events with no exit queue backlog, penalties can amount to roughly [1.08 ETH](https://ethereum.org/developers/docs/consensus-mechanisms/pos/rewards-and-penalties). However, under conditions of correlated slashing or extended exit queues, the total stake of a validator (32 ETH) could be entirely forfeited, impacting eETH and T-NFT holders adversely. EtherFi has explored insurance options with [Nexus Mutual](https://nexusmutual.io/), a company specializing in crypto protocol insurance, although such insurance had yet to be procured during our last communication with them. Nexus Mutual has a history of covering claims for platforms like Rari Capital and Tribe, totaling claims worth [$18,249,286](https://nexusmutual.io/). Notably, litigation and insurance represent centralized mechanisms within the decentralized context in which EtherFi operates. ### 1.1.7 Governance Model EtherFi operates without a Decentralized Autonomous Organization (DAO) or a governance token, placing it under the centralized control of the EtherFi team. The platform is legally incorporated in the Cayman Islands, adhering to the conventional processes and legal frameworks applicable to regular businesses. On January 9, 2024, the team disclosed its intention to establish a DAO in February of the following year, indicating a future shift towards decentralized governance. The management of EtherFi's smart contracts is entrusted to a multisig with a 2/6 configuration managed by the EtherFi team, and identified by the address [`0xF155a2632Ef263a6A382028B3B33feb29175b8A5`](https://etherscan.io/address/0xf155a2632ef263a6a382028b3b33feb29175b8a5). ## 1.2 System Architecture Diagram ### 1.2.1 Network Architecture Overview The process by which a staker with multiples of 32 ETH selects a node operator and mints T-NFT and B-NFT tokens is intricately designed within the EtherFi ecosystem. The diagram below visually represents this mechanism, sourced from the EtherFi technical documentation. ![image](https://hackmd.io/_uploads/Hyo2lscn6.png) Source: [EtherFi technical documentation](https://etherfi.gitbook.io/etherfi/ether.fi-whitepaper/technical-documentation#delegated-staking-via-auction) On top of this architecture is eETH, which serves as an abstraction layer facilitating interactions within a liquidity pool that holds T-NFTs and a nominal amount of ETH. The ecosystem introduces a third participant type, Operators, alongside node operators and stakers. Operators contribute to the system by minting B-NFTs through a 2 ETH provision to the liquidity pool. The mechanism operates as follows: stakers input any ETH amount into the pool in exchange for eETH; concurrently, an operator inputs 2 ETH into the pool and joins the auction contract queue. When at least 30 ETH from stakers aligns with 2 ETH from an operator, the auction contract selects the winning bid, allocating 32 ETH to the chosen node operator. Upon validation by the node operator, both T-NFT and B-NFT tokens are minted—the T-NFT remains within the pool, while the B-NFT is allocated to the operator. *Note: it has been communicated by EtherFi that this auction mechanism is currently bypassed. Indeed, Ether.fi might have had a hard time bootstrapping its auction mechanism in a way that could sustain the exponential demand for eETH. Instead of matching 30 ETH from the liquidity pool with 2 ETH from an aspiring B-NFT holder (i.e. an Operator), EtherFi mentioned in our communications two operations in production:* - *EtherFi uses its own fund to provide multiples of 2 ETH to the liquidity pool. The B-NFTs are held outside of the pool by EtherFi, while the T-NFTs remain inside of the pool.* - *32 ETH are taken from the pool directly to mint both a B-NFT and a T-NFT. In that case, both the B-NFT and the T-NFT are held by the pool.* *The [liquidity pool smart contract](https://etherscan.io/address/0x308861A430be4cce5502d0A12724771Fc6DaF216) currently holds 14310 T-NFTs and 5086 B-NFTs. This means that approximately 2/3 of the B-NFTs are held outside of the pool by EtherFi, and 1/3 are held inside of the pool. In both cases, because a negligible amount of B-NFTs were minted by external operators (~150), it means that almost all validator keys behind eETH are managed by EtherFi itself, and that only 1/3 of that eETH is collateralized by 2 ETH from outside of the pool.* ### 1.2.2 Architecture Diagram Below is a diagram illustrating the core contracts underpinning the Protocol: ![image](https://hackmd.io/_uploads/SyeCgjq2T.png) Source: [Nevermind protocol audit](https://246895607-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FG3Lk76lfvw9ecPIg0mK8%2Fuploads%2FFgdNivH2FNNe7JwkZXtd%2FNM0093-FINAL-ETHER-FI.pdf?alt=media&token=5aa1a2dc-33c7-430d-a2cb-59f56d2cfd2b) - July 5th, 2023 This diagram reveals three circular dependencies among the smart contracts — a configuration noted by auditors as potentially complicating both comprehension and prediction of cluster behavior. For further details on deployed contracts within EtherFi's ecosystem, refer to their documentation on deployed contracts: https://etherfi.gitbook.io/etherfi/contracts-and-integrations/deployed-contracts. ### 1.2.3 Key Components #### Auction Smart Contract (currently bypassed) The Auction Smart Contract plays a pivotal role in the EtherFi ecosystem by facilitating the matching of stakers with node operators through an auction mechanism. Node operators submit bids (e.g., 0.02 ETH) to compete to run the next Validator. Upon a staker depositing 32 ETH, the contract identifies the winning bid. Subsequently, the staker encrypts and submits their Validator keys via an on-chain transaction. Following a confirmation transaction from the node operator, {B-T}-NFTs are minted and dispatched to the staker's address, while 32 ETH is forwarded to the official Ethereum deposit contract. This process also triggers the deployment of a new Withdrawal Safe Smart Contract. #### Withdrawal Safe Smart Contract This contract aggregates the principal and rewards associated with a specific validator, facilitating their distribution among participants. Under standard operating conditions, staking rewards are accumulated within this contract and can be disbursed at any juncture upon covering gas fees. In scenarios where a validator exits (whether voluntarily or otherwise), its balance is initially transferred to its EigenLayer withdrawal smart contract for penalty assessment (if applicable). The funds are then relayed to the Withdrawal Safe Smart Contract, enabling any participant (B-NFT holder, T-NFT holder, Treasury, or node operator) to initiate the distribution of the entire balance. #### Liquidity Pool Smart Contract The Liquidity Pool Smart Contract is entrusted with minting eETH in return for ETH or T-NFT token contributions. It consistently holds a reserve of T-NFTs that underpin the principal value behind eETH alongside a pool of ETH to ensure seamless redemptions without necessitating Validator exits. Aspiring B-NFT holders must provide 2 ETH and undergo a [whitelisting process](https://github.com/etherfi-protocol/shallow-smart-contracts/blob/3f2cb780c0f9710910ad6636cf1a32292b760d1b/src/LiquidityPool.sol#L349) administered by EtherFi — achieved through successful submission via [the designated form](https://www.ether.fi/solo-staker#solo-staker-form). Given that immediate redemption of eETH for ETH may not always be feasible, the Liquidity Pool issues withdrawal NFTs that holders can later exchange for actual ETH following Validator exits. # Section 2: Performance Analysis This section evaluates eETH from a quantitative perspective. It analyzes token usage and competitive metrics and addresses any subsidized economic activity. This section is divided into three sub-sections: * 2.1: Usage Metrics * 2.2: Competitive Analysis Metrics * 2.3: Subsidization of Economic Activity ## 2.1 Usage Metrics ### 2.1.1 Total Value Locked (TVL) EtherFi has sustained the highest growth rate amongst LST providers. Following the introduction of eETH in November 2023, the TVL within the platform witnessed a significant surge, growing rapidly from 16,745 ETH to 438,355 ETH by February 15, 2024, according to data sourced from [Dune Analytics](https://dune.com/ether_fi/etherfi). <!-- <iframe width="750" height="750" src="https://tokenterminal.com/terminal/projects/etherfi/embed/key-metrics" title="Token Terminal"></iframe> Source: [TokenTerminal - EtherFi](https://tokenterminal.com/terminal/projects/etherfi) --> <iframe width="640px" height="360px" src="https://defillama.com/chart/protocol/ether.fi?denomination=ETH&theme=dark" title="DefiLlama" frameborder="0"></iframe> Source: [DeFiLlama](https://defillama.com/protocol/ether.fi?denomination=ETH) EtherFi's growth and success are closely linked to the achievements of EigenLayer, particularly since the cap for liquid staking deposits on EigenLayer has been reached. This limitation leaves native restaking as the only option, which poses a significant entry barrier due to the requirement of 32 ETH. EtherFi's smart contracts serve as an intermediary layer over EigenLayer's native restaking feature, enabling fractional deposits of ETH for eETH. This arrangement not only makes restaking more accessible but also allows users to earn EigenLayer loyalty points. ### 2.1.2 Transaction Volume The daily transaction volume and transfer count for weETH at the contract level are depicted in the following graph: ![image](https://hackmd.io/_uploads/HkFx-s9h6.png) Source: [Etherscan](https://etherscan.io/token/0xCd5fE23C85820F7B72D0926FC9b05b43E359b7ee#tokenAnalytics) - February 10th, 2024 Similarly, the daily transaction volume and number for eETH are illustrated below: ![image](https://hackmd.io/_uploads/By_bZi5h6.png) Source: [Etherscan](https://etherscan.io/token/0x35fa164735182de50811e8e2e824cfb9b6118ac2#tokenAnalytics) - February 10th, 2024 ### 2.1.3 DEX Volume The DEX volume for weETH is captured in the following chart: ![image](https://hackmd.io/_uploads/BkvGWiqnT.png) Source: [Dune Analytics](https://dune.com/queries/3340257/5596923) - February 26, 2024 ### 2.1.4 Average Transaction Size <!