Risk Analysis and Best Practices of Restaking Projects

With the rise of the Restaking concept, many projects based on Eigenlayer have emerged in the market. Restaking aims to share users' staking shares with other projects by leveraging the trust of the Ethereum Beacon staking layer, allowing users to earn more rewards while enabling other projects to enjoy the same level of consensus trust and security as the ETH Beacon layer.

In order to help users better understand the interaction risks between different Restaking projects, we conducted an in-depth study of the mainstream Restaking protocols and LST assets in the market, and systematically sorted out the related risks, so that users can better control the corresponding risks while enjoying the returns.

Major Risk Points

Most of the Restaking protocols currently on the market are built on EigenLayer, and users participating in Restaking will face the following risks:

Contract Risk

1. Users need to interact with the project's contract and bear the risk of the contract being attacked.
2. The project funds based on EigenLayer are ultimately stored in the EigenLayer protocol contract. If this contract is attacked, the relevant project funds will also suffer losses.
3. There are two types of Restaking in EigenLayer: native ETH Restaking and LST Restaking. The funds for LST Restaking are stored directly in the EigenLayer contract, while the funds for Native ETH Restaking are stored in the ETH Beacon chain. This means that users engaging in LST Restaking may incur losses due to the risks associated with the EigenLayer contract.
4. The project party may have high-risk permissions, and in certain cases, may misappropriate user funds through sensitive permissions.

LST Risk

There is a possibility of the LST token becoming unpegged, which may result in deviations and losses in the value of LST due to LST contract upgrades or attacks.

Exit Risk

Except for EigenLayer, most of the mainstream Restaking protocols currently on the market do not support withdrawals. If the project team does not upgrade the contract with the corresponding withdrawal logic, users may not be able to directly retrieve their assets and can only obtain liquidity through the secondary market to exit.

Mainstream Restaking Protocol Risk Analysis

We conducted a systematic research on some mainstream Restaking protocols currently on the market and found the following main issues:

1. The project completion rate is relatively low, and most projects have not implemented withdrawal logic.
2. Centralization risk: User assets are ultimately controlled by a multi-signature wallet, and the project party has a certain ability for Rug Pull.
3. Based on the above situation, internal malfeasance or loss of multi-signature private keys may result in asset loss.

EigenLayer Special Considerations

As the cornerstone of all projects, EigenLayer has the following points that users need to pay special attention to:

1. The contracts currently deployed on the mainnet have not fully implemented all the functions in their white paper (such as AVS and slash). The slash function has only implemented the relevant interfaces and does not have a specific complete logic yet. Currently, slash is triggered by the owner of the StrategyManager contract (project admin rights), making the execution method relatively centralized.

2. When performing EigenLayer native ETH Restaking, in addition to creating an EigenPod contract for fund management, you also need to run a Beacon chain node service yourself and bear the risk of being slashed by the Beacon chain. It is recommended to choose a reliable node service provider. The withdrawal process requires the user to initiate and be assisted by the node service provider to withdraw funds from the Beacon chain.

3. Since EigenLayer has not fully implemented the AVS and Slash mechanisms, it is recommended that users do not enable the deleGate feature before fully understanding the associated risks, in order to avoid potential financial losses.

Specific Project Risk Points

Through code review, we found that some projects have code risks that may affect the security of user funds:

EigenPie

Currently, all contracts are upgradeable contracts, with upgrade permissions set to 3/6 Gnosis Safe. However, the upgrade permissions for the MLRT token contracts of cbETH, ethX, and ankrETH are assigned to EOA addresses.

KelpDAO

During the recharge process, it is necessary to calculate the value of the share when calculating the share allocation obtained by the user. The rsETHPrice in the calculation formula needs to be manually updated to the corresponding oracle. For tokens other than stETH, the share price from the respective token contract is used as the price source. stETH is directly converted at a 1:1 ratio. When stETH is trading at a discount in the secondary market, there may be arbitrage opportunities during the recharge process.

Renzo

OperatorDelegator is responsible for routing protocol funds to EigenLayer with corresponding different deposit ratios. However, during the configuration process of OperatorDelegator, the protocol did not check whether the ratios of all OperatorDelegators exceeded 100%, which may lead to a situation where OperatorDelegator-1 (70%) and OperatorDelegator-2 (70%) coexist. This mainly affects user fund withdrawals, but due to incomplete withdrawal logic, it is difficult to assess the specific impact on the principal.

LST Token Risk Analysis

In addition to the risks of the protocol itself, the risks of LST should not be overlooked during the Restaking process. We conducted research on the mainstream LST tokens in the market and found that there are certain differences in terms of security, liquidity, and degree of centralization.

Suggestions for Reducing Restaking Risks

Based on the current research conclusions, we provide users with the following relatively safe interaction suggestions:

Fund Allocation

1. For users participating in Restaking with large amounts of funds, directly participating in EigenLayer's Native ETH restaking is a better choice. In this method, the deposited ETH assets are stored in the Beacon chain contract, and even in the worst-case scenario of a contract attack, the attacker cannot immediately access the user's assets.

2. For users who wish to participate with large amounts of funds but do not want to endure a long redemption period, they can choose relatively stable stETH as the asset to directly participate in EigenLayer.

3. For users seeking additional returns, they can choose to allocate a portion of their funds to projects built on EigenLayer such as Puffer, KelpDAO, Eigenpie, and Renzo, based on their individual risk tolerance. However, it should be noted that since these projects have not yet implemented withdrawal logic, users should also consider exit risks and the liquidity of related LRT in the secondary market.

Monitoring Configuration

1. Given that most projects have the ability to upgrade contracts and pause operations, and that project parties can execute high-risk operations with multi-signature, it is recommended that advanced users configure appropriate contract monitoring to track contract upgrades and the execution of sensitive operations by project parties.

2. For teams and users looking to invest in ETH to participate in projects, it is advisable to consider using multi-signature wallet conditions to trigger automated bots and single-signature authorization configurations. Based on the changes in the pool's TVL, ETH price fluctuations, and large holder behaviors, set up automatic deposit functions to EigenLayer and various re-staking protocols.

By taking these measures, users can better manage risks while participating in the Restaking project, while also enjoying potential returns. However, it is important to emphasize that Restaking, as an emerging concept, may still carry unknown risks. Users should remain vigilant and continuously monitor market dynamics and project developments while participating.