Exploring the Risks and Best Practices of Restaking Projects

With the rise of the Restaking concept, many Restaking projects based on Eigenlayer have emerged in the market. Restaking aims to share users' staking shares with other projects by leveraging the trust of the Ethereum Beacon staking layer, allowing users to earn more rewards while enabling other projects to enjoy the same level of consensus trust and security as the ETH Beacon layer.

In order to help everyone better understand the interaction risks between different Restaking projects, the security team conducted an in-depth study of the mainstream Restaking protocols and popular LST assets on the market, and systematically sorted out the related risks so that users can better control the corresponding risks while pursuing returns.

Risk Point Overview

Most of the Restaking protocols currently on the market are built on EigenLayer. For users, participating in Restaking means exposing themselves to the following risks:

Contract Risk

1. Participating in Restaking requires interaction with the project's contract, and users need to bear the risk of the contract being attacked.
2. Funds for projects built on EigenLayer will ultimately be stored in the contracts of the EigenLayer protocol. If the EigenLayer contract is attacked, the related project funds will also suffer losses.
3. There are two types of Restaking in EigenLayer: native ETH Restaking and LST Restaking. The funds for LST Restaking are directly held in the EigenLayer contract, while the funds for Native ETH Restaking are held in the ETH Beacon chain. This means that users participating in LST Restaking may incur losses due to risks associated with the EigenLayer contract.
4. The project party has high-risk permissions and may, in certain circumstances, misappropriate user funds through sensitive permissions.

LST risk

There is a possibility of LST tokens becoming unpegged, or the value of LST may deviate and suffer losses due to LST contract upgrades or attacks.

Exit Risk

Apart from EigenLayer, most mainstream Restaking protocols on the market currently do not support withdrawals. If the project team has not upgraded the withdrawal logic through the contract, users may not be able to directly retrieve their assets and will need to obtain liquidity exits from the secondary market.

Mainstream Restaking Protocol Risk Analysis

Based on the aforementioned risk points, the security team conducted a systematic research on some mainstream Restaking protocols currently available in the market and organized their findings. The main discoveries include:

1. The project completion rate is low, and most projects have not implemented the withdrawal logic.
2. Centralization risk: User assets are ultimately controlled by a multi-signature wallet, and the project team has a certain ability for Rug Pull.
3. Based on the second point, when internal malfeasance occurs or multi-signature private keys are lost, it may result in asset loss.

EigenLayer Special Risk Warning

As EigenLayer is the cornerstone of all projects, in addition to the aforementioned risks, there are the following points that users need to pay special attention to:

1. EigenLayer is currently deployed on the mainnet, and not all functions outlined in its white paper (AVS, slash) have been fully implemented. Among them, the slash function has only implemented the relevant interfaces, and there is no specific complete logic yet. Currently, the slash is triggered through the owner of the StrategyManager contract (project admin permissions), making its execution relatively centralized.

2. When performing EigenLayer native ETH Restaking, in addition to creating an EigenPod contract for Restaking fund management, you also need to run a Beacon chain node service yourself and bear the risk of being slashed by the Beacon chain. It is recommended to choose a reliable node service provider. Moreover, since ETH is stored in the Beacon chain, the withdrawal process requires not only the user to initiate it but also the node service provider to assist in withdrawing the relevant funds from the Beacon chain, meaning the withdrawal process requires mutual consent.

3. Given that EigenLayer has not yet fully implemented the AVS and Slash mechanisms, it is advised that users refrain from enabling the deleGate function in the EigenLayer protocol until they have fully understood the associated risks, in order to avoid potential financial losses.

Mainstream LST Token Risk Analysis

In addition to the risks inherent in the protocol itself, the risks associated with LST during the Restaking process should not be overlooked. The security team has conducted research on mainstream LST tokens in the market, focusing primarily on aspects such as contract upgradability, permission control, and Oracle dependencies.

How to Effectively Reduce the Risks of Participating in Restaking?

Restaking, as an emerging concept, has not yet been fully tested over time at both the contract and protocol levels. Based on the current research conclusions, here is a relatively safe interaction guide aimed at effectively reducing risks during the participation process:

Fund Allocation Strategy

1. For users participating in Restaking with larger funds, directly participating in EigenLayer's Native ETH restaking is a relatively safe choice. This is because the deposited ETH assets for Native ETH restaking are stored in the Beacon chain contract, rather than the EigenLayer contract, meaning that even in the worst-case scenario of a contract attack, the attacker cannot immediately access the user's assets.

2. For users who wish to participate with large funds but are unwilling to endure a long redemption period, they can choose the relatively stable stETH as the participating asset to directly engage with EigenLayer.

3. For users seeking additional returns, they can choose to allocate a portion of their funds to participate in projects built on EigenLayer, such as Puffer, KelpDAO, Eigenpie, and Renzo, according to their personal risk tolerance. However, it is important to note that since most of these projects have not yet implemented withdrawal logic, participants must also consider exit risks and pay attention to the liquidity of the related LRT in the secondary market.

Risk Monitoring Recommendations

1. Given that most projects currently have contract upgrade and pause functions, and project parties can execute high-risk operations with multi-signatures, it is recommended that advanced users configure appropriate contract monitoring to pay attention to contract upgrades and the execution of sensitive operations by project parties.

2. For teams and users who wish to invest ETH to participate in projects, it is advisable to consider configuring conditions for multi-signature wallets that trigger automated bots and single-signature authorizations. Based on the changes in the pool's TVL, fluctuations in ETH prices, and significant fund movements, set up an automatic deposit function to EigenLayer and various re-staking protocols.

By adopting these strategies and measures, participants can reduce the risks in the Restaking process to a certain extent and engage more safely in this emerging financial model. However, it is important to always remain vigilant, closely monitor market dynamics and project developments, and make informed investment decisions based on individual risk preferences.