-- The average daily transaction size at the contract level for weETH over 30 days is shown here: ![weETH - Average daily transaction size - last 30 days](https://hackmd.io/_uploads/HkPowpUjT.png) Source: [Etherscan](https://etherscan.io/token/0x35fa164735182de50811e8e2e824cfb9b6118ac2#tokenAnalytics) - February 10th, 2024 --> A comparative analysis of average daily transaction sizes for weETH and eETH is provided in this graph: ![image](https://hackmd.io/_uploads/BycXWjq3T.png) Source: [Etherscan](https://etherscan.io/token/0x35fa164735182de50811e8e2e824cfb9b6118ac2#tokenAnalytics) - February 10th, 2024 ### 2.1.5 Active Addresses/Users The number of daily/weekly/monthly unique active addresses is shown here: ![image](https://hackmd.io/_uploads/BJqV-oqhp.png) Source: [tokenterminal.com](https://tokenterminal.com/terminal/projects/etherfi) - February 15th, 2024 #### User Growth Over the last 90 days, EtherFi has witnessed an exponential increase in user numbers. The growth momentum has tapered off in the previous few weeks. EigenLayer's introduction of a point-based system to reward early users has significantly contributed to this surge in interest. Despite reaching its liquid staking cap, EigenLayer's innovative approach incentivizes participation by offering potential future rewards and benefits. Through EtherFi, users gain an alternative route to engage with EigenLayer's restaking feature beyond the liquid staking cap, markedly boosting EtherFi's TVL. ## 2.2 Competitive Analysis Metrics ### 2.2.1 Market Share EtherFi is the current TVL lead for Liquid Restaking Tokens, with an approximate market share of 36% at the time of writing. ![image](https://hackmd.io/_uploads/SJ6SWochp.png) Source: [DefiLlama](https://defillama.com/protocols/Liquid%20Restaking) - February 15th, 2024 ![image](https://hackmd.io/_uploads/HJh8ZjqhT.png) Source: [Dune Analytics](https://dune.com/hashed_official/lrt) - February 15th, 2024 ### 2.2.2 Trading Volume Share in Total LRT Trading Volume weETH makes up a significant portion of overall LRT trading volume. | LRT | Provider | CoinGecko Volume | | --- | --- | --- | | weETH | EtherFi | $2,020,422 | | eETH | EtherFi | $15,549 | | rwsETH | Swell protocol | $227,104 | | rsETH | Kelp DAO (Stader) | $635,219 | | ezETH | Renzo protocol | $559,409 | <!-- #### Depositing other LSTs eETH can be minted via depositing other LSTs. ==@todo: explain what happens when this is done== ![image](https://hackmd.io/_uploads/rka2wsAsa.png) ==@todo: here they deposit it into their contract, sell it, and spin a new validator.== --> ### 2.2.3 Protocol Staking Yield EtherFi advertises a staking yield of 3.19% for eETH holders on its [landing page](https://www.ether.fi/). They have also provided a dashboard breaking down consensus/execution layer rewards by NO. ![image](https://hackmd.io/_uploads/Byy_Ws9hp.png) Source: Snapshot of internal graphana dashboard provided by Ether.fi - February 19th, 2024 ![image](https://hackmd.io/_uploads/HJTdWicnp.png) Source: Snapshot of internal graphana dashboard provided by Ether.fi - February 19th, 2024 The daily staking APY for last 30-day, calculated from rebases that update the weETH `getRate` getter function (04:30 UTC), is shown below: ![image](https://hackmd.io/_uploads/rkjtboqha.png) Source: Ethereum/Infura [getRate()](https://etherscan.io/address/0xcd5fe23c85820f7b72d0926fc9b05b43e359b7ee#readProxyContract#F8) ### 2.2.4 Slashing Rate As of the current date, Validators that underpin the value of eETH have not experienced any slashing incidents. However, it is noteworthy that Allnodes, a prominent permissioned node operator for EtherFi, has previously encountered slashing events with four Validators. These incidents did not involve Validators operating on behalf of liquid staking protocols. Considering Allnodes' significant stake in the network, amounting to 2.68% of the total stake, the occurrence of four slashed Validators is minimal. ## 2.3 Subsidization of Economic Activity ### 2.3.1 Existence of an Incentive Program EtherFi actively engages in incentivizing participation within its ecosystem through various means: 1. **EigenLayer Loyalty Points**: EtherFi commits to [passing on 100%](https://www.youtube.com/watch?v=K5YlTZEfxrs) of the EigenLayer loyalty points accrued by stakers. This gesture ensures that participants directly benefit from their contributions to the network's security and growth. 2. **Loyalty Point System**: Beyond EigenLayer points, EtherFi has developed its loyalty point system. Despite neither type of loyalty point currently holding economic value, they represent a potential future benefit for participants. 3. **Support for New Node Operators**: Recognizing the financial barriers to entry for new node operators, particularly concerning hardware investments, EtherFi offers [long-term payment plans](https://etherfi.gitbook.io/etherfi/solo-stakers/operation-solo-staker/solo-staker-onboarding#what-if-i-am-unable-to-purchase-the-machine-outright) that are financed through staking rewards. This approach lowers the initial financial burden on new operators, facilitating broader participation. 4. **Vampire Attack**: Selected LSTs that are already restaked into EigenLayer can be converted into eETH. By doing so, users can avoid the 7 days withdrawal queue of EigenLayer, keep their EigenLayer points, and also receive 3000 EtherFi loyalty points per restaked ETH. ![image](https://hackmd.io/_uploads/HJ4oZj9h6.png) Source: Ether.fi - Etherfi allows minting eETH with other LST #### Marketing Initiatives and Loyalty Point Distribution EtherFi's marketing strategy includes events to distribute accumulated loyalty points from EigenLayer and EtherFi's systems. A notable event, [MegaWeek](https://etherfi.gitbook.io/etherfi/getting-started/loyalty-points/mega-week), which took place from January 31 to February 10, 2024, involved distributing over 3 million EigenLayer points. Eligibility for this distribution required participants to be among the first to deposit 20,000 ETH during the event's timeframe. Additionally, during MegaWeek, EtherFi loyalty points were doubled, further incentivizing participation and investment in the platform. EtherFi partnered with Pendle Finance - a Defi yield market, to support weETH. The main rationale was to address unpredictable eETH yield that consists of 4 potential APY streams: ![image](https://hackmd.io/_uploads/SkQ2Wjq2p.png) Source: [Ether.fi](https://www.ether.fi/) - From the four APY sources above, currently the only active and "non-speculative" stream is staking APY. - By splitting weETH between the principal and yield token, EtherFi stakers can realize airdrops profit early and speculators can buy exposure (rights) on that future events. That creates a new market, trading activity and additional profits. At the time of writing 71.88% of weETH supply on Ethereum is on Pendle Finance and 16.17% is on Arbitrum bridge (which will be deployed on Pendle with additional ARB incentives). # Section 3: Market Risk This section addresses the ease of liquidation based on historical market conditions. It seeks to clarify (1) the Liquid Staking Basis & Volatility of weETH, and (2) the liquidity profile of the collateral. Market risk refers to the potential for financial losses resulting from adverse changes in market conditions. This section is divided into 2 sub-sections: - 3.1: Volatility Analysis - 3.2: Liquidity Analysis ## 3.1 Volatility Analysis ### 3.1.1 Liquid Staking Basis (LSB) The LSB represents the difference between the normalized weETH price and its underlying asset, ETH. It measures the deviation by taking the daily weETH close price divided by its intenal oracle rate to find the ETH fair value of weETH, and dividing the normalized weETH price by the ETH close price. ![image](https://hackmd.io/_uploads/r1BaWi92p.png) Source: [CoinMarketCap](https://coinmarketcap.com/currencies/wrapped-eeth/historical-data/) from January 20th, 2024 to February 20th, 2024 <!-- ![weETH Liquid Staking Basis](https://hackmd.io/_uploads/Bk-KAPL9T.png) --> The absolute LSB represents the absolute value of the LSB, indicating the magnitude of the price difference between weETH and ETH without considering the direction (premium or discount). ![image](https://hackmd.io/_uploads/SJQAbs5n6.png) Source: [CoinMarketCap](https://coinmarketcap.com/currencies/wrapped-eeth/historical-data/) from January 20th, 2024 to February 20th, 2024 ### 3.1.2 LSD Volatility <!