With Mellow LRT, users can stake their LST tokens (or ether being converted to LST) in a set of vaults, each implementing different rewards seeking strategies. The vaults are largely focused on various restaking protocols and AVSes with an ongoing genesis case for representing LRTs built on top of the wstETH bond collateral in Symbiotic, however, the upcoming Decentralized Validator Vault (DVV) implements a separate strategy not connected with restaking per se.
As part of the integration with the Lido protocol, there is a set of contracts (StakingModule.sol
and DefaultObolStakingStrategy.sol
) designed to work with the Lido Simple DVT Module (operators.lido.fi).
This allows staking ETH from the DVV into Obols and SSV's validator sets via SimpleDVT staking module through StakingRouter and then (when the corresponding strategies are plugged to the vault, sic!) restaking it based on a chosen strategy.
Given that the architecture of Mellow Vaults is designed for universal application and has a complex configuration system, it is crucial to approach the initial setup with great responsibility.
The flow and particular configuration parameters are defined in DVV specification.
While revealing vulnerabilities in the generalized setup has unquestionable importance, the main focus should be on the areas defined by the DVV configuration parameters and their corresponding integrations with Lido.
Two scenarios should be considered explicitly:
DefaultBondModule
, DefaultBondTvlModule
, DefaultBondStrategy
contracts similar to the existing deployments for Steakhouse, Re7, Mev Capital, and P2P)Therefore, the scope should include the Lido protocol contracts with which the Vault interacts, specifically in the context of logical and flow interconnections.
The vault should be isolated by any potential security incident impact from the protocol.
included into Vault and Lido integration setup (nSLOC: 1281):
Total nSLOC: 1281
https://docs.lido.fi/deployed-contracts/
docs&specs: https://mellowprotocol.notion.site/Obol-Vault-a1ab952ae0a6499dbedfc45278aba5c5
repo: https://github.com/mellow-finance/mellow-lrt/tree/features/obol-vault
commit hash: 1c885ad9a2964ca88ad3e59c3a7411fc0059aa34
deploy script: https://github.com/mellow-finance/mellow-lrt/blob/features/obol-vault/scripts/obol/Deploy.s.sol#L35
tests: https://github.com/mellow-finance/mellow-lrt/tree/features/obol-vault/tests/obol
TBD