The Risks and Best Practices of Re-staking in EigenLayer

Author: Cobo Security Team, Cobo Global

With the rise of Restaking, many Restaking projects based on Eigenlayer have emerged in the market. Restaking aims to share the trust of the Ethereum Beacon staking layer, allowing users to share their staking shares with other projects, thereby enabling users to earn more rewards while allowing other projects to enjoy the same level of consensus trust and security as the ETH Beacon layer.

To help everyone better understand the interaction risks between different Restaking projects, the Cobo Security Team conducted research on mainstream Restaking protocols and mainstream LST assets in the market, and organized the related risks, allowing users to better manage the corresponding risks while enjoying the rewards.

Note: The conclusions listed by the Cobo Security Team are based on data before 00:00 UTC on February 5, 2024.

Overview of Risk Points

Currently, the Restaking protocols in the market are basically built on EigenLayer. For users, participating in Restaking means exposing themselves to the following risks:

Contract Risks

1. Currently, participating in Restaking requires interaction with the project's contract, and users need to bear the risk of the contract being attacked;

2. Funds based on EigenLayer will ultimately be stored in the contracts of the EigenLayer protocol. If the EigenLayer contract is attacked, the funds of related projects will also be at risk;

3. There are two types of Restaking in EigenLayer: native ETH Restaking and LST Restaking. For LST Restaking, funds are directly stored in the EigenLayer contract. However, for Native ETH Restaking, funds are stored in the ETH Beacon chain; this means that users participating in LST Restaking may suffer losses due to the risks associated with the EigenLayer contract;

4. Project parties may have high-risk permissions, which in certain cases can allow them to misappropriate user funds through sensitive permissions.

LST Risks

LST tokens may become unpegged, or LST contract upgrades/attacks may lead to deviations and losses in LST value.

Exit Risks

Currently, apart from EigenLayer, mainstream Restaking protocols in the market do not support withdrawals. If the project party does not upgrade the corresponding withdrawal logic through the contract, users will never be able to retrieve their assets and will need to obtain liquidity to exit from the secondary market.

Based on the above-listed risk points, the Cobo Security Team systematically researched some mainstream Restaking protocols currently available in the market and organized the findings. The main points include:

1. Low project completion; most projects have not implemented withdrawal logic;

2. Centralization risks: user assets are ultimately controlled by a multi-signature wallet. The project party has a certain ability for Rug Pull;

3. Based on the second point, in cases of internal malfeasance or loss of multi-signature private keys, asset losses may occur.

To make the results more intuitive, the Cobo Security Team organized and categorized the research results for easier viewing, as follows:

Since EigenLayer is the cornerstone of all projects, in addition to the points mentioned in the table, there are several other points that users need to pay attention to:

1. The EigenLayer contracts currently deployed on the mainnet have not fully implemented all the functions in its white paper (AVS, slash). Among them, the slash function has only implemented the relevant interfaces and does not yet have a complete logic. According to the contract code, the current slash is triggered by the owner of the StrategyManager contract (project party admin permissions), which is relatively centralized;

2. During the process of EigenLayer native ETH Restaking, in addition to creating an EigenPod contract for Restaking fund management, users also need to run a Beacon chain node service and bear the risk of being slashed by the Beacon chain. Users are advised to choose a reliable node service provider when conducting native ETH Restaking. Additionally, since ETH is stored in the Beacon chain, during the withdrawal process, not only does the user need to initiate it, but the node service provider must also assist the user in withdrawing the relevant funds from the Beacon chain, meaning the withdrawal process requires mutual consent;

3. Due to the incomplete implementation of the AVS and Slash mechanisms in EigenLayer, the Cobo Security Team advises users not to enable the delegate function in the EigenLayer protocol without fully understanding the associated risks, as this may lead to potential financial losses.

In addition to the risks of the protocol itself, LST risks should not be overlooked during the Restaking process. The Cobo Security Team also researched mainstream LST tokens in the market and organized the results for easier viewing, as follows:

How to Effectively Reduce the Risks of Participating in Restaking?

Restaking is an emerging concept that has not undergone the corresponding time test at either the contract or protocol level. In addition to the risks organized above, there may be other unknown risks. So, is there a relatively safe best interaction guide to effectively reduce the risks during the interaction process?

Based on the current research conclusions, the Cobo Security Team has organized a relatively safe interaction path for everyone.

Fund Allocation

For users participating in Restaking with large amounts of funds, directly participating in EigenLayer's Native ETH Restaking is a good choice. The reason is that for Native ETH Restaking, the deposited ETH assets are not stored in the EigenLayer contract but in the Beacon chain contract. Even in the worst-case scenario of a contract attack, the attacker cannot immediately access the user's assets.

For users who also want to participate with large funds but do not wish to endure a long redemption time, they can choose relatively stable stETH as the participating asset to directly engage with EigenLayer.

For users looking to earn additional rewards, they can choose a portion of their funds to participate in projects based on EigenLayer, such as Puffer, KelpDAO, Eigenpie, and Renzo, according to their risk tolerance. However, it is important to note that since the aforementioned projects have not implemented corresponding withdrawal logic, users participating in such protocols need to consider the associated exit risks and the liquidity of the relevant LRT in the secondary market during the investment process.

Monitoring Configuration

The projects listed in this article all have the ability to upgrade contracts and pause operations, and the project party's multi-signature can also execute high-risk operations for the project. For advanced users, it is advisable to configure relevant contract monitoring to keep track of contract upgrades and the execution of sensitive operations by the project party.

Additionally, teams and users looking to invest ETH in projects can collaborate with Cobo Argus to set up automated bots for Safe multi-signature wallets based on changes in the pool's TVL, fluctuations in ETH prices, and the actions of whales, to establish automatic deposit functions to EigenLayer and various re-staking protocols.