-- ![weETH_ETH getRate Value vs Market Value Ratio - 30d comparison](https://hackmd.io/_uploads/SJsxcBQnT.png) Source: [weETH.sol (getRate)](https://etherscan.io/token/0xcd5fe23c85820f7b72d0926fc9b05b43e359b7ee#code) and [CoinMarketCap](https://coinmarketcap.com/) - February 20th, 2024 --> Pegged assets are likely to experience higher volatility than the underlying. weETH has experienced minimally augmented volatility compared with ETH when comparing the daily returns over the past month. | Standard Deviation - ETH | 2.33% | | --- | --- | | **Standard Deviation - weETH** | 2.35% | | | | | **Monthly Volatility ETH** | 12.74% | | **MonthlyVolatility weETH** | 12.88% | | | | | **Annualized Volatility ETH** | 44.45% | | **Annualized Volatility weETH** | 44.94% | ![image](https://hackmd.io/_uploads/r181fjcna.png) Source: [CoinMarketCap](https://coinmarketcap.com/) from January 20th, 2024 to February 20th, 2024 ![image](https://hackmd.io/_uploads/H1wxzocnT.png) Source: [CoinMarketCap](https://coinmarketcap.com/) from January 20th, 2024 to February 20th, 2024 ### 3.1.3 Yield Volatility The yield volatility is calculated by calculating changes in getRate(), the internal oracle rate in the weETH contract. This is effectively the yield distribution mechanism. Fluctuations in the rate changes indicate volatility in yield accrual, charted below as daily APY and volatility in daily returns. ![image](https://hackmd.io/_uploads/SkDMzsqhT.png) Source: [weETH getRate()](https://etherscan.io/address/0xcd5fe23c85820f7b72d0926fc9b05b43e359b7ee#readProxyContract#F8) - Januray 20, 2024 to February 20, 2024 ![image](https://hackmd.io/_uploads/By8Qfs9n6.png) Source: [weETH getRate()](https://etherscan.io/address/0xcd5fe23c85820f7b72d0926fc9b05b43e359b7ee#readProxyContract#F8) - Januray 20, 2024 to February 20, 2024 ## 3.2 Liquidity Analysis ### 3.2.1 Supported DEXs and CEXs weETH is included in a number of DEX pools with the highest concentration on Balancer, and it is not listed on an CEX. The presence of weETH across various decentralized exchanges (DEXs) highlights its integration and liquidity within the DeFi ecosystem (data taken on February 16, 2024): | Liquidity Pool | Liquidity pool TVL | | --- | --- | | [BALANCER ezETH/weETH/rswETH](https://etherscan.io/address/0x848a5564158d84b8a8fb68ab5d004fae11619a54) | $51,130,459 | | [BALANCER rETH/weETH](https://etherscan.io/address/0x05ff47afada98a98982113758878f9a8b9fdda0a) | $9,405,585 | | [BALANCER WETH/weETH](https://etherscan.io/address/0xb9debddf1d894c79d2b2d09f819ff9b856fca552) | $130,398 | | [Curve weETH/WETH](https://etherscan.io/address/0x13947303f63b363876868d070f14dc865c36463b) | $2,551,184 | | [Curve weETH/rswETH](https://etherscan.io/address/0x278cfb6f06b1efc09d34fc7127d6060c61d629db) | $22,106,778 | | [Curve weETH/swETH](https://etherscan.io/address/0x5005e71f10d006b087f5deb48f24480824d3a80b) | $11,634 | | [Maverick WETH/WETH](https://etherscan.io/address/0x2a8b91503980b2965fef0e1680d2d113f04368a0) | $643,109 | | Total | 85,967,513 | Notably, a significant amount of liquidity is in pools paired with other LSD/LRT assets, as opposed to ETH, creating a greater dependence on other LSD/LRT assets to exit weETH exposure on secondary markets. ### 3.2.2 Total On-chain Liquidity Since early February, Liquidity has grown rapidly on Balancer, has seen a modest influx on Maverick, and has experienced stagnation on Curve. ![image](https://hackmd.io/_uploads/SkFEMscnp.png) Source: [Dune Analytics](https://dune.com/queries/3254758/5447536) - February 26, 2024 ### 3.2.3 LSD Leverage Ratio weETH is listed as collateral on the following lending and stablecoin markets: * [Morpho Blue](https://app.morpho.org/): with an isolated weETH/WETH market (LLTV: 86%), with a corresponding [MetaMorpho aggregator](https://app.morpho.org/vault?vault=0x78Fc2c2eD1A4cDb5402365934aE5648aDAd094d0) managed by Re7. * [Silo Finance](https://app.silo.finance/silo/0xCD7ae3373F7e76A817238261b8303FA17D2AF585): weETH/wstETH market * [Gravita](https://app.gravitaprotocol.com/vessels): weETH/GRAI market * [PrismaLRT](https://app.prismafinance.com/vaults): weETH/ULTRA market * [Gearbox](https://gearbox.fi/): weETH leverage farming market ![image](https://hackmd.io/_uploads/SJFBGi52p.png) Source: [Twitter](https://x.com/PrismaFi/status/1759986651311550942?s=20) ![image](https://hackmd.io/_uploads/ryHUGj926.png) Source: [Twitter](https://x.com/GearboxProtocol/status/1759986136028532997?s=20) From all lending protocol above we can see some degree of "risk awareness" when it comes to listing weETH as a collateral asset. Morpho Blue and Silo Finance are both isolated money markets connected with liquidity bridge mechanisms. Gravita as a pure CDP protocol with the native stablecoin, GRAI, charges a fixed borrowing fee of 2% for all collateral assets. For users who repay debt before the expiry of 6 months, the fee is refunded pro rata for the borrowing period. The weETH market fee is 5%, 2.5x higher than all other assets. Morpho weETH/WETH market and Utilization Rate (below): ![image](https://hackmd.io/_uploads/r1hPzj53a.png) Source: [BlockAnalitica](https://morpho.blockanalitica.com/markets/698fe98247a40c5771537b5786b2f3f9d78eb487b4ce4d75533cd0e94d88a115) ![image](https://hackmd.io/_uploads/B1Fuzs52T.png) Source: [BlockAnalitica](https://morpho.blockanalitica.com/markets/698fe98247a40c5771537b5786b2f3f9d78eb487b4ce4d75533cd0e94d88a115) ![image](https://hackmd.io/_uploads/Hk5Fzi9np.png) Source: [BlockAnalitica](https://morpho.blockanalitica.com/markets/698fe98247a40c5771537b5786b2f3f9d78eb487b4ce4d75533cd0e94d88a115) Silo Finance weETH/ETH/XAI market (XAI = 0): ![image](https://hackmd.io/_uploads/S1Y5fjchp.png) Source: [Silo Finance](https://app.silo.finance/silo/0xCD7ae3373F7e76A817238261b8303FA17D2AF585) Gravita weETH market: ![image](https://hackmd.io/_uploads/B1Kizsqnp.png) Source: [Dune Analytics](https://dune.com/gravita/overview) - February 17th, 2024 ### 3.2.4 Slippage A snapshot of the slippage taken on February 20th when swapping from weETH to ETH produces a 0.5% slippage at around a $10m swap size. ![image](https://hackmd.io/_uploads/B1whMicha.png) Source: [Defi Llama - Liquidity Tool](https://defillama.com/liquidity) - February 20, 2024 # Section 4: Technological Risk This section addresses the persistence of collateral properties from a technological perspective. It aims to convey (1) where technological risk arises that can change the fundamental properties of the collateral (e.g., unresolved audit issues) and (2) do any composability/dependency requirements present potential issues (e.g., is a reliable price feed oracle available?). This section is divided into three sub-sections: * 4.1: Smart Contract Risk * 4.2: Product and Layer Composability * 4.3: Oracle Pricefeed Availability ## 4.1 Smart Contract Risk ### 4.1.1 Protocol Audits The early adopter pool has received a total of 2 audits: - [Zellic](https://github.com/Zellic/publications/blob/master/EtherFi_-_Zellic_Audit_Report.pdf) (2023-02-27): 6 findings including 1 with a medium impact and five informational. No details were provided. - [CertikAudit](https://skynet.certik.com/projects/etherfi) (2024-02-24): 4 findings, including 1 with a significant impact (acknowledged), one medium (resolved), and two minors. The considerable impact finding was due to a single account owning most smart contract functions, resulting in centralization concerns. CertikAudit recommended using a multi-sig, a timelock, and a DAO to alleviate the issue fully. The EtherFi protocol at large has received a total of 4 audits: - [Omniscia](https://246895607-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FG3Lk76lfvw9ecPIg0mK8%2Fuploads%2FnmeIJh2pdXrFJLRTqMoz%2FOmniscia_Audit_EtherFi.pdf?alt=media&token=8df704c0-cc57-4a51-9a1d-1e4afc118d5c) (2023-05-16): 87 findings including 11 major and two medium. Deployment to production was not recommended at the time. - [Nethermind](https://246895607-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FG3Lk76lfvw9ecPIg0mK8%2Fuploads%2FFgdNivH2FNNe7JwkZXtd%2FNM0093-FINAL-ETHER-FI.pdf?alt=media&token=5aa1a2dc-33c7-430d-a2cb-59f56d2cfd2b) (2023-07-05): 43 findings are presented, including one critical, six high, and 11 medium. The audit concludes by recommending the EtherFi team to conduct "further comprehensive reviews and extensive testing before contemplating any deployment decisions." - [Solidified](https://246895607-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FG3Lk76lfvw9ecPIg0mK8%2Fuploads%2FZgymtAAi8L1kkuuzrT9E%2FAudit_Report_-_ether.fi_26.10.2023.pdf?alt=media&token=1d8564be-61de-42ca-96c5-b21e58ef5155) (2023-10-26): Code complexity is deemed high with many external calls, code readability, and maintainability as well as documentation were deemed medium, and test coverage was deemed medium-high—twenty-five findings, including three critical and two majors. - [HatsFinance](https://github.com/hats-finance/ether-fi-0x36c3b77853dec9c4a237a692623293223d4b9bc4/blob/master/report.md) (2023-12-05): The result of a public audit competition that lasted two weeks, with a maximum reward of $72,000. $6,100 was distributed among 9 participants. It resulted in 14 findings, including 1 with medium severity due to a reentrancy issue. It is crucial to recognize that the count and severity of audit findings are not directly comparable across different audits due to varying threat scales and thresholds used by auditing firms. EtherFi has addressed or rectified all significant issues raised in these audits. However, it is noteworthy that some resolutions were applied at the frontend level rather than within the smart contracts and occasionally deviated from auditors' recommendations. ### 4.1.2 Concerning Audit Signs The audits of EtherFi have underscored critical concerns, notably the non-implementation of suggested measures such as a timelock and a DAO to mitigate centralization risks. The Protocol's high code complexity, coupled with medium assessments for code readability, maintainability, and documentation, alongside the discovery of significant findings—including three critical and two major—signal potential vulnerabilities. Furthermore, the extensive number of findings in some instances (87 and 43) suggests premature external review without sufficient internal peer review. Post-audit developments also raise questions about the alignment between the deployed contracts and the updated code in the GitHub repository. Addressing these issues is imperative for enhancing EtherFi's security posture and maintaining stakeholder confidence. ### 4.1.3 Bug Bounty EtherFi has not established a bug bounty program on Immunefi or similar platforms. However, their documentation outlines an intention to [initiate bug bounties in the future](https://etherfi.gitbook.io/etherfi/security/bug-bounty). ### 4.1.4 Immutability The majority of EtherFi's smart contracts possess pausability and upgradeability features, managed by a [2/6 multi-signature wallet](https://etherscan.io/address/0xF155a2632Ef263a6A382028B3B33feb29175b8A5). Upgradeability is facilitated through the UUPS pattern, noted for its gas efficiency relative to the more commonly utilized transparent proxy pattern. Unlike the transparent proxy pattern, where upgrade logic is housed in the proxy contract, the UUPS pattern integrates this logic within the implementation contracts. ![image](https://hackmd.io/_uploads/ryg0zi5n6.png) A comprehensive list of deployed contracts is accessible here: [Deployed Contracts](https://etherfi.gitbook.io/etherfi/contracts-and-integrations/deployed-contracts). ### 4.1.5 Developer Activity In October 2023, EtherFi made its smart contracts publicly available, providing deployment instructions within its public repository. Since this repository is merely a superficial clone of the private repository, detailed developer activity remains undisclosed. The claim of open-sourcing its smart contracts is subject to scrutiny as external contributions are not facilitated. The transparency regarding the deployed code's alignment with the provided repository remains ambiguous, inviting users to verify code deployment independently through bytecode comparison on the blockchain. EtherFi's [roadmap](https://www.ether.fi/roadmap) indicates plans to fully open-source its codebase by February 2024. ### 4.1.6 Smart Contract Maturity EtherFi's inaugural smart contract deployment occurred in July 2023. The project has not publicly adopted rigorous versioning protocols for its smart contracts, complicating the differentiation between various products and their iterations over time. While internal adherence to versioning practices is possible, the limited availability of comprehensive repository access hinders clarity regarding historical versus current codebases and documentation updates. The Protocol has undergone several audits with either rectified or acknowledged findings, demonstrating a progressive reduction in critical and significant issues over time. ### 4.1.7 Previous Incidents To date, there have been no publicly reported incidents associated with EtherFi. In our communications with them, EtherFi mentioned that a pauser role will be created, which will allow all core contracts to be paused in a single transaction. ## 4.2 Product and Layer Composability ### 4.2.1 Dependencies #### EigenLayer Integration eETH distinguishes itself as both a Liquid Staking Token (LST) and a Liquid Restaking Token (LRT) through integration with [EigenLayer](https://www.eigenlayer.xyz/). This platform extends Ethereum's decentralized security infrastructure to additional applications such as Data Availability (DA) layers, oracle networks, and sidechains, offering validators enhanced yield in exchange for assuming greater responsibilities and risks. The collaboration between EtherFi and EigenLayer's contracts enables this restaking functionality. However, two primary risks are associated with EigenLayer: the potential for crypto-economic security breaches if the cost of corruption is lower than the profit from corruption and the possibility of wrongful slashing due to inaccurately defined slashing conditions. EigenLayer addresses these concerns by developing automated monitoring systems and establishing a security council to oversee slashing decisions. #### ECIES Encryption Scheme The [ECIES encryption scheme](https://en.wikipedia.org/wiki/Integrated_Encryption_Scheme) facilitates secure key sharing between operators and node operators, utilizing Elliptic Curve Cryptography (ECC) for key generation and encryption. The encrypted validator key is published on IPFS, with its CID verifiable on-chain, ensuring secure key retrieval and decryption by node operators. The "elliptic" javascript library is used for encryption in the [EtherFi's desktop application](https://github.com/GadzeFinance/etherfi-desktop). This package's potential [vulnerabilities in earlier versions](https://security.snyk.io/package/npm/elliptic) have been fixed. Nevertheless, the public accessibility of encrypted keys introduces a risk of mass Validator slashing if an attacker successfully decrypts them. ![image](https://hackmd.io/_uploads/H1oyXs92p.png) Source: [EtherFi documentation](https://etherfi.gitbook.io/etherfi/ether.fi-whitepaper/technical-documentation#secure-transfer-to-node-operators) #### Offchain Messaging System The EtherFi protocol incorporates an off-chain messaging system to manage the redemption of eETH or T-NFTs for ETH within its liquidity pool. When the pool lacks sufficient ETH, the Protocol mandates the exit of one or more Validators, prioritizing the oldest B-NFT for exit. This system necessitates that B-NFT holders listen to smart contract events and initiate a voluntary exit using their validation key. While node operators are also incentivized to facilitate the timely exit of Validators, ensuring no Validator remains indefinitely inactive, this process relies heavily on the responsiveness of B-NFT holders and node operators to on-chain events. To support this requirement, EtherFi employs a centralized messaging system. #### TVL Consensus Oracle In their documentation, EtherFi claimed to use the [Rated Oracle Powered by UMA](https://ratedlabs.notion.site/OP-Rated-Oracle-powered-by-UMA-d617818840384c4d95acb55f9436c7be) (ROPU), an optimistic oracle developed by [Rated.Oracle](https://www.rated.network/home), to facilitate data transmission from the beacon chain to the execution layer. However, after communicating with them, it seems that this partnership did not come to fruition. Instead, EtherFi implemented its own oracle to supply TVL consensus information to its smart contracts. This data feed is crucial for the daily rebasing of the eETH token. The TVL consensus Oracle is currently located at [`0x57AaF0004C716388B21795431CD7D5f9D3Bb6a41`](https://etherscan.io/address/0x57AaF0004C716388B21795431CD7D5f9D3Bb6a41). A committee of authorized addresses can publish reports, each uniquely identified by a hash. If the number of reports with the same hashes exceeds a specific threshold, then the report is accepted. Once a report is accepted, the admin of the smart contract can execute operational tasks according to its content. On-chain analysis indicates that reports are published every few hours or so, at irregular intervals, and that a single committee member is set at EOA address [0x12582A27E5e19492b4FcD194a60F8f5e1aa31B0F](https://etherscan.io/address/0x12582A27E5e19492b4FcD194a60F8f5e1aa31B0F) with a quorum threshold set to one. This custom oracle is therefore fully centralized, with two notable risks: - If the single committee member is corrupted, it could craft malicious reports which could have a dramatic impact on all stakers and node operators. - If the single oracle client goes offline for any reason (power or internet outage, hardware failure), then rewards would stop accruing to the protocol's participants. There are checks on the [acceptableRebaseAprInBps](https://etherscan.io/address/0x0EF8fa4760Db8f5Cd4d993f3e3416f30f942D705#readProxyContract#F1) in the EtherFiAdmin contract to mitigate bad data from the oracle. This value is set to 500 (5% APR or 0.137% per day), placing a rate limit on the oracle rebase updates. The introduction of [EIP-4788](https://eips.ethereum.org/EIPS/eip-4788) promises a significant evolution in how liquid staking providers, including EtherFi, interact with Ethereum's consensus layer. By embedding the root hash of each beacon chain block directly into the corresponding execution block's header, EIP-4788 will enable direct access to the consensus layer's state from the Ethereum Virtual Machine (EVM). This advancement is poised to eliminate the need for consensus state oracles, thereby mitigating third-party risks and reducing operational costs for protocols like EtherFi. EIP-4788 is anticipated to be part of the [Dencun hard fork](https://consensys.io/blog/ethereum-evolved-dencun-upgrade-part-3-eip-4788), with deployment on the Ethereum mainnet expected in Q2 2024. Notably, once a Validator has exited, no oracle signal will be required to withdraw principal and rewards. ### 4.2.2 Withdrawals Processing ETH withdrawals since inception are shown below: ![image](https://hackmd.io/_uploads/rkJ-micn6.png) Source: [Dune Analytics](https://dune.com/queries/3259479/5456160) - February 26, 2024 Withdrawal requests from the [liquidity pool](https://etherscan.io/address/0x308861a430be4cce5502d0a12724771fc6daf216) are designed to be processed promptly if sufficient ETH is available. Conversely, in scenarios of insufficient ETH, the associated B-NFT holder is prompted to initiate their Validator's exit. This initiation triggers a timer, after which penalties gradually apply to encourage the Validator's exit. Concurrently, node operators are notified and rewarded for independently exiting a Validator. This penalty/reward mechanism ensures liquidity within the pool by incentivizing Validator exits. Subsequently, requestors are issued a "Withdraw Request NFT," representing an entitlement to a specified amount of ETH. This claim becomes redeemable once an Oracle confirms withdrawal readiness within two days. Since eETH inherently involves restaking, upon a Validator's exit, its ETH is initially directed to its EigenLayer withdrawal smart contract for adjustments based on penalties or accrued yield from validated AVSs. The funds are then transferred to the EtherFi withdrawal safe smart contract for distribution among B-NFT and T-NFT holders. EtherFi posits a security advantage over other liquid staking platforms by allowing 32 ETH stakers and B-NFT operators to retain control over their Validator keys (encompassing both withdrawal and validation keys). However, it's crucial to note that the withdrawal address is predetermined upon Validator creation to facilitate fund distribution between B-NFT and T-NFT holders accurately, considering any penalties or inactivity leaks. Consequently, despite retaining key ownership, operators need absolute assurance regarding ETH recovery in case of security breaches or issues with withdrawing a safe smart contract. The EtherFi withdrawal mechanism aligns with Ethereum's consensus withdrawal process; hence, Validator exits—and, by extension, withdrawals—may span from two days to several months, depending on the exit queue's length. A prolonged exit queue could potentially destabilize eETH/T-NFT's parity with ETH in secondary markets, posing significant risks for platforms leveraging eETH/T-NFT as collateral—a risk inherent across all LSTs. ## 4.3 Oracles Pricefeed Availability ### 4.3.1 Understanding the Oracle weETH has two price feeds available via [RedStone Oracle](https://app.redstone.finance/#/app/token/weETH): - [weETH/ETH](https://etherscan.io/address/0x8751F736E94F6CD167e8C5B97E245680FbD9CC36): 0.5% Deviation Threshold / 24 hour heartbeat - [weETH/USD](https://etherscan.io/address/0xdDb6F90fFb4d3257dd666b69178e5B3c5Bf41136#readProxyContract): 1% Deviation Threshold / 6 hour heartbeat Unlike Chainlink, which uses a "Volume Weighted Average Price" (VWAP) price aggregation methodology, RedStone uses the median of its constituent data sources. This methodology helps remove outlier values, making it resilient to price manipulation, although the quoted price may be less precise than VWAP. The methodology also includes slippage checks and will automatically disconnect data sources when significant liquidity migration is detected. Particular caution around maintaining data integrity is essential, especially for emerging assets like weETH that may experience rapid shifts in liquidity and are potentially vulnerable to price manipulation. ![image](https://hackmd.io/_uploads/S1rz7oqnT.png) Source: [Redstone API documentation](https://api.docs.redstone.finance/) The price feed aggregates from four data source: - [weETH/rETH Balancer Pool](https://app.balancer.fi/#/ethereum/pool/0x05ff47afada98a98982113758878f9a8b9fdda0a000000000000000000000645) - [weETH/WETH Balancer Pool](https://app.balancer.fi/#/ethereum/pool/0xb9debddf1d894c79d2b2d09f819ff9b856fca55200000000000000000000062a) - [weETH/WETH Curve Pool](https://curve.fi/#/ethereum/pools/factory-stable-ng-22/deposit) - [weETH/rswETH Maverick Pool](https://app.mav.xyz/boosted-positions/0x4650c64a8136f7bc2616a524cb44cfb240e33a40?chain=1) (RedStone will be integrating the [Balancer ezETH/weETH/rswETH](https://app.balancer.fi/#/ethereum/pool/0x848a5564158d84b8a8fb68ab5d004fae11619a5400000000000000000000066a) pool soon, as a significant amount of weETH liquidity resides in this pool.) ![image](https://hackmd.io/_uploads/B1tmmi5hp.png) Source: [Redstone](https://app.redstone.finance/#/app/token/weETH) - February 15th, 2024 ### 4.3.2 Token Liquidity and Distribution As of 2/21/24, under 4% of the weETH token supply are on DEXs. The majority of tokens are on Pendle, used in yield futures strategies. Of DEX distribution, the majority of tokens are on Balancer in several DEX pools. A smaller proportion reside on Curve followed by Maverick. ![image](https://hackmd.io/_uploads/SyON7o9nT.png) Source: [Etherscan](https://etherscan.io/token/0xcd5fe23c85820f7b72d0926fc9b05b43e359b7ee#balances) - February 21, 2024 <!-- ![weETH supply distribution](https://hackmd.io/_uploads/SJJKWqnop.png) Source: [Nansen](https://app.nansen.ai/token-god-mode?tokenAddress=0xcd5fe23c85820f7b72d0926fc9b05b43e359b7ee&chain=ethereum&tab=token-distribution) - February 16th 2024 --> As can be seen in the chart below, the vast majority of tokens on the Arbitrum bridge have also been deployed to Pendle L2. ![image](https://hackmd.io/_uploads/SywBms526.png) Source: [Arbiscan]([https:/](https://arbiscan.io/token/0x35751007a407ca6feffe80b3cb397736d2cf4dbe#balances)/) - February 20, 2024 **weETH Arbitrum supply**: 48,747.74 weETH **PendleL2LRTSY**: 47,325.86 (97.0832%) **EOA**: 437.97 (0.8984%) **UniswapV3Pool:** 249.76 (0.5124%) **UniswapV3Pool**: 222.74 (0.4569%) According to ScopeScan, ~76% of tokens are on non-DEX contracts (almost exclusively Pendle) and 16.68% on bridges (also almost entirely deployed to Pendle). ![image](https://hackmd.io/_uploads/HyYwQsc2p.png) Source: [ScopeScan](https://www.scopescan.ai/home) - February 19th, 2024 ### 4.3.3 Associated Vulnerabilities A critical area of concern regarding Wrapped Ethereum (weETH) is the concentration of its token supply within the Pendle protocol. This phenomenon could be attributed to many users speculating on future yield prospects and the potential financial gains from airdrops. A pivotal moment for this scenario will be the performance of the Eigenlayer airdrop. Should it fall short of market expectations, it could pose a substantial challenge for Oracle providers like RedStone to react to quickly changing market dynamics, and may lead to liquidation cascades and possible bad debt on lending platforms that have integrated weETH. While it might be tempting to disregard this potential issue, the ramifications of underestimating its impact could be significant. ![image](https://hackmd.io/_uploads/S1qumi92a.png) Source: https://app.ether.fi/defi - February 17th, 2024 Potential Consequences: 1. **Creation of Bad Debt**: In instances where price feeds are successfully manipulated, one direct outcome can be the generation of bad debt within protocols. Lending mechanisms critically depend on precise price feeds to uphold suitable collateralization ratios. Manipulating these feeds to display incorrect prices can enable attackers to undertake actions that result in bad debt, fundamentally undermining the Protocol's financial stability. 2. **Erroneous Liquidations**: Manipulation of price oracles that significantly devalues the price of a collateral asset in lending protocols may trigger unwarranted liquidations of user positions. Besides inflicting financial distress on affected users, such actions could severely disrupt protocol operations, eroding trust and confidence among its user base. # Section 5: Counterparty Risk This section addresses the persistence of eETH's properties from an ownership rights perspective (i.e., possession, use, transfer, exclusion, profiteering, control, legal claim). The reader should get a clear idea of (1) who can legitimately change properties of the collateral (e.g., minting additional units) and what their reputation is, (2) the extent to which changes can be implemented, and the effect on the collateral. This section is divided into four subsections: * 5.1: Governance * 5.2: Decentralization of the LSD * 5.3: Economic Performance * 5.4: Legal ## 5.1 Governance ### 5.1.1 Governance Scope As of the current phase, EtherFi operates without a Decentralized Autonomous Organization (DAO), with governance centralized within the EtherFi team. According to the EtherFi [roadmap](https://www.ether.fi/roadmap), the transition towards DAO governance is planned for April 2024, although specific details about the DAO's structure remain unspecified. ### 5.1.2 Access Control All smart contracts are governed by a single 2/6 multi-signature wallet located at [0xF155a2632Ef263a6A382028B3B33feb29175b8A5](https://pod.xyz/podarchy/0xF155a2632Ef263a6A382028B3B33feb29175b8A5). Most smart contracts are upgradable and pausable by this wallet. ![image](https://hackmd.io/_uploads/rJTK7jq26.png) Source: [pod.xyz](https://pod.xyz/podarchy/0xF155a2632Ef263a6A382028B3B33feb29175b8A5) This setup requires only two out of six possible signatures to authorize deploying new smart contracts or modify existing ones. Such a low threshold for critical operations deviates from more conservative industry practices, potentially raising security and governance robustness concerns. Additionally, the absence of a timelock mechanism further accentuates these concerns, as it allows for the immediate execution of changes without any mandatory waiting period for community review or intervention. The current signers are: - [0x71b67AC997056c9935f8AA98F3344432Ea2ec15c](https://etherscan.io/address/0x71b67AC997056c9935f8AA98F3344432Ea2ec15c) - [0x46Cba1e9B1e5Db32dA28428f2fb85587BCb785E7](https://etherscan.io/address/0x46Cba1e9B1e5Db32dA28428f2fb85587BCb785E7) - [0xFa238cB37E58556b23ea45643FFe4Da382162a53](https://etherscan.io/address/0xFa238cB37E58556b23ea45643FFe4Da382162a53) - [0x4507cfB4B077d5DBdDd520c701E30173d5b59Fad](https://etherscan.io/address/0x4507cfB4B077d5DBdDd520c701E30173d5b59Fad) - [0x5dfb8BC4830ccF60d469D546aEC36531c97B96b5](https://etherscan.io/address/0x5dfb8BC4830ccF60d469D546aEC36531c97B96b5) - [0x2f2806e8b288428f23707A69faA60f52BC565c17](https://etherscan.io/address/0x2f2806e8b288428f23707A69faA60f52BC565c17) Although the exact identity of the signers is not known, in our communications EtherFi mentioned that 5 signers are part of the EtherFi team, and that the last one is an investor. They also mentioned that a new multisig wallet will soon be deployed with the added security of a timelock. This security improvement is expected imminently, although further details of the timelock were not given. ### 5.1.3 Distribution of Governance Tokens EtherFi still needs to introduce a governance token, but its [roadmap](https://www.ether.fi/roadmap) indicates plans for a Token Generation Event (TGE) in April 2024. Details about the distribution process are yet to be disclosed, though it is anticipated that EtherFi loyalty points might play a significant role in this event. ### 5.1.4 Proposals Frequency Without governance tokens, there is no formal mechanism for community proposals or voting within the EtherFi ecosystem. However, users can engage with the EtherFi team and discuss matters on their [Discord server](https://discord.com/invite/zqGzcuQWvD), facilitating some level of community interaction. ### 5.1.5 Participation A critical consideration for Liquid Restaking Tokens (LRTs) like those offered by EtherFi involves the selection process for EigenLayer's Actively Validated Services (AVSs), each with distinct risk and reward profiles. The EtherFi team has expressed interest in collaborating with third parties specializing in risk assessment and quantitative optimization, such as [Gauntlet](https://www.gauntlet.xyz/). This partnership aims to establish a foundational framework for governance voting, enhancing decision-making processes related to AVS selection and overall risk management within the LRT ecosystem. ## 5.2 Decentralization of the LRT EtherFi's approach to decentralizing involves distributing node operators across various geographical locations, forming clusters of Validators. Despite this geographical dispersion, a significant portion of these professional node operators rely on cloud platforms, which, while enhancing reliability and performance, introduce potential risks related to censorship and centralization. The inclusion of permissionless node operators, as planned for April 2024 according to the [EtherFi roadmap](https://www.ether.fi/roadmap), is anticipated to further decentralize the network by integrating home stakers into the operator set. ![HJeAt_B9p](https://hackmd.io/_uploads/ryY3Xj526.jpg) Source: [EtherFi X account](https://twitter.com/ether_fi/status/1697298405872087292) The Ethereum community has identified several centralization concerns, with node client diversity (execution and consensus clients) and LST protocol centralization being among the most critical. From a consensus perspective, centralization risks are categorized into majority centralization risk (over 1/3 of total stake concentration) and super-majority centralization risk (over 2/3 of total stake concentration). A particular point of concern is ensuring that no single node client secures more than 1/3 of the total stake to prevent chain finalization issues caused by client bugs. Currently, Geth's dominance at approximately 73% poses a super-majority risk. As of February 6, 2024, about 55% of EtherFi's permissioned node operator set was running Geth, surpassing the Distributed Validator Technology (DVT) voting threshold and indicating vulnerability in case of Geth failure. EtherFi has committed to reducing Geth usage below 20% by the end of February 2024. ![image](https://hackmd.io/_uploads/Hk06Xjq2a.png) Source: [clientdiversity.org](https://clientdiversity.org/) The distribution is healthier for consensus clients, with only Prysm nearing a majority situation. ### 5.2.1 Number of Node Operators #### Professional Permissioned Node Operators EtherFi collaborates with 8 permissioned professional node operators, but is looking to expand their number and diversify their geographic location. #### 2 ETH Bonded Node Operators According to our research, 11 node operators are currently whitelisted to run Validators with a 2 ETH bond, for a total of 150 Validators, contributing to a relatively small portion of the total TVL compared to the overall network. ### 5.2.2 Validators per Node Operator As of February 19, 2024, the major permissioned node operators and their respective Validator counts are as follows: - Cosmostation: 2242 Validators - DSRV: 1865 Validators - Allnodes: 1970 Validators - Finoa: 1495 Validators - PierTwo: 1912 Validators - A41: 1030 Validators - Chainnodes: 575 Validators - Nodemonster: 421 Validators Source: EtherFi Graphana dashboard Collectively, these operators secure 368,320 ETH through 11510 Validators. ### 5.2.3 Validator Enter/Exit (Churn) ![image](https://hackmd.io/_uploads/SybJEs5h6.png) Source: [B-NFT contract on Etherscan](https://etherscan.io/advanced-filter?tkn=0x6599861e55abd28b91dd9d86a826ec0cc8d72c2c&txntype=3%2c4&tadd=&tadd=0x0000000000000000000000000000000000000000&p=1) We track exited Validators by looking at the number of B-NFT tokens burned (i.e. sent to the null address). With this approach, we can see that a total of 468 Validators have been exited so far, representing 14,976 ETH withdrawn. ## 5.3 Economic Performance ### 5.3.1 Revenue Below are both all time consensus rewards and all time execution rewards, per node operator. Considering how young eETH is, and by how much it grew during the last month, it is hard to provide more informative time series. ![image](https://hackmd.io/_uploads/H1zxNj52T.png) ![image](https://hackmd.io/_uploads/ryybNsqha.png) Source: EtherFi Graphana dashboard ### 5.3.2 Net Profit Because there is no public information regarding the various costs yet, we cannot compute the net profit from the revenue. ## 5.4 Legal ### 5.4.1 Legal Structure EtherFi is a [VC-funded company](https://www.crunchbase.com/organization/ether-fi) incorporated in the Cayman Islands. It was founded in 2022 by Mike Silagadze, a Canadian citizen located in Toronto, and raised a seed round from 7 different investors. Both founders and investors are doxxed. The Terms of Use, available at https://www.ether.fi/documents/etherfi_terms-of-use.pdf, constitute a legally binding agreement between the User and **Gadze Finance SEZC**, a company established within the Special Economic Zone and incorporated under the jurisdiction of the Cayman Islands. Gadze Finance, detailed on its [official Website](https://gadze.finance/), is a pioneering entity in the DeFi sector. It offers two primary investment products: a USD Fund and an ETH Fund, distinguishing itself as a next-generation quantitative DeFi fund. Per the [Contact](https://gadze.finance/contact/) section, the registered office is located at *Strathvale House, 4th Floor, 90 North Church Street, George Town, Grand Cayman, Cayman Islands, KY1 9012*. Upon conducting an inquiry with the [General Registry](https://www.ciregistry.ky/) of the Cayman Islands, it has been discovered that there are four distinct entities registered under the name "Gadze Finance." One is identified as a Special Economic Zone Company (SEZC) among these. However, it is important to note that additional details regarding this specific entity are not readily available for public access. ![image](https://hackmd.io/_uploads/HJxkGNicha.png) Gadze Finance SEZC is officially registered as a securities dealer with the [Cayman Islands Monetary Authority (CIMA)](https://www.cima.ky/). This registration became effective on July 15, 2021, per the details in the CIMA public registry. ![image](https://hackmd.io/_uploads/rkRGViqnp.png) ### 5.4.2 Licenses As a registered entity under the Securities Investment Business Act, Gadze Finance SEZC falls within the category of companies incorporated under the Cayman Islands laws and engages in securities investment business. Given Gadze Finance's confirmed official status, it is reasonable to infer that the entity is authorized to engage in a variety of regulated activities including: **Dealing in Securities** involves the purchase, sale, subscription, or underwriting of securities as an agent or a principal. This activity may also encompass market-making functions, where Gadze Finance acts as an intermediary to facilitate trading in securities. **Arranging Deals in Securities** enables another party (acting as principal or agent) to buy, sell, subscribe for, or underwrite securities. **Managing Securities**: Gadze Finance may manage securities belonging to another party in situations that require the exercise of discretion. **Advising on Securities** encompasses providing advice to investors or potential investors (or acting as an agent on behalf of an investor) regarding the purchase, sale, underwriting, subscription, or exercising any right conferred by security. The definition of "securities" under the Securities Investment Business Act (SIBA) is detailed in Schedule 1 of the Act. While this definition does not explicitly encompass virtual assets, it is important to recognize that certain virtual assets could be classified as "securities" for SIBA. ![image](https://hackmd.io/_uploads/rkx4Vsq3T.png) The interpretation hinges on the characteristics and the nature of the virtual assets. If a virtual asset exhibits qualities similar to those of traditional securities, such as shares, bonds, or derivatives, it may fall under the regulatory umbrella of SIBA. While Gadze Finance SEZC holds a higher authorization tier, the regulatory environment surrounding staking services and liquid staking tokens remains ambiguous, particularly in Cayman Islands law. Under the Virtual Asset Service Providers (VASP) Act, a "virtual asset" is any digital representation of value that can be digitally traded, transferred, and used for payment or investment purposes. However, this definition excludes "virtual service tokens," digital representations of value that cannot be transferred or exchanged with a third party at any time. Virtual assets falling outside these definitions may still be subject to other legal acts in the Cayman Islands, such as SIBA, the Money Services Act, and AML regulations. Currently, there exists a legislative gap in the treatment of staking services. These services must neatly fit within the scope of any existing Acts, including SIBA, the VASP Act, or other related regulations. Similarly, liquid staking tokens do not qualify as virtual assets under the current legal definitions, nor are staking services categorically considered as virtual asset services. Recent private legal [guides](https://www.applebyglobal.com/publications/blockchain-2023-guide-cayman-islands/) on blockchain regulation in the Cayman Islands reinforce this perspective, noting the absence of specific restrictions on the staking of tokens. ### 5.4.3 Enforcement Actions Based on the currently available information, no specific enforcement actions or lawsuits against EtherFi or Gadze Finance exist. ### 5.4.4 Sanctions The Terms of Use for the platform include specific representations and warranties that users must make upon accessing the platform. These stipulate that users affirm the following: - They have not been identified as a Specially Designated National (SDN) or placed on any sanctions list by key regulatory bodies, including the U.S. Treasury Department's Office of Foreign Assets Control (OFAC), the U.S. Commerce Department, or the U.S. Department of State. - They are neither residents nor citizens, nationals, agents, nor are or do they represent entities that are organized, incorporated, or conducting business in countries or regions that are subject to comprehensive sanctions or embargoes by the United States, the United Kingdom, the European Union, any of its member states, or the United Nations. This list includes, but is not limited to, *Belarus, Burundi, Crimea and Sevastopol, Cuba, the Democratic Republic of Congo, Iran, Iraq, Libya, North Korea, Somalia, Sudan, Syria, Venezuela, and Zimbabwe*. EtherFi reserves the right to terminate or suspend one's access to all or part of the platform for breach of any of their representations or warranties, incl. particular statements regarding their presence on sanctions lists. To achieve practical application of the restrictions set out by governing terms, EtherFi implements geoblocking mechanisms. ![image](https://hackmd.io/_uploads/ByQHEi5n6.png) Source: Ether.fi when trying to access the site with a U.S. IP address - February 17, 2024 In addition to targeting sanctioned regions, EtherFi extends these geoblocking measures to include users from the United States, the United Kingdom, and Canada. The decision to bar customers from these countries stems from specific regulatory challenges unique to each jurisdiction, mostly gravitating around the stringent securities laws and unclear treatment of staking services. ### 5.4.5 Liability Risk The Terms of Use delineate the roles and functions of Ether</span>.Fi's various technological layers. The architecture is structured around three primary components: the Website (entry point for users), the Interface (aggregates and presents publicly available information related to liquid staking technology while enabling users to execute transactions and engage with the platform's functionalities seamlessly), and the Middleware (constitutes a set of smart contracts that serve as the backbone of the platform's operational capabilities). Any information related to Ethereum, including data on blockchain transactions, network statistics, and price information, is presented as-is without guarantees regarding its accuracy, completeness, or utility. The Website explicitly states it is provided "as is" and on an "as available" basis while acknowledging the possibility of technical or factual inaccuracies and clarifying that users engage with the site at their own risk. Within the Representations and Warranties section, EtherFi includes comprehensive risk disclosures, ensuring users are fully informed of the various risks and conditions associated with interacting with the platform. Key risk disclosures highlighted include: - **Inherent Risks** of Cryptographic and Blockchain-based Systems. - **Risk of Fake Tokens**: acknowledgment of the possibility of encountering counterfeit tokens, which can result in financial loss and transaction complications. - **Transaction Costs and Speed**. - **Wallet Security**. - **Smart Contract Vulnerabilities**. - **Decentralized Staking Protocol Risks**: explains the nature of decentralized staking protocols, particularly those that enable Ethereum holders to earn rewards through staking on the Ethereum Beacon Chain. - **Slashing Risks**. According to the Limitation of Liability section, Gadze Finance, as the website operator, will not be liable for any form of damages suffered by users, including both tangible and intangible losses such as emotional distress, loss of revenue, or data, regardless of the cause, including negligence or breach of contract. Both users and Gadze Finance agree to waive any rights to pursue disputes in a class action or any form of collective claim. All controversies must be handled individually, preventing class or representative actions or claims on behalf of others or the public. Disputes or claims related to the platform's terms must be settled by arbitration under the London Court of International Arbitration (LCIA) rules, with proceedings in English and based in the Cayman Islands. Arbitration is to be kept confidential, with the arbitrators entitled to grant the same remedies as a competent court and their decision being final and enforceable in court. Ether.fi's loyalty points are not explicitly addressed within the Terms of Use. While the operational specifics of the program are detailed in the [gitbook documentation](https://etherfi.gitbook.io/etherfi/getting-started/loyalty-points) the latter does not establish a legally binding framework of usage rules, limitations, rights, and obligations concerning the loyalty points. Participants in the program may find themselves without a clear legal recourse or defined rights in scenarios such as disputes over point allocation, redemption issues, or changes to the points system. Legal risks caused by protocol interconnectedness with EigenLayer and its respective points program are observed in a separate risk review that will be published as an addendum to this report. ### 5.4.6 Adverse Media Check Adverse media checks performed with open source tools returned no results for both platforms linked to Gadze Finance, i.e., https://www.ether.fi/ and https://ether.fan/. We found no specific adverse media related to money laundering, corruption, sanctions exposure, threat financing, or other unlawful activities. Gadze Finance, on its own, was notably impacted by the collapse of the FTX exchange. The company had a significant amount of its assets held in FTX when the exchange went under. This led to [substantial financial losses](https://cryptonews.net/news/finance/17008295/) for the fund, which is estimated to be around 10% to 15% of its total assets. Gadze Finance was involved in liquidity provision for exchanges and employed arbitrage strategies to achieve predictable returns while minimizing exposure to volatility. Despite these setbacks, no direct allegations or evidence of involvement in illicit activities exist. # Section 6: Risk Management ### 6.1.1 Market Risk **LIQUIDITY: Does the LSD have a liquid market that can facilitate liquidations in all foreseeable market events?** The current state of on-chain liquidity for weETH is not ideal, posing potential challenges in executing liquidations in stressed market scenarios. The vast majority of weETH is currently held within Pendle, used to speculate on future yields, and only ~4% of the token supply is deposited into DEX pools. Of those, weETH liquidity is currently paired with other LSDs/LRTs in much greater concentrations than ETH. The expectation of an EigenLayer airdrop has been driving a significant amount of speculative growth that may become a catalyst for adverse market conditions, largely dependent on external market factors that may have ripple effects on the weETH liquidity venues. This poses an important risk and uncertainty for users. **VOLATILITY: Has the LSD had any significant depeg event?** weETH has managed to avoid severe depegging incidents and in our observed time period over the past month, it has maintained a strong peg to ETH with low relative volatility. The withdrawal system involves an economic model to penalize operators that do no exit Validators in a timely manner. There may be scenarios in high network-wide withdrawal demand that withdrawal times increase substantially, putting pressure on the pegs of all liquid staking assets. The relatively immature market for weETH, along with currently high speculative demand for the asset, that may increase its susceptibility to volatility events. ### 6.1.2 Technology Risk **SMART CONTRACTS: Does the analysis of the audits and development activity suggest any cause for concern?** Audit reports and development activities have raised serious concerns about code quality and readiness before audits. The use of EigenLayer heightens these risks, spotlighting possible security and slashing vulnerabilities. Additionally, the lack of bug bounties and centralized methods for selecting Actively Validated Services (AVS) exacerbate potential security issues, underscoring the need for continuous monitoring. The deployment of eETH, while promising enhanced rewards through the validation of AVS, depends heavily on the effective integration and utilization of these services within EigenLayer's infrastructure. Furthermore, there's a need for clarity regarding bond allocation—specifically, how it protects against potential slashing or lapses in attestation by node operators, indicating areas for improvement in process transparency and risk mitigation strategies. **DEPENDENCIES: Does the analysis of dependencies (e.g., oracles) suggest any cause for concern?** Integrating eETH with [EigenLayer](https://www.eigenlayer.xyz/) poses potential risks, including crypto-economic vulnerabilities and inaccurately defined slashing conditions, despite offering prospects for increased Validator yields. EigenLayer's [whitepaper](https://docs.eigenlayer.xyz/assets/files/EigenLayer_WhitePaper-88c47923ca0319870c611decd6e562ad.pdf) explicitly acknowledges risks related to the potential for conspiracy among operators to exploit vulnerabilities for profit and the possibility of wrongful restaker slashing due to unclearly defined conditions. Mitigation strategies include implementing automated surveillance systems and establishing a security council to oversee operations. The RedStone Oracle offers a convenient avenue for onboarding weETH as collateral, although it involves certain risks. RedStone is currently operated by a set of 5 team-operated nodes. The data aggregation medianizes several DEXs, some of which are low liquidity, and in general requires vigilance on the part of the operator to react to rapidly changing market dynamics that may be observed in emerging assets. ### 6.1.3 Counterparty Risk **CENTRALIZATION: Are there any significant centralization vectors that could rug users?** The combination of concentrated Validator operation and influence by the team creates centralization vectors for weETH. The bypassing of the Validator auction mechanism and shortage of bonded node operators underscores the centralization risks. Such centralization introduces potential pathways through which unilateral modifications to protocol operations could be executed. The team has expressed plans to protect major protocol upgrades behind a timelock, but for now it is fully reliant on a 2/6 multisig with no timelock. Despite intentions toward decentralization in the roadmap, these steps have not yet materialized. **LEGAL: Does the legal analysis of the Protocol suggest any cause for concern?** In a strategic effort to mitigate the industry-wide challenge posed by the lack of clarity for staking regulations, Ether.fi designed a legal structure fully compliant with the current regulations in Cayman Islands. The centralized control mechanism permits unilateral changes to the Protocol, heightening legal scrutiny. The adoption of a sanctions-savvy approach enhances defense against illicit actors and potential enforcement actions. Yet the unclear legal background of the points program and its effective management may pose an imminent risk to Ether.fi. ### 6.1.4 Risk Rating Based on the risks identified for each category, the following chart summarizes a risk rating for weETH as collateral. The rating for each category is ranked from excellent, good, ok, and poor. - We rank weETH **ok in liquidity** for uncertainties in reliability from high concentrations in DEX pools paired with other LSDs/LRTs, and potentially short term popularity as a result of EigenLayer airdrop speculation. - We rank weETH **good in volatility** for instituting a system for incentivizing prompt withdrawals and for historically maintaining a strong peg. Speculative activities recently may put pressure on the peg if market dynamics shift suddenly. - We rank weETH **ok in smart contracts** because there is no bug bounty program and previous audits have raised serious concerns that merit greater scrutiny of the contracts. - We rank weETH **ok in dependencies** because the integration with EigenLayer introduces an additional layer of risk. The RedStone price feed has certain centralization vectors that may increase the likelihood of service disruption or affect data integrity. - We rank weETH **ok in decentralization** because there is a pathway for decentralizing node operation, governance and on-chain operation, but it currently is highly centralized to the EtherFi team. - We rank weETH **good in legal** for having established a fully compliant legal structure in the Cayman Islands. There is a lack of clarity around user rights within the EigenLayer points program. <iframe src='https://flo.uri.sh/visualisation/14951150/embed' title='Interactive or visual content' class='flourish-embed-iframe' frameborder='0' scrolling='no' style='width:100%;height:600px;' sandbox='allow-same-origin allow-forms allow-scripts allow-downloads allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation'></iframe><div style='width:100%!;margin-top:4px!important;text-align:right!important;'><a class='flourish-credit' href='https://public.flourish.studio/visualisation/14951150/?utm_source=embed&utm_campaign=visualisation/14951150' target='_top' style='text-decoration:none!important'><img alt='Made with Flourish' src='https://public.flourish.studio/resources/made_with_flourish.svg' style='width:105px!important;height:16px!important;border:none!important;margin:0!important;'> </a></div> Despite explosive growth in recent months, users should remain cautious about the sustainability of weETH, which has not yet proven a resilient track record in terms of its liquidity on the secondary market or its ability to gracefully handle a draw down. A significant amount of growth has been a result of speculative fervor around EigenLayer airdrops, with the vast majority of outstanding tokens deposited into the Pendle yield futures market. A shift in market sentiment, either in anticipation of or following an airdrop event, may drastically change behavior from market participants that puts stress on the eETH withdrawal pool and on secondary markets. A second major area of concern is the 2/6 multisig that manages the protocol without a timelock. The resiliency of the protocol largely depends on the proper operation of this team-owned multisig. The team have expressed intent to upgrade the on-chain security with a timelock imminently, so progress on this should be monitored. Our recommendation is to limit protocol risk by not allowing weETH to be used to mint stablecoins, at least until speculation has settled and the LSD can prove its sustainability. A compromise may be to introduce weETH as a collateral asset on permissionless lending protocols, set with conservative parameters including suitable max loan-to-value ratios and debt ceilings that anticipate potential depeg events or sharp declines in liquidity. Prisma has already introduced weETH as collateral in a sister protocol that isolates the risk from mkUSD, and this is a suitable alternative solution. Users choosing to interact with this protocol are advised to appreciate the additional risk inherent to LRTs and the relative risk of weETH compared to collateral assets previously onboarded to Prisma.